[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: AW: linebreaks \r\n

To: Malte Hubner <malte@xxxxxxxxxxx>, qmail@xxxxxxxxxxxxx
Subject: Re: AW: linebreaks \r\n
From: Keary Suska <hierophant@xxxxxxxxxx>
Date: Sat, 02 Mar 2002 13:03:04 -0700
Delivered-to: mailing list qmail@list.cr.yp.to
In-reply-to: <PIEIKLIAHADBDPMFMDIJOEHHCCAA.malte@huebner.com>
Mailing-List: contact qmail-help@list.cr.yp.to; run by ezmlm
User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.02.2022

I think your confusion is over the distinction between message headers and
message body. An email message body can contain just about anything. There
are no formatting rules or restrictions of what can or can't be in the body.
The headers, however, follow fairly strict rules. In your example:

> HEADER: MIME-Version:1.0\r\nContent-type:text/plain;
> charset=iso-8859-1\r\nFrom:root@xyz.de\r\nReply-To:
> root@xyz.de\r\nReturn-Path:root@xyz.de
> MAILTEXT: this is a\r\ntest

The \r\n that separate the headers are incorrect. They must only be a single
line break, and the headers must be separated from the body by two lines.
They should be:

MIME-Version:1.0\n
Content-type:text/plain;charset=iso-8859-1\n
From:root@xyz.de\n
Reply-To: root@xyz.de\n
Return-Path:root@xyz.de\n
\n
this is a\r\n
test

Note that the \r in the message body is extraneous and will be delivered to
the recipient intact. That is, the email received on the other end will have
the carriage return in the body, which is probably undesirable. It won't,
however, prevent delivery of the message.

> Where would there be the problem? PHP's post-Data is always breaked by \r\n.

No, it is not. However, any linebreaks in any <TEXTAREA> fields will be
converted to CRLF pairs on submission. This is either according to CGI or
HTML specs, and not a function of PHP. There are no natural line breaks in
posted data (except as indicated above). It is sent as url-encoded data:
    field1=value1&field2=value2 etc

If, however, you are allowing headers to be set by an HTML form, that is a
VERY BAD IDEA. This amounts to sending open invitations to all crackers and
script kiddies to come on in and take over your server.

For TEXTAREA fields, it is very wise to translate the CRLF pairs to a single
newline. Otherwise your text data is not portable across platforms, as well
as introducing unexpected errors with other programs because they mostly
won't recognize CRLF pairs, such as qmail-inject (the sendmail wrapper
provided with qmail is only a wrapper for qmail-inject, and simply accepts
most sendmail command line options so implementors don't have to re-code
programs that use sendmail. In no other way does it emulate sendmail).

> My work is to replace \r\n with \n now. But what I don't understand is, why is
> it possible on any other server to send \r\n mails with sendmail or
> qmail-sendmail through PHP mail()?

You only need to be concerned about CRLF in the headers. But keep in mind
the issues if you allow them in the body as I mention above. IIRC, sendmail
will second guess the user submission and accept CRLF pairs. I can think of
arguments pro and con, but the bottom line is that qmail doesn't, and
shouldn't need to. I think that you are likely to find that other MTA's,
such as Postfix, will probably choke on CRLF in the headers as well.

Keary Suska
Esoteritech, Inc.
"Leveraging Open Source for a better Internet"

Follow-Ups:
- AW: AW: linebreaks \r\n
  - From: Malte Hubner
- AW: AW: linebreaks \r\n
  - From: Malte Hubner

References:
- AW: linebreaks \r\n
  - From: Malte Hubner

Prev by Date: Re: linebreaks \r\n
Next by Date: Re: SMTPD works on loopback but not on eth0
Prev by thread: Re: linebreaks \r\n
Next by thread: AW: AW: linebreaks \r\n
Index(es):
- Date
- Thread