Closed Bug 476431 Opened 17 years ago Closed 17 years ago

Default "forward messages as attachment" results in blocked mail by servers filtering EML extension

Categories

(Thunderbird :: General, defect)

Product:
Thunderbird
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED DUPLICATE of bug 230448

People

(Reporter: 32768, Unassigned)

Details

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.5) Gecko/2008120122 Firefox/3.0.5 Build Identifier: version 2.0.0.19 (20081209) Many mail servers, including servers using Exim/cPanel, are set up to block attachments with a .EML extension by default (among others). Unfortunately, if using Thunderbird's "Forward" feature to send to this type of mail server, the email is bounced. Sending .EML attachments is just not reliable anymore. Though research I've learned there is a legitimate reason to block attachments with a .EML extension, which is related to a vulnerability in an older version of Microsoft Outlook that can be exploited (eg by worms). It is probable that the typical user probably expects and is more familiar with inline forwarding nowadays. I would argue that changing the default to inline is likely to have little impact - and the pref in the UI would remain so those that prefer forwarding as attachment can do so. I therefore propose changing the default to inline. Reproducible: Always Steps to Reproduce: 1. Send a message containing a forwarded email as attachment to a mail server based on cPanel using Exim (such as test36 [(at)] arcticforest [(dot)] com)
Here's the bounce message given by a typical Exim server (sorry, should have included this above): ======= This message has been rejected because it has a potentially executable attachment "Message Subject here.eml" This form of attachment has been used by recent viruses or other malware. If you meant to send this file then please package it up as a zip file and resend it.
Actually, both issues have been addressed in the upcoming Thunderbird 3.0: * The .EML suffix is now optional and can be disabled (bug 380354), * the default forwarding mode for Thunderbird 3.0 is inline (bug 230448). > Though research I've learned there is a legitimate reason to block attachments > with a .EML extension, which is related to a vulnerability in an older version > of Microsoft Outlook that can be exploited (eg by worms). It would be better to actually scan an e-mail for worms or viruses rather than just refusing any attachment with a specific file extension, but unfortunately many providers apparently went that easier route...
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
v.
Status: RESOLVED → VERIFIED
Version: unspecified → 2.0
You need to log in before you can comment on or make changes to this bug.