Autor: Andreas Prieß Datum: To: Tom Kistner CC: exim-users Betreff: Re: [exim] ':' not escaped in local part of recipient address
Hello Tom,
thanks for your answer, that solved it for me.
> > So for the list of recipients in "recipients = +batv_senders" the
> > ':' is seen as separator for the list elements and not as part of
> > the pgsql query. > I'm surprised that you are the first one to have that problem.
Now that I'm aware of what can happen with exims string substitutions,
I'm also kind of surprised. I would have expected, that using
quote_pgsql somehow prevents this.
Normally I don't see colon as part of any mail address. The external
backscatter spam, that triggered this error, provided a kind of fuzzing
attack in this case.
> Changing the list separator to a newline like this:
>
> addresslist batv_senders = <\n pgsql;SQL_BATV_USER
>
> should solve that particular one (I doubt that newlines can appear in
> local parts or domains).
I decided to change the list separator to an exclamation mark. Since
addresses with '!' in the local part are denied earlier in the config,
this seems to be safe also.
I had to do this with all localpartlist and addresslist statements in
my config to avoid this error in general.