Re: [exim] Relay prevention in old config

Top Page
Delete this message
Reply to this message
Author: Andrew C Aitchison
Date:  
To: exim-users
Subject: Re: [exim] Relay prevention in old config
On Wed, 6 Mar 2019, Kai Bojens via Exim-users wrote:

> I recently found this in an old exim config:
>
> ###########################################################################
> # Deny if the local part contains @ or % or / or | or !. These are
> # rarely found in genuine local parts, but are often tried by people
> # looking to circumvent relaying restrictions.
> # Also deny if the local part starts with a dot. Empty components aren't
> # strictly legal in RFC 2822, but Exim allows them because this is
> # common.
> # However, actually starting with a dot may cause trouble if the local
> # part is used as a file name (e.g. for a mailing list).
> deny    local_parts     = ^.*[@!/|] : ^\\.

>
>
> Is this config still relevant? I couldn't think of any way of how to
> circumvent relaying restrictions by using special characters.


"%" was explicitly to request relaying. Otherwise the justification
may be out of date, but I can imagine those characters (and perhaps ";"
doing unexpected things to lookups, especially databases.
Remember little Bobby Tables ( https://www.xkcd.com/327/ ) ?

I don't think this rule could catch genuine UTF-8 character names, but I
don't know about other non-ascii charsets.

-- 
Andrew C. Aitchison                    Cambridge, UK
             andrew@???