Re: Message contains NUL characters ...

Sun, 08 May 2005 12:19:47 -0700 

[ On Sunday, May 8, 2005 at 11:44:23 (+0200), John Fawcett wrote: ]
> Subject: Re: Message contains NUL characters ...
>
> One further point: what about nuls in message headers?
> As far as I can see spool_copy_msg() handles the body.
> So it doesn't seem that lmtp messages with NULs in the
> headers will produce the MESSAGE CONTAINS NULs rejections
> anyhow. Any views about this or whether NULs in headers
> have been a problem too?

I don't know why you guys keep beating against this.  There's nothing
wrong with Cyrus and nothing that needs changing in Cyrus.

NUL bytes do not belong in e-mail (and never have).

NUL bytes are simply not allowed in IMAP.

There's no valid reason for allowing NUL bytes in SMTP (or LMTP), just
very poor and effectively invalid excuses.

Just because some deprecated part of some ancient RFC seems to include
NUL in the list of permitted characters doesn't mean NULs must be
allowed -- clearly the intent was otherwise, else SMTP would have been
defined to be completely 8-bit transparent right from the beginning.  In
reality SMTP was defined to be just and only the lowest common
denominator, and NULs obviously cannot be part of such a definition.

Allowing NUL bytes through transparently leaves one responsible for
potential security problems that they might create for a mail reader.

Stripping NUL bytes modifies the message and that's a _REALLY BAD_ thing
to do.  It is infinitely better to reject than to arbitrarily modify the
message in a destructive manner.

Doing either of these things in Cyrus instead of the MTA is insane.

Cyrus is already doing the right thing.  Please leave it as-is!

If you can't re-configure or fix your MTA to reject messages that
contain NUL bytes (in either the headers or body -- it's all the same to
SMTP), then get a better mailer!!!!

(and if you really do want to accept SMTP data that contains NUL bytes
then configure or fix your MTA to re-encode the message using MIME or
quoted-printable header encoding as appropriate for the location of the
offending NUL -- but don't try to do this in Cyrus as it's the wrong
place for such transformations to be attempted!!!)

-- 
                                                Greg A. Woods

H:+1 416 218-0098  W:+1 416 489-5852 x122  VE3TCP  RoboHack <[EMAIL PROTECTED]>
Planix, Inc. <[EMAIL PROTECTED]>          Secrets of the Weird <[EMAIL 
PROTECTED]>
---
Cyrus Home Page: http://asg.web.cmu.edu/cyrus
Cyrus Wiki/FAQ: http://cyruswiki.andrew.cmu.edu
List Archives/Info: http://asg.web.cmu.edu/cyrus/mailing-list.html

Reply via email to