abuse@[127.0.0.1] is a valid email address, but roundcube says please provide atleast one email address
dont know if its fixed in later versions yet
Den 2012-08-21 21:15, Rosali skrev:
Am 21.08.2012 17:34, schrieb Benny Pedersen:
abuse@[127.0.0.1] is a valid email address, but roundcube says please provide atleast one email address
dont know if its fixed in later versions yet
Not our issue. Post @ trac.roundcube.net
so ?
Am 23.08.2012 02:11, schrieb Benny Pedersen:
Den 2012-08-21 21:15, Rosali skrev:
Am 21.08.2012 17:34, schrieb Benny Pedersen:
abuse@[127.0.0.1] is a valid email address, but roundcube says please provide atleast one email address
dont know if its fixed in later versions yet
Not our issue. Post @ trac.roundcube.net
so ?
Sorry, I submitted my reply by mistake. Just ignore, please.
Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/mailman/listinfo/dev
Den 2012-08-23 06:31, Rosali skrev:
Am 23.08.2012 02:11, schrieb Benny Pedersen:
Den 2012-08-21 21:15, Rosali skrev:
Am 21.08.2012 17:34, schrieb Benny Pedersen:
abuse@[127.0.0.1] is a valid email address, but roundcube says please provide atleast one email address, dont know if its fixed in later versions yet
Not our issue. Post @ trac.roundcube.net
so ?
Sorry, I submitted my reply by mistake. Just ignore, please.
no need to sorry, we are humans that makes error, i just like to know how to fix, should i email to another email address or ?
On 08/21/2012 06:34 PM, Benny Pedersen wrote:
abuse@[127.0.0.1] is a valid email address, but roundcube says please provide atleast one email address
Doesn't work with current version too. It looks like javascript method for address validation doesn't handle this case. Please, open a ticket in bugtracker, so we could fix this issue in next version.
Hi,
if this could be of some help, below is a php function I am used to work with (It should be easy to port to javascript) that makes mail address validation and handle this case (RFC2822 compliant) :
<?php // check_email_address function // Check specified email address syntax validity // Originally from : http://www.ilovejackdaniels.com/php/email-address-validation/ [1] // Updated by S. BLAISOT on Feb 02 2006 to check DNS MX of the domain // Newer version implemented as a class can be found here : http://code.google.com/p/php-email-address-validation/ [2] function check_email_address($email) { // First, we check that there's one @ symbol, and that the lengths are right if (!ereg("^[^@]{1,64}@[^@]{1,255}$", $email)) { // Email invalid because wrong number of characters in one section, or wrong number of @ symbols. return false; } // Split it into sections to make life easier $email_array = explode("@", $email); $local_array = explode(".", $email_array[0]); for ($i = 0; $i < sizeof($local_array); $i++) { if (!ereg("^(([A-Za-z0-9!#$%&'*+/=?^_`{|}~-][A-Za-z0-9!#$%&'*+/=?^_`{|}~.-]{0,63})|("[^(\|")]{0,62}"))$", $local_array[$i])) { return false; } } if (!ereg("^[?[0-9.]+]?$", $email_array[1])) { // Check if domain is IP. If not, it should be valid domain name $domain_array = explode(".", $email_array[1]); if (sizeof($domain_array) < 2) { return false; // Not enough parts to domain } for ($i = 0; $i < sizeof($domain_array); $i++) { if (!ereg("^(([A-Za-z0-9][A-Za-z0-9-]{0,61}[A-Za-z0-9])|([A-Za-z0-9]+))$",$domain_array[$i])) { return false; } } } // DNS check of MX of the specified domainname if( !checkdnsrr($email_array[1], "MX") ) { if( !checkdnsrr($email_array[1], "A")) { return false; } } return true; } ?>
usage : //[...] // Validate mail address
if (!check_email_address($From)) { echo "Adresse Invalide !n"; } else {
echo "Adresse mail validen"; }
also, I think that email address validation should not be done by javascript alone as it is client side and you can not rely on client (javascript can be disable, altered, bypassed or whatever) resulting in not validatied addresses sent to php server-side part of the application.
Don't know how it is in roundcube, but I think that mail address validation can take place client-side in javascript for better user experience but should also be done server-side in php, ensuring outgoing mail from roundcube are at least syntaxically correct (and limiting XSS vulnerability risks).
regards,
On 08/23/2012 09:39 AM, Sébastien BLAISOT wrote:
also, I think that email address validation should not be done by javascript alone as it is client side and you can not rely on client (javascript can be disable, altered, bypassed or whatever) resulting in not validatied addresses sent to php server-side part of the application.
But you know, Roundcube uses javascript very extensively. So, disabled/altered/bypased or whatever would break Roundcube functionality at all, not only address validation ;)
Don't know how it is in roundcube, but I think that mail address validation can take place client-side in javascript for better user experience but should also be done server-side in php, ensuring outgoing mail from roundcube are at least syntaxically correct (and limiting XSS vulnerability risks).
And that's how it's implemented in Roundcube ;)
Le 2012-08-23 09:44, A.L.E.C a écrit :
But you know, Roundcube
uses javascript very extensively. So, disabled/altered/bypased or whatever would break Roundcube functionality at all, not only address validation ;)
Yes, I'm aware of that. But using tools like "developper toolbar" or "Firebug" firefox extensions, you can always manipulate data before sending to roundcube server-side php to bypass, by exemple, a javascript validation.
Don't know how it is in roundcube, but I
think that mail address validation can take place client-side in javascript for better user experience but should also be done server-side in php, ensuring outgoing mail from roundcube are at least syntaxically correct (and limiting XSS vulnerability risks).
And
that's how it's implemented in Roundcube ;)
ok, cool.
regards,
S.B.
Den 2012-08-23 08:06, A.L.E.C skrev:
Doesn't work with current version too. It looks like javascript method for address validation doesn't handle this case. Please, open a ticket in bugtracker, so we could fix this issue in next version.
Submission rejected as potential spam
sad this spam check is needed for logged in users :(
On 08/23/2012 07:43 PM, Benny Pedersen wrote:
Den 2012-08-23 08:06, A.L.E.C skrev:
Doesn't work with current version too. It looks like javascript method for address validation doesn't handle this case. Please, open a ticket in bugtracker, so we could fix this issue in next version.
I've fixed this issue in commit ff805351cae78676927f76a1960b8e688558fe95.
Den 2012-08-23 20:15, A.L.E.C skrev:
On 08/23/2012 07:43 PM, Benny Pedersen wrote:
Den 2012-08-23 08:06, A.L.E.C skrev:
Doesn't work with current version too. It looks like javascript method for address validation doesn't handle this case. Please, open a ticket in bugtracker, so we could fix this issue in next version.
I've fixed this issue in commit ff805351cae78676927f76a1960b8e688558fe95.
also here i forget to say that abuse@127.0.0.1 is invalid, but abuse@[127.0.0.1] is valid
test it on mta such as postfix to prove it :=)
thanks for all that resolve this
Reason behind this that with abuse@127.0.0.1, the MTA will try to get MX records for the 'dns name' 127.0.0.1. (Although, I hope all MTA's are smart enough to just reject such an address) With [172.0.0.1] it bypasses MX checks and uses the default A or CNAME DNS record or, in case of an IP address, the IP.
On Thu, Aug 23, 2012 at 8:20 PM, Benny Pedersen me@junc.org wrote:
Den 2012-08-23 20:15, A.L.E.C skrev:
On 08/23/2012 07:43 PM, Benny Pedersen wrote:
Den 2012-08-23 08:06, A.L.E.C skrev:
Doesn't work with current version too. It looks like javascript method
for address validation doesn't handle this case. Please, open a ticket in bugtracker, so we could fix this issue in next version.
I've fixed this issue in commit ff805351cae78676927f76a1960b8e** 688558fe95.
also here i forget to say that abuse@127.0.0.1 is invalid, but abuse@[127.0.0.1] is valid
test it on mta such as postfix to prove it :=)
thanks for all that resolve this
______________________________**_________________ Roundcube Development discussion mailing list dev@lists.roundcube.net http://lists.roundcube.net/**mailman/listinfo/devhttp://lists.roundcube.net/mailman/listinfo/dev
Den 2012-08-27 10:01, Peter Overtoom skrev:
bypasses MX checks and uses the default A or CNAME DNS record or, in case of an IP address, the IP.
CNAME will be listed in rfc-ignorant.org :)
and its checkin dns if it try, i just think this is seldom used so there is not checked that roundcube had this problem before now, while we are at it, does roundcube accept abuse@[127.0.0.1] as sender addresse ?
-
A.L.E.C -
Benny Pedersen -
Peter Overtoom -
Rosali -
Sébastien BLAISOT