SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264

0003427: SMTP Whitelist Input validation is not working correctly - MantisBT Endian Bugtracker
Endian Issue Tracker





Please see now our new Bugtracker system: JIRA








View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003427Endian FirewallProxy SMTPpublic2011-01-12 11:032011-02-02 13:47
Reporterbaldy 
Assigned Topeter-endian 
PrioritynormalSeverityminorReproducibilityalways
StatusconfirmedResolutionopen 
PlatformOSOS Version
Product Version2.4 
Target VersionFixed in Version 
Summary0003427: SMTP Whitelist Input validation is not working correctly
DescriptionInput validation is not validating correctly.

When adding strange emailaddress like 0001941##616764@bounce.yzmail.nl">bounce+hema#0001941##616764@bounce.yzmail.nl
The address is rejected as invalid.

All symbols in the local part of the address are allowed per RFC5322.
Additional InformationSnippet from wikipedia

The local-part of the email address may use any of these ASCII characters:

Uppercase and lowercase English letters (a–z, A–Z)
Digits 0 to 9
Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~
Character . (dot, period, full stop) provided that it is not the first or last character, and provided also that it does not appear two or more times consecutively (e.g. John..Doe@example.com).
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0005470)
baldy (reporter)
2011-01-12 12:45

The address : mailbot-bh-act=314119155_si=314101096_sub=3111@m14.mailplus.nl is also rejected.

Regards,

Baldy
(0005471)
baldy (reporter)
2011-01-12 12:46
edited on: 2011-01-12 12:47

The correct address in the OP is : bounce+hema#0001941##616764@bounce.yzmail.nl.

Looks like something went wrong with the copy/paste.

Regards,

Baldy

(0005475)
baldy (reporter)
2011-01-13 14:43
edited on: 2011-01-13 23:39

Did some testing, special characters which should be allowed are not.

When adding an emailaddress containing ! # $ % & ' * + / = ? ^ ` { | } ~ validation fails.

The only 2 special characters correctly validated are - (minus) and _ (underscore)

Happens on all fields in the SMTP Proxy->Black & Whitelists where you can enter an emailaddress.

Regards,

Baldy

(0005505)
lorenzo-endian (manager)
2011-01-19 08:47

Hi baldy,

you are right, the address is not accepted! BTW, checking the email addresses against the RFC 5322 is strictly impossible due to the fact that the definition is simply too complicated (for a quick reference, http://stackoverflow.com/questions/201323/what-is-the-best-regular-expression-for-validating-email-addresses [^]).

In any case I confirm this issue so that it will be checked by our development team in order to improve the email addresses validation, if it is possible.

In any case, thanks a lot for reporting this issue!

Have a nice day

Lorenzo
(0005508)
baldy (reporter)
2011-01-19 16:21

Hi Lorenzo,

More and more newsletters are using # in the address in my experience.
The + sign is used for sorting mail.

Maybe this link is useful for the development team, http://code.google.com/p/isemail/source/browse/PHP/beta/is_email.php [^]

Regards,

Baldy

- Issue History
Date Modified Username Field Change
2011-01-12 11:03 baldy New Issue
2011-01-12 12:45 baldy Note Added: 0005470
2011-01-12 12:46 baldy Note Added: 0005471
2011-01-12 12:47 baldy Note Edited: 0005471
2011-01-13 14:43 baldy Note Added: 0005475
2011-01-13 21:17 baldy Note Edited: 0005475
2011-01-13 23:39 baldy Note Edited: 0005475
2011-01-19 08:47 lorenzo-endian Note Added: 0005505
2011-01-19 08:47 lorenzo-endian Assigned To => lorenzo-endian
2011-01-19 08:47 lorenzo-endian Status new => confirmed
2011-01-19 16:21 baldy Note Added: 0005508
2011-02-02 13:47 lorenzo-endian Customer Occurencies => 0
2011-02-02 13:47 lorenzo-endian Assigned To lorenzo-endian => peter-endian

Copyright © 2005-2008 Endian, SRL. All rights reserved.


Copyright © 2000 - 2012 MantisBT Group
Powered by Mantis Bugtracker