Re: [Exim] Suffixes passed to LMTP transport (cyrus)?

Top Page
Delete this message
Reply to this message
Author: Philip Hazel
Date:  
To: mb
CC: Exim Users Mailing List
Subject: Re: [Exim] Suffixes passed to LMTP transport (cyrus)?
On Fri, 5 Sep 2003, Philip Hazel wrote:

> Anybody else on this list following this thread? Would it be sensible to
> change the block on "local part contains /" to "local part begins with /"?


Thanks for those that commented on this. I have made a change to the
default configuration, and below is what is now there. I'm posting it
here in case people want to comment further:

#############################################################################
# The following section of the ACL is concerned with local parts that contain
# @ or % or ! or / or | or dots in unusual places.
#
# The characters other than dots are rarely found in genuine local parts, but
# are often tried by people looking to circumvent relaying restrictions.
# Therefore, although they are perfectly valid in local parts, these rules
# lock them out, as a precaution.
#
# Empty components (two dots in a row) are not strictly valid in RFC 2822,
# but Exim allows them because they have been encountered. (Consider local
# parts constructed as "firstinitial.secondinitial.familyname" when applied
# to someone like me, who has no second initial.) However, a local part
# starting with a dot or containing /../ can cause trouble if it is used as
# part of a file name (e.g. for a mailing list). This is also true for local
# parts that contain slashes. A pipe symbol can also be troublesome if the
# local part is incorporated unthinkingly into a shell command line.
#
# Two different rules are used. The first one is stricter, and is applied to
# messages that are addressed to one of the local domains handled by this
# host. It blocks local parts that begin with a dot or contain @ % ! / or |.
# If you have local accounts that include these characters, you will have to
# modify this rule.

  deny    domains       = +local_domains
          local_parts   = ^[.] : ^.*[@%!/|]


# The second rule applies to all other domains, and is less strict. This
# allows your own users to send outgoing messages to sites that use slashes
# and vertical bars in their local parts. It blocks local parts that begin
# with a dot, slash, or vertical bar, but allows these characters within the
# local part. However, the sequence /../ is barred. The use of @ % and ! is
# blocked, as before.

  deny    domains       = !+local_domains
          local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
  #############################################################################


--
Philip Hazel            University of Cambridge Computing Service,
ph10@???      Cambridge, England. Phone: +44 1223 334714.