On Sat, 16 Feb 2002, Valentijn Sessink wrote: > A couple of people seemed to think that simply interpreting all <CR>'s with > <CRLF>'s should solve the issue, however, that makes things worse, as the > scanner will now be forced to look "the outlook way". I initially made my scanner emulate the Outlook bug; now I see it's the wrong thing to do. I believe the only sane way to handle these kinds of malformed messages is: 1) Reject any message with suspicious characters in the headers (e.g., embedded CR's.) It's pointless for a server-based scanner to try to out-think all the different mail user agents out there. 2) Completely rebuild all incoming messages. The server-based scanner should parse the MIME as best it can, build its own data structure, and then rebuild the message using valid MIME. That way, MUA's are quite likely to "see" the same message that the scanner did. I have implemented these procedures in MIMEDefang; see http://www.roaringpenguin.com/mimedefang/lookout.html for more details. Regards, David.
