[geeklog-users] Illegal MIME chars found in header
Lucas Gonze
lgonze at panix.com
Mon Dec 15 16:28:16 EST 2003
Background on the issue:
http://www.vbulletin.com/forum/bugs.php?do=view&bugid=1496
http://www.ez.no/developer/ez_publish_3/forum/developer/
illegal_mime_chars_in_email_header
Geeklog code that leads to the bug is in users.php, function
emailpassword:
mail($A["email"]
,"{$_CONF["site_name"]}: {$LANG04[16]}"
,$mailtext
,"From: {$_CONF["site_name"]}
<{$_CONF["site_mail"]}>\r\nReturn-Path:
<{$_CONF["site_mail"]}>\r\nX-Mailer: GeekLog " . VERSION .
"\r\nContent-Type: text/plain; charset={$charset}"
);
The fix is to change the \r\n to \n. This breaks with the RFC but
appears to be standard practice to get past virus detectors, which
don't accept RFC-compliant mime headers. This is the new code in my
version of users.php:
mail($A["email"]
,"{$_CONF["site_name"]}: {$LANG04[16]}"
,$mailtext
,"From: {$_CONF["site_name"]}
<{$_CONF["site_mail"]}>\nReturn-Path:
<{$_CONF["site_mail"]}>\nX-Mailer: GeekLog " . VERSION .
"\nContent-Type: text/plain; charset={$charset}"
);
On Monday, Dec 15, 2003, at 16:00 America/New_York, Lucas Gonze wrote:
> The emailed password to a new user of my system just caused the
> following bounce message. I really don't see the problem, so I'm
> hoping that other geeklog sites have encountered it already. Here's
> the bounce, with domains changed to protect the innocent:
>
> Attention: admin at foo.org
>
>
> A problem was found in an Email message you sent.
> This Email scanner intercepted it and stopped the entire message
> reaching its destination.
>
> The problem was reported to be:
>
> Illegal MIME chars found in header
>
>
> Please contact your I.T support personnel with any queries regarding
> this
> policy.
>
>
> Your message was sent with the following envelope:
>
> MAIL FROM: admin at foo.org
> RCPT TO: bay at barnet
>
> ... and with the following headers:
>
> ---
> MAILFROM: admin at foo.org
> Received: from generalpublic.org (66.132.150.27)
> by 63.208.193.225 with SMTP; 15 Dec 2003 13:01:44 -0500
> Received: (qmail 11504 invoked by uid 48); 15 Dec 2003 18:18:41 -0000
> Date: 15 Dec 2003 18:18:41 -0000
> Message-ID: <20031215181841.11503.qmail at generalpublic.org>
> To: bay at bar.net
> Subject: foosite: Your Account Information
> From: fooadmin <admin at foo.org>
> X-Mailer: GeekLog 1.3.8-1sr2
> Content-Type: text/plain; charset=iso-8859-1
>
>
> ---
>
>
> _______________________________________________
> geeklog-users mailing list
> geeklog-users at lists.geeklog.net
> http://lists.geeklog.net/listinfo/geeklog-users
>
More information about the geeklog-users
mailing list