MIME encodings when dealing with adding the footer

MIME encodings when dealing with adding the footer

[Peter Volkov]

[-- Attachment #1: Type: text/plain, Size: 1175 bytes --]

Hello, list.

There is a problem in the current version of mlmmj in handling footer
which in combination of gmail effectively makes impossible usage of this
feature. In short if you have mail mime encoded (which happens very
often this days) footer like this:

[footer]
-- 
gentoo-doc-ru@gentoo.org mailing list
[/footer]

will be displayed in evolution as 

�│ИМ╒▀╛z╨Н│ИМ╒┼+┌f╒√)Ю√+-

But the worst thing is that our Russian users reported that it
completely impossible to read such messages in gmail. See bug
bugs.gentoo.org/173159 for additional details. And quoting Robin Johnson
for the mentioned bug:

============================================================
The best fix would be, if the body has a non-plaintext type, add the
footer in another MIME block, rather than trying to add it to the
existing block.
============================================================

This is still the issue with net-mail/mlmmj-1.2.14, but I do not see any
flag in ChangeLog that this is fixed in 1.2.15. So the question is are
there any plans to fix this issue?

Thank you very much for your time,
-- 
Peter.

[-- Attachment #2: Эта часть сообщения подписана цифровой подписью --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: MIME encodings when dealing with adding the footer

[Morten K. Poulsen]

On Thu, 2007-12-13 at 13:07 +0300, Peter Volkov wrote:
> There is a problem in the current version of mlmmj in handling footer
> which in combination of gmail effectively makes impossible usage of this
> feature. In short if you have mail mime encoded
...
> The best fix would be, if the body has a non-plaintext type, add the
> footer in another MIME block, rather than trying to add it to the
> existing block.
...
> are there any plans to fix this issue?

Short answer: no.

Long answer: MIME parsing has been a source of vulnerabilities in almost
every single piece of software which attempts to parse MIME encoded
messages. Mlmmj can - in any normal installation - be triggered
remotely. It's a trade-off. I have made the decision to leave out MIME
parsing. I do not plan to add it, nor do I plan to accept patches which
add it.

However, Sascha Sommer has contributed a version of mlmmj-recieve [sic]
which can strip unwanted mime parts. It might be possible to extend it
to also add MIME encoded footers.

Morten

Re: MIME encodings when dealing with adding the footer

[Peter Volkov]

[-- Attachment #1: Type: text/plain, Size: 638 bytes --]

В Чтв, 13/12/2007 в 11:31 +0100, Morten K. Poulsen пишет:
> Long answer: MIME parsing has been a source of vulnerabilities in almost
> every single piece of software which attempts to parse MIME encoded
> messages. Mlmmj can - in any normal installation - be triggered
> remotely. It's a trade-off. I have made the decision to leave out MIME
> parsing. I do not plan to add it, nor do I plan to accept patches which
> add it.

Morten, but then footer feature should be dropped from mlmmj as it does
not work and breaks mails. Or at least big red notice should be added...
What do you think about this?

-- 
Peter.

[-- Attachment #2: Эта часть сообщения подписана цифровой подписью --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: MIME encodings when dealing with adding the footer

[Morten K. Poulsen]

On Thu, 2007-12-13 at 14:18 +0300, Peter Volkov wrote:
> В Чтв, 13/12/2007 в 11:31 +0100, Morten K. Poulsen пишет:
> > Long answer: MIME parsing has been a source of vulnerabilities in almost
> > every single piece of software which attempts to parse MIME encoded
> > messages. Mlmmj can - in any normal installation - be triggered
> > remotely. It's a trade-off. I have made the decision to leave out MIME
> > parsing. I do not plan to add it, nor do I plan to accept patches which
> > add it.
> 
> Morten, but then footer feature should be dropped from mlmmj as it does
> not work and breaks mails. Or at least big red notice should be added...
> What do you think about this?

Yes, a word of warning in the readme might be a good idea.

Morten

Re: MIME encodings when dealing with adding the footer

[Robin H. Johnson]

[-- Attachment #1: Type: text/plain, Size: 1730 bytes --]

On Thu, Dec 13, 2007 at 12:49:14PM +0100, Morten K. Poulsen wrote:
> On Thu, 2007-12-13 at 14:18 +0300, Peter Volkov wrote:
> > ?? ??????, 13/12/2007 ?? 11:31 +0100, Morten K. Poulsen ??????????:
> > > Long answer: MIME parsing has been a source of vulnerabilities in almost
> > > every single piece of software which attempts to parse MIME encoded
> > > messages. Mlmmj can - in any normal installation - be triggered
> > > remotely. It's a trade-off. I have made the decision to leave out MIME
> > > parsing. I do not plan to add it, nor do I plan to accept patches which
> > > add it.
> > Morten, but then footer feature should be dropped from mlmmj as it does
> > not work and breaks mails. Or at least big red notice should be added...
> > What do you think about this?
> Yes, a word of warning in the readme might be a good idea.
Could we have a limited feature then:
- If we think it is NOT safe to add the footer, then do not add it.

Cases where it is not safe:
1. The mail has more than one MIME part (not parse, just read the mail
headers).
2. The mail is not MIME, but is not safe encoding to muck with.

#2 was Peter's original case that he reported to me for the Gentoo lists,
a mail having the following headers:
Content-Transfer-Encoding: base64
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline

Should NOT get a plaintext footer added, because it would cause the
base64 to not decode.

Here's a mail where mlmmj did this and causes gmail to screw up:
http://bugs.gentoo.org/attachment.cgi?id=115401

-- 
Robin Hugh Johnson
Gentoo Linux Developer & Infra Guy
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

[-- Attachment #2: Type: application/pgp-signature, Size: 321 bytes --]

Re: MIME encodings when dealing with adding the footer

[Morten K. Poulsen]

On Thu, 2007-12-13 at 04:02 -0800, Robin H. Johnson wrote:
...
> > > ?? ??????, 13/12/2007 ?? 11:31 +0100, Morten K. Poulsen ??????????:
...
> > > > I have made the decision to leave out MIME parsing. I do
> > > > not plan to add it, nor do I plan to accept patches which
> > > > add it.
...
> Could we have a limited feature then:
> - If we think it is NOT safe to add the footer, then do not add it.

Yes, that would be possible to implement. And it is a good idea.

> Cases where it is not safe:
> 1. The mail has more than one MIME part (not parse, just read the mail
> headers).

Technically it *is* safe to add text in the MIME epilogue.

> 2. The mail is not MIME, but is not safe encoding to muck with.
> 
> #2 was Peter's original case that he reported to me for the Gentoo lists,
> a mail having the following headers:
> Content-Transfer-Encoding: base64
> Content-Type: text/plain; charset="utf-8"
> Content-Disposition: inline
> 
> Should NOT get a plaintext footer added, because it would cause the
> base64 to not decode.

You are right, we should not add a plain text footer to mails with an
unknown Content-Transfer-Encoding. We could encode it, if the mail is in
a known encoding (quoted-printable, base64). Patches are, as always,
very welcome :-)

Morten

Re: MIME encodings when dealing with adding the footer

[Jakob Hirsch]

Hi,

> There is a problem in the current version of mlmmj in handling footer

This is a known issue, see this thread following
http://mlmmj.mmj.dk/archives/mlmmj/2005-07/0357.html

A while ago, I wrote a patch to fix this, but unfortunately it was
rejected and there was obviously no interest to discuss this (or even
write a warning that the footer feature is broken):
http://mlmmj.mmj.dk/archives/mlmmj/2006-09/0794.html

So, the official solution seems to be: Use some external wrapper
program. How, which? Your problem.