Bug#902340: libmail-srs-perl: SRS.pm doesn't properly handle local-parts with quoted @ symbol

Kim-Alexander Brodowski kim.brodowski at iserv.eu
Mon Jun 25 10:40:29 BST 2018 

Package: libmail-srs-perl
Version: 0.31-5
Severity: normal
Tags: upstream

Dear Maintainer,

the forward subroutine of SRS.pm contains a relatively simple RegEx to match the local-part and domain-part of the original mail sender. This behaviour however does not appear to be standard compliant. As far as I'm aware e-mail addresses like "test at test"@example.com are valid.

Using such a mail address result in SRS.pm failing on line 209.

Exim paniclog:
  2018-06-25 11:14:15 1fXNZe-0003A0-Ri == redirect-test@[REDACTED] R=dnslookup T=remote_srs_forward_smtp defer (-1): Failed to expand return path "${perl{srsForward}{${return_path}}{${qualify_domain}}}": Sender username may not contain an @ at /usr/share/perl5/Mail/SRS.pm line 209.\n

This hebaviour results in the recipient receiving error reports.

The code snippet in question:
SRS.pm:
  206:$sender =~ m/^(.*)\@([^\@]+)$/
  207:                                or die "Sender '$sender' contains no \@";
  208:my ($senduser, $sendhost) = ($1, $2);
  209:$senduser =~ m/\@/ and die 'Sender username may not contain an @';


SMTP Session:
  220 iserv.kim.mein-iserv.de ESMTP Exim 4.89 Mon, 25 Jun 2018 11:12:41 +0200
  MAIL FROM: "test at test"@example.com
  250 OK
  RCPT TO: [REDACTED]
  250 Accepted
  DATA
  354 Enter message, ending with "." on a line by itself
  From: "test at test"@example.com
  Subject: Test Message @
  
  This is a test.
  
  .
  250 OK id=1fXNZ6-000393-3R
  QUIT
  221 iserv.kim.mein-iserv.de closing connection

-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libmail-srs-perl depends on:
ii  libdigest-hmac-perl  1.03+dfsg-1
ii  libmldbm-perl        2.05-2
ii  perl                 5.24.1-3+deb9u4

libmail-srs-perl recommends no packages.

libmail-srs-perl suggests no packages.

-- no debconf information

More information about the pkg-perl-maintainers mailing list