Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » HTML links with & and & in webmail
  •  
reverent

Messages: 48
Karma: -1
Send a private message to this user
There is a large banking company, Jack Henry and Associates, that uses password reset emails. When you receive the email in Gmail or Hotmail (using any browser) the one time password reset links work. Also, when you use the mail client in iOS, they work. But when you try to click them through Kerio webmail (using any browser) they do not.

It looks like the issue is with encoding &. A link source viewed in Gmail using Chrome shows as:

http://cm.netteller.com/login2008/Authentication/Views/LoginPasswordSelfResetConfirm.aspx?cs=1b802192a61cb952b65c0a3bfc3b53aa448f45e1&val=d0a3cf446e33a76d507734501e1a7084124364922fa3dda286b271c6dc7ac19fa865b7dbad55414c&bn=9fa73f3ea3df037e&burlid=7bedd199f9fe024e


but using Chrome in Kerio webmail, it shows up as

http://cm.netteller.com/login2008/Authentication/Views/LoginPasswordSelfResetConfirm.aspx?cs=17a705da01bdb025ca4efb4e29d76fde1a1d2ba8&val=d0a3cf446e33a76db5933ae9d2b054e240bb64f47066dd359c48afa0cfc6eda4cc90b7150d30eaba&bn=9fa73f3ea3df037e&burlid=7bedd199f9fe024e


As you can see, in Chrome the & come across as &, but in Kerio, they come across as & and that seems to cause the link to fail.

The banking vendor says their system is sending the link as it appears in the Gmail example, and that our email client is to blame. That seems possible, as using Kerio with iOS the link works.

Here is the source of the email in question:

Return-Path: <customerservice<_at_>redacted.com>
X-Spam-Status: No, hits=0.0 required=2.9
	tests=AWL: -0.408, BAYES_00: -1.665, HTML_MESSAGE: 0.001,
	MIME_HTML_ONLY: 0.723, TO_NO_BRKTS_HTML_ONLY: 0.591, CUSTOM_RULE_FROM: ALLOW,
	TOTAL_SCORE: -0.758,autolearn=no
X-Spam-Level: 
X-Footer: bGFiZXR0ZWJhbmsuY29t
Received: from localhost ([127.0.0.1])
	by mail.redacted.com with ESMTPS
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256 bits))
	for john<_at_>redacted.com;
	Fri, 28 Jul 2017 16:33:02 -0500
Received: by mail203.netteller.com id hfemos2b8lcq for <john@redacted.com>; Fri, 28 Jul 2017 16:33:01 -0500 (envelope-from <customerservice<_at_>redacted.com>)
Message-ID: <72316172-3b4d-4f25-b3ba-e78b9b901a91<_at_>mail.netteller.com>
Return-Path: 72316172-3b4d-4f25-b3ba-e78b9b901a91<_at_>mail.netteller.com
From: customerservice<_at_>redacted.com
To: john<_at_>redacted.com
Subject: test 432pm
Date: Fri, 28 Jul 2017 16:33:02 -0500
Content-Type: text/html;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

=3Chtml=3E=3Chead=3E=3Ctitle=3EReset PASSWORD=3C/title=3E=3C/head=3E=3Cbody=
=3E=3Ctable=3E=3Ctr=3E=3Ctd=3EYou have requested that your NetTeller PASSWO=
RD be restored=2E=26nbsp=3B=26nbsp=3BTo confirm this request=2C please =3Ca=
 href=3D=27http=3A//cm=2Enetteller=2Ecom/login2008/Authentication/Views/Log=
inPasswordSelfResetConfirm=2Easpx=3Fcs=3D9d7c8ad78ac09f4a7172d25070b63e20da=
a7617e=26val=3D104ae37c4dea9699cccf4f94d3f16ceaa357a255c692b42f821022da2a07=
b25fae7fb44716fc3da4=26bn=3D9fa73f3ea3df037e=26burlid=3D7bedd199f9fe024e=27=
=3Eclick here=3C/a=3E=2E=3C/td=3E=3C/tr=3E=3Ctr=3E=3Ctd=3EThis link will be=
 valid for 2 hours=2E=3C/td=3E=3C/tr=3E=3Ctr=3E=3Ctd=3E=3C/td=3E=3C/tr=3E=
=3Ctr=3E=3Ctd=3E=3C/td=3E=3C/tr=3E=3Ctr=3E=3Ctd=3E=3C/td=3E=3C/tr=3E=3C/tab=
le=3E=
=3CBR /=3E
=3CBR /=3E
This email and any files transmitted with it are confidential and intended=
 solely for the named addressee=28s=29=2E If you are not a named addressee=
 you should not disseminate=2C distribute=2C copy or alter this email=2E An=
y views or opinions presented in this email are solely those of the author=
 and might not represent those of the company=2E Warning=3A Although we hav=
e taken reasonable precautions to ensure no viruses are present in this ema=
il=2C the company cannot accept responsibility for any loss or damage arisi=
ng from the use of this email or attachments=2E =3Cbr=3E=3CBR /=3E
=3C/body=3E=3C/html=3E


I can't change the source that is sending these links, and while it could be a problem with how they are specifying their encoding, they look to the fact that only Kerio webmail seems to have this issue and have closed my case as won't fix.

Should I report this as a bug? I do not know enough about this possible encoding issue to push back very hard. Anyone from Kerio have any ideas?
  •  
rharrelson

Messages: 24
Karma: 1
Send a private message to this user
Hi,

I believe this is the same as the issue here:

http://forums.kerio.com/t/32737//

Kerio says they are working on a fix.

Robert
  •  
gmaoret

Messages: 36
Karma: 0
Send a private message to this user
Yes, same problem.

please correct ASAP Wink
  •  
reverent

Messages: 48
Karma: -1
Send a private message to this user
As an update, we are now seeing this with = being encoded as =3D as well on other links that are emailed to us from 2 other banks so it does seem to be an issue with Kerio.

I have created case GFI-170801-499413 as this issue has stopped our productivity in its tracks. I have whole departments "learning" how to remove amp; and 3D from their email links in notepad, which is not sustainable.
  •  
chrwei

Messages: 194
Karma: 11
Send a private message to this user
any ETA on a fix for this?
  •  
rharrelson

Messages: 24
Karma: 1
Send a private message to this user
It would be good to have an idea of when this will be fixed. It creates a significant useability issue for anyone using the webmail client as their primary e-mail client.
  •  
gnogel

Messages: 4
Karma: 0
Send a private message to this user
hello,

back from holiday i got a lot of questions why the links are broken.

is there a patch available?

georg
  •  
Brian (GFI/Kerio)

Messages: 727
Karma: 70
Send a private message to this user
There is no patch but we will have a fix for this issue in the next release (coming soon).

Brian Carmichael
Instructional Content Architect
Previous Topic: KC 9.2.4 running slowly
Next Topic: How to update information of 200 users?
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Aug 20 21:06:08 CEST 2017

Total time taken to generate the page: 0.00451 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.