Zend Mail does not conform with RFC2822 by not accepting content which contains additional extra lines.

[chrisdeeming]

• [✅] I was not able to find an open or closed issue matching what I'm seeing.
• [✅] This is not a question. (Questions should be asked on chat (Signup here) or our forums.)

Spamassassin in cPanel seems to be appending an X-Ham-Report header to emails which Zend Mail can't handle properly due to the existence of additional extra lines.

In our opinion this seems to be a rather over-zealous interpretation of RFC2822:

Earlier versions of this standard allowed for different (usually more
liberal) syntax than is allowed in this version. Also, there have
been syntactic elements used in messages on the Internet whose
interpretation have never been documented. Though some of these
syntactic forms MUST NOT be generated according to the grammar in
section 3, they MUST be accepted and parsed by a conformant receiver.
This section documents many of these syntactic elements. Taking the
grammar in section 3 and adding the definitions presented in this
section will result in the grammar to use for interpretation of
messages.

(Emphasis mine)

Example to follow.

Code to reproduce the issue

$rawMessage = <<<MESSAGE
Return-Path: <>
Delivered-To: bounce@dragonbytetech.com
Received: from web02.dragonbyte-tech.com
    by web02.dragonbyte-tech.com with LMTP id QOusMegHf1veawAAmma+EA
    for <bounce@dragonbytetech.com>; Thu, 23 Aug 2018 20:15:52 +0100
Return-path: <>
Envelope-to: bounce@dragonbytetech.com
Delivery-date: Thu, 23 Aug 2018 20:15:52 +0100
Received: from a7-14.smtp-out.eu-west-1.amazonses.com ([54.240.7.14]:37364)
    by web02.dragonbyte-tech.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-SHA256:128)
    (Exim 4.91)
    id 1fsv5E-000794-0G
    for bounce@dragonbytetech.com; Thu, 23 Aug 2018 20:15:52 +0100
From: MAILER-DAEMON@eu-west-1.amazonses.com
To: bounce@dragonbytetech.com
Message-ID: <0102016568364366-a3538a5d-dbce-449b-9af3-efc8a9606a34-000000@eu-west-1.amazonses.com>
Subject: Delivery Status Notification (Failure)
MIME-Version: 1.0
Content-Type: multipart/report; 
    boundary="----=_Part_382740_1809377826.1535051711352"; 
    report-type=delivery-status
Date: Thu, 23 Aug 2018 19:15:11 +0000
X-SES-Outgoing: 2018.08.23-54.240.7.14
X-Spam-Status: No, score=0.0
X-Spam-Score: 0
X-Spam-Bar: /
X-Ham-Report: Spam detection software, running on the system "web02.dragonbyte-tech.com",
 has NOT identified this incoming email as spam.  The original
 message has been attached to this so you can view it or label
 similar future email.  If you have any questions, see
 root\@localhost for details.
 
 Content preview:  An error occurred while trying to deliver the mail to the
   following recipients: dguig.abdelaziz@yahoo.com lery, in order to complete
    your registration or reactivate your account at DragonByte Tech | X
 
 Content analysis details:   (0.0 points, 5.0 required)
 
  pts rule name              description
 ---- ---------------------- --------------------------------------------------
 -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no
                             trust
                             [54.240.7.14 listed in list.dnswl.org]
  0.0 HTML_MESSAGE           BODY: HTML included in message
 -0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20%
                             [score: 0.1726]
X-Spam-Flag: NO

------=_Part_382740_1809377826.1535051711352
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Description: Notification

An error occurred while trying to deliver the mail to the following recipients:
dguig.abdelaziz@yahoo.com
------=_Part_382740_1809377826.1535051711352
Content-Type: message/delivery-status
Content-Transfer-Encoding: 7bit
Content-Description: Delivery Status Notification

Reporting-MTA: dsn; a4-1.smtp-out.eu-west-1.amazonses.com

Action: failed
Final-Recipient: rfc822; dguig.abdelaziz@yahoo.com
Diagnostic-Code: smtp; 554 delivery error: dd This user doesn't have a yahoo.com account (dguig.abdelaziz@yahoo.com) [0] - mta4348.mail.ne1.yahoo.com
Status: 5.3.0


------=_Part_382740_1809377826.1535051711352
Content-Type: message/rfc822
Content-Description: Undelivered Message

Message-ID: <0102016568363c3e-3d406e9f-3e9c-436f-b0dd-3217ee47f9cb-000000@eu-west-1.amazonses.com>
Date: Thu, 23 Aug 2018 19:15:09 +0000
Subject: DragonByte Tech | XenForo and vBulletin Mods & Addons - Account
 confirmation required
From: DragonByte Tech | XenForo and vBulletin Mods & Addons
 <dbtech@dragonbyte-tech.com>
To: lery <dguig.abdelaziz@yahoo.com>
MIME-Version: 1.0
Content-Type: multipart/alternative;
 boundary="_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_"
X-To-Validate: f06cdef0+dguig.abdelaziz@yahoo.com
X-SES-Outgoing: 2018.08.23-54.240.4.3
Feedback-ID: 1.eu-west-1.rqFLe/K6Rujqlv0M0C8a4TCJipFLr43+F05d3mJRahs=:AmazonSES
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
    s=uku4taia5b5tsbglxyj6zym32efj7xqv; d=amazonses.com; t=1535051709;
    h=Message-ID:Date:Subject:From:To:MIME-Version:Content-Type:Feedback-ID;
    bh=mCG0qMdQ/AUskt/Z/ABLfJl5lil6VxPg4UB+ky7cqMY=;
    b=QjLq5b76bEbznuPhO9fupk97DdUtOEvBA8oDnbKX9nQKxddC+/7/h8T9RVugLvsI
    BDMcUOgem4VWZ8KgNxihM8fvn4RBQDYezEFn+UzRU6ZFHmBEaE6kOdKpH58yphBXCWh
    mutZyghTbBUVP9BuNAIKR4FLFxhK8DjI8j6oX6Gg=


--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

lery, in order to complete your registration or reactivate your account at =
DragonByte Tech | XenForo and vBulletin Mods & Addons (https://www.dragonby=
te-tech.com/), you need to confirm your email address by clicking the butto=
n below.

Confirm your email (https://www.dragonbyte-tech.com/account-c=
onfirmation/lery.21958/email?c=3DfhxRsJXN6rsldFz8)

-------------------=
----------

Visit DragonByte Tech | XenForo and vBulletin Mods & Addons=
: https://www.dragonbyte-tech.com/

--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_
Content-Type: text/html; charset=utf-8
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html>
<html lang=3D"en-US" dir=3D"LTR">
<head>
=09<meta htt=
p-equiv=3D"Content-Type" content=3D"text/html; charset=3Dutf-8">
=09<base=
 href=3D"https://www.dragonbyte-tech.com/">
=09<meta name=3D"viewport" co=
ntent=3D"width=3Ddevice-width, initial-scale=3D1">
=09<meta http-equiv=3D=
"X-UA-Compatible" content=3D"IE=3Dedge">
=09<meta name=3D"format-detectio=
n" content=3D"telephone=3Dno">
=09<title>DragonByte Tech | XenForo and vB=
ulletin Mods &amp; Addons - Account confirmation required</title>
</head>=

<body dir=3D"LTR" leftmargin=3D"0" topmargin=3D"0" marginwidth=3D"0" mar=
ginheight=3D"0" style=3D"margin: 0; padding: 0; word-wrap: break-word; -ms-=
text-size-adjust: 100%; -webkit-text-size-adjust: 100%; background-color: #=
f0f1f3; font-size: 15px; font-family: 'Segoe UI','Helvetica Neue',Helvetica=
,Roboto,Oxygen,Ubuntu,Cantarell,'Fira Sans','Droid Sans',sans-serif; line-h=
eight: 1.4; color: #141414;">

<table id=3D"bodyTable" border=3D"0" wid=
th=3D"100%" height=3D"100%" cellpadding=3D"0" cellspacing=3D"0" style=3D"bo=
rder-spacing: 0; mso-table-lspace: 0pt; mso-table-rspace: 0pt; border-colla=
pse: collapse; height: 100% !important; width: 100% !important; margin: 0; =
padding: 0; background-color: #f0f1f3;">
<tr>
=09<td align=3D"center" v=
align=3D"top" id=3D"bodyTableContainer" style=3D"border-collapse: collapse;=
 background-color: #f0f1f3;">
=09=09<table border=3D"0" width=3D"600" cel=
lpadding=3D"0" cellspacing=3D"0" class=3D"container" dir=3D"LTR" style=3D"b=
order-spacing: 0; mso-table-lspace: 0pt; mso-table-rspace: 0pt; border-coll=
apse: collapse; width: 100%; max-width: 600px;">
=09=09<tr>
=09=09=09<t=
d class=3D"header" align=3D"center" valign=3D"top" style=3D"border-collapse=
: collapse; color: #444e50; padding: 6px 10px; border-top-left-radius: 4px;=
 border-top-right-radius: 4px; font-family: 'Segoe UI','Helvetica Neue',Hel=
vetica,Roboto,Oxygen,Ubuntu,Cantarell,'Fira Sans','Droid Sans',sans-serif; =
font-size: 24px; line-height: 1.4;">
=09=09=09=09<a href=3D"https://www.d=
ragonbyte-tech.com/" style=3D"color: #444e50; text-decoration: none;">Drago=
nByte Tech | XenForo and vBulletin Mods &amp; Addons</a>
=09=09=09</td>=

=09=09</tr>
=09=09<tr>
=09=09=09<td class=3D"content" align=3D"left"=
 valign=3D"top" style=3D"border-collapse: collapse; background-color: #fefe=
fe; border-radius: 2px; color: #141414; padding: 10px; font-size: 15px; fon=
t-family: 'Segoe UI','Helvetica Neue',Helvetica,Roboto,Oxygen,Ubuntu,Cantar=
ell,'Fira Sans','Droid Sans',sans-serif; line-height: 1.4;">

<p style=
=3D"margin-top: 0;">lery, in order to complete your registration or reactiv=
ate your account at <a href=3D"https://www.dragonbyte-tech.com/" style=3D"c=
olor: #2577b1; text-decoration: none;">DragonByte Tech | XenForo and vBulle=
tin Mods &amp; Addons</a>, you need to confirm your email address by clicki=
ng the button below.</p>

<p style=3D"margin-bottom: 0;"><a href=3D"htt=
ps://www.dragonbyte-tech.com/account-confirmation/lery.21958/email?c=3DfhxR=
sJXN6rsldFz8" class=3D"button" style=3D"color: #f0f1f3; text-decoration: no=
ne; display: inline-block; padding: 5px 10px; background-color: #2b3335; bo=
rder: none; border-radius: 4px; font-size: 13px;">Confirm your email</a></p=
>

=09=09=09</td>
=09=09</tr>
=09=09<tr>
=09=09=09<td class=3D"fo=
oter" align=3D"center" valign=3D"top" style=3D"border-collapse: collapse; p=
adding: 6px 10px; text-align: center; color: #8c8c8c; font-size: 13px; font=
-family: 'Segoe UI','Helvetica Neue',Helvetica,Roboto,Oxygen,Ubuntu,Cantare=
ll,'Fira Sans','Droid Sans',sans-serif; line-height: 1.4;">
=09=09=09=09<=
div><a href=3D"https://www.dragonbyte-tech.com/" style=3D"color: #8c8c8c; t=
ext-decoration: underline;">Visit DragonByte Tech | XenForo and vBulletin M=
ods &amp; Addons</a></div>

=09=09=09=09
=09=09=09</td>
=09=09</tr>=

=09=09</table>
=09</td>
</tr>
</table>

</body>
</html>

--_=_swift_v4_1535051709_d92649e2095eedb18835fa1aec9983a5_=_--


------=_Part_382740_1809377826.1535051711352--
MESSAGE;

$message = new \Zend\Mail\Storage\Message(['raw' => $rawMessage]);

Expected results

We can see the expected results if we change L80 of Header.php from:

if (preg_match('/^\s*$/', $line)) {

To:

if ($line === '') {

In which case, the following is the resulting headers:

array:18 [▼
  "Return-Path" => "<>"
  "Delivered-To" => "bounce@dragonbytetech.com"
  "Received" => "from a7-14.smtp-out.eu-west-1.amazonses.com ([54.240.7.14]:37364) by web02.dragonbyte-tech.com with esmtps (TLSv1.2:ECDHE-RSA-AES128-SHA256:128) (Exim 4.91) id 1fsv5E-000794-0G for bounce@dragonbytetech.com; Thu, 23 Aug 2018 20:15:52 +0100"
  "Envelope-To" => "bounce@dragonbytetech.com"
  "Delivery-Date" => "Thu, 23 Aug 2018 20:15:52 +0100"
  "From" => "MAILER-DAEMON@eu-west-1.amazonses.com"
  "To" => "bounce@dragonbytetech.com"
  "Message-ID" => "<0102016568364366-a3538a5d-dbce-449b-9af3-efc8a9606a34-000000@eu-west-1.amazonses.com>"
  "Subject" => "Delivery Status Notification (Failure)"
  "MIME-Version" => "1.0"
  "Content-Type" => """
    multipart/report;\r\n
     boundary="----=_Part_382740_1809377826.1535051711352";\r\n
     report-type="delivery-status"
    """
  "Date" => "Thu, 23 Aug 2018 19:15:11 +0000"
  "X-SES-Outgoing" => "2018.08.23-54.240.7.14"
  "X-Spam-Status" => "No, score=0.0"
  "X-Spam-Score" => null
  "X-Spam-Bar" => "/"
  "X-Ham-Report" => "Spam detection software, running on the system "web02.dragonbyte-tech.com", has NOT identified this incoming email as spam.  The original message has been attached to this so you can view it or label similar future email.  If you have any questions, see root\@localhost for details.  Content preview:  An error occurred while trying to deliver the mail to the following recipients: dguig.abdelaziz@yahoo.com lery, in order to complete your registration or reactivate your account at DragonByte Tech | X  Content analysis details:   (0.0 points, 5.0 required)  pts rule name              description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE     RBL: Sender listed at http://www.dnswl.org/, no trust [54.240.7.14 listed in list.dnswl.org] 0.0 HTML_MESSAGE           BODY: HTML included in message -0.0 BAYES_20               BODY: Bayes spam probability is 5 to 20% [score: 0.1726]"
  "X-Spam-Flag" => "NO"
]

Actual results

An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 88

Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141
Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99
Zend\Mail\Storage\Part->__construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54
Zend\Mail\Storage\Message->__construct() in test.php at line 227

Is this a change you would be willing to accept, or is there a reason not to accept the header formatting in this case?

[chrisdeeming]

Note the above was tested with Zend Mail 2.4.x.

However with Zend Mail 2.10.0 the issue still exists:

An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 90

Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141
Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99
Zend\Mail\Storage\Part->__construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54
Zend\Mail\Storage\Message->__construct() in test.php at line 227

The changes in #92 aren't enough to fix the issue.

[Ocramius]

Could you provide test scenarios please?

…

On Fri, 24 Aug 2018, 17:28 Chris Deeming, ***@***.***> wrote: Note the above was tested with Zend Mail 2.4.x. However with Zend Mail 2.10.0 the issue still exists: An exception occurred: [Zend\Mail\Exception\RuntimeException] Malformed header detected in src/vendor/zendframework/zend-mail/src/Headers.php on line 90 Zend\Mail\Headers::fromString() in src/vendor/zendframework/zend-mime/src/Decode.php at line 141 Zend\Mime\Decode::splitMessage() in src/vendor/zendframework/zend-mail/src/Storage/Part.php at line 99 Zend\Mail\Storage\Part->__construct() in src/vendor/zendframework/zend-mail/src/Storage/Message.php at line 54 Zend\Mail\Storage\Message->__construct() in test.php at line 227 The changes in #92 <#92> aren't enough to fix the issue. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#218 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/AAJakCGY6f0wQyrUSUR-ptsoSauik33Yks5uUBuGgaJpZM4WLhRM> .

[chrisdeeming]

There's example code in the first comment @Ocramius.

[weierophinney]

This repository has been closed and moved to laminas/laminas-mail; a new issue has been opened at laminas/laminas-mail#25.