In Progress CPANEL-41308 - Autoresponder - Use of uninitialized value in pattern match

sparek-3

Well-Known Member
Aug 10, 2002
2,120
256
388
cPanel Access Level
Root Administrator
Initially I thought this was part of the problem addressed in CPANEL-40473, but CPANEL-40473 was fixed in cPanel 102.0.20 and the problem I am seeing remains.

Apparently the perl code being used in the autoresponder code can't deal with [ and ] characters in the From or Reply-To field.

Steps to reproduce:

Set up an autoresponder on an email address.

Then in shell, switch to that user using the /usr/local/cpanel/bin/jailshell shell:

su -s /usr/local/cpanel/bin/jailshell - %theuser%

And run the autoresponder script directly:

/usr/local/cpanel/bin/autorespond %theemailaddress% /home/%theuser%/.autorespond

Then simply paste something like:

Reply-To: [Something Here] <[email protected]>
From: [Something Here] <[email protected]>


That's all you have to enter. And close the stream by pressing Ctrl+D

The resulting error is:

Use of uninitialized value in pattern match (m//) at bin/autorespond.pl line 120, <STDIN> line 2.
Use of uninitialized value in lc at bin/autorespond.pl line 125, <STDIN> line 2.


If you repeat:

/usr/local/cpanel/bin/autorespond %theemailaddress% /home/%theuser%/.autorespond

and paste:

Reply-To: Something Here <[email protected]>
From: Something Here <[email protected]>


And end the stream with Ctrl+D, then no error gets reported.

Additionally, headers such as:

From: <Support >[email protected]

Also results in the error:

info [autorespond] Failed to parse sender identity for message sent to %theemailaddress%

There may be other characters that cause problems.

Could you argue that these headers are improperly formatted with content? I suppose. But these are actual real messages that email addresses on our servers are receiving. Proper or not this is resulting in perl errors bouncing back to the envelope-sender.

I'm not sure where the perl code that is being used for this is at - it may be compiled in some where. But any perl script that is taking input and not directly being available for problem diagnosis (such as an email pipe), should include the lines:

Code:
open(STDOUT, ">/dev/null");
open(STDERR, ">/dev/null");
at the beginning of the script, so that any output caused by the script is squashed. This is important in email pipes, because any output will bounce back to the sender without being accepted.

I would propose adding the above STDOUT and STDERR redirection into the autoresponder script and if the script cannot determine an email address that the message was sent From or should be Reply-To'd, the the autoresponder script simply does nothing.
 
Last edited by a moderator:

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
12,499
1,971
363
cPanel Access Level
Root Administrator
Hey there! First of all, I love the clear replication steps you always include. It makes my life so much easier!

I don't think this is exactly the same behavior as CPANEL-40473 so I've created a new case, CPANEL-41308, and the team is reviewing that now. I've also linked that previous case just in case they are related somehow (which seems likely).