Use this forum if you have installed hMailServer and want to ask a question related to a production release of hMailServer. Before posting,
please read the troubleshooting guide. A large part of all reported issues are already described in detail here.
-
pik256
- New user
- Posts: 16
- Joined: 2016-05-18 11:25
- Location: Poland
Post
by pik256 » 2017-01-17 13:24
As in subject. This is testing environment to show the ill behaviour:
2 accounts: recipient1 and recipient2 (in fact recipient2 need not to be a local account). Recipient 1 has set forwarding to recipient2 but keeps original message (this is not necessary for bug to occur, just for demonstration). I sent a digitally signed message to recipient1. This is a crucial fragment of the message (with headers):
Code: Select all
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256; boundary="------------ms010609030807050301060903"
This is a cryptographically signed message in MIME format.
--------------ms010609030807050301060903
Content-Type: multipart/mixed;
boundary="------------E71BD78D3288EFDAF7F24D3C"
This is a multi-part message in MIME format.
I cut this from a message on recipient1's account. This is exactly as it was sent and it is correctly digitally signed.
Unfortunately hMail reformats the message before forwarding. This is what I have found on recipient2's account:
Code: Select all
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg=sha-256;
boundary="------------ms010609030807050301060903"
X-hMailServer-LoopCount: 1
This is a cryptographically signed message in MIME format.
--------------ms010609030807050301060903
Content-Type: multipart/mixed; boundary="------------E71BD78D3288EFDAF7F24D3C"
This is a multi-part message in MIME format.
It is syntactically correct but hMail deleted a newline in a multipart header. It is a violation of a digital signature. Recipient2 sees the message as tampered. Digitally signed messages cannot be reformatted.
-
jimimaseye
- Moderator
- Posts: 8953
- Joined: 2011-09-08 17:48
Post
by jimimaseye » 2017-01-17 14:09
Just done a quick test and replicated. The FORWARDING aspect is unimportant as just the formating for delivery to local does the same thing.
Original SENT email source:
[code]From: <user2@jim.com>
To: <user1@jim.co>
Subject: test
Date: Tue, 17 Jan 2017 11:43:47 -0000
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0009_01D270B6.F711E6B0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3538.513
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
This is a multi-part message in MIME format.
------=_NextPart_000_0009_01D270B6.F711E6B0
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_000A_01D270B6.F711E6B0"
------=_NextPart_001_000A_01D270B6.F711E6B0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
this is a test bod
Last line of bod
------=_NextPart_001_000A_01D270B6.F711E6B0
Content-Type: text/html;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 10pt; FONT-FAMILY: 'Arial'; COLOR: #000000">
<DIV>this is a test bod</DIV>
<DIV> </DIV>
<DIV>Last line of bod</DIV></DIV></DIV></BODY></HTML>
------=_NextPart_001_000A_01D270B6.F711E6B0--
------=_NextPart_000_0009_01D270B6.F711E6B0
Content-Type: application/vnd.oasis.opendocument.spreadsheet;
name="BudgetISAcalulatorUntitled 1.ods"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="BudgetISAcalulatorUntitled 1.ods"
[/code]
Received email source:
[code]From: <user2@jim.com>
To: <user1@jim.co>
Subject: test
Date: Tue, 17 Jan 2017 11:43:47 -0000
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----=_NextPart_000_0009_01D270B6.F711E6B0"
X-Priority: 3
X-MSMail-Priority: Normal
Importance: Normal
X-Mailer: Microsoft Windows Live Mail 15.4.3538.513
X-MimeOLE: Produced By Microsoft MimeOLE V15.4.3538.513
X-hMailServer-Reason-Score: 0
This is a multi-part message in MIME format.
------=_NextPart_000_0009_01D270B6.F711E6B0
Content-Type: multipart/alternative; boundary="----=_NextPart_001_000A_01D270B6.F711E6B0"
------=_NextPart_001_000A_01D270B6.F711E6B0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
this is a test bod
Last line of bod
------=_NextPart_001_000A_01D270B6.F711E6B0
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML><HEAD></HEAD>
<BODY dir=3Dltr>
<DIV dir=3Dltr>
<DIV style=3D"FONT-SIZE: 10pt; FONT-FAMILY: 'Arial'; COLOR: #000000">
<DIV>this is a test bod</DIV>
<DIV> </DIV>
<DIV>Last line of bod</DIV></DIV></DIV></BODY></HTML>
------=_NextPart_001_000A_01D270B6.F711E6B0--
------=_NextPart_000_0009_01D270B6.F711E6B0
Content-Type: application/vnd.oasis.opendocument.spreadsheet; name="BudgetISAcalulatorUntitled
1.ods"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; filename="BudgetISAcalulatorUntitled 1.ods"
[/code]
I note that all header/mime inserts such as
Code: Select all
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_000A_01D270B6.F711E6B0"
get reformatted at the semicolon
; to
Code: Select all
Content-Type: multipart/alternative; boundary="----=_NextPart_001_000A_01D270B6.F711E6B0"
5.7 on test.
SpamassassinForWindows 3.4.0 spamd service
AV: Clamwin + Clamd service + sanesecurity defs : https://www.hmailserver.com/forum/viewtopic.php?f=21&t=26829
