6

I've got SendMail 8.14.4 running on a CentOS 5 server.

A user in Japan is sending a message and when it gets processed by the server, SendMail is adding an extra carriage return for some reason.

The email contains a X-header with values that (presumably) contain international characters. I say "presumably" because when I examine the MIME source with notepad++ I see oddities like STXand CAN.

I've been able to narrow the testing scope down to this:

enter image description here

If I send that through Sendmail, it eventually leaves SendMail as this:

enter image description here (ips, Q-ID, and hostname changed to protect the innocent)

Now obviously a potential red flag here: the header value starts with a quote but doesn't have a closing one. Is that required by RFC standards? Or is that part a red herring?

The end result is that header values leak into the message body:

enter image description here

Any thoughts on why sendmail is adding the extra carriage return?

sysadmin1138
  • 131,083
  • 18
  • 173
  • 296
Mike B
  • 11,570
  • 42
  • 106
  • 165

1 Answers1

8

That is pretty simple actually: RFC 2822 section 2.2.3 allows for long headers, where a header is a fieldname followed by a : to fold and continue on the next line, as long as (simplified) that next line starts with a space .

The general rule is that wherever this standard allows for folding white space (not simply WSP characters), a CRLF may be inserted before any WSP. For example, the header field:
Subject: This is a test
can be represented as:

Subject: This  
 is a test

Line 3 of the original input starts not with a space, but with the character c and does not contain a colon : which makes it neither the continuation of the previous header nor the next header field (§2.2).

That marks it as the end of the headers...

And the start of the body.

Sendmail "corrects" that malformed message and adds the required blank line between what it perceives as end of the the headers and start of the body.

A simple telnet mail session can reproduce that behaviour:

[user@example ~]$ telnet localhost 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.

<<< 220 example.com ESMTP Sendmail 8.14.4/8.14.4; Fri, 17 Jul 2015 20:29:26 +0200

helo localhost

<<< 250 example.com Hello localhost [127.0.0.1], pleased to meet you

mail from:me@localhost

<<< 250 2.1.0 me@localhost... Sender ok

RCPT TO:user@example.com

<<< 250 2.1.5 user@example.com... Recipient ok

data

<<< 354 Enter mail, end with "." on a line by itself

Subject: test
X-header: do not try
this at home

start the body
.
<<< 250 2.0.0 t6HITQXA020072 Message accepted for delivery
quit

Which results in similar message as your example:

[user@example ~/Maildir/new]$ cat 1437157845.20091_2.example.com

Return-Path: <me@example.com>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on example.com
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=ALL_TRUSTED,BAYES_00,
        MISSING_HEADERS autolearn=no version=3.3.1
Received: from localhost (localhost [127.0.0.1])
        by example.com (8.14.4/8.14.4) with SMTP id t6HITQXA020072
        for herman@example.com; Fri, 17 Jul 2015 20:30:06 +0200
Date: Fri, 17 Jul 2015 20:29:26 +0200
From: me@example.com
Message-Id: <201507171830.t6HITQXA020072@example.com>
Subject: test
X-header: do not try

this at home

start the body

With an additional new line between the original header continuation and the "new" start of the body.

HBruijn
  • 72,524
  • 21
  • 127
  • 192
  • Thanks. That makes sense. How does this work for multi-line output exceeding two lines? In other words, what if I had a header value that was "5 lines" long? – Mike B Jul 17 '15 at 21:01
  • As long as each continuation starts with a space and (now on mobile so can't check the RFC) does not exceed 996 characters, no problem. I commonly see multiline Received: headers. – HBruijn Jul 17 '15 at 21:10