Zend Mail does not conform with RFC2822 by not accepting content which contains additional extra lines.

[chrisdeeming]

• [???] I was not able to find an open or closed issue matching what I'm seeing.
• [???] This is not a question. (Questions should be asked on chat (Signup here) or our forums.)

Spamassassin in cPanel seems to be appending an X-Ham-Report header to emails which Zend Mail can't handle properly due to the existence of additional extra lines.

In our opinion this seems to be a rather over-zealous interpretation of RFC2822:

Earlier versions of this standard allowed for different (usually more liberal) syntax than is allowed in this version. Also, there have been syntactic elements used in messages on the Internet whose interpretation have never been documented. Though some of these syntactic forms MUST NOT be generated according to the grammar in section 3, they MUST be accepted and parsed by a conformant receiver. This section documents many of these syntactic elements. Taking the grammar in section 3 and adding the definitions presented in this section will result in the grammar to use for interpretation of messages.

(Emphasis mine)

Example to follow.

Code to reproduce the issue

$rawMessage = <<<MESSAGE
Return-Path: <>
Delivered-To: [email protected]
Received: from web02.dragonbyte-tech.com
    by web02.dragonbyte-tech.com with LMTP id QOusMegHf1veawAAmma+EA
    for <[email protected]>; Thu, 23 Aug 2018 20:15:52 +0100
Return-path: <>
Envelope-to: [email protected]
Delivery-date: Thu, 23 Aug 2018 20:15:52 +0100
Received: from a7-14.smtp-out.eu-west-1.amazonses.com ([54.240.7.14]:37364)
    by web02.dragonbyte-tech.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-SHA256:128)
    (Exim 4.91)
    id 1fsv5E-000794-0G
    for [email protected]; Thu, 23 Aug 2018 20:15:52 +0100
From: [email protected]
To: [email protected]
Message-ID: <0102016568364366-a3538a5d-dbce-449b-9af3-efc8a9606a34-000000@eu-west-1.amazonses.com>
Subject: Delivery Status Notification (Failure)
MIME-Version: 1.0
Content-Type: multipart/report; 
    boundary="----=_Part_382740_1809377826.1535051711352"; 
    report-type=delivery-status
Date: Thu, 23 Aug 2018 19:15:11 +0000
X-SES-Outgoing: 2018.08.23-54.240.7.14
X-Spam-Status: No, score=0.0
X-Spam-Score: 0
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "web02.dragonbyte-tech.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 
 Content preview:  An error occurred while trying to deliver the mail to the
   following recipients: [email protected] lery, in order to complete
    your registration or reactivate your account at DragonByte Tech | X
 
 Content analysis details:   (0.0 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
                             trust
                             [54.240.7.14 listed in list.dnswl.org]
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20%
                             [score: 0.1726]
X-Spam-Flag: NO

------=_Part_382740_1809377826.1535051711352
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Description: Notification

An error occurred while trying to deliver the mail to the following recipients:
[email protected]
------=_Part_382740_1809377826.1535051711352
Content-Type: message/delivery-status
Content-Transfer-Encoding: 7bit
Content-Description: Delivery Status Notification

Reporting-MTA: dsn; a4-1.smtp-out.eu-west-1.amazonses.com

Action: failed
Final-Recipient: rfc822; [email protected]
Diagnostic-Code: smtp; 554 delivery error: dd This user doesn't have a yahoo.com account ([email protected]) [0] - mta4348.mail.ne1.yahoo.com
Status: 5.3.0


------=_Part_382740_1809377826.1535051711352
Content-Type: message/rfc822
Content-Description: Undelivered Message

Message-ID: <0102016568363c3e-3d406e9f-3e9c-436f-b0dd-3217ee47f9cb-000000@eu-west-1.amazonses.com>
Date: Thu, 23 Aug 2018 19:15:09 +0000
Subject: DragonByte Tech | XenForo and vBulletin Mods & Addons - Account
 confirmation required
From: DragonByte Tech | XenForo and vBulletin Mods & Addons
 <[email protected]>
To: lery <[email protected]>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_"
X-To-Validate: [email protected]
X-SES-Outgoing: 2018.08.23-54.240.4.3
Feedback-ID: 1.eu-west-1.rqFLe/K6Rujqlv0M0C8a4TCJipFLr43+F05d3mJRahs=:AmazonSES
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=uku4taia5b5tsbglxyj6zym32efj7xqv; d=amazonses.com; t=1535051709;
    h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type:Feedback-ID;
    bh=mCG0qMdQ/AUskt/Z/ABLfJl5lil6VxPg4UB+ky7cqMY=;
    b=QjLq5b76bEbznuPhO9fupk97DdUtOEvBA8oDnbKX9nQKxddC+/7/h8T9RVugLvsI
    BDMcUOgem4VWZ8KgNxihM8fvn4RBQDYezEFn+UzRU6ZFHmBEaE6kOdKpH58yphBXCWh
    mutZyghTbBUVP9BuNAIKR4FLFxhK8DjI8j6oX6Gg=


--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

lery, in order to complete your registration or reactivate your account at =
DragonByte Tech | XenForo and vBulletin Mods & Addons (https://www.dragonby=
te-tech.com/), you need to confirm your email address by clicking the butto=
n below.

Confirm your email (https://www.dragonbyte-tech.com/account-c=
onfirmation/lery.21958/email?c=3DfhxRsJXN6rsldFz8)

-------------------=
----------

Visit DragonByte Tech | XenForo and vBulletin Mods & Addons=
: https://www.dragonbyte-tech.com/

--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html lang=3D"en-US" dir=3D"LTR">
<head>
=09<meta htt=
p-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
=09<base=
 href=3D"https://www.dragonbyte-tech.com/">
=09<meta name=3D"viewport" co=
ntent=3D"width=3Ddevice-width, initial-scale=3D1">
=09<meta http-equiv=3D=
"X-UA-Compatible" content=3D"IE=3Dedge">
=09<meta name=3D"format-detectio=
n" content=3D"telephone=3Dno">
=09<title>DragonByte Tech | XenForo and vB=
ulletin Mods &amp; Addons - Account confirmation required</title>
</head>=

<body dir=3D"LTR" leftmargin=3D"0" topmargin=3D"0" marginwidth=3D"0" mar=
ginheight=3D"0" style=3D"margin: 0; padding: 0; word-wrap: break-word; -ms-=
text-size-adjust: 100%; -webkit-text-size-adjust: 100%; background-color: #=
f0f1f3; font-size: 15px; font-family: 'Segoe UI','Helvetica Neue',Helvetica=
,Roboto,Oxygen,Ubuntu,Cantarell,'Fira Sans','Droid Sans',sans-serif; line-h=
eight: 1.4; color: #141414;">

<table id=3D"bodyTable" border=3D"0" wid=
th=3D"100%" height=3D"100%" cellpadding=3D"0" cellspacing=3D"0" style=3D"bo=
rder-spacing: 0; mso-table-lspace: 0pt; mso-table-rspace: 0pt; border-colla=
pse: collapse; height: 100% !important; width: 100% !important; margin: 0; =
padding: 0; background-color: #f0f1f3;">
<tr>
=09<td align=3D"center" v=
align=3D"top" id=3D"bodyTableContainer" style=3D"border-collapse: collapse;=
 background-color: #f0f1f3;">
=09=09<table border=3D"0" width=3D"600" cel=
lpadding=3D"0" cellspacing=3D"0" class=3D"container" dir=3D"LTR" style=3D"b=
order-spacing: 0; mso-table-lspace: 0pt; mso-table-rspace: 0pt; border-coll=
apse: collapse; width: 100%; max-width: 600px;">
=09=09<tr>
=09=09=09<t=
d class=3D"header" align=3D"center" valign=3D"top" style=3D"border-collapse=
: collapse; color: #444e50; padding: 6px 10px; border-top-left-radius: 4px;=
 border-top-right-radius: 4px; font-family: 'Segoe UI','Helvetica Neue',Hel=
vetica,Roboto,Oxygen,Ubuntu,Cantarell,'Fira Sans','Droid Sans',sans-serif; =
font-size: 24px; line-height: 1.4;">
=09=09=09=09<a href=3D"https://www.d=
ragonbyte-tech.com/" style=3D"color: #444e50; text-decoration: none;">Drago=
nByte Tech | XenForo and vBulletin Mods &amp; Addons</a>
=09=09=09</td>=

=09=09</tr>
=09=09<tr>
=09=09=09<td class=3D"content" align=3D"left"=
 valign=3D"top" style=3D"border-collapse: collapse; background-color: #fefe=
fe; border-radius: 2px; color: #141414; padding: 10px; font-size: 15px; fon=
t-family: 'Segoe UI','Helvetica Neue',Helvetica,Roboto,Oxygen,Ubuntu,Cantar=
ell,'Fira Sans','Droid Sans',sans-serif; line-height: 1.4;">

<p style=
=3D"margin-top: 0;">lery, in order to complete your registration or reactiv=
ate your account at <a href=3D"https://www.dragonbyte-tech.com/" style=3D"c=
olor: #2577b1; text-decoration: none;">DragonByte Tech | XenForo and vBulle=
tin Mods &amp; Addons</a>, you need to confirm your email address by clicki=
ng the button below.</p>

<p style=3D"margin-bottom: 0;"><a href=3D"htt=
ps://www.dragonbyte-tech.com/account-confirmation/lery.21958/email?c=3DfhxR=
sJXN6rsldFz8" class=3D"button" style=3D"color: #f0f1f3; text-decoration: no=
ne; display: inline-block; padding: 5px 10px; background-color: #2b3335; bo=
rder: none; border-radius: 4px; font-size: 13px;">Confirm your email</a></p=
>

=09=09=09</td>
=09=09</tr>
=09=09<tr>
=09=09=09<td class=3D"fo=
oter" align=3D"center" valign=3D"top" style=3D"border-collapse: collapse; p=
adding: 6px 10px; text-align: center; color: #8c8c8c; font-size: 13px; font=
-family: 'Segoe UI','Helvetica Neue',Helvetica,Roboto,Oxygen,Ubuntu,Cantare=
ll,'Fira Sans','Droid Sans',sans-serif; line-height: 1.4;">
=09=09=09=09<=
div><a href=3D"https://www.dragonbyte-tech.com/" style=3D"color: #8c8c8c; t=
ext-decoration: underline;">Visit DragonByte Tech | XenForo and vBulletin M=
ods &amp; Addons</a></div>

=09=09=09=09
=09=09=09</td>
=09=09</tr>=

=09=09</table>
=09</td>
</tr>
</table>

</body>
</html>

--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_--


------=_Part_382740_1809377826.1535051711352--
MESSAGE;

$message = new \Zend\Mail\Storage\Message(['raw' => $rawMessage]);

Expected results

We can see the expected results if we change L80 of Header.php from:

if (preg_match('/^\s*$/', $line)) {

To:

if ($line === '') {

In which case, the following is the resulting headers:

array:18 [???
  "Return-Path" => "<>"
  "Delivered-To" => "[email protected]"
  "Received" => "from a7-14.smtp-out.eu-west-1.amazonses.com ([54.240.7.14]:37364) by web02.dragonbyte-tech.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-SHA256:128) (Exim 4.91) id 1fsv5E-000794-0G for [email protected]; Thu, 23 Aug 2018 20:15:52 +0100"
  "Envelope-To" => "[email protected]"
  "Delivery-Date" => "Thu, 23 Aug 2018 20:15:52 +0100"
  "From" => "[email protected]"
  "To" => "[email protected]"
  "Message-ID" => "<0102016568364366-a3538a5d-dbce-449b-9af3-efc8a9606a34-000000@eu-west-1.amazonses.com>"
  "Subject" => "Delivery Status Notification (Failure)"
  "MIME-Version" => "1.0"
  "Content-Type" => """
    multipart/report;\r\n
     boundary="----=_Part_382740_1809377826.1535051711352";\r\n
     report-type="delivery-status"
    """
  "Date" => "Thu, 23 Aug 2018 19:15:11 +0000"
  "X-SES-Outgoing" => "2018.08.23-54.240.7.14"
  "X-Spam-Status" => "No, score=0.0"
  "X-Spam-Score" => null
  "X-Spam-Bar" => "/"
  "X-Ham-Report" => "Spam detection software, running on the system "web02.dragonbyte-tech.com", has NOT identified this incoming email as spam.  The original message has been attached to this so you can view it or label similar future email.  If you have any questions, see root\@localhost for details.  Content preview:  An error occurred while trying to deliver the mail to the following recipients: [email protected] lery, in order to complete your registration or reactivate your account at DragonByte Tech | X  Content analysis details:   (0.0 points, 5.0 required)  pts rule name              description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no trust [54.240.7.14 listed in list.dnswl.org] 0.0 HTML_MESSAGE           BODY: HTML included in message -0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20% [score: 0.1726]"
  "X-Spam-Flag" => "NO"
]

Actual results

An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 88

Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141
Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99
Zend\Mail\Storage\Part->__construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54
Zend\Mail\Storage\Message->__construct() in test.php at line 227

Is this a change you would be willing to accept, or is there a reason not to accept the header formatting in this case?

[chrisdeeming]

Note the above was tested with Zend Mail 2.4.x.

However with Zend Mail 2.10.0 the issue still exists:

An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 90

Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141
Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99
Zend\Mail\Storage\Part->__construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54
Zend\Mail\Storage\Message->__construct() in test.php at line 227

The changes in #92 aren't enough to fix the issue.

[Ocramius]

Could you provide test scenarios please?

On Fri, 24 Aug 2018, 17:28 Chris Deeming, [email protected] wrote:

Note the above was tested with Zend Mail 2.4.x.

However with Zend Mail 2.10.0 the issue still exists:

An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 90

Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141 Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99 Zend\Mail\Storage\Part->__construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54 Zend\Mail\Storage\Message->__construct() in test.php at line 227

The changes in #92 https://github.com/zendframework/zend-mail/issues/92 aren't enough to fix the issue.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/zendframework/zend-mail/issues/218#issuecomment-415794249, or mute the thread https://github.com/notifications/unsubscribe-auth/AAJakCGY6f0wQyrUSUR-ptsoSauik33Yks5uUBuGgaJpZM4WLhRM .

[chrisdeeming]

There's example code in the first comment @Ocramius.

[weierophinney]

This repository has been closed and moved to laminas/laminas-mail; a new issue has been opened at https://github.com/laminas/laminas-mail/issues/25.