Hmm, just noticed a bogus header that slipped past Exim's
'header_syntax' ACL check, but was stopped by pobox.com (good for
them!). Specifically, a "From:" header with no "@" character is
accepted by Exim. Here are the headers of the message in question:
Date: Sun, 19 Jan 2003 10:42:37 -0800
From: interscan-exbh01.intuit.com
To: <webmaster@???>
Subject: InterScan NT Alert
Note the odd "From:" header -- hostname only.
When Exim expanded an alias and sent this on to pobox.com, it rejected
it like so:
2003-01-19 14:05:09 xxx@??? <yyy@???> R=lookuphost T=remote_smtp: SMTP error from remote mailer after end of data: host mx-ca-1.pobox.com [64.119.218.68]: 552 message content rejected: see
http://www.pobox.com/bounce-badfrom.mhtml?qid=A34103E696&time=1043003103&host=kumquat.pobox.com
That web page says
According to the requirements defined in RFC2822, every email message
must contain a From: header, and every From: header must contain a
valid email address.
Pobox.com obeys this requirement and will return messages that do not
meet it.
I haven't check the RFC, but my guess is that pobox.com is in the right
here. Why does Exim allow this highly questionable-looking "From:"
header even with the header_syntax ACL check enabled?
Greg
--
Greg Ward <gward@???> http://www.gerg.ca/
Laziness, Impatience, Hubris.
