InvalidParameterValue - Local address contains control or whitespace

Question

InvalidParameterValue - Local address contains control or whitespace

jpslav opened this issue 8 years ago · comments

We got the following production exception on Accounts:

An AWS::SES::ResponseError occurred in identities#forgot_password:

  InvalidParameterValue - Local address contains control or whitespace
  vendor/bundle/ruby/1.9.1/gems/aws-ses-0.6.0/lib/aws/ses/base.rb:175:in `request'

Exception ID 738650 at 2/8/16 @ 5:06 PM central (see logs using this info)

I did some cursory looking into the logs and on the webs. This AWS post:

https://forums.aws.amazon.com/message.jspa?messageID=219047

Suggests that commas in email address strings are not good. Looking at the production data, the user who caused this exception did indeed have a full_name that looked like:

Your Grace, John Doe, the first of his name.

So here:

https://github.com/openstax/accounts/blob/master/app/mailers/reset_password_mailer.rb#L6

We probably need to either exclude bad characters (e.g. commas and whatever else) or we need to quote the full_name. If quoting the full name works, that's probably best as it would (hopefully) protect us from other issues later; also we should probably be able to handle commas in case someone's name is "John Doe, Jr."

And of course we should probably not make the change inline in the mailer I referenced above, but somewhere else common so we can use these new protections in all mailers. Please make changes to all mailers.

Dante Soares · Answer 1 · Tue Feb 09 2016 08:22:09 GMT+0800 (China Standard Time)

Worth a try. I checked my mailbox and there's at least one email from
"John Doe, Ph.D., SOMEABBREVIATION" email@address.org

Dante

Quoting JP Slavinsky notifications@github.com:

We got the following production exception on Accounts:
An AWS::SES::ResponseError occurred in identities#forgot_password:

  InvalidParameterValue - Local address contains control or whitespace

vendor/bundle/ruby/1.9.1/gems/aws-ses-0.6.0/lib/aws/ses/base.rb:175:in  
`request'
Exception ID 738650 at 2/8/16 @ 5:06 PM central (see logs using this info)

I did some cursory looking into the logs and on the webs. This AWS post:

https://forums.aws.amazon.com/message.jspa?messageID=219047

Suggests that commas in email address strings are not good. Looking
at the production data, the user who caused this exception did
indeed have a full_name that looked like:
Your Grace, John Doe, the first of his name.
So here:

https://github.com/openstax/accounts/blob/master/app/mailers/reset_password_mailer.rb#L6

We probably need to either exclude bad characters (e.g. commas and
whatever else) or we need to quote the full_name. If quoting the
full name works, that's probably best as it would (hopefully)
protect us from other issues later; also we should probably be able
to handle commas in case someone's name is "John Doe, Jr."

Reply to this email directly or view it on GitHub:
#253

Karen Chan · Answer 2 · Tue Feb 09 2016 22:58:24 GMT+0800 (China Standard Time)

I just tried sending emails using https://github.com/drewblas/aws-ses:

tl;dr

email	response
`karen@e-mail-tester.appspotmail.com`	ok
`Karen Chan <karen@e-mail-tester.appspotmail.com>`	ok
`"Karen, Chan" <karen@e-mail-tester.appspotmail.com>`	ok
`Karen, Chan <karen@e-mail-tester.appspotmail.com>`	`AWS::SES Response Error: InvalidParameterValue - Illegal address`
`"Karen, Chan" <karen @e-mail-tester.appspotmail.com>`	`AWS::SES Response Error: InvalidParameterValue - Local address contains control or whitespace`
`Karen Chan <karen @e-mail-tester.appspotmail.com>`	`AWS::SES Response Error: InvalidParameterValue - Local address contains control or whitespace`

1.9.3-p547 :005 > ses = AWS::SES::Base.new(access_key_id: '...', secret_access_key: '...', server: 'email.us-west-2.amazonaws.com')

1.9.3-p547 :008 > ses.send_email(to: ['Karen, Chan <karen@e-mail-tester.appspotmail.com>'], source: 'Test <a@test.karen-chan.com>', subject: 'Test From Accounts', text_body: 'Hello!')         
AWS::SES::ResponseError: AWS::SES Response Error: InvalidParameterValue - Illegal address
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/aws-ses-0.6.0/lib/aws/ses/base.rb:175:in `request'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/aws-ses-0.6.0/lib/aws/ses/send_email.rb:70:in `send_email'
        from (irb):8
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands/console.rb:47:in `start'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands/console.rb:8:in `start'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands.rb:41:in `<top (required)>'
        from script/rails:6:in `require'
        from script/rails:6:in `<main>'

1.9.3-p547 :009 > ses.send_email(to: ['karen@e-mail-tester.appspotmail.com'], source: 'Test <a@test.karen-chan.com>', subject: 'Test From Accounts', text_body: 'Hello!')      => #<AWS::SES::SendEmailResponse:0x51629840 2aa96c31-cf39-11e5-887c-11e7df56a488 200 OK>

1.9.3-p547 :010 > ses.send_email(to: ['"Karen, Chan" <karen@e-mail-tester.appspotmail.com>'], source: 'Test <a@test.karen-chan.com>', subject: 'Test From Accounts', text_body: 'Hello!')       
 => #<AWS::SES::SendEmailResponse:0x52229580 44154c0f-cf39-11e5-b80c-d99e4e418566 200 OK>

1.9.3-p547 :011 > ses.send_email(to: ['"Karen, Chan" <karen @e-mail-tester.appspotmail.com>'], source: 'Test <a@test.karen-chan.com>', subject: 'Test From Accounts', text_body: 'Hello!')      
AWS::SES::ResponseError: AWS::SES Response Error: InvalidParameterValue - Local address contains control or whitespace
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/aws-ses-0.6.0/lib/aws/ses/base.rb:175:in `request'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/aws-ses-0.6.0/lib/aws/ses/send_email.rb:70:in `send_email'
        from (irb):11
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands/console.rb:47:in `start'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands/console.rb:8:in `start'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands.rb:41:in `<top (required)>'
        from script/rails:6:in `require'
        from script/rails:6:in `<main>'

1.9.3-p547 :012 > ses.send_email(to: ['Karen Chan <karen@e-mail-tester.appspotmail.com>'], source: 'Test <a@test.karen-chan.com>', subject: 'Test From Accounts', text_body: 'Hello!')          
 => #<AWS::SES::SendEmailResponse:0x47852440 6a4dd7fe-cf39-11e5-914b-d78ea18ddaaf 200 OK>

1.9.3-p547 :013 > ses.send_email(to: ['Karen Chan <karen @e-mail-tester.appspotmail.com>'], source: 'Test <a@test.karen-chan.com>', subject: 'Test From Accounts', text_body: 'Hello!')
AWS::SES::ResponseError: AWS::SES Response Error: InvalidParameterValue - Local address contains control or whitespace
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/aws-ses-0.6.0/lib/aws/ses/base.rb:175:in `request'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/aws-ses-0.6.0/lib/aws/ses/send_email.rb:70:in `send_email'
        from (irb):13
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands/console.rb:47:in `start'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands/console.rb:8:in `start'
        from /home/karen/.rvm/gems/ruby-1.9.3-p547@accounts/gems/railties-3.2.17/lib/rails/commands.rb:41:in `<top (required)>'
        from script/rails:6:in `require'
        from script/rails:6:in `<main>'

Karen Chan · Answer 3 · Tue Feb 09 2016 23:01:40 GMT+0800 (China Standard Time)

Validating future email addresses to not have spaces is done in #252, but doesn't do anything about existing email addresses.

I'll work on quoting the full name.