Proton Mail (Bridge) sends quoted strings with not allowed bytes

soywod commented 1 month ago

Given the following malformed message:

Date: Sat, 17 Aug 2024 12:21:18 +0000
From: "Bàd" <from@localhost>
To: "Wrȯng" <to@localhost>
Subject: All is wrong?

Too bad.

When fetching the envelope associated to this message from Proton Bridge, it returns a FETCH containing envelope address with not allowed bytes inside quoted strings, which leads to imap_next error Received malformed message.

I did the same test with Gmail, Outlook, Posteo and even 163, they all encode correctly the sender. Proton Bridge seems to send back envelope addresses as they are in the original message.

CC @duesee

soywod commented 1 month ago

I precise that the error occurs only from Proton Bridge (v3.6.1 tested). The malformed message displays correctly in their web interface.

chibenwa commented 1 month ago

CF https://datatracker.ietf.org/doc/html/rfc5738

They take it for granted and activated by default?

How they handle UTF 8 in mailbox names ?

soywod commented 1 month ago

In fact, Proton Bridge sends invalid bytes even when the message is correctly encoded. With From: =?utf-8?q?Cl=C3=A9ment_DOUIN?= <clement.douin@localhost>, I get the same error:

* 2 FETCH (UID 4 FLAGS (\\Seen) ENVELOPE (\"Thu, 22 Aug 2024 07:48:03 +0000\" \"Test\" ((\"Clément DOUIN\" NIL \"clement.douin\" \"localhost\")) ((\"Clément DOUIN\" NIL \"clement.douin\" \"localhost\")) ((\"Clément DOUIN\" NIL \"clement.douin\" \"localhost\")) ((NIL NIL \"pimalaya.org\" \"proton.me\")) NIL NIL NIL \"<2087a3200a5a1f8f27bcb2add236e70d@localhost>\") BODYSTRUCTURE (\"text\" \"plain\" (\"charset\" \"utf-8\") NIL NIL \"quoted-printable\" 7 1 NIL NIL NIL NIL))\r\n

They take it for granted and activated by default?

Looks like. I precise that I do not send any ENABLE UTF8.

How they handle UTF 8 in mailbox names ?

I created a folder named Envoyés, and looks like they properly encode it using UTF-7 as defined in https://www.rfc-editor.org/rfc/rfc3501#section-5.1.3.

event: Ok(
    DataReceived {
        data: List {
            items: [
                Unmarked,
            ],
            delimiter: Some(
                QuotedChar(
                    '/',
                ),
            ),
            mailbox: Other(
                MailboxOther(
                    String(
                        Quoted(
                            Quoted("Folders/Envoy&AOk-s"),
                        ),
                    ),
                ),
            ),
        },
    },
)

soywod commented 1 month ago

Looks like they also return invalid bytes in NO errors. Trying to create a mailbox Bàd leads to MalformedMessage error 0.1 NO invalid mailbox name [\"Bàd\"]: operation not allowed\r\n.

soywod commented 1 month ago

Looks like Proton Bridge does not support the ENABLE capability. And if I still try to enable it, I get once again a MalformedMessage error: 0.1 BAD [Error offset=5]: unknown command 'enable'\r\n. How come we receive malformed message for regular errors? Is Proton Bridge that broken?

soywod commented 1 month ago

duesee commented 1 month ago

And if I still try to enable it, I get once again a MalformedMessage error: 0.1 BAD [Error offset=5]: unknown command 'enable'\r\n.

The message is malformed I would say. But: IMAP is weird.

 0.1 BAD [Error offset=5]: unknown command 'enable'\r\n.

... can be interpreted as ...

Status {
  tag: ...
  code: Some(Other("Error offset=5")),
  // The next ":" is broken
  text: "unknown command `enable`"
}

... or (with a lot goodwill) as ...

Status {
  tag: ...
  code: None,
  text: "[Error offset=5]: unknown command `enable`",
}

See https://github.com/modern-email/defects/issues/31. I think the [ and ] should clearly signal that this is a code. But: You could also argue it's a valid message (and imap-codec should consume it)... :-/

modern-email / defects

Proton Mail (Bridge) sends quoted strings with not allowed bytes #38