6.0.0-git
2021-01-19

[#4854] Cannot filter spam if from address has illegal apostrophe (')
Summary Cannot filter spam if from address has illegal apostrophe (')
Queue Horde Framework Packages
Queue Version FRAMEWORK_3
Type Bug
State Resolved
Priority 2. Medium
Owners jan (at) horde (dot) org
Requester robert (at) biro (dot) net
Created 2007-01-09 (5124 days ago)
Due
Updated 2007-04-25 (5018 days ago)
Assigned 2007-04-25 (5018 days ago)
Resolved 2007-04-25 (5018 days ago)
Milestone
Patch No

History
2007-04-25 17:40:13 Jan Schneider Comment #11
Assigned to Jan Schneider
State ⇒ Resolved
Reply to this comment
Fixed in CVS.
2007-04-25 17:39:50 Jan Schneider Version ⇒ FRAMEWORK_3
Queue ⇒ Horde Framework Packages
State ⇒ Assigned
 
2007-01-20 22:36:57 Jan Schneider State ⇒
 
2007-01-20 19:37:28 qa (at) cpanel (dot) net Comment #10 Reply to this comment
My apologies, I forgot to clarify that the problem exists in the Horde 
Framework, not IMP.



1. Download Horde-3.1.3

2. Untar

3. cd horde-3.1.3/lib/Horde/IMAP

4. Open Search.php

5. Goto line 539

6. Notice: $this->_query = String::upper($header) . ' "' . 
addslashes($query) . '"';



IMAP and Email RFCs in general are not my forte, thus the patch I 
supplied might not be the best or correct way to resolve the issue.
2007-01-20 15:29:55 Jan Schneider Comment #9 Reply to this comment
There is no addslashes() call in Search.php of any current IMP version.
2007-01-18 20:21:43 qa (at) cpanel (dot) net Comment #8
New Attachment: Search.quote.patch Download
Reply to this comment
The problem is in lib/Horde/IMAP/Search.php line 539. The addslashes 
function is used to escape characters in the email address, which 
means the email address in this instance no longer matches what is on 
the IMAP server.



The attached patch 'fixes' this by removing the addslashes function 
and using str_replace to only escape double quotes (since a double 
quoted string is being built).
2007-01-09 18:53:10 ryan (at) totalchoicehosting (dot) com Comment #7 Reply to this comment
...cpanel/base/horde/ingo/config/backends.php

/* IMAP Example */

$backends['imap'] = array(

     'driver' => 'null',

     'preferred' => 'example.com',

     'hordeauth' => true,

     'params' => array(),

     'script' => 'imap',

     'scriptparams' => array()

);



The horde setup on our servers is part of cpanel's prepackaged horde 
installation.
No. And if you don't have access to configure Ingo, you really need
to be talking to your ISP, not us. I can't see how you'd be able to
do any debugging, information gathering, or testing of fixes if you
can't get to the config files. If the ISP has a problem, they're the
ones that can work usefully with us, the developers.
2007-01-09 17:55:59 Chuck Hagenbuch Comment #6
State ⇒ Not A Bug
Reply to this comment
No. And if you don't have access to configure Ingo, you really need to 
be talking to your ISP, not us. I can't see how you'd be able to do 
any debugging, information gathering, or testing of fixes if you can't 
get to the config files. If the ISP has a problem, they're the ones 
that can work usefully with us, the developers.
2007-01-09 17:50:29 robert (at) biro (dot) net Comment #5 Reply to this comment
I cannot get to the config/backends.php since my ISP does not make it 
visible to me.  I have asked them to submit the information directly 
to you.



Is there anything from http://biro.net:2095/horde/test.php that would 
be useful to you?


2007-01-09 12:53:08 Jan Schneider Comment #4 Reply to this comment
This is not the answer to the question. Chuck was asking about Ingo's 
backend configured in config/backends.php.
2007-01-09 07:26:19 robert (at) biro (dot) net Comment #3 Reply to this comment
What filtering backend/method are you using?
Horde.:Mail:Filters:Existing Rules:Blacklist



Blacklist

The blacklist is a list of email addresses known to send email that 
you do not wish to see in your INBOX.



Horde Version



     * Horde: 3.1.3



Horde Applications



     * Horde: 3.1.3

     * Imp: H3 (4.1.3) (run Imp tests)

     * Ingo: H3 (1.1.1) (run Ingo tests)

     * Jonah: 0.1-cvs (run Jonah tests)

     * Kronolith: H3 (2.1.2)

     * Mnemo: H3 (2.1)

     * Nag: H3 (2.1.1)

     * Turba: H3 (2.1.2) (run Turba tests)



PHP Version



     * View phpinfo() screen

     * View loaded extensions

     * PHP Version: 4.4.2

     * PHP Major Version: 4.4

     * PHP Minor Version: 2

     * PHP Version Classification: release

     * You are running a supported version of PHP.



PHP Module Capabilities



     * Ctype Support: Yes

     * DOM XML Support: Yes

     * FTP Support: Yes

     * GD Support: Yes

     * Gettext Support: Yes

     * Iconv Support: Yes

     * IMAP Support: Yes

     * LDAP Support: No

     * Mbstring Support: Yes

     * Mcrypt Support: No

       Mcrypt is a general-purpose cryptography library which is 
broader and significantly more efficient (FASTER!) than PHP's own 
cryptographic code and will provider faster logins.

     * MIME Magic Support (fileinfo): No

       The fileinfo PECL module or the mime_magic PHP extension (see 
below) will most likely provide faster MIME Magic lookups than the 
built-in Horde PHP magic code. See horde/docs/INSTALL for information 
on how to install PECL/PHP extensions.

     * memcached Support (memcache): No

       The memcache PECL module is needed only if you are using the 
memcached SessionHandler. See horde/docs/INSTALL for information on 
how to install PECL/PHP extensions.

     * MIME Magic Support (mime_magic): No

       The fileinfo PECL module (see above) or the mime_magic PHP 
extension will most likely provide faster MIME Magic lookups than the 
built-in Horde PHP magic code. See horde/docs/INSTALL for information 
on how to install PECL/PHP extensions.

     * MySQL Support: Yes

     * OpenSSL Support: No

     * PostgreSQL Support: Yes

     * Session Support: Yes

     * XML Support: Yes

     * Zlib Support: Yes



Miscellaneous PHP Settings



     * magic_quotes_runtime disabled: Yes

     * memory_limit disabled: Yes

     * safe_mode disabled: Yes

     * session.use_trans_sid disabled: No

       Horde will work with session.use_trans_sid turned on, but you 
may see double session-ids in your URLs, and if the session name in 
php.ini differs from the session name configured in Horde, you may get 
two session ids and see other odd behavior. The URL-rewriting that 
use_trans_sid does also tends to break XHTML compliance. In short, you 
should really disable this.

     * session.auto_start disabled: Yes



File Uploads



     * file_uploads enabled: Yes

     * upload_max_filesize: 50M

     * post_max_size: 55M



Required Horde Configuration Files



     * config/conf.php: Yes

     * config/mime_drivers.php: Yes

     * config/nls.php: Yes

     * config/prefs.php: Yes

     * config/registry.php: Yes



PHP Sessions



     * Session counter: 1

     * To unregister the session: click here



PEAR



     * PEAR Search Path (PHP's include_path):   
/usr/local/cpanel/base/horde/lib:/usr/local/cpanel/3rdparty/lib/php/:.

     * PEAR: Yes

     * Recent PEAR: Yes

     * Mail: Yes

     * Mail_Mime: Yes

     * Log: Yes

     * DB: Yes

     * Net_Socket: Yes

     * Date: Yes

     * Auth_SASL: Yes

     * HTTP_Request: Yes

     * File: Yes

     * Net_SMTP: Yes

     * Services_Weather: No

       Services_Weather is used by the weather applet/block on the portal page.

     * Cache: Yes

     * XML_Serializer: No

       XML_Serializer is used by the Services_Weather module on the 
weather applet/block on the portal page.


2007-01-09 02:56:29 Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
What filtering backend/method are you using?
2007-01-09 00:14:02 robert (at) biro (dot) net Comment #1
Type ⇒ Bug
State ⇒ Unconfirmed
Priority ⇒ 2. Medium
Summary ⇒ Cannot filter spam if from address has illegal apostrophe (')
Queue ⇒ Ingo
Reply to this comment
Spam is coming in with illegal from addresses that have an apostrophe 
in it and cannot be filtered by Horde.

The address is added to the banned list, but it never gets filtered.



Example addresses from my horde blacklist:

verve'sdistributors@aaconline.com

terrapin'sshepherd@aandacht.com

latexbaha'i@aardse.nl



Horde info:

Horde Version



     * Horde: 3.1.3



Horde Applications



     * Horde: 3.1.3

     * Imp: H3 (4.1.3) (run Imp tests)

     * Ingo: H3 (1.1.1) (run Ingo tests)

     * Jonah: 0.1-cvs (run Jonah tests)

     * Kronolith: H3 (2.1.2)

     * Mnemo: H3 (2.1)

     * Nag: H3 (2.1.1)

     * Turba: H3 (2.1.2) (run Turba tests)



PHP Version



     * View phpinfo() screen

     * View loaded extensions

     * PHP Version: 4.4.2

     * PHP Major Version: 4.4

     * PHP Minor Version: 2

     * PHP Version Classification: release

     * You are running a supported version of PHP.


Saved Queries