[Mailman-Developers] Mal Formed MIME post leaked through to list

Mark Sapiro msapiro at value.net
Sat Sep 17 03:03:20 CEST 2005 

I just had a problem on a Mailman 2.1.5 list although I think it's the
Python email library - Python is 2.3.3.

A mal formed MIME message was posted to a list. The message was much
larger than max_message_size yet it wasn't held, and several parts
came through that weren't in pass_mime_types.

The basic post was multipart/mixed with a multipart/alternative sub
part, a message/rfc822 sub part and the final text/plain msg_footer.

The message/rfc822 sub part was multipart/mixed with 3 subparts of type
multipart/alternative, application/pdf and multipart/appledouble.

The problem with the MIME structure is that the boundary for the
multipart/alternative and multipart/appledouble sub parts of the
multipart/mixed message/rfc822 was identical to the boundary of the
multipart/mixed part. I suspect the original message/rfc822 attached
message was malformed, but it could have been broken in the attaching
process. The original attached message was created by
User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.0.6
and the post was sent by Yahoo mail.

I suspect what happened is that the Python email library saw the end of
part boundary for the second multipart/alternative part and treated it
as the end of the message/rfc822 part since the boundary was the same.

Thus the big parts didn't get counted in the message size nor did they
get filtered by content filtering.

Is this analysis correct? Is it fixed in later versions of the email
library?

Here is an annotated copy of the received post with all content and
non-relevant headers removed.

Received: from [63.201.34.79] by web81402.mail.yahoo.com via HTTP;
	Fri, 16 Sep 2005 16:32:37 PDT
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-95218806-1126913557=:91474"
Content-Transfer-Encoding: 8bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
X-BeenThere: gpc-talk at grizz.org
X-Mailman-Version: 2.1.5
-------------------above from the headers of the received post

--0-95218806-1126913557=:91474
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
------------------above are first part headers - I think this was
originally multipart/alternative and a text/html part was stripped

--0-95218806-1126913557=:91474
Content-Type: message/rfc822
------------------part headers from the attached message/rfc822 part

User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.0.6
Mime-version: 1.0
Content-type: multipart/mixed;
	boundary="MS_Mac_OE_3209732028_3749601_MIME_Part"
Content-Length: 175299
------------------from the headers of the attached message

--MS_Mac_OE_3209732028_3749601_MIME_Part
Content-type: multipart/alternative;
	boundary="MS_Mac_OE_3209732028_3749601_MIME_Part"
---------------------part headers for multipart/alternative sub part of
attached message. Note that the boundary is the same as that of the
containing multipart/mixed part.

--MS_Mac_OE_3209732028_3749601_MIME_Part
Content-type: text/plain; charset="US-ASCII"
Content-transfer-encoding: 7bit
-------------------------part headers for text/plain alternative

--MS_Mac_OE_3209732028_3749601_MIME_Part--
-----------------------end of multipart/alternative part but also looks
like end of multipart/mixed part. I think a text/html part may have
been stripped, but the multipart/alternative part isn't collapsed.

--MS_Mac_OE_3209732028_3749601_MIME_Part
Content-type: application/pdf; name="Recruitment.pdf";
 x-mac-creator="4341524F";
 x-mac-type="50444620"
Content-disposition: attachment
Content-transfer-encoding: base64
-----------------------------------another sub part of multipart/mixed
- should have been filtered


--MS_Mac_OE_3209732028_3749601_MIME_Part
Content-type: multipart/appledouble;
   boundary="MS_Mac_OE_3209732024_3737509_MIME_Part"
-----------------------------------another sub part of multipart/mixed
- should have been filtered. Still same boundary

--MS_Mac_OE_3209732024_3737509_MIME_Part
Content-type: application/applefile; name="High Sierra Trip 2003 Me"
Content-transfer-encoding: base64
Content-disposition: attachment
----------------------sub part of multipart/appledouble should have
been filtered


--MS_Mac_OE_3209732024_3737509_MIME_Part
Content-type: image/jpeg; name="High Sierra Trip 2003 Me";
 x-mac-creator="6F676C65";
 x-mac-type="4A504547"
Content-disposition: attachment
Content-transfer-encoding: base64
----------------------sub part of multipart/appledouble should have
been filtered


--MS_Mac_OE_3209732024_3737509_MIME_Part--
----------------------- end of multipart/appledouble

--MS_Mac_OE_3209732028_3749601_MIME_Part--
------------------------ end of multipart/mixed


--0-95218806-1126913557=:91474
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
------------------------ part headers for list footer

--0-95218806-1126913557=:91474--
------------------------ end of outermost message

--
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Developers mailing list