Quote mark in email address
Posted: 06 Mar 2020 14:55
First, let me thank everyone, I love the EFA appliance and it's definitely the best opensource solution I've used for spam prevention.
I found an interesting problem, Lands end is sending emails with a ' mark [single tick mark] in them. For example:
Message-ID: <Lands'EndKids.6t35--r24j.tlmd@email.landsend.com>
This single quote mark is causing this to happen in /var/log/messages:
Mar 1 07:29:15 efa4 php: PHP Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'EndKids.6t35--r24j.tlmd@email.landsend.com>' LIMIT 1' at line 1 in /var/www/html/mailscanner/functions.php:1056#012Stack trace:#012#0 /var/www/html/mailscanner/functions.php(1056): mysqli->query('SELECT id from ...')#012#1 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(54): dbquery('SELECT id from ...')#012#2 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(95): doit('cat /var/log/ma...')#012#3 {main}#012 thrown in /var/www/html/mailscanner/functions.php on line 1056
Mar 1 07:29:15 efa4 php: Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'EndKids.6t35--r24j.tlmd@email.landsend.com>' LIMIT 1' at line 1 in /var/www/html/mailscanner/functions.php:1056
Mar 1 07:29:15 efa4 php: Stack trace:
Mar 1 07:29:15 efa4 php: #0 /var/www/html/mailscanner/functions.php(1056): mysqli->query('SELECT id from ...')
Mar 1 07:29:15 efa4 php: #1 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(54): dbquery('SELECT id from ...')
Mar 1 07:29:15 efa4 php: #2 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(95): doit('cat /var/log/ma...')
Mar 1 07:29:15 efa4 php: #3 {main}
Mar 1 07:29:15 efa4 php: thrown in /var/www/html/mailscanner/functions.php on line 1056
Mar 1 07:29:15 efa4 php: cat: write error: Broken pipe
This message is stuck, where I can I find it and how do I remove it?
And to the EFA programming team, how do we prevent this possible hack from happening (looks like the single quote mark is causing mailscanner to do stupid things with MySQL).
Thank you!
Carl
I found an interesting problem, Lands end is sending emails with a ' mark [single tick mark] in them. For example:
Message-ID: <Lands'EndKids.6t35--r24j.tlmd@email.landsend.com>
This single quote mark is causing this to happen in /var/log/messages:
Mar 1 07:29:15 efa4 php: PHP Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'EndKids.6t35--r24j.tlmd@email.landsend.com>' LIMIT 1' at line 1 in /var/www/html/mailscanner/functions.php:1056#012Stack trace:#012#0 /var/www/html/mailscanner/functions.php(1056): mysqli->query('SELECT id from ...')#012#1 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(54): dbquery('SELECT id from ...')#012#2 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(95): doit('cat /var/log/ma...')#012#3 {main}#012 thrown in /var/www/html/mailscanner/functions.php on line 1056
Mar 1 07:29:15 efa4 php: Fatal error: Uncaught mysqli_sql_exception: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'EndKids.6t35--r24j.tlmd@email.landsend.com>' LIMIT 1' at line 1 in /var/www/html/mailscanner/functions.php:1056
Mar 1 07:29:15 efa4 php: Stack trace:
Mar 1 07:29:15 efa4 php: #0 /var/www/html/mailscanner/functions.php(1056): mysqli->query('SELECT id from ...')
Mar 1 07:29:15 efa4 php: #1 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(54): dbquery('SELECT id from ...')
Mar 1 07:29:15 efa4 php: #2 /usr/bin/mailwatch/tools/Postfix_relay/mailwatch_milter_relay.php(95): doit('cat /var/log/ma...')
Mar 1 07:29:15 efa4 php: #3 {main}
Mar 1 07:29:15 efa4 php: thrown in /var/www/html/mailscanner/functions.php on line 1056
Mar 1 07:29:15 efa4 php: cat: write error: Broken pipe
This message is stuck, where I can I find it and how do I remove it?
And to the EFA programming team, how do we prevent this possible hack from happening (looks like the single quote mark is causing mailscanner to do stupid things with MySQL).
Thank you!
Carl