On Sat, Mar 09, 2024 at 09:26:39PM +0000, Julian Bradfield via Exim-users wrote:
> Secondly, is there really any reason nowadays for restricting % and ! ?
>
> The last time I saw a % address was in 1995, and the last time I saw a
> ! address was in 1994. (And of course, when I did see them, they had
> the original interpretations.) What is the kind of attack that could
> nowadays be prevented by restricting these characters in outgoing
> email?
When Exim or any other MTA relays mail with "%" or "!" addresses to an
internal MTA, that MTA might be configured to support legacy address
syntax forms. The combined front-end + internal system becomes an
open relay.
And by the way, by default Postfix still supports % and ! addresses:
https://www.postfix.org/postconf.5.html#allow_percent_hack
https://www.postfix.org/postconf.5.html#swap_bangpath
--
Viktor.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
