[geeklog-users] Illegal MIME chars found in header

Lucas Gonze lgonze at panix.com
Mon Dec 15 16:28:16 EST 2003


Background on the issue:
http://www.vbulletin.com/forum/bugs.php?do=view&bugid=1496
http://www.ez.no/developer/ez_publish_3/forum/developer/ 
illegal_mime_chars_in_email_header

Geeklog code that leads to the bug is in users.php, function  
emailpassword:
         mail($A["email"]
             ,"{$_CONF["site_name"]}: {$LANG04[16]}"
             ,$mailtext
             ,"From: {$_CONF["site_name"]}  
<{$_CONF["site_mail"]}>\r\nReturn-Path:  
<{$_CONF["site_mail"]}>\r\nX-Mailer: GeekLog " . VERSION .  
"\r\nContent-Type: text/plain; charset={$charset}"
             );

The fix is to change the \r\n to \n.  This breaks with the RFC but  
appears to be standard practice to get past virus detectors, which  
don't accept RFC-compliant mime headers.  This is the new code in my  
version of users.php:
		
         mail($A["email"]
             ,"{$_CONF["site_name"]}: {$LANG04[16]}"
             ,$mailtext
             ,"From: {$_CONF["site_name"]}  
<{$_CONF["site_mail"]}>\nReturn-Path:  
<{$_CONF["site_mail"]}>\nX-Mailer: GeekLog " . VERSION .  
"\nContent-Type: text/plain; charset={$charset}"
             );

On Monday, Dec 15, 2003, at 16:00 America/New_York, Lucas Gonze wrote:

> The emailed password to a new user of my system just caused the  
> following bounce message.  I really don't see the problem, so I'm  
> hoping that other geeklog sites have encountered it already.  Here's  
> the bounce, with domains changed to protect the innocent:
>
> Attention: admin at foo.org
>
>
> A problem was found in an Email message you sent.
> This Email scanner intercepted it and stopped the entire message
> reaching its destination.
>
> The problem was reported to be:
>
> Illegal MIME chars found in header
>
>
> Please contact your I.T support personnel with any queries regarding  
> this
> policy.
>
>
> Your message was sent with the following envelope:
>
> MAIL FROM: admin at foo.org
> RCPT TO:   bay at barnet
>
> ... and with the following headers:
>
> ---
> MAILFROM: admin at foo.org
> Received: from generalpublic.org (66.132.150.27)
>   by 63.208.193.225 with SMTP; 15 Dec 2003 13:01:44 -0500
> Received: (qmail 11504 invoked by uid 48); 15 Dec 2003 18:18:41 -0000
> Date: 15 Dec 2003 18:18:41 -0000
> Message-ID: <20031215181841.11503.qmail at generalpublic.org>
> To: bay at bar.net
> Subject: foosite: Your Account Information
> From: fooadmin <admin at foo.org>
> X-Mailer: GeekLog 1.3.8-1sr2
> Content-Type: text/plain; charset=iso-8859-1
>
>
> ---
>
>
> _______________________________________________
> geeklog-users mailing list
> geeklog-users at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-users
>




More information about the geeklog-users mailing list