Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invalid email '@example.com' - Parser fails for emails that only contain "" in the local part #4896

Open
KarimGeiger opened this issue Oct 19, 2023 · 8 comments
Open

Invalid email '@example.com' - Parser fails for emails that only contain "" in the local part #4896

KarimGeiger opened this issue Oct 19, 2023 · 8 comments
Labels
bug good first issue mail processing prioritised by payment third party issue verified

Comments

@KarimGeiger
Copy link

KarimGeiger commented Oct 19, 2023
edited by MrGeneration

Used Zammad Version

6.1.0

Environment

  • Installation method: Ubuntu package
  • Operating system (if you're unsure: cat /etc/os-release ): Ubuntu 20.04
  • Database + version: postgres
  • Elasticsearch version: n/a
  • Browser + version: n/a

Actual behaviour

Unfortunately, someone though sending us a spam email from ""@xxx.yy.zz.example would be a great idea... (note the "" in before the @)

In this case, the parsing fails:

"ERROR: Can't process email, you will find it for bug reporting under /opt/zammad/var/spool/unprocessable_mail/xxx.eml, please create an issue at https://github.com/zammad/zammad/issues"
"ERROR: #<ActiveRecord::RecordInvalid: Validation failed: Invalid email '@xxx.yy.zz.example'>"
/opt/zammad/app/models/channel/email_parser.rb:141:in `rescue in process': #<ActiveRecord::RecordInvalid: Validation failed: Invalid email '@xxx.yy.zz.example'> (RuntimeError)
/opt/zammad/vendor/bundle/ruby/3.1.0/gems/activerecord-6.1.7.6/lib/active_record/validations.rb:80:in `raise_validation_error'

Expected behaviour

Parsing succeeds as it seems to be a valid email address (at least I would assume so, since Gmail delivered it).

Steps to reproduce the behaviour

Send an email from ""@xxx.yy.zz.example to an inbox monitored by Zammad.

Support Ticket

(Ticket#10144753), Ticket#10145733

I'm sure this is a bug and no feature request or a general question.

yes
@rolfschmidt
Copy link
Collaborator

I think the issue can't be handled without an example email. Maybe you can send us an *.eml to support@zammad.com with a link to this issue? Then we could have a look and see what's wrong. From the error message it looks like that the mail address is wrong. Maybe tho it was not parsed properly.

@KarimGeiger
Copy link
Author

Thanks for looking into it, @rolfschmidt. I have forwarded you the email in question. Please make sure to check your spam folder, as the email attached was classified as spam previously.

@rolfschmidt rolfschmidt self-assigned this Oct 20, 2023
@rolfschmidt
Copy link
Collaborator

thx for the example mail @KarimGeiger. The From and To field of it is definitely invalid and should not be processed. For us zammad behaves correctly in this case.

@KarimGeiger
Copy link
Author

Respectfully, I disagree, @rolfschmidt. ""@example.com is a valid email address as per RFC822, and it is being processed by at least some email providers, evidently. You can try and validate the email address for example here: http://sphinx.mythic-beasts.com/~pdw/cgi-bin/emailvalidate

Since it is a valid email address, it should not cause Zammad to fail.

The error message does not contain the "" local part, so I would assume that double-quotes get evaluated somewhere earlier, causing the regex to fail, which should not happen.

@rolfschmidt rolfschmidt reopened this Oct 20, 2023
@rolfschmidt
Copy link
Collaborator 

[2] pry(main)> EmailAddressValidator.error(%Q[""@example.com], host_validation: :syntax)
=> "Mailbox name too short"

Our lib does currently not accept your address. But If you want, I can ask some colleagues for different opinions on this topic:

@mgruner @fliebe92 @tschaefer @MrGeneration

@rolfschmidt rolfschmidt removed their assignment Oct 20, 2023
@tschaefer
Copy link
Member

tschaefer commented Oct 20, 2023
edited

After some further research, I must say it is a valid email address.

It is called the quoted string format of the local part. It is not widely implemented in SMTP servers, because it has many downsides and obstacles on the server side. The idea of the quoted string format is to allow the usage of further special characters.

john..doe@example.com is not a valid address. The consecutive use of dots . is not allowed.
"john..doe"@example.com is a valid address. The local part is quoted.

🤯

So, even a quoted empty string as a local part is allowed.

@MrGeneration
Copy link
Member

Wouldn't the email address with "empty" local part be an issue in Zammad in combination with the unique email address detection? It's like logging in as @example.com which feels kind of wrong.

Maybe that's just me though.

@tschaefer
Copy link
Member

The quotes are literally part of the alias, so the resulting User email (login) attribute value is ""@example.com. I proved the named email address is valid, conformed to the listed RFCs. The handling in Zammad is a product decision.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug good first issue mail processing prioritised by payment third party issue verified
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tschaefer @KarimGeiger @rolfschmidt @dominikklein @MrGeneration