On Wed, 10 Sep 1997, T. William Wells wrote:
> A general observation about a number of things: they need to be
> done so that automatic parsing of control and log files *works*.
> Thus, for example, placing the ? adjacent to the helo name is
> wrong -- a ? is a character that might appear in the helo name and
> there's no reasonable way to tell whether it did or did not. There
> is a similar problem with spaces in names provided from the
> outside; they allow the sender the potential ability to spoof
> automatic checking. Among my "wishes" is that exim will simply
> reject messages that have spaces in domain names in any place it
> examines, logs, or otherwise manipulates.
Good point. HELO is the one place where junk may get through. In other
places, Exim syntax checks things. So if it receives
MAIL FROM: abcd@domain with spaces
for example, it fails that command. Exim may not (according to the RFC)
fail messages based on the content of the HELO. However, it could do
something like putting the contents of the HELO into quotes if it
contained characters other than those that may legitimately form a host
name, namely, letters, digits, dots, and hyphens. Or, alternatively, it
could simply ignore bad characters or convert them to some printing
representation such as \x03 or whatever.
--
Philip Hazel University Computing Service,
ph10@??? New Museums Site, Cambridge CB2 3QG,
P.Hazel@??? England. Phone: +44 1223 334714
--
* This is sent by the exim-users mailing list. To unsubscribe send a
mail with subject "unsubscribe" to exim-users-request@???
* Exim information can be found at http://www.exim.org/