Feature #31154

Reject setting RFC non-compliant emission email addresses

Added by Go MAEDA 4 months ago. Updated 6 days ago.

Status:NewStart date:
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:Administration
Target version:4.1.0
Resolution:

Description

RFC non-compliant emission causes Mail::Field::IncompleteParseError while performing email delivery and breaks email notification. No email notifications are delivered if Setting.mail_from has an RFC non-compliant value. The problem occurs in r17870 or later.

[ActiveJob] [ActionMailer::DeliveryJob] [f5bd6903-4f3f-4f40-9d9a-36ab998126e8] Error performing ActionMailer::DeliveryJob (Job ID: f5bd6903-4f3f-4f40-9d9a-36ab998126e8) from Async(mailers) in 1.2ms: Mail::Field::IncompleteParseError (Mail::AddressList can not parse |Redmine[xyz] <redmine@example.com>|: Only able to parse up to "Redmine"):

To avoid this, I think a validation for Setting.mail_from that rejects RFC non-compliant value should be implemented. It can be implemented using Mail::Address.new.

irb(main):001:0> Mail::Address.new('Redmine[xyz] <redmine@example.com>')
Traceback (most recent call last):
Mail::Field::IncompleteParseError (Mail::AddressList can not parse |Redmine[xyz] <redmine@example.com>|: Only able to parse up to "Redmine")

feature-31154.patch Magnifier (2.33 KB) Mizuki ISHIKAWA, 2019-07-09 06:56


Related issues

Related to Redmine - Feature #5913: Authors name in from address of email notifications Closed 2010-07-20

History

#1 Updated by Go MAEDA 4 months ago

  • Related to Feature #5913: Authors name in from address of email notifications added

#2 Updated by Go MAEDA 4 months ago

A workaround for this issue is committed in r18050. Redmine works as same as before r17870 and never raises an exception when the emission email address is not RFC compliant.

But I think this proposed validation is still necessary. Redmine should make an effort not to send emails which violates RFC.

#3 Updated by Mizuki ISHIKAWA about 1 month ago

This patch adds validation of the mail_from value.

  • Mail::Address.new(mail_from) does not return an exception
  • Mail::Address.new(mail_from).adress matches EmailAddress::EMAIL_REGEXP

#4 Updated by Marius BALTEANU about 1 month ago

Mizuki ISHIKAWA wrote:

This patch adds validation of the mail_from value.

  • Mail::Address.new(mail_from) does not return an exception
  • Mail::Address.new(mail_from).adress matches EmailAddress::EMAIL_REGEXP

Mizuki, do you see any problem if we use the existing EMAIL_REGEXP regex from URI::MailTo? https://www.rubydoc.info/stdlib/uri/URI/MailTo

#5 Updated by Mizuki ISHIKAWA about 1 month ago

Marius BALTEANU wrote:

Mizuki ISHIKAWA wrote:

This patch adds validation of the mail_from value.

  • Mail::Address.new(mail_from) does not return an exception
  • Mail::Address.new(mail_from).adress matches EmailAddress::EMAIL_REGEXP

Mizuki, do you see any problem if we use the existing EMAIL_REGEXP regex from URI::MailTo? https://www.rubydoc.info/stdlib/uri/URI/MailTo

I agree to use URI::MailTo::EMAIL_REGEXP because URI::MailTo::EMAIL_REGEXP is often used.
However, I think that it is better to hear other people's opinions because I am not familiar with e-mail address validation rules.

#6 Updated by Go MAEDA 17 days ago

Marius BALTEANU wrote:

Mizuki, do you see any problem if we use the existing EMAIL_REGEXP regex from URI::MailTo? https://www.rubydoc.info/stdlib/uri/URI/MailTo

URI::MailTo::EMAIL_REGEXP cannot be used for Redmine because it rejects email addresses with Unicode characters such as "ドメイン例.jp" ("ドメイン名例" means "domain name example" in Japanese). Jean-Philippe Lang wrote in #15985#note-3 that Redmine should not reject domain names with non-ASCII characters.

Go MAEDA wrote:

Non-ASCII characters cannot be used in an email address.

Yes, they can. More and more clients and server support that.
We cannot simply disallow them in Redmine.

If you have any intarest in the support for Unicode domain (IDN), please see also #29208.

#7 Updated by Go MAEDA 6 days ago

  • Target version set to 4.1.0

Setting the target version to 4.1.0.

Also available in: Atom PDF