On Sun, 2004-02-22 at 18:17 +0100, Daniel Roethlisberger wrote:
> Your ``only rewrite for SPF-enabled domains'' has one flaw: SPF is not
> the only origin verification scheme in use today.
But the multiple-hop rewrite is even more fatally flawed; implementers
are turned into open relays _without_ any form of verification as long
as you only want to relay to addresses matching 'SRS0+...' at the
eventual target domain.
> > Also, you don't seem to be doing much quoting... how does it fare with
> > addresses such as 'one-two=th$r\ee#fo\\ur##fi}v\e%six\@_seven@???'?
>
> Depending on the scheme, you don't need to quote anything specially, as
> the address is unambigously parseable in any case, even in the multi-hop
> different RPR schemes (`babuschka') case.
Not on the _wire_ -- I mean in the Exim config. For much the same reason
you're advised to use
data = ${quote_local_part:$local_part}@$domain
in a redirect router to preserve the original address. Otherwise it'll
get 'interpreted' and not passed through as-is. Did you _try_ the
address I gave you?
--
dwmw2
