about header address parsing

Michael Gratton mike at vee.net
Wed Sep 2 06:57:53 EEST 2020


On Tue, 1 Sep, 2020 at 09:59, Timo Sirainen <timo at sirainen.com> wrote:
> On 1. Sep 2020, at 6.24, TACHIBANA Masashi <tachibana at qualitia.co.jp> 
> wrote:
>> 
>> Hi,
>> 
>> Is this expected or not?
>> 
>> From: user1 at fuga.example.com <user1 at example.com>
>> To: user2 at hoge.example.com <user2 at example.com>
>>>> a uid fetch 43055 (envelope)
>> * 1860 FETCH (UID 43055 ENVELOPE ("Thu, 30 Jul 2020 13:52:59 +0900" 
>> "test1" ((NIL NIL "user1" "fuga.example.com")) ((NIL NIL "user1" 
>> "fuga.example.com")) ((NIL NIL "user1" "fuga.example.com")) ((NIL 
>> NIL "user2" "hoge.example.com")) NIL NIL NIL 
>> "<WLXvFmpAZFNeQbPPITjRwimDyamnBm1 at test>"))
> 
> This is an invalid email address, so it's neither correct nor 
> incorrect to have this output. But this reminded me that I was going 
> to discuss about this with other IETF people. Lets see what others 
> think: 
> https://mailarchive.ietf.org/arch/msg/extra/sqRTdsV_DGBhHu2ghdCDFo_pM8Q/

While it is an invalid email address, in the exact same vein as 
<https://dovecot.org/pipermail/dovecot/2020-August/119658.html> 
Dovecot's approach is unhelpful here, and means MUAs must download 
complete headers rather than reply on envelope address structures. In 
fact, unlike in the linked case this example this is actually a 
security vulnerability: http://mailspolit.com/

As a MUA maintainer, I'd really like to see Dovecot take a more 
proactive approach to sending useful values in envelope address 
structure, so we don't have to download headers all the time.


>> From: "user1 at fuga.example.com" <user1 at example.com>
>> To: "user2 at hoge.example.com" <user2 at example.com>
>>>> a uid fetch 43056 (envelope)
>> * 1861 FETCH (UID 43056 ENVELOPE ("Thu, 30 Jul 2020 13:53:59 +0900" 
>> "test1" (("user1 at fuga.example.com" NIL "user1" "example.com")) 
>> (("user1 at fuga.example.com" NIL "user1" "example.com")) 
>> (("user1 at fuga.example.com" NIL "user1" "example.com")) 
>> (("user2 at hoge.example.com" NIL "user2" "example.com")) NIL NIL NIL 
>> "<WLXvFmpAZFNeQbPPITjRwimDyamnBm2 at test>"))
> 
> This is a valid email address, and ENVELOPE reply is correct.

Agreed.

//Mike

-- 
Michael Gratton.
<https://mjog.vee.net>




More information about the dovecot mailing list