about header address parsing
Michael Gratton
mike at vee.net
Wed Sep 2 06:57:53 EEST 2020
On Tue, 1 Sep, 2020 at 09:59, Timo Sirainen <timo at sirainen.com> wrote:
> On 1. Sep 2020, at 6.24, TACHIBANA Masashi <tachibana at qualitia.co.jp>
> wrote:
>>
>> Hi,
>>
>> Is this expected or not?
>>
>> From: user1 at fuga.example.com <user1 at example.com>
>> To: user2 at hoge.example.com <user2 at example.com>
>> ↓
>> a uid fetch 43055 (envelope)
>> * 1860 FETCH (UID 43055 ENVELOPE ("Thu, 30 Jul 2020 13:52:59 +0900"
>> "test1" ((NIL NIL "user1" "fuga.example.com")) ((NIL NIL "user1"
>> "fuga.example.com")) ((NIL NIL "user1" "fuga.example.com")) ((NIL
>> NIL "user2" "hoge.example.com")) NIL NIL NIL
>> "<WLXvFmpAZFNeQbPPITjRwimDyamnBm1 at test>"))
>
> This is an invalid email address, so it's neither correct nor
> incorrect to have this output. But this reminded me that I was going
> to discuss about this with other IETF people. Lets see what others
> think:
> https://mailarchive.ietf.org/arch/msg/extra/sqRTdsV_DGBhHu2ghdCDFo_pM8Q/
While it is an invalid email address, in the exact same vein as
<https://dovecot.org/pipermail/dovecot/2020-August/119658.html>
Dovecot's approach is unhelpful here, and means MUAs must download
complete headers rather than reply on envelope address structures. In
fact, unlike in the linked case this example this is actually a
security vulnerability: http://mailspolit.com/
As a MUA maintainer, I'd really like to see Dovecot take a more
proactive approach to sending useful values in envelope address
structure, so we don't have to download headers all the time.
>> From: "user1 at fuga.example.com" <user1 at example.com>
>> To: "user2 at hoge.example.com" <user2 at example.com>
>> ↓
>> a uid fetch 43056 (envelope)
>> * 1861 FETCH (UID 43056 ENVELOPE ("Thu, 30 Jul 2020 13:53:59 +0900"
>> "test1" (("user1 at fuga.example.com" NIL "user1" "example.com"))
>> (("user1 at fuga.example.com" NIL "user1" "example.com"))
>> (("user1 at fuga.example.com" NIL "user1" "example.com"))
>> (("user2 at hoge.example.com" NIL "user2" "example.com")) NIL NIL NIL
>> "<WLXvFmpAZFNeQbPPITjRwimDyamnBm2 at test>"))
>
> This is a valid email address, and ENVELOPE reply is correct.
Agreed.
//Mike
--
Michael Gratton.
<https://mjog.vee.net>
More information about the dovecot
mailing list