Prior to V8.10, sendmail would not screen header lines to make sure they contained no null (zero) bytes. Instead, such null bytes were passed through, and sometimes caused misinterpretation of addresses and the like.
It might seem impossible that a null byte could appear in a string because the C-language string library routines use a null character to terminate all strings. But consider the case of a hexadecimal 0x80 character. Such a character has the high bit set, but when delivery is to a 7-bit-only site, sendmail will strip the high bit from 0x80, leaving behind a new 0x00 value in the middle of a string. A null byte!
Beginning with V8.10, sendmail offers a way to
strip such null bytes from headers before sending those headers
F=1 delivery agent flag, when set,
tells sendmail to strip all null bytes that it
finds from all headers. Note that only the headers in the header
portion of the message are screened. MIME headers in the body of the
message are not screened.
F=1 delivery agent flag is not set by default
for any delivery agent. To add it, just use the MODIFY_MAILER_FLAGS
command (See this section). In the following, for
example, we add it to the
smtp class of delivery
In general, this delivery agent flag should be set for outbound delivery agents and for local, final delivery agents. In both, there is a small vulnerability to forgeries that use the hex 80 value. Consider: