Re: [ietf-smtp] Valid RFC5322 address

John C Klensin <john-ietf@jck.com> Sun, 03 May 2020 15:57 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: ietf-smtp@ietfa.amsl.com
Delivered-To: ietf-smtp@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8252F3A0EB2 for <ietf-smtp@ietfa.amsl.com>; Sun, 3 May 2020 08:57:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Level:
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id S9UUcFqIzLDn for <ietf-smtp@ietfa.amsl.com>; Sun, 3 May 2020 08:57:51 -0700 (PDT)
Received: from bsa2.jck.com (ns.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id EA9B23A0EB3 for <ietf-smtp@ietf.org>; Sun, 3 May 2020 08:57:50 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1jVGzz-000GAi-7P; Sun, 03 May 2020 11:57:47 -0400
Date: Sun, 03 May 2020 11:57:41 -0400
From: John C Klensin <john-ietf@jck.com>
To: hsantos@isdg.net
cc: SMTP Interest Group <ietf-smtp@ietf.org>
Message-ID: <09BDC808C0A7267EFE914CB8@PSB>
In-Reply-To: <5EAEDA84.1050408@isdg.net>
References: <5EAEDA84.1050408@isdg.net>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-smtp/DjkMrHT4ljdXHbVFD58e_zjh_fQ>
Subject: Re: [ietf-smtp] Valid RFC5322 address
X-BeenThere: ietf-smtp@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <ietf-smtp.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-smtp/>
List-Post: <mailto:ietf-smtp@ietf.org>
List-Help: <mailto:ietf-smtp-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-smtp>, <mailto:ietf-smtp-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 03 May 2020 15:57:53 -0000


--On Sunday, May 3, 2020 10:51 -0400 Hector Santos
<hsantos=40isdg.net@dmarc.ietf.org> wrote:

> Is this a valid address?
> 
> 08:04:33.934 C: MAIL
> FROM:<github.agent:.github-hookshot/7431eee@winserver.com>
> 08:04:34.712 S: 250 2.1.0 Ok
> 
> with the ':' and also '/' ??

Technically, no.  The "/" is not a problem.  Colons are (they
are not in the list of valid characters for <atext> in RFC
5322), I imagine at least in part because they were part of the
now-discouraged Source Route syntax (see Sections 3.6 and
Appendix C of RFC 5321 (and 5321bis, at least so far)) and so
would need to be quoted.

You also need to be very careful with the "." following the
colon.  I haven't looked carefully enough at the syntax today to
have any confidence how that would be handled with the
Dot-string production -- you might have to quote the whole
business to make it valid.

I also note that, while the example you have given is well under
the 64 octets specified in RFC 5321 Section 4.5.3.1.1, I would
not be surprised if some addresses constructed that way would
push that limit and that there has been a recent discussion
about those limits.

> It appears to be accepted by various servers, including my own.

Yeah, no surprise.  I would be equally unsurprised if some
servers followed the spec and generated a syntax error because
of the colon.  There is also a very long history of various
systems messing up local-parts that use quoting as the quoted
strings pass through assorted processing steps.  And I'd also be
unsurprised if some servers are rejecting or messing up
local-parts much shorter than the specified maximum.


> This is related to a new project of handling a GitHub Webhook
> HTTP notifications sent to my web server.  The handler will
> the payload as a local message using the address:
> 
> From: github agent: github-hookshot/7431eee
> 
> That comes from an operator defined macro:
> 
> From: github agent: {GITHUB-AGENT}
> 
> Which is read from the JSON payload.
> 
> If the setup happens to send the notification to an email
> address, then the mail is exported for SMTP to sent out.

Noting that you seem to be turning blanks into ".", I'd also
want to be careful to be sure that any value "." characters to
the right of the "/" in your example don't get broken by any
de-conversion process. 

Also note that, if this is going to be used in conjunction with
web facilities, someone is likely to want to turn whatever you
produce into a MAILTO: URL and restrictions on those (both
restrictions imposed by the spec and those imposed by sloppy
implementations) are even worse.

> So I need to know if the address is valid. Its hard to
> decipher whether it is or not from the RFC5322/RFC5321 BNF. It
> seems to read the ':' and '/' characters are valid.

See above.  However, even if you quote the stuff using either
<qtextSMTP> or  <quoted-pairSMTP>, I predict that some servers
either won't accept it or will thoroughly botch it.  I'd also
predict that, when you complain, at least some of them will tell
you that no one has needed this in 37 years (or whenever their
mail system project started), that it would be a lot of work to
fix, and that you shouldn't expect it to work... or, in a few
cases, that they would be happy to accept a purchase order from
you or your customers to investigate a fix.  You could also
attempt to summon the Protocol Police, but I can assure you that
they are not accepting enforcement requests from this list.

Recommendation: Don't push it.  Remembering that only the
delivery server is permitted to interpret addresses and in spite
of the "%" routing syntax being out of favor these days, mapping 
   From: github agent: github-hookshot/7431eee

into something akin to

   MAIL FROM:<github-hookshot/7431eee%github-agent@winserver.com>

is a great deal less likely to cause you, and your users, pain
and suffering in the long term.   And, of course, if you could
do it,

  MAIL FROM:<github-hookshot/7431eee@github-agent.winserver.com>

would be even less likely to cause problems.

best,
   john