Hi David, >> The Return-Path is not added by Declude << I'm sorry - I should have been clearer. Imail does not add the missing "Return-Path" when it processes the MAIL FROM string - but it is GOOD information to have to see who the actual sender was. That's why I use the following global.cfg to add the header through Declude: XINHEADER X-Declude: Version %VERSION%; Code 0x%HEADERCODE% from %REVDNS% [%REMOTEIP%] XINHEADER X-Declude: Triggered [%WEIGHT%] %TESTSFAILED% XINHEADER X-Countries: %COUNTRYCHAIN% XINHEADER Return-Path: <%MAILFROM%>
As you can see, Declude truncates the MAIL FROM - at least when resolving the %MAILFROM% variable. I don't know if this is intentional (result of a proper boundary check) - or if it's an indication that some internal buffer overflows. >> It is added by the email client that receives the email << How would the POP3 or IMAP4 email client do it - the client has no knowledge what the SMTP MAIL FROM was? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 _____ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Franco-Rocha Sent: Thursday, December 21, 2006 12:05 AM To: [email protected] Subject: Re: [Declude.JunkMail] Cosmetic Bug or Buffer Overrun? Andy, The Return-Path is not added by Declude. It is added by the email client that receives the email. David Franco-Rocha ----- Original Message ----- From: Andy Schmidt <mailto:[EMAIL PROTECTED]> To: [email protected] Sent: Wednesday, December 20, 2006 1:50 PM Subject: [Declude.JunkMail] Cosmetic Bug or Buffer Overrun? Hi, this doesn't seem to impact function - but note how the Declude-inserted "Return-Path" header arbitrarily truncates the MAIL FROM information (of course, I'm hoping that this is not an indication of some buffer-overrun vulnerability in the current code): 12:20 13:30 SMTPD(813901db0000dae6) [63.107.174.78] connect 81.200.33.58 port 57625 12:20 13:30 SMTPD(813901db0000dae6) [81.200.33.58] EHLO NS02.xsalto.net 12:20 13:30 SMTPD(813901db0000dae6) [81.200.33.58] MAIL FROM:<ml-return+687474703a2f2f7370656564696e666f2e7873616c746f2e636f6d2f2d54 [EMAIL PROTECTED]> 12:20 13:30 SMTPD(813901db0000dae6) [81.200.33.58] RCPT TO:<[EMAIL PROTECTED]> ORCPT=rfc822;[EMAIL PROTECTED] 12:20 13:30 SMTPD(813901db0000dae6) [81.200.33.58] D:\IMail\spool\D813901db0000dae6.SMD 3451 Received: from NS02.xsalto.net [81.200.33.58] by hm-software.com with ESMTP (SMTPD-9.10) id A1393D48C; Wed, 20 Dec 2006 13:30:17 -0500 Received: from localhost.localdomain (web02.xsalto.net [81.200.33.35]) by NS02.xsalto.net (Postfix) with ESMTP id E6873233D35 for <[EMAIL PROTECTED]>; Wed, 20 Dec 2006 19:01:05 +0100 (CET) Date: Wed, 20 Dec 2006 19:01:05 +0100 To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] Subject: consommables Message-ID: <[EMAIL PROTECTED]> X-Priority: 3 X-Mailer: PHPMailer [version 1.73] X-MLID: aab3238922bcc25a6f606eb525ffdc56 X-Mailer: XSALTO-Mailer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_85fec80bd8a90a94cc2ae0882e4d0fcc" X-Declude-RefID: X-Declude: Version 4.3.23; Code 0xf from mailing.speedinfo.fr [81.200.33.58] X-Declude: Triggered [0] None X-Countries: FRANCE->destination Return-Path: <ml-return+687474703a2f2f7370656564696e666f2e7873616c746f2e636f6d2f2d5430303 13a327573327968706466673173393434396731727133736f61722> X-RCPT-TO: <[EMAIL PROTECTED]> Status: X-UIDL: 466622842 X-IMail-ThreadID: 813901db0000dae6 Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
