View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0000948 | Main CAcert Website | source code | public | 2011-06-04 22:11 | 2013-01-15 17:22 |
| Reporter | dakon | Assigned To | Uli60 | ||
| Priority | normal | Severity | minor | Reproducibility | have not tried |
| Status | closed | Resolution | fixed | ||
| Fixed in Version | 2011 Q3 | ||||
| Summary | 0000948: Email address verification violates SMTP protocol | ||||
| Description | If I want to verify a new email address a connection to my server is is created. The transaction looks as follows: Jun 5 00:07:09 mail Qsmtpd[7431]: > 220 mail.sf-mail.de Qsmtpd 0.19svn ESMTP Jun 5 00:07:09 mail Qsmtpd[7431]: < HELO www.cacert.org Jun 5 00:07:09 mail Qsmtpd[7431]: > 250 mail.sf-mail.de Jun 5 00:07:09 mail Qsmtpd[7431]: < MAIL FROM: <returns@cacert.org> Jun 5 00:07:09 mail Qsmtpd[7431]: > 250 2.1.5 sender <returns@cacert.org> is syntactically correct Jun 5 00:07:09 mail Qsmtpd[7431]: < RCPT TO: <foobar@example.com> Jun 5 00:07:09 mail Qsmtpd[7431]: > 500 5.5.2 command syntax error Jun 5 00:07:09 mail Qsmtpd[7431]: < QUIT Jun 5 00:07:09 mail Qsmtpd[7431]: > 221 2.0.0 mail.sf-mail.de service closing transmission channel The mails are rejected because of the space between ':' and '<' in both the MAIL FROM and RCPT TO commands. | ||||
| Additional Information | See RfC 2821 and RfC 5321, section 4.1.1.2: mail = "MAIL FROM:" Reverse-path [SP Mail-parameters] CRLF As you might have noticed there is an explicit mentioning of SP before extra parameters. This means there has to be a single whitespace if you want to add a parameter behind the closing bracket and the start of the parameter. Other spaces may not appear on the line. | ||||
| Tags | No tags attached. | ||||
| Attached Files | |||||
| Reviewed by | dastrath, NEOatNHNG | ||||
| Test Instructions | |||||
|
|
/includes/mysql.php.sample is the proposed RFC-2821 compliant fix, to remove the extra white space before mail-from and before rcpt-to addresses from the code base extra infos: - http://www.snertsoft.com/smtp/smtpf/summary.html#opt_rfc2821_extra_spaces - http://bugs.php.net/28038 as production mysql.php is not distributed with the repository, this fix needs to be added manualy by the Software-Assessors or the Critical Team One question that araises: can the function sendmail() outsourced to another include file ? eg mysql.php .. include_once("/includes/mysql-functions.php"); .. ??? |
|
|
domain check is affected too /includes/general.php |
|
|
Added the proposed changes to git branch bug-948 |
|
|
patch added, review #1 by Ted test is difficult for testers, as a raw smtp log is not available to check. emails are redirected on testserver to TMS mailbox but w/o further header debug infos needs 2nd review |
|
|
dirk, NEO, added to cacert-devel, added to testserver |
|
|
new account join -> TMS rcvd mail probe: ok 2nd account: assure someone -> new account -> rcvd mail by new account: You were issued 35 points and you now have 35 points in total. -> ok assurer rcvd email: You issued 35 points and they now have 35 points in total. -> ok new user - create client cert rcvd email: If you have not imported CAcert´s root certificate, please go to: https://www.cacert.org/index.php?id=3 Root cert fingerprint = A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B Root cert fingerprint = 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33 -> ok add domain - rcvd mail: Below is the link you need to open to verify your domain 'xxx'. Once your address is verified you will be able to start issuing certificates to your heart's content! -> ok find an assurer - contact assurer -> ok assure someone - use non-existent email - send reminder notice mhh, don't know where to find the email ... account doesn't exist, cannot login to tms (this is as expected) cannot be checked |
|
|
Patch reviewed. No complaints, good to go. So once we have a few extra tests we can put it into production. |
|
|
Tested: join new member: ok assure sombody: assuree OK, assurer OK client certificate: OK |
|
|
client.pl needs update too line 640 sub sendmail() l.673 print $smtp "MAIL FROM: <returns\@cacert.org>\r\n"; l.679 print $smtp "RCPT TO: <".trim($user).">\r\n"; |
|
|
Reminder sent to: egal Dirk made those changes to the /CommModule/client.pl and applied them to the test server on our last Software Assessment meeting yesterday. |
|
|
I have reviewed the changes to the /CommModule/client.pl and they are OK. So only some more testing needed before it can go to production. |
|
|
client.pl update effects _all_ mails on cert creations org / individual members, client / server certs as sub sendmail is a function used in main HandleCerts function |
|
|
tests finished review: needs more testing, see instructions under https://bugs.cacert.org/view.php?id=948#c2070 |
|
|
join new member: mail recivied -> ok assure sombody: assuree mail recivied -> ok, assurer mail recivied -> ok client certificate: mail recivied -> ok add domain: mail recivied -> ok find assurer: mail recivied -> ok Edit data: mail recivied -> ok |
|
|
small bugfix to get smtp routines rfc aware no function blocked tested by 2 users at application level further testing needs low level testing. this is impossible with testserver environment so therefor ready to deploy |
|
|
Patch request sent to critical admins |
|
|
Patch applied to production system on July 22, 2011. See https://lists.cacert.org/wws/arc/cacert-systemlog/2011-07/msg00008.html |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2011-06-04 22:11 | dakon | New Issue | |
| 2011-06-05 12:44 | Uli60 | File Added: mysql.php.sample | |
| 2011-06-05 12:51 | Uli60 | Note Added: 0002011 | |
| 2011-06-05 13:08 | Uli60 | Note Edited: 0002011 | |
| 2011-06-05 13:09 | Uli60 | Note Edited: 0002011 | |
| 2011-06-06 02:47 | Uli60 | Note Added: 0002012 | |
| 2011-06-06 02:47 | Uli60 | Note Edited: 0002012 | |
| 2011-06-06 02:48 | Uli60 | File Added: general.php | |
| 2011-06-07 22:16 | Ted | Note Added: 0002013 | |
| 2011-06-08 01:56 | Uli60 | Status | new => needs work |
| 2011-06-08 01:56 | Uli60 | Assigned To | => Uli60 |
| 2011-06-08 01:58 | Uli60 | Note Added: 0002021 | |
| 2011-06-08 01:58 | Uli60 | Status | needs work => confirmed |
| 2011-06-14 22:08 | NEOatNHNG | Assigned To | Uli60 => Ted |
| 2011-06-14 22:08 | NEOatNHNG | Status | confirmed => needs review & testing |
| 2011-06-14 22:08 | NEOatNHNG | Assigned To | Ted => Uli60 |
| 2011-06-14 22:08 | NEOatNHNG | Status | needs review & testing => needs work |
| 2011-06-14 22:09 | NEOatNHNG | Status | needs work => needs review & testing |
| 2011-06-28 23:59 | Uli60 | Note Added: 0002069 | |
| 2011-06-29 00:05 | Uli60 | Note Added: 0002070 | |
| 2011-06-29 00:07 | NEOatNHNG | Source_changeset_attached | => cacert-devel master 4d94bd33 |
| 2011-06-29 00:07 | Source_changeset_attached | => cacert-devel master 5bdc30d8 | |
| 2011-06-29 00:12 | Uli60 | Note Edited: 0002070 | |
| 2011-06-29 00:20 | Uli60 | Note Edited: 0002070 | |
| 2011-06-29 00:24 | Uli60 | Note Edited: 0002070 | |
| 2011-06-29 11:59 | NEOatNHNG | Note Added: 0002071 | |
| 2011-06-29 11:59 | NEOatNHNG | Status | needs review & testing => needs testing |
| 2011-06-30 08:46 | INOPIAE | Note Added: 0002074 | |
| 2011-07-05 21:26 | Uli60 | Note Added: 0002090 | |
| 2011-07-05 22:05 | Source_changeset_attached | => cacert-devel master 50939092 | |
| 2011-07-05 22:05 | Source_changeset_attached | => cacert-devel master 3d6c4ebb | |
| 2011-07-07 00:06 | NEOatNHNG | Note Added: 0002100 | |
| 2011-07-07 00:09 | NEOatNHNG | Note Added: 0002101 | |
| 2011-07-07 00:10 | NEOatNHNG | Reviewed by | => dastrath, NEOatNHNG |
| 2011-07-07 01:00 | Uli60 | Note Added: 0002102 | |
| 2011-07-13 01:03 | Uli60 | Note Added: 0002123 | |
| 2011-07-19 21:58 | INOPIAE | Note Added: 0002154 | |
| 2011-07-19 23:29 | Uli60 | Note Added: 0002163 | |
| 2011-07-19 23:29 | Uli60 | Status | needs testing => ready to deploy |
| 2011-07-21 13:35 | NEOatNHNG | Note Added: 0002173 | |
| 2011-07-21 13:40 | NEOatNHNG | Source_changeset_attached | => cacert-devel release 18e17465 |
| 2011-07-22 14:17 | wytze | Note Added: 0002179 | |
| 2011-07-22 14:17 | wytze | Status | ready to deploy => closed |
| 2011-07-22 14:17 | wytze | Resolution | open => fixed |
| 2012-08-28 10:02 | Uli60 | Relationship added | related to 0001054 |
| 2012-08-28 12:11 | NEOatNHNG | Relationship deleted | related to 0001054 |
| 2013-01-15 17:22 | Werner Dworak | Fixed in Version | => 2011 Q3 |
