On Fri, 14 Jun 2002, James P. Roberts wrote:
> More generally, I would vote for rigorous enforcement of existing
> standards, except in cases of extreme need If you do add it to the
> default config, please post the ACL mods to the list, so those of us
> already configured can do it the same way.
The problem with "rigorous enforcement of existing standards" is
backward compatibility. ("My boss is really mad because this used to
work with Sendmail (or the previous release of Exim or whatever) - what
can I do?"). You may recall I had to relax the hard stance on
underscores in host names that I introduced in Exim 4.
This all goes back to the early Internet philosophy of "be liberal in
what you accept". This is often touted as a virtue. Personally, I think
it was a bad mistake. Once some usage gets widespread, the community is
stuck with it, whatever the standards say.
The MTA writer has four choices:
1. Insist on following the standard, period.
2. Ignore the standard, period.
3. Make it configurable, default to follow the standard.
4. Make it configurable, default to ignore the standard.
The problem with 3 and 4 is that it's a bit more code, and a bit more
documentation, adding to the maintenance effort. For some things,
however, I have taken that route. Choosing the default is a matter of
taste.
For some other things I have chosen 1 or 2. A typical example is the use
of dots in the "phrase" part of addresses. For example, this header line:
To: Dr P. Hazel <ph10@???>
is illegal according to RFC 2822 (dot is a special character). The
correct form is
To: "Dr P. Hazel" <ph10@???>
However, it is extremely common for the quotes to be omitted. I suspect
this has been going on for more than a decade. Consequently, Exim does
not enforce this rule.
Empty components in local parts is a similar kind of thing.
Fortunately, in Exim 4, it is easy for people to add their own rules if
they want to enforce the standards more rigorously, or lock out forms of
local part for other reasons.
To lock out local parts starting with dot, you just need to change
deny local_parts = ^.*[@%!/|]
to
deny local_parts = ^.*[@%!/|] : ^\\.
(But of course, ACLs apply only to SMTP input.)
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.