On Fri, 12 Apr 2002, jens-ingo brodesser wrote:
> At 18:24 -0400 11/04/02, you wrote:
>
>
> >Yes, I've had the same issue using IMP for web mail. In the rewrite
> >section of my exim config I did something like this...
> >
> >* $reply_address Fs
> >
> >The "F" sets the "envelope from" and the "s" sets the "Sender:" header. So
> >basically I'm rewriting all address in the envelope from and sender: header
> >to be the reply address. The reply_address is equal to the from header,
> >unless a "Reply-To:" header is specified.
> >
>
> this can be dangerous if the from header contains a url, instead of a
> valid email-address, like some cgi programs do. i recognized that if
> the from header is a url exim writes to the paniclog and exits.
Setting aside for a moment wether rewriting an envelope from header
information is a good idea, and also setting aside the wisdom of
allowing random web users to cause your webserver to send mail with any
Sender or From address they care to specify, The From: header in a
RFC-(2)822 compliant message MUST be syntactically valid as an email
address. If it is not (eg, if it is just a URL), the message violates
RFC-822 and should be rejected anyway.
Now, if there is a need to encode a URL, it can be in the comments
field..
Eg:
From: "
http://www.blah.whatever.com/form.html" <
mailer-daemon@www.blah.whatever.com>
This is roughly what I force on a webhosting system we operate - It
places any user-entered email address as a Reply-To, if syntactically
valid.
>
>
> --
> jens-ingo
>
> PGP public key on public key servers
> PGP-fingerprint C6F1 CEB8 E71B E9F5 7AB1 8E5B 7338 708C B8E2 4453
>
> --
>
> ## List details at http://www.exim.org/mailman/listinfo/exim-users Exim details at http://www.exim.org/ ##
>
>
--
