Den 2012-08-21 21:15, Rosali skrev:

Am 21.08.2012 17:34, schrieb Benny Pedersen:

...

abuse@[127.0.0.1] is a valid email address, but roundcube says please provide atleast one email address

dont know if its fixed in later versions yet

Not our issue. Post @ trac.roundcube.net

so ?

Den 2012-08-23 06:31, Rosali skrev:

Am 23.08.2012 02:11, schrieb Benny Pedersen:

...

Den 2012-08-21 21:15, Rosali skrev:

...

Am 21.08.2012 17:34, schrieb Benny Pedersen:

...

abuse@[127.0.0.1] is a valid email address, but roundcube says please provide atleast one email address, dont know if its fixed in later versions yet

Not our issue. Post @ trac.roundcube.net

so ?

Sorry, I submitted my reply by mistake. Just ignore, please.

no need to sorry, we are humans that makes error, i just like to know how to fix, should i email to another email address or ?

Hi,

if this could be of some help, below is a php function I am used to work with (It should be easy to port to javascript) that makes mail address validation and handle this case (RFC2822 compliant) :

<?php // check_email_address function // Check specified email address syntax validity // Originally from : http://www.ilovejackdaniels.com/php/email-address-validation/ [1] // Updated by S. BLAISOT on Feb 02 2006 to check DNS MX of the domain // Newer version implemented as a class can be found here : http://code.google.com/p/php-email-address-validation/ [2] function check_email_address($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~.-]{0,63})|("[^(\|")]{0,62}"))$", $local_array[$i])) { return false; } } if (!ereg("^[?[0-9.]+]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$",$domain_array[$i])) { return false; } } } // DNS check of MX of the specified domainname if( !checkdnsrr($email_array[1], "MX") ) { if( !checkdnsrr($email_array[1], "A")) { return false; } } return true; } ?>

usage : //[...] // Validate mail address

if (!check_email_address($From)) { echo "Adresse Invalide !n"; } else {

echo "Adresse mail validen"; }

also, I think that email address validation should not be done by javascript alone as it is client side and you can not rely on client (javascript can be disable, altered, bypassed or whatever) resulting in not validatied addresses sent to php server-side part of the application.

Don't know how it is in roundcube, but I think that mail address validation can take place client-side in javascript for better user experience but should also be done server-side in php, ensuring outgoing mail from roundcube are at least syntaxically correct (and limiting XSS vulnerability risks).

regards,

Le 2012-08-23 09:44, A.L.E.C a écrit :

But you know, Roundcube

uses javascript very extensively. So, disabled/altered/bypased or whatever would break Roundcube functionality at all, not only address validation ;)

Yes, I'm aware of that. But using tools like "developper toolbar" or "Firebug" firefox extensions, you can always manipulate data before sending to roundcube server-side php to bypass, by exemple, a javascript validation.

...

Don't know how it is in roundcube, but I

think that mail address validation can take place client-side in javascript for better user experience but should also be done server-side in php, ensuring outgoing mail from roundcube are at least syntaxically correct (and limiting XSS vulnerability risks).

And

that's how it's implemented in Roundcube ;)

ok, cool.

regards,

S.B.

Reason behind this that with abuse@127.0.0.1, the MTA will try to get MX records for the 'dns name' 127.0.0.1. (Although, I hope all MTA's are smart enough to just reject such an address) With [172.0.0.1] it bypasses MX checks and uses the default A or CNAME DNS record or, in case of an IP address, the IP.

On Thu, Aug 23, 2012 at 8:20 PM, Benny Pedersen me@junc.org wrote:

Den 2012-08-23 20:15, A.L.E.C skrev:

On 08/23/2012 07:43 PM, Benny Pedersen wrote:

...

...

Den 2012-08-23 08:06, A.L.E.C skrev:

Doesn't work with current version too. It looks like javascript method

...

for address validation doesn't handle this case. Please, open a ticket in bugtracker, so we could fix this issue in next version.

I've fixed this issue in commit ff805351cae78676927f76a1960b8e** 688558fe95.

also here i forget to say that abuse@127.0.0.1 is invalid, but abuse@[127.0.0.1] is valid

test it on mta such as postfix to prove it :=)

thanks for all that resolve this

______________________________**_________________ Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/**mailman/listinfo/devhttp://lists.roundcube.net/mailman/listinfo/dev