[AMaViS-user] bad headers with html_mail plugin and amavisd-new

Discussion:

(too old to reply)

Mike Husmann

2006-10-19 20:30:39 UTC

Hello list,
I'm testing the latest version of the html_mail plugin with squirrelmail, and
my amavisd-new scanner is tagging html messages sent with attachments as having bad
headers. I'm trying to determine if this really is a SM bug, or if it's an amavis
problem. Examining the headers shows me what looks like to be malformed headers,
but I wanted to run it past all of you guys to see what you think.

Thanks in advance for all your help!

Mike

The specific error is:
X-Amavis-Alert: BAD HEADER MIME error: error: SeveredPreamble: unexpected end of
preamble [in multipart message]; EOSToken: EOF; EOSType: EOF

I've tested this with SM 1.4.6, 1.4.8, and 1.5.1 with the same results. I've made
sure that the amavis and supporting perl modules were up-to-date also, same results.
Here's an example of an email that causes the problem:
----------------------------------------------------------------------------
Return-Path: <>
Delivered-To: bad-header-quarantine
X-Envelope-From: <***@morningside.edu>
X-Envelope-To: <***@morningside.edu>
X-Quarantine-Id: <badh-20061019-091943-02015-01>
Received: from squirrel.morningside.edu (testbed.morningside.edu [192.168.0.104])
by mta.morningside.edu (Postfix) with ESMTP id 937651AF282 for
<***@morningside.edu>; Thu, 19 Oct 2006 09:19:43 -0500 (CDT)
Received: from 192.168.0.103
(SquirrelMail authenticated user bebo)
by squirrel.morningside.edu with HTTP;
Thu, 19 Oct 2006 09:22:39 -0500 (CDT)
Message-ID: <***@squirrel.morningside.edu> Date:
Thu, 19 Oct 2006 09:22:39 -0500 (CDT)
Subject: testing with html
From: "Be Bo" <***@morningside.edu>
To: ***@morningside.edu
User-Agent: SquirrelMail/1.5.1
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="----=_20061019092239_46584" X-Amavis-Alert:
BAD HEADER MIME error: error: SeveredPreamble: unexpected end of preamble [in
multipart message]; EOSToken: EOF; EOSType: EOF

------=_20061019092239_46584
Content-Type: multipart/alternative;
boundary="3504fsu_trap_48564_93229091016002_=----"
Content-Transfer-Encoding: base64

--3504fsu_trap_48564_93229091016002_=----
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

testing!

TEsting

--3504fsu_trap_48564_93229091016002_=----
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

testing!<br />
<br />
<div align="center">TEsting</div>
--3504fsu_trap_48564_93229091016002_=------

------=_20061019092239_46584
Content-Type: image/gif; name="php.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="php.gif"

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Jo Rhett

2006-10-19 21:09:44 UTC

Permalink

Post by Mike Husmann
Hello list,
I'm testing the latest version of the html_mail plugin with squirrelmail, and
my amavisd-new scanner is tagging html messages sent with attachments as having bad
headers. I'm trying to determine if this really is a SM bug, or if it's an amavis
problem. Examining the headers shows me what looks like to be malformed headers,
but I wanted to run it past all of you guys to see what you think.

By default the configuration says that x-msdownload is a bad header.
Comment out that line from the configuration.

It's really a bug in Windows where it uploads all files with that
mimetype instead of the proper mimetype for the file. It doesn't affect
any other platform.

This rule happens to catch a lot of spam because the spam sending
programs use the same upload feature...
--
Jo Rhett
Network/Software Engineer
Net Consonance

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Mike Husmann

2006-10-19 21:26:22 UTC

Permalink

By default the configuration says that x-msdownload is a bad header. Comment out

that line from the configuration.

If it were catching it as such, wouldn't it be tagged as banned instead of bad
header?

It's really a bug in Windows where it uploads all files with that mimetype instead

of the proper mimetype for the file. It doesn't affect any other platform.

I also get this problem when uploading from my linux box using firefox, no matter
what type of file I upload. I did try the suggestion, but it didn't help. Also,
the problem only happens when I'm sending an html formatted email, which uses nested
multipart/... tags.

Perhaps related to SM bug 1580528?
http://sourceforge.net/tracker/index.php?func=detail&aid=1580528&group_id=311&atid=100311

From what I can tell from the rfc's, the tags are formed correctly... Here is

another example of a .gif file attachment being rejected because of the header.
When it's stored in quarantine, it's stored with badh- filename, not banned-.....

--
Content-Type: multipart/mixed;boundary="----=_20061019082443_76276

------=_20061019082443_76276
Content-Type: multipart/alternative;
boundary="8649fsu_trap_67267_34428091016002_=----"
Content-Transfer-Encoding: base64

--8649fsu_trap_67267_34428091016002_=----
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

test

--8649fsu_trap_67267_34428091016002_=----
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

test
--8649fsu_trap_67267_34428091016002_=------

------=_20061019082443_76276
Content-Type: image/gif; name="php.gif"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="php.gif"

R0lGODlheABDAOZqAH+CuDk3RyglKszN4qGky9PV57K01ENCWIOGuYKDs1JScpCSwsLE3qqs0ExL
<snip file data>
------=_20061019082443_76276--

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Mark.Martinec+ (Mark Martinec)

2006-10-23 16:56:07 UTC

Permalink

Post by Jo Rhett
By default the configuration says that x-msdownload is a bad header.
Comment out that line from the configuration.

Wrong answer. x-msdownload could be a banned component of a message,
but is not a bad header. Bad headers are those violating RFC2822 or
MIME structure (MIME::Parser Perl module) this is (mostly) not configurable.

Mike,

Post by Jo Rhett
If it were catching it as such, wouldn't it be tagged as banned instead
of bad header?

Right.

Post by Jo Rhett
unexpected end of preamble [in multipart message];
EOSToken: EOF; EOSType: EOF

This diagnose is produced by MIME::Parser.
In its opinion the MIME structure of the message is broken.

Your first sample came across somewhat mangled (adjecent header fields
joined and wrapped), but as far I can tell, it is missing the
final "------=_20061019092239_46584--" line.

Post by Jo Rhett
I also get this problem when uploading from my linux box using firefox, no
matter what type of file I upload. I did try the suggestion, but it didn't
help. Also, the problem only happens when I'm sending an html formatted
email, which uses nested multipart/... tags.
another example of a .gif file attachment being rejected because of the
header. When it's stored in quarantine, it's stored with badh- filename,
not banned-.....
--
Content-Type: multipart/mixed;boundary="----=_20061019082443_76276
------=_20061019082443_76276

This second sample has a missing trailing " in Content-Type,
it should be:
Content-Type: multipart/mixed;boundary="----=_20061019082443_76276"

The rest is fine.

Mark

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Mike Husmann

2006-10-23 19:07:50 UTC

Permalink

Mark,

Post by Mark.Martinec+ (Mark Martinec)
Your first sample came across somewhat mangled (adjecent header fields
joined and wrapped), but as far I can tell, it is missing the
final "------=_20061019092239_46584--" line.

Here is another bad-header message - hopefully in one piece and complete.

Since MIME::Parser is complaining about EOF at the end of the preamble,is
there any way to know if it's talking about the preamble for the first or
second delimiter (if there is such a thing for each)? Any suggestions I can
fire off to the SquirrelMail developers as to how to fix this?
----------------------------------------------------------------------------
Return-Path: <>
Delivered-To: bad-header-quarantine
X-Envelope-From: <***@morningside.edu>
X-Envelope-To: <***@morningside.edu>
X-Quarantine-ID: <XUHSp-GE--xt>
X-Amavis-Alert: BAD HEADER MIME error: error: SeveredPreamble: unexpected end
of preamble [in multipart message]; EOSToken: EOF; EOSType: EOF
Received: from mta.morningside.edu ([127.0.0.1])
by localhost (mta.morningside.edu [127.0.0.1]) (amavisd-new, port
10024)
with ESMTP id XUHSp-GE--xt for <***@morningside.edu>;
Fri, 20 Oct 2006 13:37:22 -0500 (CDT)
Received: from testbed.morningside.edu (testbed.morningside.edu
[192.168.0.104])
by mta.morningside.edu (Postfix) with ESMTP id B154B3FC02
for <***@morningside.edu>; Fri, 20 Oct 2006 13:37:22 -0500 (CDT)
Received: from 192.168.0.103
(SquirrelMail authenticated user bebo)
by testbed.morningside.edu with HTTP;
Fri, 20 Oct 2006 13:40:32 -0500 (CDT)
Message-ID: <***@testbed.morningside.edu>
Date: Fri, 20 Oct 2006 13:40:32 -0500 (CDT)
Subject: test with attach and html
From: "Be Bo" <***@morningside.edu>
To: ***@morningside.edu
User-Agent: SquirrelMail/1.5.1
MIME-Version: 1.0
Content-Type: multipart/mixed;boundary="----=_20061020134032_26209"

------=_20061020134032_26209
Content-Type: multipart/alternative;
boundary="9731fsu_trap_90262_23043102016002_=----"
Content-Transfer-Encoding: base64

--9731fsu_trap_90262_23043102016002_=----
Content-Type: text/plain
Content-Transfer-Encoding: 8bit

test

--9731fsu_trap_90262_23043102016002_=----
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit

<ul><br />
<li>test</li>
<br />
</ul>
--9731fsu_trap_90262_23043102016002_=------

------=_20061020134032_26209
Content-Type: application/octet-stream; name="badh-20061019-112806-22845-16"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="badh-20061019-112806-22845-16"

UmV0dXJuLVBhdGg6IDw+CkRlbGl2ZXJlZC1UbzogYmFkLWhlYWRlci1xdWFyYW50aW5lClgtRW52
<snip attachment>
OApDb250ZW50LVRyYW5zZmVyLUVuY29kaW5nOiA3Yml0Cgp0aGlzIGlzIGEgdGVzdAoKCgoKLS0t
LS0tPV8yMDA2MTAxOTE2MjA1MV85NTYxMi0tCgoK
------=_20061020134032_26209--

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Mark.Martinec+ (Mark Martinec)

2006-10-23 22:25:02 UTC

Permalink

Mike,

Post by Mike Husmann
Here is another bad-header message - hopefully in one piece and complete.

This one looks fine (after unfolding the two wrapped header lines), and
doesn't bring any complaints from my amavisd/MIME::Parser (version 5.420).
Which version of MIME::Parser do you have (it is logged at amavisd startup) ?

Post by Mike Husmann
Since MIME::Parser is complaining about EOF at the end of the preamble,is
there any way to know if it's talking about the preamble for the first or
second delimiter

I don't think there is a way to distinguish between the two
from the error message, both are multipart.

Post by Mike Husmann
(if there is such a thing for each)?

There is.

Post by Mike Husmann
Any suggestions I
can fire off to the SquirrelMail developers as to how to fix this?

Previous messages were broken, this one looks fine. Try first to eliminate
a possible issue with old version of MIME::Parser if you have it.

Then you may mail me a new sample, this time directly (or as an attachment),
not as part of your plain text message.

Mark

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/

Jo Rhett

2006-10-24 00:47:51 UTC

Permalink

Post by Mark.Martinec+ (Mark Martinec)

Post by Jo Rhett
By default the configuration says that x-msdownload is a bad header.
Comment out that line from the configuration.

Shrug. Commenting out the line solved the problem for squirrelmail
users.
--
Jo Rhett
Senior Network Engineer
Network Consonance

-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
AMaViS-user mailing list
AMaViS-***@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/amavis-user
AMaViS-FAQ:http://www.amavis.org/amavis-faq.php3
AMaViS-HowTos:http://www.amavis.org/howto/