SYSTEM WARNING: 'date_default_timezone_get(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected the timezone 'UTC' for now, but please set date.timezone to select your timezone.' in '/usr/share/mantis/www/core.php' line 264
| Anonymous | Login | 2022-05-26 02:57 UTC |  |
| Main | My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||
| 0003427 | Endian Firewall | Proxy SMTP | public | 2011-01-12 11:03 | 2011-02-02 13:47 | ||||||
| Reporter | baldy | ||||||||||
| Assigned To | peter-endian | ||||||||||
| Priority | normal | Severity | minor | Reproducibility | always | ||||||
| Status | confirmed | Resolution | open | ||||||||
| Platform | OS | OS Version | |||||||||
| Product Version | 2.4 | ||||||||||
| Target Version | Fixed in Version | ||||||||||
| Summary | 0003427: SMTP Whitelist Input validation is not working correctly | ||||||||||
| Description | Input validation is not validating correctly. When adding strange emailaddress like 0001941##616764@bounce.yzmail.nl">bounce+hema#0001941##616764@bounce.yzmail.nl The address is rejected as invalid. All symbols in the local part of the address are allowed per RFC5322. | ||||||||||
| Additional Information | Snippet from wikipedia The local-part of the email address may use any of these ASCII characters: Uppercase and lowercase English letters (a–z, A–Z) Digits 0 to 9 Characters ! # $ % & ' * + - / = ? ^ _ ` { | } ~ Character . (dot, period, full stop) provided that it is not the first or last character, and provided also that it does not appear two or more times consecutively (e.g. John..Doe@example.com). | ||||||||||
| Tags | No tags attached. | ||||||||||
| Attached Files | |||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0005470) baldy (reporter) 2011-01-12 12:45 |
The address : mailbot-bh-act=314119155_si=314101096_sub=3111@m14.mailplus.nl is also rejected. Regards, Baldy |
|
(0005471) baldy (reporter) 2011-01-12 12:46 edited on: 2011-01-12 12:47 |
The correct address in the OP is : bounce+hema#0001941##616764@bounce.yzmail.nl. Looks like something went wrong with the copy/paste. Regards, Baldy |
|
(0005475) baldy (reporter) 2011-01-13 14:43 edited on: 2011-01-13 23:39 |
Did some testing, special characters which should be allowed are not. When adding an emailaddress containing ! # $ % & ' * + / = ? ^ ` { | } ~ validation fails. The only 2 special characters correctly validated are - (minus) and _ (underscore) Happens on all fields in the SMTP Proxy->Black & Whitelists where you can enter an emailaddress. Regards, Baldy |
|
(0005505) lorenzo-endian (manager) 2011-01-19 08:47 |
Hi baldy, you are right, the address is not accepted! BTW, checking the email addresses against the RFC 5322 is strictly impossible due to the fact that the definition is simply too complicated (for a quick reference, http://stackoverflow.com/questions/201323/what-is-the-best-regular-expression-for-validating-email-addresses [^]). In any case I confirm this issue so that it will be checked by our development team in order to improve the email addresses validation, if it is possible. In any case, thanks a lot for reporting this issue! Have a nice day Lorenzo |
|
(0005508) baldy (reporter) 2011-01-19 16:21 |
Hi Lorenzo, More and more newsletters are using # in the address in my experience. The + sign is used for sorting mail. Maybe this link is useful for the development team, http://code.google.com/p/isemail/source/browse/PHP/beta/is_email.php [^] Regards, Baldy |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-01-12 11:03 | baldy | New Issue | |
| 2011-01-12 12:45 | baldy | Note Added: 0005470 | |
| 2011-01-12 12:46 | baldy | Note Added: 0005471 | |
| 2011-01-12 12:47 | baldy | Note Edited: 0005471 | |
| 2011-01-13 14:43 | baldy | Note Added: 0005475 | |
| 2011-01-13 21:17 | baldy | Note Edited: 0005475 | |
| 2011-01-13 23:39 | baldy | Note Edited: 0005475 | |
| 2011-01-19 08:47 | lorenzo-endian | Note Added: 0005505 | |
| 2011-01-19 08:47 | lorenzo-endian | Assigned To | => lorenzo-endian |
| 2011-01-19 08:47 | lorenzo-endian | Status | new => confirmed |
| 2011-01-19 16:21 | baldy | Note Added: 0005508 | |
| 2011-02-02 13:47 | lorenzo-endian | Customer Occurencies | => 0 |
| 2011-02-02 13:47 | lorenzo-endian | Assigned To | lorenzo-endian => peter-endian |
|
Issue History |
| Copyright © 2000 - 2012 MantisBT Group |
 |