Email injection via message body?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I've discovered, while trying to use a Php script to redirect an email
(to my inbox), that my Linux web host has the Php mail() command (uses
sendmail, I believe) scan the body of emails for '\r\nSomeHeaderField:'
and toss them in the bit bucket if a positive match is found.

My question is; why sanitize the body of the message at all?  It is my
understanding that email injection can not be done using the body of a
message, but only by injecting into the header fields (from, to,
subject, ...).

Which is correct?

 Chuck Anderson • Boulder, CO
 Nothing he's got he really needs
 Twenty first century schizoid man.

Re: Email injection via message body?

Chuck Anderson wrote:
Quoted text here. Click to load it

The command itself doesn't do any parsing of the body.  I suspect it
might be your hosts sendmail configuration doing it.

And no reason I know to scan the body of the message for header fields,
other than to antagonize their customers.  MTA's don't parse the body;
they just forward it intact.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Site Timeline