You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Nov 17, 2021. It is now read-only.
When presented with long (>998 chars) header lines whose value parts do not contain "higher-level syntactic breaks", Swiftmailer does not attempt to handle them at all, they are simply left as-is, which breaks RFC5322 section 2.1.1, which says:
Each line of characters MUST be no more than 998 characters, and SHOULD be no more than 78 characters, excluding the CRLF.
Swiftmailer thus relies on the discretion and forgiveness of receiving clients and servers to accept such RFC contraventions.
Header lines like this are likely to occur in large headers such as DKIM signatures.
A key reason for this behaviour is that RFC5322 does not provide a clear definition of what to do when this problem occurs. Problems in this area can manifest in two ways, both of which Swiftmailer has run into before: adding unexpected spaces, or removing expected spaces. Neither of those reports have appreciated the underlying problem, and fixing one naively will always result in causing the other.
The example provided sets a very long, unbroken header line, and SwiftMailer simply delivers it untouched:
RFC5322 does not define what to do in this situation, however, an effective solution is to apply RFC2047 encoding (typically only used for representing 8-bit charsets in 7-bit ASCII headers) to long header lines, which allows such headers to be folded losslessly, without breaking their encoded content; this is critical for DKIM with large keys. Apple Mail implements a a textbook example of this approach, and is what I recommend:
Note that this approach may be necessary even when SMTPUTF8 is available, since that spec does not increase line length limits.
Example
<?phprequire_once'./vendor/autoload.php';
// Create the Transport$transport = (newSwift_SmtpTransport('localhost', 25))
->setUsername('your username')
->setPassword('your password')
;
// Create the Mailer using your created Transport$mailer = newSwift_Mailer($transport);
// Create a message with a very long, unbroken subject line$message = (newSwift_Message(str_repeat('a', 1386)))
->setFrom(['john@doe.com' => 'John Doe'])
->setTo(['receiver@domain.org', 'other@domain.org' => 'A name'])
->setBody('Here is the message itself')
;
// Send the message$result = $mailer->send($message);
The text was updated successfully, but these errors were encountered:
One note: while DKIM does indeed result in large headers, the spec for DKIM headers allows for extra spaces in the signature header, see the notes on b and bh elements:
the signing process can safely insert FWS in this value in arbitrary places to conform to line-length limits
This avoids the specific problem raised here, but only for DKIM signature headers. The DKIM-quoted-printable format also provides a workaround for DKIM.
Observed behaviour
This bug was discovered while researching a similar problem in PHPMailer, of which I'm the maintainer.
When presented with long (>998 chars) header lines whose value parts do not contain "higher-level syntactic breaks", Swiftmailer does not attempt to handle them at all, they are simply left as-is, which breaks RFC5322 section 2.1.1, which says:
Swiftmailer thus relies on the discretion and forgiveness of receiving clients and servers to accept such RFC contraventions.
Header lines like this are likely to occur in large headers such as DKIM signatures.
A key reason for this behaviour is that RFC5322 does not provide a clear definition of what to do when this problem occurs. Problems in this area can manifest in two ways, both of which Swiftmailer has run into before: adding unexpected spaces, or removing expected spaces. Neither of those reports have appreciated the underlying problem, and fixing one naively will always result in causing the other.
The example provided sets a very long, unbroken header line, and SwiftMailer simply delivers it untouched:
Expected behaviour
RFC5322 does not define what to do in this situation, however, an effective solution is to apply RFC2047 encoding (typically only used for representing 8-bit charsets in 7-bit ASCII headers) to long header lines, which allows such headers to be folded losslessly, without breaking their encoded content; this is critical for DKIM with large keys. Apple Mail implements a a textbook example of this approach, and is what I recommend:
Note that this approach may be necessary even when SMTPUTF8 is available, since that spec does not increase line length limits.
Example
The text was updated successfully, but these errors were encountered: