https://issues.apache.org/SpamAssassin/show_bug.cgi?id=7125
Bug ID: 7125
Summary: MIME parsing of nested messages must not treat parts
like delivery-status, disposition-notification as
message/rfc822
Product: Spamassassin
Version: 3.4.0
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: Libraries
Assignee: [email protected]
Reporter: [email protected]
While analyzing why some SHA1 digests of decoded mail parts
as decoded by SpamAssassin do not match a reference implementation,
I realized that for example in a decoded message/delivery-status
(RFC 3464) the first paragraph of the delivery-status is missing,
i.e. the 'Per-Message DSN Fields' are missing but the
'Per-Recipient DSN fields' are there.
It turns out that the subroutine Message::parse_body() treats
any message/* content type as message/rfc822 (i.e. an embedded
message). As a result, the first paragraph of such attachment
is considered a 'header' (even though it is not), and the rest
is considered a 'body' and only that remains in a decoded string.
There are only two content types which really represent
an embedded message: message/rfc822 and message/global.
Every other message/* must not be treated as an embedded message.
Here is a (likely incomplete) list of content types currently
treated incorrectly:
message/delivery-status
message/global-delivery-status
message/disposition-notification
message/global-disposition-notification
message/global-headers
message/feedback-report
(and potentially message/partial)
--
You are receiving this mail because:
You are the assignee for the bug.
