On Fri, Dec 08, 2017 at 18:47:37 +0900, TACHIBANA Masashi wrote:
> Hi,
>
> I tried to see a mail that have a strange From header in bellow URL:
>
> https://www.mailsploit.com/index
>
> Then, I got BODYSTRUCTURE response contain next:
>
> ((NIL NIL "service" "paypal.com"))
>
> Are this problem already founded by anyone?
> So already fixed?
The metasploit generated emails contain a fake Reply-To header. Are you
sure that the above isn't the Reply-To header?
The "FETCH 123 ENVELOPE" command will return both (and FETCH ALL includes
ENVELOPE). From the IMAP RFC:
The fields of the envelope structure are in the following order:
date, subject, from, sender, reply-to, to, cc, bcc, in-reply-to, and
message-id.
Can you paste the whole IMAP command response?
Thanks,
Jeff.
