From: "Dave Korn" <dave.korn@artimi.com>
To: "'The one true line-ending'" <cygwin-talk@cygwin.com>
Subject: RE: General Inquiry
Date: Fri, 04 Aug 2006 19:49:00 -0000 [thread overview]
Message-ID: <076101c6b7ff$242a4010$a501a8c0@CAM.ARTIMI.COM> (raw)
In-Reply-To: <eb07g6$99b$2@sea.gmane.org>
On 04 August 2006 20:35, mwoehlke wrote:
> George wrote:
>> On Fri, Aug 04, 2006 at 04:40:34PM +0100, Dave Korn wrote:
>>> On 04 August 2006 16:31, Steve Doherty wrote:
>>>
>>> Generic response.
>>
>> You didn't read the headers:
>>
>>> Content-Type: text/plain
>>> Content-Transfer-Encoding: 8bit Hello sales, Good day and Am Steve
>>> Doherty from [snip]
>
> Aw, you ruined it... it was much funnier when it was just empty.
>
> Wow... that's the first time I've seen a MESSAGE in a header
> (Content-Transfer-Encoding??). I've seen people muck with the 'from'
> headers, but nothing like this. It looks like it's either unintentional
> (broken mailer?), or ...maybe just a way to get around spam filters
> (though not a very effective one)?
No, it's a bodged-up mailer. Wrong kind of line-end between the headers and
body. Let's take a look: here's my interpetation of what happened:
Received: from sourceware.org ([209.132.176.174]) by mail.artimi.com with
Microsoft SMTPSVC(6.0.3790.1830);
Fri, 4 Aug 2006 16:31:30 +0100
Received: (qmail 14910 invoked by alias); 4 Aug 2006 15:31:26 -0000
Received: (qmail 14903 invoked by uid 22791); 4 Aug 2006 15:31:26 -0000
X-Spam-Check-By: sourceware.org
Received: from ns1.ultrahaus.srv.br (HELO ultrahost.ultrahaus.com)
(70.86.10.130) by sourceware.org (qpsmtpd/0.31) with ESMTP; Fri, 04 Aug
2006 15:31:22 +0000
Received: from ultrahost ([70.86.10.130]) by ultrahost.ultrahaus.com with
Microsoft SMTPSVC(6.0.3790.1830); Fri, 4 Aug 2006 12:31:21 -0300
All that ^^^ was added in flight after the spammer sent it.
Date: Fri, 04 Aug 2006 12:31:21 -0300
Subject: General Inquiry
To: cygwin@cygwin
From: Steve Doherty <steve_doherty006@UnionPlus.net>
Reply-To: steve_doherty006@UnionPlus.net
MIME-Version: 1.0
Content-Type: text/plain
Content-Transfer-Encoding: 8bit Hello sales, Good day and Am Steve Doherty
from FAITH SUPPLIES and i will like to purchase some of your product to one of
my best customer in West African and i will like to place an International
Order with you regard shipment to My Customer in West Africa Like South
Africa and Nigeria and i will like to know if you do ship Via the United Post
Service ( USPS ) and EMS .Or Fedex Express Payment terms are " Visa and Master
Card". I will want you to get back to me with your website if my payment terms
is Ok by you . Regard. Steve Doherty
This is what the spammer sent. Because s/h/it used an LF after the C-T-E
header, and because some but not all mail servers /insist/ on you using
CR-LF, as per the rfc, rather than any old LF on its own, this was taken as
one continuous line with a pair of non-printing control chars in the middle,
rather than a CTE - blank-line-separator - message body sequence.
Message-ID: <ULTRAHOSTXLPEnq6nLB0000b8d1@ultrahost.ultrahaus.com>
Spammer successfully sent a period on a line by itself after the message
body, thus the smtp server thought that a bunch of headers with no body had
been sent; it added its own Message-ID to (what it thought were just) the
headers, and sent it on.
Mailing-List: contact cygwin-help@cygwin
Snip the rest: added at sourceware.org
BTW, just as a side point to the debate on the main list about EOL handling:
the smtp rfc, 2822, (and the http one as well, but I forget which number) both
mandate CR-LF line endings. Considering that 2822 is derived from 822, which
was published in 1982 before there ever was such a thing as MS-DOS, I consider
that CR-LF is a Unix and IETF standard line-ending. Funny, that!
cheers,
DaveK
--
Can't think of a witty .sigline today....
next prev parent reply other threads:[~2006-08-04 19:49 UTC|newest]
Thread overview: 23+ messages / expand[flat|nested] mbox.gz Atom feed top
2006-08-04 15:40 Dave Korn
2006-08-04 16:34 ` George
2006-08-04 19:35 ` mwoehlke
2006-08-04 19:49 ` Dave Korn [this message]
2006-08-04 20:27 ` George
2006-08-04 20:55 ` mwoehlke
2006-08-05 0:25 ` George
2006-08-05 0:44 ` Igor Peshansky
2006-08-07 9:16 ` Dave Korn
2006-08-04 22:51 ` Robert Pendell
2006-08-04 23:12 ` mwoehlke
2006-08-06 16:54 ` Robert Pendell
2006-08-07 18:58 ` Robert Pendell
[not found] <ULTRAHOSTXLPEnq6nLB0000b8d1@ultrahost.ultrahaus.com>
2006-08-04 15:53 ` mwoehlke
2006-08-04 16:16 ` Dave Korn
2006-08-04 19:28 ` mwoehlke
2006-08-04 19:34 ` Douglas W. Goodall
2006-08-04 19:45 ` Dave Korn
2006-08-04 20:48 ` mwoehlke
2006-08-04 23:22 ` Gary R. Van Sickle
2006-08-05 20:25 ` Douglas W. Goodall
2006-08-06 1:43 ` One Angry User
2006-08-04 17:44 Yitzchak Scott-Thoennes
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='076101c6b7ff$242a4010$a501a8c0@CAM.ARTIMI.COM' \
--to=dave.korn@artimi.com \
--cc=cygwin-talk@cygwin.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).