On 19 Feb 2002, Dirk Koopman wrote:
> Well on further fiddling I have found out the following:-
>
> 1) The "a@b"@z construct appears NOT to be rejected except by the
> "accident" that a@b isn't a valid local user.
That is not an "accident". It normally IS an invalid local user. But
that is for you to decide - at the mail standards level it is just
another local part which is a bit odd because it contains an @
character.
> If you pass it to a smart
> host it will happily be expanded. z can be ANY local domain whatsoever.
That is the fault/problem of the smart host.
> 2) The way to I have chosen to stop it is as below:-
>
> # this checks for nasty characters in the localpart by only
> # checking that only [A-Za-z_.-] are there.
What is the problem with just rejecting it as an unknown local part?
> There must be some means of not having to do the above. I repeat, I have
> receiver_verify on.
Lots of sites have valid addresses containing characters other than
those you have chosen to allow above. Just look at my own address for a
start. Exim cannot prescribe these things.
However, in Exim 4 you can reject incoming SMTP addresses on this basis
at SMTP time by a suitable configuration. In fact, the default
configuration does do this by default, because so many people have had
problems. Exim 4 (in the default configuration) rejects addresses with
local parts that contain any of @ % ! / or | at RCPT time.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
