Re: [exim] ':' not escaped in local part of recipient addres…

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MTom Kistner at <-
MTom Kistner at ->
Delete this message
Reply to this message
Author: Andreas Prieß
Date:  
To: Tom Kistner
CC: exim-users
Subject: Re: [exim] ':' not escaped in local part of recipient address
Hello Tom,

thanks for your answer, that solved it for me.

> > So for the list of recipients in "recipients = +batv_senders" the
> > ':' is seen as separator for the list elements and not as part of
> > the pgsql query.

> I'm surprised that you are the first one to have that problem.

Now that I'm aware of what can happen with exims string substitutions,
I'm also kind of surprised. I would have expected, that using
quote_pgsql somehow prevents this.
Normally I don't see colon as part of any mail address. The external
backscatter spam, that triggered this error, provided a kind of fuzzing
attack in this case.

> Changing the list separator to a newline like this:
>
> addresslist batv_senders = <\n pgsql;SQL_BATV_USER
>
> should solve that particular one (I doubt that newlines can appear in
> local parts or domains).

I decided to change the list separator to an exclamation mark. Since
addresses with '!' in the local part are denied earlier in the config,
this seems to be safe also.

I had to do this with all localpartlist and addresslist statements in
my config to avoid this error in general.


Andreas
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] No Blacklist DNS ListRe: [exim] No Blacklist DNS List->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)