Andy, OK. First, Sandy corrected me that the Return-Path is added by the mail server, not the mail client.
Since this is being added by you through the use of the %MAILFROM% variable, I have to look into the sources. I am sure that there are limits to the length of string variables, but I do not know what they are. I am out of the office until 3 January, but I will try to look into this within the next day or two. David Franco-Rocha ----- Original Message ----- From: Andy Schmidt To: 'David Franco-Rocha' Sent: Thursday, December 21, 2006 9:49 AM Subject: RE: [Declude.JunkMail] Cosmetic Bug or Buffer Overrun? Hi David, >> The Return-Path is not added by Declude << I'm sorry - I should have been clearer. Imail does not add the missing "Return-Path" when it processes the MAIL FROM string - but it is GOOD information to have to see who the actual sender was. That's why I use the following global.cfg to add the header through Declude: XINHEADER X-Declude: Version %VERSION%; Code 0x%HEADERCODE% from %REVDNS% [%REMOTEIP%] XINHEADER X-Declude: Triggered [%WEIGHT%] %TESTSFAILED% XINHEADER X-Countries: %COUNTRYCHAIN% XINHEADER Return-Path: <%MAILFROM%> As you can see, Declude truncates the MAIL FROM - at least when resolving the %MAILFROM% variable. I don't know if this is intentional (result of a proper boundary check) - or if it's an indication that some internal buffer overflows. >> It is added by the email client that receives the email << How would the POP3 or IMAP4 email client do it - the client has no knowledge what the SMTP MAIL FROM was? Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 ------------------------------------------------------------------------------ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Franco-Rocha Sent: Thursday, December 21, 2006 12:05 AM To: [email protected] Subject: Re: [Declude.JunkMail] Cosmetic Bug or Buffer Overrun? Andy, The Return-Path is not added by Declude. It is added by the email client that receives the email. David Franco-Rocha ----- Original Message ----- From: Andy Schmidt To: [email protected] Sent: Wednesday, December 20, 2006 1:50 PM Subject: [Declude.JunkMail] Cosmetic Bug or Buffer Overrun? Hi, this doesn't seem to impact function - but note how the Declude-inserted "Return-Path" header arbitrarily truncates the MAIL FROM information (of course, I'm hoping that this is not an indication of some buffer-overrun vulnerability in the current code): 12:20 13:30 SMTPD(813901db0000dae6) [63.107.174.78] connect 81.200.33.58 port 57625 12:20 13:30 SMTPD(813901db0000dae6) [81.200.33.58] EHLO NS02.xsalto.net 12:20 13:30 SMTPD(813901db0000dae6) [81.200.33.58] MAIL FROM:<[EMAIL PROTECTED]> 12:20 13:30 SMTPD(813901db0000dae6) [81.200.33.58] RCPT TO:<[EMAIL PROTECTED]> ORCPT=rfc822;[EMAIL PROTECTED] 12:20 13:30 SMTPD(813901db0000dae6) [81.200.33.58] D:\IMail\spool\D813901db0000dae6.SMD 3451 Received: from NS02.xsalto.net [81.200.33.58] by hm-software.com with ESMTP (SMTPD-9.10) id A1393D48C; Wed, 20 Dec 2006 13:30:17 -0500 Received: from localhost.localdomain (web02.xsalto.net [81.200.33.35]) by NS02.xsalto.net (Postfix) with ESMTP id E6873233D35 for <[EMAIL PROTECTED]>; Wed, 20 Dec 2006 19:01:05 +0100 (CET) Date: Wed, 20 Dec 2006 19:01:05 +0100 To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Reply-to: [EMAIL PROTECTED] Subject: consommables Message-ID: <[EMAIL PROTECTED]> X-Priority: 3 X-Mailer: PHPMailer [version 1.73] X-MLID: aab3238922bcc25a6f606eb525ffdc56 X-Mailer: XSALTO-Mailer MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_85fec80bd8a90a94cc2ae0882e4d0fcc" X-Declude-RefID: X-Declude: Version 4.3.23; Code 0xf from mailing.speedinfo.fr [81.200.33.58] X-Declude: Triggered [0] None X-Countries: FRANCE->destination Return-Path: <ml-return+687474703a2f2f7370656564696e666f2e7873616c746f2e636f6d2f2d543030313a327573327968706466673173393434396731727133736f61722> X-RCPT-TO: <[EMAIL PROTECTED]> Status: X-UIDL: 466622842 X-IMail-ThreadID: 813901db0000dae6 Best Regards Andy Schmidt Phone: +1 201 934-3414 x20 (Business) Fax: +1 201 934-9206 --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com. --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
