0005181: SOGo mails modified by some mail relay servers: S/MIME signature broken - SOGo

ID	Project	Category	View Status	Date Submitted	Last Update

0005181	SOGo	SOPE	public	2020-10-02 12:56	2020-10-02 12:56

Reporter	schmirl	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Product Version	4.3.2

Summary	0005181: SOGo mails modified by some mail relay servers: S/MIME signature broken
Description	I noticed that sometimes the signatures of SOGo signed mails are reported as broken (on any mailclient, so not related to 0004634). It turned out that indeed the mail is modified in transit: Some of the Content-Length MIME part headers were stripped in transit. I was able to track it back to sendmail-based relay servers (others might behave the same way) and indeed, in its default configuration sendmail strips this header. While this is clearly something to be discussed with the sendmail guys, too, the Content-Length header is not specified for email: https://tools.ietf.org/html/rfc4021 (not mentioned in there) https://tools.ietf.org/html/rfc2076#appendix-A (listed below "Not Internet standard") Browsing through my imap folders, no other MUA seems to set this header. As nobody can control through which relay servers a mail is forwarded, SOGo should stop adding this header.
Steps To Reproduce	Send a SOGo mail in HTML format (multipart/alternative) with an attachment through a sendmail based SMTP relay Compare the email source in Sent-folder with the email source on the recipient side: Content-length of the attachment was removed Repeat the test and have SOGo sign the mail: Mail will be reported as modified by the reciepient (tested Outlook and SOGo)
Additional Information	Proposed patch attached. It turned out that it's not that easy to find all places reponsible for adding a Content-Length header to the individual parts. So this patch simply skips the header while writing the content.
Tags	S/MIME

schmirl

2020-10-02 12:56

reporter

SOPE-drop_content-length.patch (845 bytes)

--- sope-mime/NGMime/NGMimePartGenerator.m.orig	2019-12-17 21:34:06.000000000 +0100
+++ sope-mime/NGMime/NGMimePartGenerator.m	2020-10-02 09:42:47.030375229 +0200
@@ -258,6 +258,9 @@
     NSEnumerator *enumerator;
     BOOL         reset;
     
+    if ([headerFieldName isEqualToString:@"content-length"])
+      continue;
+
     if ([[_additionalHeaders objectsForKey:headerFieldName] count] > 0) {
       enumerator = [addHeaders objectEnumeratorForKey:headerFieldName];
       reset = YES;
@@ -274,6 +277,9 @@
   
   headerFieldNames = [addHeaders keyEnumerator];
   while ((headerFieldName = [headerFieldNames nextObject]) != nil) {
+    if ([headerFieldName isEqualToString:@"content-length"])
+      continue;
+
     [self appendHeaderField:headerFieldName
 	  values:[addHeaders objectEnumeratorForKey:headerFieldName]
 	  toData:data];

SOPE-drop_content-length.patch (845 bytes)

Date Modified	Username	Field
2020-10-02 12:56	schmirl	New Issue
2020-10-02 12:56	schmirl	Tag Attached: S/MIME
2020-10-02 12:56	schmirl	File Added: SOPE-drop_content-length.patch

View Issue Details

Activities

Issue History