Re: Multiple From: in a mail header?
On Thursday 14 January 2010 19:14:48 Victor Duchovni wrote: It may be prudent to also treat: From: authorA From: authorB as synonymous with: From: authorA, authorB the implied meaning is that the people with those email addresses, co-authored the email. But have you seriously seen a mail client, which would allow sending such mail? I would think, this is an extreme rarity, but is it? signature.asc Description: This is a digitally signed message part.
Re: Multiple From: in a mail header?
On Friday January 15 2010 09:11:27 Kārlis Repsons wrote: But have you seriously seen a mail client, which would allow sending such mail? I would think, this is an extreme rarity, but is it? It is very rare alright. Multiple author addresses in a single From header field are legitimate, but some mail processing software breaks on them. Multiple From header fields are prohibited by rfc, but that does not stop malicious or broken senders from doing it if they feel like it. If one or the other turns out to be profitable for malware, it will be used, no doubt about it, so better be ready. Btw, of the header fields that may occur only once, it is currently more usual to see multiple Message-ID, or Subject, or To or Cc, or MIME-Version, or Content-Type. Very rare are duplicate Reply-To or Date. The least common is to see multiple From. Mark
Re: Multiple From: in a mail header?
On Friday 15 January 2010 09:29:37 Mark Martinec wrote: On Friday January 15 2010 09:11:27 Kārlis Repsons wrote: But have you seriously seen a mail client, which would allow sending such mail? I would think, this is an extreme rarity, but is it? It is very rare alright. Multiple author addresses in a single From header field are legitimate, but some mail processing software breaks on them. Multiple From header fields are prohibited by rfc, but that does not stop malicious or broken senders from doing it if they feel like it. If one or the other turns out to be profitable for malware, it will be used, no doubt about it, so better be ready. Btw, of the header fields that may occur only once, it is currently more usual to see multiple Message-ID, or Subject, or To or Cc, or MIME-Version, or Content-Type. Very rare are duplicate Reply-To or Date. The least common is to see multiple From. Mark Thanks! signature.asc Description: This is a digitally signed message part.
Multiple From: in a mail header?
Is that possible for mail headers field to continue multiple /^From: .*/ speaking in terms of maildrop and PCRE? signature.asc Description: This is a digitally signed message part.
Re: Multiple From: in a mail header?
Is that possible for mail headers field to continue multiple /^From: .*/ speaking in terms of maildrop and PCRE? According to RFC 5322: from= From: mailbox-list CRLF mailbox-list= (mailbox *(, mailbox)) / obs-mbox-list Thus, one From: header may contain multiple addresses. Wietse
Re: Multiple From: in a mail header?
On 14-Jan-2010, at 04:59, Wietse Venema wrote: Is that possible for mail headers field to continue multiple /^From: .*/ speaking in terms of maildrop and PCRE? According to RFC 5322: from= From: mailbox-list CRLF mailbox-list= (mailbox *(, mailbox)) / obs-mbox-list Thus, one From: header may contain multiple addresses. Right, but I think OP was asking if one set of mail headers could contain multiple From: headers. -- 'You don't think you've had enough, do you?' he said. I KNOW WHEN I'VE HAD ENOUGH. 'Everyone says that, though. I KNOW WHEN EVERYONE'S HAD ENOUGH. --Moving Pictures
Re: Multiple From: in a mail header?
* Kārlis Repsons karlis.reps...@gmail.com: According to RFC 5322: from= From: mailbox-list CRLF mailbox-list= (mailbox *(, mailbox)) / obs-mbox-list Thus, one From: header may contain multiple addresses. Well, another possible trouble I was about to ask later, but still, can there be multiple From:? And in what cases can there be multiple addresses in From: field? Its strange. If anyone knows... RFC 5322 speaks of the From: field in singluar only, thus only one is allowed: The originator fields of a message consist of the from field, the sender field (when applicable), and optionally the reply-to field. The from field consists of the field name From and a comma- separated list of one or more mailbox specifications. -- Ralf Hildebrandt Geschäftsbereich IT | Abteilung Netzwerk Charité - Universitätsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12203 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 ralf.hildebra...@charite.de | http://www.charite.de
Re: Multiple From: in a mail header?
On Thu, Jan 14, 2010 at 08:07:34PM +0100, Ralf Hildebrandt wrote: * K??rlis Repsons karlis.reps...@gmail.com: According to RFC 5322: from= From: mailbox-list CRLF mailbox-list= (mailbox *(, mailbox)) / obs-mbox-list Thus, one From: header may contain multiple addresses. Well, another possible trouble I was about to ask later, but still, can there be multiple From:? And in what cases can there be multiple addresses in From: field? Its strange. If anyone knows... RFC 5322 speaks of the From: field in singluar only, thus only one is allowed: The same is true for To: and Cc: and yet in practice, multiple To: and Cc: fields are sometimes sent and are processed collectively by typical email software. The Postfix sendmail(1) command, when used to send email to recipients specified via the message headers (the -t switch) will collect recipient addresses from multiple To:, Cc: and Bcc: headers. It may be prudent to also treat: From: authorA From: authorB as synonymous with: From: authorA, authorB the implied meaning is that the people with those email addresses, co-authored the email. -- Viktor. Disclaimer: off-list followups get on-list replies or get ignored. Please do not ignore the Reply-To header. To unsubscribe from the postfix-users list, visit http://www.postfix.org/lists.html or click the link below: mailto:majord...@postfix.org?body=unsubscribe%20postfix-users If my response solves your problem, the best way to thank me is to not send an it worked, thanks follow-up. If you must respond, please put It worked, thanks in the Subject so I can delete these quickly.
Re: Multiple From: in a mail header?
On Thursday January 14 2010 20:14:48 Victor Duchovni wrote: It may be prudent to also treat: From: authorA From: authorB as synonymous with: From: authorA, authorB the implied meaning is that the people with those email addresses, co-authored the email. ...or treated with utmost suspicion, as that could be an attempt to fool a MUA + a content filter combination to let mail through but still show to a reader what was desired by malware. Note that a message with a DKIM signature with only one occurrence of a 'from' in its 'h' tag is covering the bottommost instance of a 'From' header field, yet a MUA might show the topmost. When amavisd-new (since version 2.6.4) is DKIM-signing a message, it inserts a :from:from: into the 'h' tag, which makes a later appending of another From header field invalidate a signature. Mark