Re: [exim] ':' not escaped in local part of recipient addres…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Andreas Prieß
Datum:  
To: Tom Kistner
CC: exim-users
Betreff: Re: [exim] ':' not escaped in local part of recipient address
Hello Tom,

thanks for your answer, that solved it for me.

> > So for the list of recipients in "recipients = +batv_senders" the
> > ':' is seen as separator for the list elements and not as part of
> > the pgsql query.


> I'm surprised that you are the first one to have that problem.


Now that I'm aware of what can happen with exims string substitutions,
I'm also kind of surprised. I would have expected, that using
quote_pgsql somehow prevents this.
Normally I don't see colon as part of any mail address. The external
backscatter spam, that triggered this error, provided a kind of fuzzing
attack in this case.

> Changing the list separator to a newline like this:
>
> addresslist batv_senders = <\n pgsql;SQL_BATV_USER
>
> should solve that particular one (I doubt that newlines can appear in
> local parts or domains).


I decided to change the list separator to an exclamation mark. Since
addresses with '!' in the local part are denied earlier in the config,
this seems to be safe also.

I had to do this with all localpartlist and addresslist statements in
my config to avoid this error in general.


Andreas