The exchange server I am working with is about 10 years old and I have no control over any of its settings. It strips the MIME header on every email's body and I need that MIME header so I was thinking if its possible to put echo statements or some html statements kind of like SQL injections in the input that would add the MIME header before the body. Is this possible?
Nothing can cause the behaviour that you are asking. The MIME header has to be set prior to sending the email.
Even if you have some kind of javascript that injects the MIME into the email header, it would do so after the email is loaded by the client. This would not cause the client to understand the MIME header.
Related
Alert I've seen some people have asked but its usually about CURL, I am asking about sending it via WinSock2.
Alright so I know how to make POST and GET statements pretty easily, (POST with Application/application/x-www-form-urlencoded) but I am not sure how to use multipart/form-data, I know it has something to do with boundary to specify when you are done sending data.
But what should a basic HTTP POST look like for uploading files? (Also can you upload to a PHP POSTBACK? If It was application/x-www-form-urlencoded I could see it something like filename=hello.png&data=...)
Something like this format: (This is all I know about sending the data) I can't find a solid example online so I am asking the question.
POST /postback.php HTTP/1.1
HOST: www.website.com
Content-Type: multipart/form-data; boundary=----IAmABoundary
Content-Length: 300
------IAmABoundary
Send Binary Data?
------IAmABoundary--
Use fiddler to capture uploading a file then you can see the actual format, your example above is more or less right as I recall. Here is a much more complete answer with a good example: Example of multipart/form-data
HTTP messages are MIME messages. It's actually a fairly complex encoding format.
Start by reading RFC 2045. This is the base specification for MIME.
Then, move on to RFC 2046. Section 5 of RFC 2046 lays out the specification for multipart MIME messages, which is used for the multipart/form-data format you're seeing.
It's a lot of material to read through, true. But it is imperative to fully understand MIME-formatted messages in order to have any hope of understand how file uploads work.
if you want to send file content actually you can just put the file content into after the HTTP Headers, and set the content-type and the content-length
multipart/form-data is used by html form to post/submit form that have file in its field, they separated the parts/fields using the multipart boundary
There are a few mail headers that have obvious practical reasons to be included (for example From: and Reply-To:). Then there are headers like MIME-Version: and Message-ID: which seem optional.
Assuming the number of lines of code isn't an issue, what headers should an automatically generated email ideally include? For instance, are there headers which are optional, but including them could prevent getting incorrectly flagged as spam?
what are the security issues about mail.body? i want to know when i want to send an email with a form using php, except the email address that we have to validate that, is there any other security issue about sending emails?
for example, which characters can't be used in the body? what about the header or subject? is there any problem with using new line in the body? is a black list applicable here? also, is it possible that with using some tags like <script> in the body, sending email be failed?
all papers that i have read, only say about validating email address and not more!
im researching about security and i want to know all issues about email security in PHP.
Plain text is basically safe. HTML or (shudder) Flash or PDF has the inherent security problems of those formats. In theory, all mail should be 7bit, but MIME changed that so that internaltional information can be handled. The Wikipedia MIME article is probably a good place to start. http://en.wikipedia.org/wiki/MIME
I'm trying to programmatically parse my Gmail for various indexing functions, and am having trouble finding certain headers that I thought were standard email headers. I'm using the Zend IMAP library, and have no problems with authentication and otherwise viewing/manipulating my Gmail. However, I'm having trouble with some headers missing. For instance
about 1 out of 10 of the messages are missing the "message-id" header, including many sent from other gmail addresses
occasionally, though rarely, the 'content-type','content-disposition', and 'filename' headers are missing from attachment headers. These always seem to be messages that are part of a longer thread of messages.
Can anybody explain why these headers might be missing? If the "message-id" header is missing, what is used as the unique identifier? Perhaps some sort of combination of other headers?
According to RFC 5322:
The only required header fields are the origination date field and the originator address field(s). All other header fields are syntactically optional.
The same RFC says:
Though listed as optional in the table in section 3.6, every message SHOULD have a "Message-ID:" field. Furthermore, reply messages SHOULD have "In-Reply-To:" and "References:" fields as appropriate and as described below.
So Message-ID isn't strictly-speaking mandatory. If it's missing, try looking for either the In-Reply-To or References fields.
Is it possible to send a MIME message as it is, without adding any headers? For example, if I have a correct MIME message with all headers and content saved to a text file, is it possible to use the contents of this file without modification and send it via SMTP?
Apparently both python's SMTP.sendmail and PHP smtp::mail require at least "To:" and "From:", and passing the complete message to these functions doesn't seem to work.
It appears from the documentation that python's SMTP.sendmail should take a sender, a set of recipients, and a verbatim MIME message like the one you have. (The split here between the sender/recipients and the message itself is because you're talking SMTP. The SMTP envelope determines the actual recipients and is actually independent of the message payload.) So you should be good to go with SMTP.sendmail.
You could read up to the first blank line, use those as additional headers, then send the rest in the body.