Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Allowed characters in email addresses

See original GitHub issue

I’ve just been upgrading one of my dovecot servers and noticed the auth_username_chars settings in 10-auth.conf

# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@

The default dovecot configuration means it’s possible to create an account in Modoboa that a user can’t login to ie úsér@example.com. This needs some research to see what is and isn’t supported by Postfix and Dovecot then update Modoboa as required.

Has anyone encountered e-mail addresses containing unicode characters in the local part?

Django EmailValidator - used by Modoboa to check an e-mail address is valid RFC 6530 Overview and Framework for Internationalized Email - proposed standard Email address Internationalization

Issue Analytics

State:
Created 6 years ago
Comments:7 (4 by maintainers)

Top GitHub Comments

1reaction

fyfecommented, Mar 26, 2018

RE Postfix support looking at the Postfix documentation for SMTPUTF8 (see No automatic conversions between ASCII and UTF-8 domain names.) to properly support domain names containing Unicode charatcters lookup tables (i.e. virtual_mailbox_domains or virtual_alias_domains etc) need to list domains in Unicode (例.com) and ASCII (xn--fsq.com) format.

To support this a new field would need added to the Domain (and DomainAlias) model containing the punycoded (ASCII) version of the domain, and the Postfix maps would need updated to lookup the Unicode and ASCII versions of the domain.

I think at the moment we need a warning in the documentation saying that domains/usernames contaning unicode characters are not (fully) supported.

0reactions

tonioocommented, Dec 4, 2020

@marchesM Do you use the ponycode version of your username to connect to the webmail?

Top Results From Across the Web

What characters are allowed in an email address?

Contrary to several answers, spaces are allowed in the local part of email addresses, if quoted. "hello world"@example.com is valid. – user253751. Jul...

Email address

With the introduction of internationalized domain names, efforts are progressing to permit non-ASCII characters in email addresses.

What are the rules for email address syntax?

A special character cannot appear as the first or last character in an email address or appear consecutively two or more times. The...

Allowed Characters in Email Addresses

Allowed Characters in Email Addresses ... Pardot complies with the RFC's 2822 standard for email address verification in form email fields and prospect...

What are valid and invalid email address characters - TechNet

The restrictions for special characters are that they must only be used when contained between quotation marks, and that 3 of them (The...