Hello Ed -
I appreciate your asking. I regret to say that the answer to your
question about Content-Length support is "no".
I'm not certain how aware you are of the reasons for the objections to
Content-Length. These objections are technical, not religious.
An example of a religious issue would be "maildir is the best (or the
worst) possible mailbox format." There are numerous intelligent people on
both sides who can present valid arguments to shore up their church.
Content-Length, on the other hand, represents a security hole. I declined
to open that hole years ago, in the good old days before Internet security
was a major consideration. I won't do so now.
For a while (years ago, when I was younger and less responsible), I amused
myself by inserting
Content-Length: 314159 (believe this at your own risk)
into the headers of my outgoing messages. At least one version of Sun's
mail tool would core dump.
Even if the application does not core dump when presented with a
ridiculous Content-Length, the problems go deeper. An application which
uses Content-Length implicitly depends upon the MDA (Message Delivery
Agent) to filter out any incoming Content-Length and to regenerate the
header with a correct Content-Length. Any path that allows the delivery
of messages with a spurious Content-Length allows an ill-intentioned
message sender can manipulate the messages that the recipient sees.
More importantly, the attacker can manipulate what the recipient does NOT
see. I once demonstrated how an attacker could cause a message to be
lost, even when there was code to recognize an incorrect "landing" and
disregard the Content-Length. It just required the attacker to monitor
the victim until the to-be-lost message was delivered, and then deliver
the right sized suffix to set up a good "landing".
Fortunately, there is a way to remedy these problems. That way is to
include the -E flag to the Mlocal rule in sendmail.cf. This remedy is
discussed both in the UW IMAP FAQ and in the UW IMAP BUILD file.
Please refer to:
http://www.washington.edu/imap/IMAP-FAQs/index.html#7.26
for more information.
I'm sorry that this is unhelpful. Sadly this is one of those cases where
being helpful to a relatively small constituency would have severe
negative effects on a much larger constituency.
In my opinion, it remains far less costly to add the -E flag and deal with
the relatively few cases of legacy mailboxes with messages (forwarded by
Sun's mail tool) that had an embedded "From " line. Note that UW imapd
only treats a line as a "From " line if it is in proper "From " line
syntax; a text line which happens to begin with "From " is not matched.
-- Mark --
http://staff.washington.edu/mrc
Science does not emerge from voting, party politics, or public debate.
Si vis pacem, para bellum.
_______________________________________________
Imap-uw mailing list
[email protected]
https://mailman1.u.washington.edu/mailman/listinfo/imap-uw
