On Sun, 17 Mar 2002, Jakob Hirsch wrote:
> According to exim-spec 6.12 backslashes should be escaped when using
> quote_mysql. We use something like
> where local_part="${quote_mysql:${extract {1}{@%!}{$1}}}"
What exactly is the setting you use?
> Am I using quote_mysql in the wrong way or is this really a security
> issue?
I can't really tell without more data. There may be some problem with
the ordering of what is done.
> And even worse, I really don't think that such a verbose error message
> should be sent back in the SMTP dialogue:
It should be different in Exim 4.
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.
