CPANEL-41308 - Autoresponder - Use of uninitialized value in pattern match
Initially I thought this was part of the problem addressed in CPANEL-40473, but CPANEL-40473 was fixed in cPanel 102.0.20 and the problem I am seeing remains.
Apparently the perl code being used in the autoresponder code can't deal with [ and ] characters in the From or Reply-To field.
Steps to reproduce:
Set up an autoresponder on an email address.
Then in shell, switch to that user using the /usr/local/cpanel/bin/jailshell shell:
su -s /usr/local/cpanel/bin/jailshell - %theuser%
And run the autoresponder script directly:
/usr/local/cpanel/bin/autorespond %theemailaddress% /home/%theuser%/.autorespond
Then simply paste something like:
[plain]Reply-To: [Something Here]
From: [Something Here] [/plain]
That's all you have to enter. And close the stream by pressing Ctrl+D
The resulting error is:
Use of uninitialized value in pattern match (m//) at bin/autorespond.pl line 120, line 2.
Use of uninitialized value in lc at bin/autorespond.pl line 125, line 2.
If you repeat:
/usr/local/cpanel/bin/autorespond %theemailaddress% /home/%theuser%/.autorespond
and paste:
[plain]Reply-To: Something Here
From: Something Here [/plain]
And end the stream with Ctrl+D, then no error gets reported.
Additionally, headers such as:
[plain]From: postmaster@cpanel.net[/plain]
Also results in the error:
info [autorespond] Failed to parse sender identity for message sent to %theemailaddress%
There may be other characters that cause problems.
Could you argue that these headers are improperly formatted with content? I suppose. But these are actual real messages that email addresses on our servers are receiving. Proper or not this is resulting in perl errors bouncing back to the envelope-sender.
I'm not sure where the perl code that is being used for this is at - it may be compiled in some where. But any perl script that is taking input and not directly being available for problem diagnosis (such as an email pipe), should include the lines:
at the beginning of the script, so that any output caused by the script is squashed. This is important in email pipes, because any output will bounce back to the sender without being accepted. I would propose adding the above STDOUT and STDERR redirection into the autoresponder script and if the script cannot determine an email address that the message was sent From or should be Reply-To'd, the the autoresponder script simply does nothing.
open(STDOUT, ">/dev/null");
open(STDERR, ">/dev/null");at the beginning of the script, so that any output caused by the script is squashed. This is important in email pipes, because any output will bounce back to the sender without being accepted. I would propose adding the above STDOUT and STDERR redirection into the autoresponder script and if the script cannot determine an email address that the message was sent From or should be Reply-To'd, the the autoresponder script simply does nothing.
-
Hey there! First of all, I love the clear replication steps you always include. It makes my life so much easier! I don't think this is exactly the same behavior as CPANEL-40473 so I've created a new case, CPANEL-41308, and the team is reviewing that now. I've also linked that previous case just in case they are related somehow (which seems likely). 0 -
Any updates on this? Been a couple of months. 0 -
I did reach out to the email team and the case is on their radar, but no development steps have been taken just yet. 0
Please sign in to leave a comment.
Comments
3 comments