procmail
[Top] [All Lists]

Re: bug in ^TO_ macro: character '+' *is* allowed in emails

2004-11-26 10:01:18
At 19:25 2004-11-25 -0800, Tristan Savatier wrote:
Then ^TO_ should use something like:

[^-a-zA-Z0-9_.+'=]

Also, in the same category, i noticed that the ^FROM_DAEMON macro is very
dangerous, as it catches email with sender's name (not just email address)
containing the word "system".

It caught a mail with the (questionable) header line:

From: "ACCA Recording Products" <acca(_at_)accaproducts(_dot_)com>(through 
Yahoo! Store
Order System)

(this was a confirmation of an on-line order with a yahoo-associate store).

Er, sounds like an AUTOMATED message to me, and if so, that meets the basic criteria of being a DAEMON. The typical reason people need to match demon messages is to avoid sending autoreplies to them.


As for % symbols in addresses - that was used for manual relay specification, much as ! was used in uucp addressing. Using it, you could address a message to a specific SMTP server, which would re-parse the message and then deliver it along to the address remaining after the local server was parsed out. In theory, it's only used as an ENVELOPE address token, and in practice, the facility is disabled in SMTP agents because it became a popular exploit for spammers.

I believe David has already provided an answer, but here's my twopence:

If you check 'man procmailex', you'll see that NONE of the examples employing ^TO specify a domain portion. If *YOU* anchor it to the RHS of the address, then the plussed portion is of course going to get ignored - after all, you're the one providing a regexp that doesn't account for plussing. The idea is that you should be specifying the LOCAL part of the username only:

* ^TO_weenie

would match:

        weenie(_at_)somedomain(_dot_)tld
        weenie+private(_at_)otherdomain(_dot_)tld
        weenie+lists(_at_)otherdomain(_dot_)tld

whereas

* ^TO_weenie\+private(_at_)otherdomain\(_dot_)tld

will match only one of those, and

* ^TO_weenie(_at_)otherdomain\(_dot_)tld

will match NONE, because YOU have omitted allowances for a plussed portion.

* ^TO_weenie(\+[-_a-z0-9]*)?(_at_)otherdomain\(_dot_)tld

should match an arbitrary plussed portion (I admit the character class isn't complete - I'm in a rush to get out the door and can't verify)


Note also that the character class trailing the definition of ^TO_ is a NEGATION.

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


____________________________________________________________
procmail mailing list   Procmail homepage: http://www.procmail.org/
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail