[exim] restricted characters in address

Top Page
Delete this message
Reply to this message
Author: Julian Bradfield
Date:  
To: exim-users
Subject: [exim] restricted characters in address
Following an idle-moment post on mailop, I wonder:

From the default config:

---
acl_check_rcpt:

accept hosts = :

deny    domains       = +local_domains
        local_parts   = ^[.] : ^.*[@%!/|]
        message       = Restricted characters in address


deny    domains       = !+local_domains
        local_parts   = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
        message       = Restricted characters in address
---


Firstly, I don't understand the logic of accepting any address from an
stdio submission, while applying the restriction to a localhost tcp
submission.

Secondly, is there really any reason nowadays for restricting % and !
?

The last time I saw a % address was in 1995, and the last time I saw a
! address was in 1994. (And of course, when I did see them, they had
the original interpretations.) What is the kind of attack that could
nowadays be prevented by restricting these characters in outgoing
email?

Julian.

--
## subscription configuration (requires account):
## https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/