Re: using the character @ in the local part
- On Thu, Jan 03, 2013 at 04:49:50AM +0100, Michael Blessenohl wrote:
> /var/log/mail.info:The RFC specifies the maximal valid character set for email addresses.
> Jan 3 03:09:45 hostname postfix/smtpd: connect from
> Jan 3 03:09:45 hostname postfix/smtpd: warning: Illegal
> address syntax from mail-we0-f173.google.com[188.8.131.52] in RCPT
> command: <"@"@...>
Not all the constructs in this maximally valid character set are
safe on security, anti-relay, robustness, legacy-compatibility and
This thread is a dead-end. If you want to waste your time, you could
resolve_dequoted_address = no
that might help, but I would not bet on it.
- Michael Blessenohl:
> The security issue is, as far as I understand, that a backup MX uses anCome on, don't be so naive. The backup MX scenario is an EXAMPLE
> @ in the local part for internal purposes. Which, in theory, can be
> exploited to use the server as open relay. As long as I don't use a
> backup MX, I don't have an open relay and everything is fine, isn't it?
of how @ in local-part can result in trouble. The same problem may
happen in ANY piece of software that decisions based on the content
of an email address.