Re: [Exim] Sender-/Return-Path-Rewriting

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Daniel Roethlisberger
CC: Martin Treusch von Buttlar, exim-users
Subject: Re: [Exim] Sender-/Return-Path-Rewriting
On Sun, 2004-02-22 at 18:17 +0100, Daniel Roethlisberger wrote:
> Your ``only rewrite for SPF-enabled domains'' has one flaw: SPF is not
> the only origin verification scheme in use today.


But the multiple-hop rewrite is even more fatally flawed; implementers
are turned into open relays _without_ any form of verification as long
as you only want to relay to addresses matching 'SRS0+...' at the
eventual target domain.

> > Also, you don't seem to be doing much quoting... how does it fare with
> > addresses such as 'one-two=th$r\ee#fo\\ur##fi}v\e%six\@_seven@???'?
>
> Depending on the scheme, you don't need to quote anything specially, as
> the address is unambigously parseable in any case, even in the multi-hop
> different RPR schemes (`babuschka') case.


Not on the _wire_ -- I mean in the Exim config. For much the same reason
you're advised to use
    data = ${quote_local_part:$local_part}@$domain


in a redirect router to preserve the original address. Otherwise it'll
get 'interpreted' and not passed through as-is. Did you _try_ the
address I gave you?

--
dwmw2