On Fri, 5 Sep 2003, Philip Hazel wrote:
> Anybody else on this list following this thread? Would it be sensible to
> change the block on "local part contains /" to "local part begins with /"?
Thanks for those that commented on this. I have made a change to the
default configuration, and below is what is now there. I'm posting it
here in case people want to comment further:
#############################################################################
# The following section of the ACL is concerned with local parts that contain
# @ or % or ! or / or | or dots in unusual places.
#
# The characters other than dots are rarely found in genuine local parts, but
# are often tried by people looking to circumvent relaying restrictions.
# Therefore, although they are perfectly valid in local parts, these rules
# lock them out, as a precaution.
#
# Empty components (two dots in a row) are not strictly valid in RFC 2822,
# but Exim allows them because they have been encountered. (Consider local
# parts constructed as "firstinitial.secondinitial.familyname" when applied
# to someone like me, who has no second initial.) However, a local part
# starting with a dot or containing /../ can cause trouble if it is used as
# part of a file name (e.g. for a mailing list). This is also true for local
# parts that contain slashes. A pipe symbol can also be troublesome if the
# local part is incorporated unthinkingly into a shell command line.
#
# Two different rules are used. The first one is stricter, and is applied to
# messages that are addressed to one of the local domains handled by this
# host. It blocks local parts that begin with a dot or contain @ % ! / or |.
# If you have local accounts that include these characters, you will have to
# modify this rule.
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
# The second rule applies to all other domains, and is less strict. This
# allows your own users to send outgoing messages to sites that use slashes
# and vertical bars in their local parts. It blocks local parts that begin
# with a dot, slash, or vertical bar, but allows these characters within the
# local part. However, the sequence /../ is barred. The use of @ % and ! is
# blocked, as before.
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
#############################################################################
--
Philip Hazel University of Cambridge Computing Service,
ph10@??? Cambridge, England. Phone: +44 1223 334714.