Re: [exim] Handling addresses with apostrophe

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
MPhil Pennock at <-
MPhil Pennock at ->
Delete this message
Reply to this message
Author: Odhiambo Washington
Date:  
To: exim-users
Subject: Re: [exim] Handling addresses with apostrophe
On Wed, Jan 26, 2011 at 10:32 PM, Phil Pennock <exim-users@???>wrote:

> On 2011-01-26 at 18:56 +0300, Odhiambo Washington wrote:
> > Funnily, I still don't know how to handle an address such as
> > john'doe@??? <john%27doe@???> <john%27doe@???<john%2527doe@???>>
> with Exim.
> > Anybody doing it?
>
> Yes. You don't percent-hex-encode addresses in email.
>
> Here are two addresses which are perfectly valid and *explicitly*
> configured on my mail-system, not handled by defaults:
>
> a~`*&^$#_-={}'?b@???
>
> "X'); DROP TABLE domains; DROP TABLE passwords; --"@???
>
> I hope you know your shell quoting rules, if you want to test those.
>
> > What are the dangers of having such an address working? Does M Sex Change
> > allow it?
>
> It took me a moment to figure out what you were talking about and my
> first glance over the mail, seeing those words, led me to flag it as
> spam before the name caught up and I went back and unflagged it.
>
> While I understand that it's not always feasible to be polite about some
> of the competition, we can do better than stooping to those sorts of
> insults. I don't want to see the Exim community be a place where that
> sort of thing, about any vendor, is accepted unchallenged.
>

Sorry. I did not mean to hurt the competition. I apologize unreservedly.


>
> The dangers: if you wrote your system and didn't use ${quote:...} style
> rules in the appropriate places, while handling remote attacker-supplied
> data, you might end up with your rules not doing what you think they
> mean. Be careful.
>

I run a mailing list (using Mailman) and someone requested that they be
subscribed, but their address was john'doe@??? <john%27doe@???> -
yes, and it immediately reminded me that I once got someone who wanted a
mailing list with the name cars&transport, which I meant to find a way to
handle but forgot to follow up.

I am shelving this idea unless someone believes they cannot survive without
such characters.

--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254733744121/+254722743223
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
Damn!!
This message was posted to the following mailing lists:
Exim-users
Mailing List Info | Nearby Messages		<-Re: [exim] Per RCPT DATA replyRe: [exim] [exim-announce] Exim 4.74 Release->
Tahini and Hummus and Cumin Development Archives administrated by cumin AdminsLurker (version 2.3)