Following an idle-moment post on mailop, I wonder:
From the default config:
---
acl_check_rcpt:
accept hosts = :
deny domains = +local_domains
local_parts = ^[.] : ^.*[@%!/|]
message = Restricted characters in address
deny domains = !+local_domains
local_parts = ^[./|] : ^.*[@%!] : ^.*/\\.\\./
message = Restricted characters in address
---
Firstly, I don't understand the logic of accepting any address from an
stdio submission, while applying the restriction to a localhost tcp
submission.
Secondly, is there really any reason nowadays for restricting % and !
?
The last time I saw a % address was in 1995, and the last time I saw a
! address was in 1994. (And of course, when I did see them, they had
the original interpretations.) What is the kind of attack that could
nowadays be prevented by restricting these characters in outgoing
email?
Julian.
--
## subscription configuration (requires account):
##
https://lists.exim.org/mailman3/postorius/lists/exim-users.lists.exim.org/
## unsubscribe (doesn't require an account):
## exim-users-unsubscribe@???
## Exim details at
http://www.exim.org/
## Please use the Wiki with this list -
http://wiki.exim.org/
