[horde] To: and From: formatting problem

Chris bsd at 1command.com
Wed Mar 1 10:13:10 PST 2006 

Quoting Chuck Hagenbuch <chuck at horde.org>:

> Quoting Chris <bsd at 1command.com>:
>
>> It is not my intention to sound disagreeable here. That is not the case at
>> all. I am simply concerned that if I can recieve a colon in the From column/
>> field of my eMail. What's to stop me from recieving a | (pipe) followed by
>> something *less* than desireable? I mean it wasn't *too* hard to manipulate
>> things of this nature in the past. And now seeing this colon, I can't help
>> but wonder why it isn't possible to use (send) other operatos as well. I
>> never saw this in the last version. And given all the current attempts these
>> days; I can't help but wonder. That's all. It does seem reasonable, 
>> don't you
>> think?
>
> No. It may sound possible if you do not understand how email works and
> how Horde works, but that doesn't make it reasonable. You aren't
> understanding what is simply displayed and where there are and are not
> security issues. There is no issue here.

Thanks for your prompt response and all your attention. I do in fact 
understand
how eMail (sendmail in this case) works. What's more I run an RBL. 
However, having
seen all the attempts to foil Horde and friends in the last version. I have
become keenly aware of what is possible with *web*mail and the power of PHP.
So all my previous observations were based on that. When I noticed the 
difference
in the "From:" display, a red flag went up. Noting that *normally* a colon
isn't permitted in a "safe" eMail. However, if Horde (IMP) is simply 
prepending
this "To:" to the eMail address. Than it is a different story. Is this 
the case?
This hasn't been clear.

Thank you again for all your time and consideration in this matter.

--Chris

>
> -chuck
>
> --
> "we are plastered to the windshield of the bus that is time." - Chris
> --
> Horde mailing list - Join the hunt: http://horde.org/bounties/#horde
> Frequently Asked Questions: http://horde.org/faq/
> To unsubscribe, mail: horde-unsubscribe at lists.horde.org
>



----------------------------------------------------------------
FreeBSD 5.5-PRERELEASE (SMP) MAIL04 Fri Feb 24 16:59:38 PST 2006
////////////////////////////////////////////////////////////////

More information about the horde mailing list