Hello everyone, these days you can read dozens of articles that implitely claim that the following code will produce more than one mail message at a time if used by a malicous user.
I doubt that it is true, but I'd like to ask here, because you know your mta better than I. The c code to access postdrop/sendmail is the following: ... errno = 0; sendmail = popen(sendmail_cmd, "w"); if (sendmail) { ... fprintf(sendmail, "To: %s\n", to); fprintf(sendmail, "Subject: %s\n", subject); if (hdr != NULL) { fprintf(sendmail, "%s\n", hdr); } fprintf(sendmail, "\n%s\n", message); ret = pclose(sendmail); ... Let's assume that a pipe has been opened successfuly to sendmail. Now some say that if content of hdr can be manipulated in a way that it contains something like the following would make sendmail (and other mtas) to produce *two* messages (because of the dot which indeed is an indicator of the end of a message for SMTP in RFC2821). But if I am right, we do not "talk" SMTP here. In their imagination the content could be e.g. To: some...@somewhere Subject: inquiry From: f...@addresse To: s... <http://groups.google.de/groups/unlock?_done=/group/comp.mail.sendmail/browse_thread/thread/f768e3f07df757b9&msg=02f7c27987f80cc0>@opfer.de BCC: s... <http://groups.google.de/groups/unlock?_done=/group/comp.mail.sendmail/browse_thread/thread/f768e3f07df757b9&msg=02f7c27987f80cc0>@opfer2.de, s... <http://groups.google.de/groups/unlock?_done=/group/comp.mail.sendmail/browse_thread/thread/f768e3f07df757b9&msg=02f7c27987f80cc0>@opfer3.de, s... <http://groups.google.de/groups/unlock?_done=/group/comp.mail.sendmail/browse_thread/thread/f768e3f07df757b9&msg=02f7c27987f80cc0>@opfer999.de Subject: Buy cheap Viagra! Buy cheap Viagra and Vicodine here: http://spamsite.com/ . [headers for message 2] Hallo, habe eine Frage. . I am not asking about the possibility of multiple copies caused by the Bcc header field, but only, if a single dot in one line followed by CRLF or LF will make sendmail to send two different messages. Has postdrop/sendmail ever been prone to that in earlier versions ? BTW: I think it is important to be security aware and I do not want to ridicule concerns regarding secure software and also not those who publish that. Best regards, Oliver Block