Quote mark in email address

General eFa discussion
Post Reply
carlc
Posts: 2
Joined: 06 Mar 2020 14:46

Quote mark in email address

Post by carlc »

First, let me thank everyone, I love the EFA appliance and it's definitely the best opensource solution I've used for spam prevention.

I found an interesting problem, Lands end is sending emails with a ' mark [single tick mark] in them. For example:

Message-ID: <Lands'EndKids.6t35--r24j.tlmd@email.landsend.com>

This single quote mark is causing this to happen in /var/log/messages:

Mar 1 07:29:15 efa4 php: PHP Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'EndKids.6t35--r24j.tlmd@email.landsend.com>' LIMIT 1' at line 1 in /var/www/html/mailscanner/functions.php:1056#012Stack trace:#012#0 /var/www/html/mailscanner/functions.php(1056): mysqli->query('SELECT id from ...')#012#1 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(54): dbquery('SELECT id from ...')#012#2 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(95): doit('cat /var/log/ma...')#012#3 {main}#012 thrown in /var/www/html/mailscanner/functions.php on line 1056
Mar 1 07:29:15 efa4 php: Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'EndKids.6t35--r24j.tlmd@email.landsend.com>' LIMIT 1' at line 1 in /var/www/html/mailscanner/functions.php:1056
Mar 1 07:29:15 efa4 php: Stack trace:
Mar 1 07:29:15 efa4 php: #0 /var/www/html/mailscanner/functions.php(1056): mysqli->query('SELECT id from ...')
Mar 1 07:29:15 efa4 php: #1 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(54): dbquery('SELECT id from ...')
Mar 1 07:29:15 efa4 php: #2 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(95): doit('cat /var/log/ma...')
Mar 1 07:29:15 efa4 php: #3 {main}
Mar 1 07:29:15 efa4 php: thrown in /var/www/html/mailscanner/functions.php on line 1056
Mar 1 07:29:15 efa4 php: cat: write error: Broken pipe

This message is stuck, where I can I find it and how do I remove it?

And to the EFA programming team, how do we prevent this possible hack from happening (looks like the single quote mark is causing mailscanner to do stupid things with MySQL).

Thank you!
Carl
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Quote mark in email address

Post by shawniverson »

Well now, that's a problem.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Quote mark in email address

Post by shawniverson »

User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Quote mark in email address

Post by shawniverson »

Message is most likely in /var/spool/MailScanner/milterin and needs removed from here, but this isn't going to fix the problem. Going to have to do some coding this weekend to fix...
carlc
Posts: 2
Joined: 06 Mar 2020 14:46

Re: Quote mark in email address

Post by carlc »

Sorry to be a bother... but thank you for looking at it and working on it!
User avatar
pdwalker
Posts: 1553
Joined: 18 Mar 2015 09:16

Re: Quote mark in email address

Post by pdwalker »

shawniverson wrote: 06 Mar 2020 20:00 Well now, that's a problem.
Sorry, but I had to laugh...
cmaje72
Posts: 3
Joined: 23 Feb 2015 16:49

Re: Quote mark in email address

Post by cmaje72 »

Has this issue been resolved? It is causing very high CPU usage by mysql on my system. I don't see any messages stuck in /var/spool/MailScanner/milterin. I am getting the exact same error as the original poster.

My eFa installation thinks it is up to date.

Edit - I went ahead and patched the script manually and the mysql CPU issues cleared up immediately.
User avatar
shawniverson
Posts: 3644
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Quote mark in email address

Post by shawniverson »

It has been fixed upstream. I'll pull it down.
Post Reply