Incorrect size calculations on bogus messages

Carson Gaspar carson at
Thu Jun 25 14:29:38 EDT 2009

Ken Murchison wrote:
> I wonder if we should just reject these messages in lmtpd.

I wouldn't complain. When I was at Morgan Stanley I worked with Victor 
Duchovny on a MIME canonicalizer. We discovered all _sorts_ of 
"interesting" MIME and base64 issues. It is possible to create a mail 
message in such a way that 6 different mail clients will see 6 different 
attachments. If you realize that your antivirus is just such a client, 
the security issues quickly become apparent...

And don't get me started on the ZIP format...


More information about the Cyrus-devel mailing list