Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I have a mailing list script I wrote and some idiot tried to screw things up by adding their name as xung03@aol.com To: xung03@aol.com From: xung03@aol.com Subject: Hog(DA913529,email) JmW yB Q eoP . => xung03@aol.com To: xung03@aol.com From: xung03@aol.com Subject: Yq(DA913529,name)RiatdJ VoyY41ILqAdOjfxkvfKaH8JMobcYw . ::xung03@aol.com To: xung03@aol.com From: xung03@aol.com Subject: 9joI(DA913529,add1)e6WS1maM J . ::xung03@aol.com To: xung03@aol.com From: xung03@aol.com Subject: U84QoU(DA913529,add2)wIfhxuNg 97ob4Cn3k0VauKEoM74hIYt . ::xung03@aol.com To: xung03@aol.com From: xung03@aol.com Subject: qI6(DA913529,city) XN8s Akd xjLmZqTf0s15E4688jkblKj . ::xung03@aol.com To: xung03@aol.com From: xung03@aol.com Subject: (DA913529,zip)Pxia 3i HvHE0tfDHxxSf0CF6W Kyi0WHeieL BZBAFcszbJGEgO1ha:: Okay, maybe I'm the idiot for not preparing for such attacks. Anyway, I need some regexes to prevent this from happening again.

Can someone help me write a regex that for the email address field will substitute anything after a SPACE or a COMMA will be removed before it gets stored to file? I figure if I remove both of these, it doesn't matter what the person tries to put in as their email address, it'll simply be lost. (unless you know of better ways?)

Another problem is, I'm using your basic sendmail mail script To: $adminmail From: $usermail Subject: $subject.. print mail "$message".... Since each of these fields are being processed through the mail script, I have the feeling they could screw up the script with ANY one of these fields. I can't break on SPACES for the name and address fields as they require spaces between the first and last name. Any ideas on what to do about these? I have -t on with sendmail, so hopeully that is doing something.

Replies are listed 'Best First'.
Re: preventing malicious mail attacks
by blue_cowdawg (Monsignor) on Feb 01, 2004 at 18:43 UTC

    Take a look at Email::Valid and friends. You'll be glad you did.

    Peter L. Berghold -- Unix Professional
    Peter at Berghold dot Net
       Dog trainer, dog agility exhibitor, brewer of fine Belgian style ales. Happiness is a warm, tired, contented dog curled up at your side and a good Belgian ale in your chalice.
[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: preventing malicious mail attacks
by CountZero (Bishop) on Feb 01, 2004 at 18:50 UTC
    No need to use a reg-ex where good'ol split will do:

    use strict;
use warnings;

my $emailaddress='xung03@aol.com To: xung03@aol.com From: xung03@aol.c
+om Subject: Hog(DA913529,email) JmW yB Q eoP . => xung03@aol.com To: 
+xung03@aol.com From: xung03@aol.com Subject: Yq(DA913529,name)RiatdJ 
+VoyY41ILqAdOjfxkvfKaH8JMobcYw . ::xung03@aol.com To: xung03@aol.com F
+rom: xung03@aol.com Subject: 9joI(DA913529,add1)e6WS1maM J . ::xung03
+@aol.com To: xung03@aol.com From: xung03@aol.com Subject: U84QoU(DA91
+3529,add2)wIfhxuNg 97ob4Cn3k0VauKEoM74hIYt . ::xung03@aol.com To: xun
+g03@aol.com From: xung03@aol.com Subject: qI6(DA913529,city) XN8s Akd
+ xjLmZqTf0s15E4688jkblKj . ::xung03@aol.com To: xung03@aol.com From: 
+xung03@aol.com Subject: (DA913529,zip)Pxia 3i HvHE0tfDHxxSf0CF6W Kyi0
+WHeieL BZBAFcszbJGEgO1ha::';

my ($good_address, $rubbish) = split /[ ,]/, $emailaddress, 2;

print $good_address;

    [download]

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
[d/l]
      Okay, I'll try your code in a minute..it seems like I have more than just that problem. I can't find a way to delete that key!

      The key is: 

      xung03@aol.com To: xung03@aol.com From: xung03@aol.com Subject: Hog(DA
+913529,email) JmW yB Q eoP .

      [download]
      I tried: 
      delete $emails{"xung03\@aol\.com To\: xung03\@aol\.com From\: xung03\@
+aol\.com Subject\: Hog\(DA913529\,email\) JmW yB Q eoP \."};

      [download]
      And: 
      delete $emails{"xung03@aol.com To: xung03@aol.com From: xung03@aol.com
+ Subject: Hog(DA913529,email) JmW yB Q eoP ."};

      [download]
      But the silly infected hash key/value won't leave lil' me alone :(
[reply]
[d/l]
[select]
        You don't have to escape "funny" characters in a hash key.

        Are you sure the key is correct? No trailing spaces or so? What error message do you get when you try to delete this key (in other words how do you know the key was not deleted)?

        CountZero

        "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
Re: preventing malicious mail attacks
by CountZero (Bishop) on Feb 01, 2004 at 19:05 UTC
    If you are interested to check whether the email address is valid according to RFC822, you can use this regex.

    CountZero

    "If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

[reply]
Re: preventing malicious mail attacks
by ysth (Canon) on Feb 01, 2004 at 21:59 UTC
    Maybe I'm missing something, but wouldn't the name have to have \n in it for the attack to work? This might have something to do with why you can't seem to delete the key. May I suggest you find it and dump it out readably like: 
    use Data::Dumper;
print Dumper grep /xung03/, keys %emails;

    [download]
    You really ought to make an attempt to see what's actually there before deleting it, or you won't be able to guarantee that whatever change you make would keep this from happening again.

    Update: I see you seem to be dumping it in html. That will disguise the actual spacing. Try: 

    print "<pre>\n", Dumper(grep /xung03/, keys %emails), "\n</pre>\n";

    [download]
[reply]
[d/l]
[select]
Re: preventing malicious mail attacks
by Roger (Parson) on Feb 01, 2004 at 23:51 UTC
    How about this attempt?
    use strict;
use warnings;

my $addr_pattern = qr/\s*?(?:\w+\.?)*\@(?:\w+\.?)*\s*?/;
my $name_pattern = qr/(?:(?:\w+\s+)*\w+)/;

my @valid_patterns = (
    qr/$addr_pattern/,
    qr/$name_pattern\s+<$addr_pattern>/,
    qr/<$addr_pattern>\s+$name_pattern/,
);

my $all = join '|', @valid_patterns;

while (<DATA>) {
    chomp;
    my ($addr) = /^(\s*?($all)),?/;
    print "$addr\n";
}

__DATA__
Xung03 <xung03@aol.com> To: xung03@aol.com From: ...
xung03@aol.com To: xung03@aol.com From: ...
<xung03@aol.com> Xung03 XMS To: xung03@aol.com From: ...
<xung03@aol.com> Xung03 XMS, To: xung03@aol.com From: ...
foo_bar@aol.com
Xung 03 <foo_bar@aol.com>

    [download]

    And the output -
    Xung03 <xung03@aol.com>
xung03@aol.com
<xung03@aol.com> Xung03 XMS To
<xung03@aol.com> Xung03 XMS
foo_bar@aol.com
Xung 03 <foo_bar@aol.com>

    [download]

[reply]
[d/l]
[select]

Back to Seekers of Perl Wisdom