Double Carriage return breaks header ..

John Fawcett johnml at
Sun May 29 03:06:19 EDT 2005

Patrik Henningsson wrote:

>>I've had a look at reproducing this, but can't. Can someone send me
>>the full text of a message which exhibits this behaviour.
> Try this:
> echo -e "Subject: TEST\r\r\n" | sendmail johnml at
I found out that as I'm using amavis, the message arrives ok.
Amavis "corrects" the bad header and adds an additional header:

X-Amavis-Alert: BAD HEADER Improper use of control character (char 0D
hex) in message header 'Subject'
     Subject: TEST\r\n ^

If I take amavis out of the equation I see the same behaviour as you.

I can confirm this is nothing to do with spool_copy_msg().
When spool_copy_msg() receives the input stream, the headers have
all been previous read from the stream.

The interpretation of the end of headers is in
spool_fill_hdrcache(), when a call to parseheader() returns without
a header name filled in.

It seems as though parseheader() will accept (apart from the correct
\r\n) also bare \r or bare \n as the end of a line and outputs \r\n.

Removing bare \r instead of interpreting as "end of line" can
probably be addressed in parseheader(), but why have
logic to correct bare \r and bare \n in two different places
(for headers in parseheader() and for bodies in spool_copy_msg()).
This is a problem common to  headers and bodies so really this needs
a more structural change. General character checking and correcting
should be done by passing the stream through a filter function, then
parseheader() and spool_copy_msg() would only have to worry about
dealing with well-formed messages or carrying out checks which are
specific to headers or bodies.

An advantage of this would also be to introduce the nul char
check into headers which is only present in spool_copy_msg().

I think before anyone does a patch some guidance is needed from
a project committer to avoid going the wrong way.

Cyrus Home Page:
Cyrus Wiki/FAQ:
List Archives/Info:

More information about the Info-cyrus mailing list