On Wed, 6 Mar 2019, Kai Bojens via Exim-users wrote:
> I recently found this in an old exim config:
>
> ###########################################################################
> # Deny if the local part contains @ or % or / or | or !. These are
> # rarely found in genuine local parts, but are often tried by people
> # looking to circumvent relaying restrictions.
> # Also deny if the local part starts with a dot. Empty components aren't
> # strictly legal in RFC 2822, but Exim allows them because this is
> # common.
> # However, actually starting with a dot may cause trouble if the local
> # part is used as a file name (e.g. for a mailing list).
> deny local_parts = ^.*[@!/|] : ^\\.
>
>
> Is this config still relevant? I couldn't think of any way of how to
> circumvent relaying restrictions by using special characters.
"%" was explicitly to request relaying. Otherwise the justification
may be out of date, but I can imagine those characters (and perhaps ";"
doing unexpected things to lookups, especially databases.
Remember little Bobby Tables (
https://www.xkcd.com/327/ ) ?
I don't think this rule could catch genuine UTF-8 character names, but I
don't know about other non-ascii charsets.
--
Andrew C. Aitchison Cambridge, UK
andrew@???
