Hi,

first of all a big thanks for this great product. I've installed mox today on one of my servers and I'm really happy so far. As a Gopher myself I'm especially happy to run a Go mail server :)

While doing some testing on my new instance, I was trying to see what the server does when I deliver a non-standard mail via telnet. Basically all I did was providing "MAIL FROM", "RCPT TO" and "DATA" followed by non-compliant data. The good thing is, the mail was rejected, but as rejected mails are still delivered to the "Rejects" folder, I wanted to have a look.

Unfortunately it seems the fact that I did not provide any kind of headers to the mail, renders the webmail view of the "Rejects" folder unusable. It will provide a popup showing a message that the mail has no valid headers and after that the error is displayed in the folder view. I would not be able to access any other rejected mails it seem.

Some screenshots of what I did and what I see below.

My telnet session:

The webmail view:

Excuse the XSS data in the screenshot. Once I realized that the webview is trying to interpret the broken mail, I checked if I could XSS out of it. But luckily that seems not successful (at least not at this simple test I did).

In the end, it's not a big deal, since I can still download the Rejects folder via IMAP, but I wanted to make sure that this gets reported, since I don't think this is an expected behaviour.