Hello, trying to understand some things, I fell over the following example:
---------------------------------------------------------------------- Received: from localhost by relay1.example.com; Mon, 05 Jul 1999 14:55:26 -0400 From: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: test Mime-Version: 1.0 Content-Type: message/rfc822 Content-Transfer-Encoding: 8bit Message-ID: <[EMAIL PROTECTED]> Date: Mon, 05 Jul 1999 14:55:26 -0400 Received: from localhost by relay1.example.com; Mon, 05 Jul 1999 14:55:26 -0400 From: <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: test Mime-Version: 1.0 Content-Type: message/plain Content-Transfer-Encoding: 8bit Message-ID: <[EMAIL PROTECTED]> Date: Mon, 05 Jul 1999 14:55:26 -0400 body ---------------------------------------------------------------------- According to MIME, that's fine, but I am used to clients and scanners recursively descending into message/rfc822 parts and I failed to find anything describing that. Changing the second Content-Type to message/rfc822 should generate an error, because the "body" should be yet another header and a following body. Right? Should I expect software to detect that error? I see the potential for an attacker to use 50 headers and a 100 kB body, thus generating 50 message files, each a little over 100 kB, and 5 MB in total to scan. Another point would be a message/rfc822 attachment with a broken MIME structure. If I got the spec of demime right, exim saves such attachments into their own files, processing them afterwards. A broken MIME structure inside them will not affect scanning the containing message. Does anybody know how other software works? To parse everything in a linear fashion, you had to keep a stack of active boundaries. If any boundary but the top matches, the MIME elements above are truncated. Is that correct? Michael -- ## List details at http://www.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://www.exim.org/eximwiki/
