Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Malformed From Address #1101

Closed
shawniverson opened this Issue Aug 4, 2018 · 5 comments

Comments

Projects
None yet
3 participants
@shawniverson
Copy link
Member

shawniverson commented Aug 4, 2018

Issue summary

https://forum.efa-project.org/viewtopic.php?f=13&p=12609

Steps to reproduce

  1. construct an invalid from "fubar" <>example.org (address outside the brackets)

Expected result

Should we handle this malformed address or tell folks to adhere to the RFCs?

Actual result

Nothing is logged in from field (rightfully so)

@stefaweb

This comment has been minimized.

Copy link
Contributor

stefaweb commented Aug 7, 2018

It's better to handle that. You do not have to rely on people to correct this. ;)

@Skywalker-11

This comment has been minimized.

Copy link
Member

Skywalker-11 commented Aug 7, 2018

Currently we get the value from MS (https://github.com/mailwatch/MailWatch/blob/1.2/MailScanner_perl_scripts/MailWatch.pm#L358) which then is queried https://github.com/mailwatch/MailWatch/blob/1.2/mailscanner/detail.php#L76 and then printed https://github.com/mailwatch/MailWatch/blob/1.2/mailscanner/detail.php#L211.

So this may is also a MS problem.

One more thing to consider is that it could be abused eg. by injecting html inside that address and so it would need to be sanitized.

@shawniverson

This comment has been minimized.

Copy link
Member Author

shawniverson commented Aug 14, 2018

I'm going to run some tests and see what I can do about this.

@shawniverson

This comment has been minimized.

Copy link
Member Author

shawniverson commented Aug 20, 2018

My milter code correctly addresses this problem, but the other mail processors do not in MailScanner, so I am going to continue working on this.

@shawniverson shawniverson self-assigned this Sep 30, 2018

@shawniverson

This comment has been minimized.

Copy link
Member Author

shawniverson commented Oct 4, 2018

Unable to reproduce on the postfix processor with latest MailScanner code.

image

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.
You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session.