Re: [exim] Invalid address accepted?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MJohn Horne at <-
MJohn Horne at ->
Delete this message
Reply to this message
Author: Jethro R Binks
Date:  
To: Exim users
Subject: Re: [exim] Invalid address accepted?
On Thu, 9 Jul 2009, John Horne wrote:

> On Wed, 2009-07-08 at 16:57 -0700, Jeroen van Aart wrote:
> > John Horne wrote:
> > > I noticed a frozen bounce in our mail queue for a message which seems to
> > > have come from (envelope sender)
> > > '4526433.tHjd3LnMP.@pcrm.unikorea.go.kr'.
> > >
> > > As far as I can tell, the '.@' part of the address is invalid according
> > > to RFC2822. So why did exim accept it if it is syntactically invalid?
> >
> > You can find out in the manual, http://www.exim.org/index.html, how to tell exim to
> > refuse non existing addresses and/or syntactically incorrect addresses.
> >
> Yes, I realise that but my question is why accept an invalid address in
> the first place? If I send a message with the address
> 'fred@@example.com' exim rejects it with a 'domain missing or malformed'
> error. That isn't something I have configured, it is exim recognising an
> invalid address. So why not do the same with '.@'?

I do not know the answer to this, however it was discussed a while back on
the list, and someone produced a set of ACL checks that did further
analysis than exim's default check. According to my note, this was to
catch for addresses that Exchange wouldn't accept, to help prevent a site
with an Exim front-end accepting and relaying a message to an internal
Exchange host that wouldn't accept, causing a bounce. I don't have the
original thread (it was only a few months ago), but here are the ACLs I
now use based on it (and my thanks to the original author): 

  ## malformed sender addresses not detected by Exim itself
  ## Exchange will reject these apparently.
  warn
        message = Syntax error sender address <${lc:$sender_address}> \
                  (consecutive dots).\n\
                  REFUSENOTICE
    log_message = MSGTAG_MALFORMEDSENDERADDRCONSDOTS: \
                  Rejected syntactically invalid sender address \
                  (consecutive dots) \
                  from <${lc:$sender_address}>
        senders = ^.*[.][.]


  warn
        message = Syntax error sender address <${lc:$sender_address}> \
                  (leading dot).\n\
                  REFUSENOTICE
    log_message = MSGTAG_MALFORMEDSENDERADDRLEADINGDOT: \
                  Rejected syntactically invalid sender address \
                  (leading dot) \
                  from <${lc:$sender_address}>
        senders = ^[.]


  warn
        message = Syntax error sender address <${lc:$sender_address}> \
                  (trailing dot).\n\
                  REFUSENOTICE
    log_message = MSGTAG_MALFORMEDSENDERADDRTRAILINGDOT: \
                  Rejected syntactically invalid sender address \
                  (trailing dot) \
                  from <${lc:$sender_address}>
        senders = ^.*[.][@]


  warn
        message = Syntax error sender address <${lc:$sender_address}> \
                  (double-quote localpart).\n\
                  REFUSENOTICE
    log_message = MSGTAG_MALFORMEDSENDERADDRDBLQLOCALPART: \
                  Rejected syntactically invalid sender address \
                  (double-quote localpart) \
                  from <${lc:$sender_address}>
        senders = ^["]["][@]


  warn
        message = Syntax error sender address <${lc:$sender_address}> \
                  (8-bit characters).\n\
                  REFUSENOTICE
    log_message = MSGTAG_MALFORMEDSENDERADDR8BIT: \
                  Rejected syntactically invalid sender address \
                  (8-bit characters) \
                  from <${lc:$sender_address}>
        senders = \N^[^@]*[\x80-\xFF][^@]*\@.*\N


I also have the following stuff commented out; I suspect this was taken
directly from the original post and kept for reference: 

# Deny any message whose envelope sender address has consecutive dots (illegal)
# (do this for all messages irrespective of recipient's spam preference
#  because Exchange will reject them if we attempt to deliver)
#deny senders = ^.*[.][.]
#     message = Sender address syntax error (consecutive dots): $sender_address
#
# Deny any message whose envelope sender address starts with a dot (illegal)
# (do this for all messages irrespective of recipient's spam preference
#  because Exchange will reject them if we attempt to deliver)
#deny senders = ^[.]
#     message = Sender address syntax error (leading dot): $sender_address
#
# Deny any message whose envelope sender address ends with a dot (illegal)
# (do this for all messages irrespective of recipient's spam preference
#  because Exchange will reject them if we attempt to deliver)
#deny senders = ^.*[.][@]
#     message = Sender address syntax error (trailing dot): $sender_address
#
# Deny any message whose envelope sender address is ""@???
# (do this for all messages irrespective of recipient's spam preference
#  because Exchange will reject them if we attempt to deliver)
#deny senders = ^["]["][@]
#     message = Sender address syntax error: $sender_address
#
# Deny any message whose envelope sender address contains 8-bit characters,
# a violation of RFC2821 and only done by spammers.
# (do this for all messages irrespective of recipient's spam preference
#  because Exchange will reject them if we attempt to deliver)
#deny senders = \N^[^@]*[\x80-\xFF][^@]*\@.*\N
#     message = Sender address syntax error (8 bit characters): $sender_address


Jethro.

. . . . . . . . . . . . . . . . . . . . . . . . .
Jethro R Binks
Computing Officer, IT Services, University Of Strathclyde, Glasgow, UK

This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Invalid address accepted?Re: [exim] Invalid address accepted?->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)