search

zendframework / zend-mail

Mail component from Zend Framework
BSD 3-Clause "New" or "Revised" License
96 stars 111 forks source link

Zend Mail does not conform with RFC2822 by not accepting content which contains additional extra lines. #218

Open chrisdeeming opened 6 years ago

chrisdeeming commented 6 years ago

Spamassassin in cPanel seems to be appending an X-Ham-Report header to emails which Zend Mail can't handle properly due to the existence of additional extra lines.

In our opinion this seems to be a rather over-zealous interpretation of RFC2822:

Earlier versions of this standard allowed for different (usually more liberal) syntax than is allowed in this version. Also, there have been syntactic elements used in messages on the Internet whose interpretation have never been documented. Though some of these syntactic forms MUST NOT be generated according to the grammar in section 3, they MUST be accepted and parsed by a conformant receiver. This section documents many of these syntactic elements. Taking the grammar in section 3 and adding the definitions presented in this section will result in the grammar to use for interpretation of messages.

(Emphasis mine)

Example to follow.

Code to reproduce the issue

$rawMessage = <<<MESSAGE
Return-Path: <>
Delivered-To: bounce@dragonbytetech.com
Received: from web02.dragonbyte-tech.com
    by web02.dragonbyte-tech.com with LMTP id QOusMegHf1veawAAmma+EA
    for <bounce@dragonbytetech.com>; Thu, 23 Aug 2018 20:15:52 +0100
Return-path: <>
Envelope-to: bounce@dragonbytetech.com
Delivery-date: Thu, 23 Aug 2018 20:15:52 +0100
Received: from a7-14.smtp-out.eu-west-1.amazonses.com ([54.240.7.14]:37364)
    by web02.dragonbyte-tech.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-SHA256:128)
    (Exim 4.91)
    id 1fsv5E-000794-0G
    for bounce@dragonbytetech.com; Thu, 23 Aug 2018 20:15:52 +0100
From: MAILER-DAEMON@eu-west-1.amazonses.com
To: bounce@dragonbytetech.com
Message-ID: <0102016568364366-a3538a5d-dbce-449b-9af3-efc8a9606a34-000000@eu-west-1.amazonses.com>
Subject: Delivery Status Notification (Failure)
MIME-Version: 1.0
Content-Type: multipart/report; 
    boundary="----=_Part_382740_1809377826.1535051711352"; 
    report-type=delivery-status
Date: Thu, 23 Aug 2018 19:15:11 +0000
X-SES-Outgoing: 2018.08.23-54.240.7.14
X-Spam-Status: No, score=0.0
X-Spam-Score: 0
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "web02.dragonbyte-tech.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.

 Content preview:  An error occurred while trying to deliver the mail to the
   following recipients: dguig.abdelaziz@yahoo.com lery, in order to complete
    your registration or reactivate your account at DragonByte Tech | X

 Content analysis details:   (0.0 points, 5.0 required)

  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
                             trust
                             [54.240.7.14 listed in list.dnswl.org]
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20%
                             [score: 0.1726]
X-Spam-Flag: NO

------=_Part_382740_1809377826.1535051711352
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Description: Notification

An error occurred while trying to deliver the mail to the following recipients:
dguig.abdelaziz@yahoo.com
------=_Part_382740_1809377826.1535051711352
Content-Type: message/delivery-status
Content-Transfer-Encoding: 7bit
Content-Description: Delivery Status Notification

Reporting-MTA: dsn; a4-1.smtp-out.eu-west-1.amazonses.com

Action: failed
Final-Recipient: rfc822; dguig.abdelaziz@yahoo.com
Diagnostic-Code: smtp; 554 delivery error: dd This user doesn't have a yahoo.com account (dguig.abdelaziz@yahoo.com) [0] - mta4348.mail.ne1.yahoo.com
Status: 5.3.0

------=_Part_382740_1809377826.1535051711352
Content-Type: message/rfc822
Content-Description: Undelivered Message

Message-ID: <0102016568363c3e-3d406e9f-3e9c-436f-b0dd-3217ee47f9cb-000000@eu-west-1.amazonses.com>
Date: Thu, 23 Aug 2018 19:15:09 +0000
Subject: DragonByte Tech | XenForo and vBulletin Mods & Addons - Account
 confirmation required
From: DragonByte Tech | XenForo and vBulletin Mods & Addons
 <dbtech@dragonbyte-tech.com>
To: lery <dguig.abdelaziz@yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_"
X-To-Validate: f06cdef0+dguig.abdelaziz@yahoo.com
X-SES-Outgoing: 2018.08.23-54.240.4.3
Feedback-ID: 1.eu-west-1.rqFLe/K6Rujqlv0M0C8a4TCJipFLr43+F05d3mJRahs=:AmazonSES
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=uku4taia5b5tsbglxyj6zym32efj7xqv; d=amazonses.com; t=1535051709;
    h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type:Feedback-ID;
    bh=mCG0qMdQ/AUskt/Z/ABLfJl5lil6VxPg4UB+ky7cqMY=;
    b=QjLq5b76bEbznuPhO9fupk97DdUtOEvBA8oDnbKX9nQKxddC+/7/h8T9RVugLvsI
    BDMcUOgem4VWZ8KgNxihM8fvn4RBQDYezEFn+UzRU6ZFHmBEaE6kOdKpH58yphBXCWh
    mutZyghTbBUVP9BuNAIKR4FLFxhK8DjI8j6oX6Gg=

--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

lery, in order to complete your registration or reactivate your account at =
DragonByte Tech | XenForo and vBulletin Mods & Addons (https://www.dragonby=
te-tech.com/), you need to confirm your email address by clicking the butto=
n below.

Confirm your email (https://www.dragonbyte-tech.com/account-c=
onfirmation/lery.21958/email?c=3DfhxRsJXN6rsldFz8)

-------------------=
----------

Visit DragonByte Tech | XenForo and vBulletin Mods & Addons=
: https://www.dragonbyte-tech.com/

--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html lang=3D"en-US" dir=3D"LTR">
<head>
=09<meta htt=
p-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
=09<base=
 href=3D"https://www.dragonbyte-tech.com/">
=09<meta name=3D"viewport" co=
ntent=3D"width=3Ddevice-width, initial-scale=3D1">
=09<meta http-equiv=3D=
"X-UA-Compatible" content=3D"IE=3Dedge">
=09<meta name=3D"format-detectio=
n" content=3D"telephone=3Dno">
=09<title>DragonByte Tech | XenForo and vB=
ulletin Mods &amp; Addons - Account confirmation required</title>
</head>=

<body dir=3D"LTR" leftmargin=3D"0" topmargin=3D"0" marginwidth=3D"0" mar=
ginheight=3D"0" style=3D"margin: 0; padding: 0; word-wrap: break-word; -ms-=
text-size-adjust: 100%; -webkit-text-size-adjust: 100%; background-color: #=
f0f1f3; font-size: 15px; font-family: 'Segoe UI','Helvetica Neue',Helvetica=
,Roboto,Oxygen,Ubuntu,Cantarell,'Fira Sans','Droid Sans',sans-serif; line-h=
eight: 1.4; color: #141414;">

<table id=3D"bodyTable" border=3D"0" wid=
th=3D"100%" height=3D"100%" cellpadding=3D"0" cellspacing=3D"0" style=3D"bo=
rder-spacing: 0; mso-table-lspace: 0pt; mso-table-rspace: 0pt; border-colla=
pse: collapse; height: 100% !important; width: 100% !important; margin: 0; =
padding: 0; background-color: #f0f1f3;">
<tr>
=09<td align=3D"center" v=
align=3D"top" id=3D"bodyTableContainer" style=3D"border-collapse: collapse;=
 background-color: #f0f1f3;">
=09=09<table border=3D"0" width=3D"600" cel=
lpadding=3D"0" cellspacing=3D"0" class=3D"container" dir=3D"LTR" style=3D"b=
order-spacing: 0; mso-table-lspace: 0pt; mso-table-rspace: 0pt; border-coll=
apse: collapse; width: 100%; max-width: 600px;">
=09=09<tr>
=09=09=09<t=
d class=3D"header" align=3D"center" valign=3D"top" style=3D"border-collapse=
: collapse; color: #444e50; padding: 6px 10px; border-top-left-radius: 4px;=
 border-top-right-radius: 4px; font-family: 'Segoe UI','Helvetica Neue',Hel=
vetica,Roboto,Oxygen,Ubuntu,Cantarell,'Fira Sans','Droid Sans',sans-serif; =
font-size: 24px; line-height: 1.4;">
=09=09=09=09<a href=3D"https://www.d=
ragonbyte-tech.com/" style=3D"color: #444e50; text-decoration: none;">Drago=
nByte Tech | XenForo and vBulletin Mods &amp; Addons</a>
=09=09=09</td>=

=09=09</tr>
=09=09<tr>
=09=09=09<td class=3D"content" align=3D"left"=
 valign=3D"top" style=3D"border-collapse: collapse; background-color: #fefe=
fe; border-radius: 2px; color: #141414; padding: 10px; font-size: 15px; fon=
t-family: 'Segoe UI','Helvetica Neue',Helvetica,Roboto,Oxygen,Ubuntu,Cantar=
ell,'Fira Sans','Droid Sans',sans-serif; line-height: 1.4;">

<p style=
=3D"margin-top: 0;">lery, in order to complete your registration or reactiv=
ate your account at <a href=3D"https://www.dragonbyte-tech.com/" style=3D"c=
olor: #2577b1; text-decoration: none;">DragonByte Tech | XenForo and vBulle=
tin Mods &amp; Addons</a>, you need to confirm your email address by clicki=
ng the button below.</p>

<p style=3D"margin-bottom: 0;"><a href=3D"htt=
ps://www.dragonbyte-tech.com/account-confirmation/lery.21958/email?c=3DfhxR=
sJXN6rsldFz8" class=3D"button" style=3D"color: #f0f1f3; text-decoration: no=
ne; display: inline-block; padding: 5px 10px; background-color: #2b3335; bo=
rder: none; border-radius: 4px; font-size: 13px;">Confirm your email</a></p=
>

=09=09=09</td>
=09=09</tr>
=09=09<tr>
=09=09=09<td class=3D"fo=
oter" align=3D"center" valign=3D"top" style=3D"border-collapse: collapse; p=
adding: 6px 10px; text-align: center; color: #8c8c8c; font-size: 13px; font=
-family: 'Segoe UI','Helvetica Neue',Helvetica,Roboto,Oxygen,Ubuntu,Cantare=
ll,'Fira Sans','Droid Sans',sans-serif; line-height: 1.4;">
=09=09=09=09<=
div><a href=3D"https://www.dragonbyte-tech.com/" style=3D"color: #8c8c8c; t=
ext-decoration: underline;">Visit DragonByte Tech | XenForo and vBulletin M=
ods &amp; Addons</a></div>

=09=09=09=09
=09=09=09</td>
=09=09</tr>=

=09=09</table>
=09</td>
</tr>
</table>

</body>
</html>

--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_--

------=_Part_382740_1809377826.1535051711352--
MESSAGE;

$message = new \Zend\Mail\Storage\Message(['raw' => $rawMessage]);

Expected results

We can see the expected results if we change L80 of Header.php from:

if (preg_match('/^\s*$/', $line)) {

To:

if ($line === '') {

In which case, the following is the resulting headers:

array:18 [▼
  "Return-Path" => "<>"
  "Delivered-To" => "bounce@dragonbytetech.com"
  "Received" => "from a7-14.smtp-out.eu-west-1.amazonses.com ([54.240.7.14]:37364) by web02.dragonbyte-tech.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-SHA256:128) (Exim 4.91) id 1fsv5E-000794-0G for bounce@dragonbytetech.com; Thu, 23 Aug 2018 20:15:52 +0100"
  "Envelope-To" => "bounce@dragonbytetech.com"
  "Delivery-Date" => "Thu, 23 Aug 2018 20:15:52 +0100"
  "From" => "MAILER-DAEMON@eu-west-1.amazonses.com"
  "To" => "bounce@dragonbytetech.com"
  "Message-ID" => "<0102016568364366-a3538a5d-dbce-449b-9af3-efc8a9606a34-000000@eu-west-1.amazonses.com>"
  "Subject" => "Delivery Status Notification (Failure)"
  "MIME-Version" => "1.0"
  "Content-Type" => """
    multipart/report;\r\n
     boundary="----=_Part_382740_1809377826.1535051711352";\r\n
     report-type="delivery-status"
    """
  "Date" => "Thu, 23 Aug 2018 19:15:11 +0000"
  "X-SES-Outgoing" => "2018.08.23-54.240.7.14"
  "X-Spam-Status" => "No, score=0.0"
  "X-Spam-Score" => null
  "X-Spam-Bar" => "/"
  "X-Ham-Report" => "Spam detection software, running on the system "web02.dragonbyte-tech.com", has NOT identified this incoming email as spam.  The original message has been attached to this so you can view it or label similar future email.  If you have any questions, see root\@localhost for details.  Content preview:  An error occurred while trying to deliver the mail to the following recipients: dguig.abdelaziz@yahoo.com lery, in order to complete your registration or reactivate your account at DragonByte Tech | X  Content analysis details:   (0.0 points, 5.0 required)  pts rule name              description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no trust [54.240.7.14 listed in list.dnswl.org] 0.0 HTML_MESSAGE           BODY: HTML included in message -0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20% [score: 0.1726]"
  "X-Spam-Flag" => "NO"
]

Actual results

An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 88

Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141
Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99
Zend\Mail\Storage\Part->__construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54
Zend\Mail\Storage\Message->__construct() in test.php at line 227

Is this a change you would be willing to accept, or is there a reason not to accept the header formatting in this case?

chrisdeeming commented 6 years ago

Note the above was tested with Zend Mail 2.4.x.

However with Zend Mail 2.10.0 the issue still exists:

An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 90

Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141
Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99
Zend\Mail\Storage\Part->__construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54
Zend\Mail\Storage\Message->__construct() in test.php at line 227

The changes in #92 aren't enough to fix the issue.

Ocramius commented 6 years ago

Could you provide test scenarios please?

On Fri, 24 Aug 2018, 17:28 Chris Deeming, notifications@github.com wrote:

Note the above was tested with Zend Mail 2.4.x.

However with Zend Mail 2.10.0 the issue still exists:

An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 90

Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141 Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99 Zend\Mail\Storage\Part->construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54 Zend\Mail\Storage\Message->construct() in test.php at line 227

The changes in #92 https://github.com/zendframework/zend-mail/issues/92 aren't enough to fix the issue.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zendframework/zend-mail/issues/218#issuecomment-415794249, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJakCGY6f0wQyrUSUR-ptsoSauik33Yks5uUBuGgaJpZM4WLhRM .

chrisdeeming commented 6 years ago

There's example code in the first comment @Ocramius.

weierophinney commented 4 years ago

This repository has been closed and moved to laminas/laminas-mail; a new issue has been opened at https://github.com/laminas/laminas-mail/issues/25.