Re: [exim] Sender verification

Top Page
Delete this message
Reply to this message
Author: David Woodhouse
Date:  
To: Wolfgang Hennerbichler
CC: exim-users
Subject: Re: [exim] Sender verification
On Wed, 2007-08-29 at 12:08 +0100, David Woodhouse wrote:
> On Tue, 2007-08-28 at 22:45 +0200, Wolfgang Hennerbichler wrote:
> >
> > helo mail.domain.name
> > MAIL FROM:<"NokiaNiedersch\366neweidewlole"@???>
> >
> > The local part of the sender address is obviously "broken",
>
> That isn't obvious to me.


Actually, I think you're right, although perhaps not for the reasons you
originally thought.

RFC2821 §2.3.10 says:
The standard mailbox naming convention is defined to be "local-
part@domain": contemporary usage permits a much broader set of
applications than simple "user names". Consequently, and due to a
long history of problems when intermediate hosts have attempted to
optimize transport by modifying them, the local-part MUST be
interpreted and assigned semantics only by the host specified in the
domain part of the address.

§4.1.2 goes on to show that a local-part can be just about anything,
except that:

Systems MUST NOT define mailboxes in such a way as to require the use
in SMTP of non-ASCII characters (octets with the high order bit set
to one) or ASCII "control characters" (decimal value 0-31 and 127).
These characters MUST NOT be used in MAIL or RCPT commands or other
commands that require mailbox names.

So since your example actually seems to have contained the byte 0xF6
(the \366 is presumably a representation of that, rather than being a
literal '\' '3' '6' '6', you probably _can_ declare that it's obviously
broken on syntactic grounds. I'm surprised Exim's SMTP syntax checks
didn't catch that -- unless it really was a backslash and three digits?

--
dwmw2