[exim-dev] [Bug 1684] New: Malformed headers which exceed le…

Top Pagina
Delete this message
Reply to this message
Auteur: admin
Datum:  
Aan: exim-dev
Nieuwe Onderwerpen: [exim-dev] [Bug 1684] Malformed headers which exceed length spec willingly passed to remote servers, [exim-dev] [Bug 1684] Malformed headers which exceed length spec willingly passed to remote servers, [exim-dev] [Bug 1684] Malformed headers which exceed length spec willingly passed to remote servers, [exim-dev] [Bug 1684] Malformed headers which exceed length spec willingly passed to remote servers
Onderwerp: [exim-dev] [Bug 1684] New: Malformed headers which exceed length spec willingly passed to remote servers
https://bugs.exim.org/show_bug.cgi?id=1684

            Bug ID: 1684
           Summary: Malformed headers which exceed length spec willingly
                    passed to remote servers
           Product: Exim
           Version: 4.80
          Hardware: x86
                OS: Linux
            Status: NEW
          Severity: bug
          Priority: medium
         Component: Transports
          Assignee: nigel@???
          Reporter: rubin@???
                CC: exim-dev@???


The SMTP Spec states that:

> 2.1.1. Line Length Limits
> There are two limits that this standard places on the number of
> characters in a line. Each line of characters MUST be no more than
> 998 characters, and SHOULD be no more than 78 characters, excluding
> the CRLF.


However, if exim gets a message in the queue whose line length is longer than
998 chars it will happily send it to other hosts, thus violating the protocol.

In addition, MANY MTAs (including gmail) will respond to an over-length line
by hanging up on the connection (TCP RST) without any error message. Exim
misclassifies this as a host error (as documented in
http://www.exim.org/exim-html-current/doc/html/spec_html/ch-smtp_processing.html#SECToutSMTPerr)

As a result, sending messages that contain long header lines to a local server
for delivery to a remote site can interrupt delivery of legitimate messages to
that remote site. This has been seen with certain "References" headers.

--
You are receiving this mail because:
You are on the CC list for the bug.