#72 MIME and HTML Mail

[Ed]

We have tried this with v1.2.11 and 1.4 with and without
the view as HTML plug-in loaded.

We get a 30 second time-out from apache pointing at
line 714 in mime.php ...

This is typically with email that is HTML content and
has mime-parts some of which are images and base-64
encoded. With mail from sources like our web log
reporting engine this is 100% reproduce-able.

These display properly on regular mail clients like
eudora, ximian, and with another web mail client we
have that's ASP based.

When you have squirrelmail look at the parts [ display
headers and message details ] it displays all of them
fine, the issue seems to be rendering something from
them.

RedHat8
Webserver apache 2.0.40
PHP 4.2.2-8.0.5

IMAP = [other] Rockliffe Mailsite v5.2.5

Test file attached in zip.

Thanks!

[Thijs Kinkhorst]

Logged In: YES
user_id=285765

The attachment is missing.

[Marc Groot Koerkamp]

Logged In: YES
user_id=476981

Probably this has something to do with the magicHTML
function. Could you attach the complete message?

[Ed]

Logged In: YES
user_id=730698

Hello,

Your report was filed against an old version of SquirrelMail. We
have new releases out which have fixed many issues. Can you
please test the most recent version - or even better the CVS
version - and report if this issue still exists? Thanks!

[Ed]

mime - html that crashes

[Thijs Kinkhorst]

Logged In: YES
user_id=285765

I reckon you made some mistake...

[Ed]

Logged In: YES
user_id=730698

Haven't quite got the hang of this interface yet .. I responded
to a previous comment and it put that comment in there ..
The file has been uploaded. And the latest versions 1.2.11
and 1.4.rca are what we have tried ... I'll pull a later snapsot
later on an see if that works.

[Ed]

This mime file displays nothing and the html viewer doesn't think it's html

[Ed]

Logged In: YES
user_id=730698

I have tried the latest cvs and have the same results.
Attached a new mime file that displays nothing and fools the
view html into thinking it's not html [ no view html link
displayed ] The error is the same with the latest cvs though
just a different line
number : /usr/share/squirrelmail/functions/mime.php line
859, server timeout after 30 seconds. this is against the
long "crashes" message.

[Marc Groot Koerkamp]

Logged In: YES
user_id=476981

I'm not surprised of the time out with a 400kb html file but
when I optimise the magicHTML function I still don't see
much result. (no timeout anymore).
Konstantin, do you have a clue what's wrong with this?

[Marc Groot Koerkamp]

Logged In: YES
user_id=476981

OK, magicHTML is working fine but it takes to long to
process a 400 kb html file. By modding the sq_skipspace
function I was able to process twice as much html lines but
still to few to process the complete file. Instead of processing
50.000 character I could process 110.000 characters. The
problem is that the message contains 3.783.981 characters.

The smaller message (10kb) is working fine.

[Thijs Kinkhorst]

Logged In: YES
user_id=285765

prio down

[Ed]

Logged In: YES
user_id=730698

This is quite interesting for sure. Our ASP web based client
displays these in short order, generally under 2 seconds. It's
on a much slower server than this Linux box. Could the
difference between a compiled DLL [ imap active-x control not
blindingly fast for sure ] and the magicMIME script code be
so great ? Would compiling some C based CGI help this ?

[Marc Groot Koerkamp]

Logged In: YES
user_id=476981

The reason SM is slower the ASP is because we actually
check if the provided html is save. We strip the javascript and
all other dangerous content. ASP probably doesn't do that
(What can you expect from MS when it comes to security)
However it might be possible to speed up magicHTML a bit
but that won't be easy. It's a pretty complex html-parser.

[Ed]

Logged In: YES
user_id=730698

Actually this has nothing to do with security on IIS or ASP so
lets not open that can or worms ;-) , it has to do with the
imap active-x control [ by quicksoft and most of the others I've
looked at as well ] that doesn't parse or strip any harmful
content, they just deliver it as-is. Perhaps it would be a
neat "feature" to be able to not have SM parse and strip out
stuff, just deliver it as is, via some configuration parameter ?
Maybe at the domain or user level as well as the global level?
We scan all the incoming with RAV so it shouldn't be an
issue. Just a thought.

[Thijs Kinkhorst]

Logged In: YES
user_id=285765

If you do not strip out dangerous content, exactly how does
that _not_ have to do with security? SquirrelMail values
security, so we have made the decision to strip out
dangerous stuff.

[Konstantin Riabitsev]

Logged In: YES
user_id=147248

well, half-meg HTML emails WILL time out. If you don't want
them to time out, download them as attachments and view on
your system.

stekkel: are those sq_skipspace modifications public
anywhere? I'd like to see them. :)

[Marc Groot Koerkamp]

Logged In: YES
user_id=476981

Konstantin, I'll take a look at it tonight. I made a view
modifications but not all works like they suposed todo. Need
more testing. Basicly the enhancements are just a matter of
replacing timeconsuming php function calls like preg_match
by the very fast strpos, substr where possible.

[Thijs Kinkhorst]

Logged In: YES
user_id=285765

Marc, please don't commit your changes right now, maybe put
a diff online somewhere so we can review if or what parts of
the changes should be included before 1.4.0; or we might
wait with this until after the release of 1.4.0.