I'm in total agreement with Jerry on this one. This is an area I have a
little bit of expertise, having written the Apache javamail implementation.
Rick
On Sat, Aug 11, 2012 at 10:39 AM, Jeremy Nicoll - ml sourceforge <
jn.ml.sfrg...@letterboxes.org> wrote:
> Well: this is a test line.
>
> I wonder if this message will get sent? I certainly expect it to. In this
> bug report Mark recently said:
>
> "More simply put, because of the definition of header fields, an email
> message body can not begin with a word ending in a colon because a line
> beginning with a token ending in a colon marks it as a field."
>
> which I think is wrong. My understanding of the internal format of emails
> is that the header lines (all starting with a word ending in a colon) are
> delimited from the message body by a blank line.
>
> The only limitation I'm aware of for the message body itself is that a
> message body line containing only a dot needs to be changed ("dot stuffed")
> to a double dot by the mail transport as it is sent (and such a line
> changed
> back to just a single dot on reception). A mail being transported by SMTP
> is preceded by SMTP envelope headers, and followed by a line containing
> just
> one dot.
>
>
> However it's quite unclear to me from the original report whether the
> message the user was trying to send consisted of a bunch of headers, then a
> blank line, then the error message, or whether it was just the error
> message. I couldn't find the "testsmtp.rex" that's referred to.
>
>
> I looked at the smtp class doc in rxsock and found it confusing, telling
> one
> about all the parts of a process but not describing what its concept of an
> SMTP message actually was - eg whether the sender had to specify the
> headers
> they wanted in the message that was to be sent...
>
>
> So, I looked at smtp.cls; (this is the V4.1.1 one). In ::method Send, so
> far as I can see, there are some problems:
>
> a) comments are wrong at:
>
> /* send the 'To:' header */
> retc = self~strmtransact('MAIL FROM:'msg~From, '2')
> if retc = .true then do
> self~debugsay('Error: MAIL FROM command to' rhost 'failed.')
> return -1
> end
> /* send the 'From:' header */
> do rec over msg~recipients
> retc = self~strmtransact('RCPT TO:' rec, '2')
> if retc = .true then do
> self~debugsay('Error: RCPT TO command to' rhost 'failed.')
> return -1
> end
> end
>
> since (1) MAIL FROM has nothing to do with "TO:"
> (2) RCPT TO values have nothing to do with "FROM:"
>
>
> b) after sending "DATA", and a "From:" header (which arguably should be
> optional), the code builds a "To:" header from a list of all the recipient
> addresses. This surely shouldn't be done as it exposes all the recipient
> addresses to anyone getting any copy of a mail sent this way. It also
> makes
> it impossible eg to send a mail that's
>
> TO: no-one
> CC: me
> BCC: a list of recipients
>
>
> c) then a "Subject:" header is sent (arguably that should be optional)
>
>
> d) then there's a line of code commented out, which I think shouldn't be.
> It's the one that creates the required blank line between headers and
> content. If the OP had created a proper SMTPmsg structure with body text
> starting with a word starting with a colon, that text would have wrongly
> appeared to be the last header in the message because of there being no
> blank line.
>
>
> e) when the body is sent, by
>
> retc = self~strmsock~lineout(msg~content)
>
> there's no code doing dot-stuffing; do you expect the user to have
> prerpared content with the doubled dots in it?
>
>
> --
> Jeremy Nicoll - my opinions are my own
>
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Oorexx-devel mailing list
> Oorexx-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/oorexx-devel
>
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and
threat landscape has changed and how IT managers can respond. Discussions
will include endpoint security, mobile security and the latest in malware
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Oorexx-devel mailing list
Oorexx-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/oorexx-devel
