Loading ...
Sorry, an error occurred while loading the content.

Re: using the character @ in the local part

Expand Messages
  • Viktor Dukhovni
    ... The RFC specifies the maximal valid character set for email addresses. Not all the constructs in this maximally valid character set are safe on security,
    Message 1 of 31 , Jan 2, 2013
    • 0 Attachment
      On Thu, Jan 03, 2013 at 04:49:50AM +0100, Michael Blessenohl wrote:

      > /var/log/mail.info:
      > Jan 3 03:09:45 hostname postfix/smtpd[5781]: connect from
      > mail-we0-f173.google.com[74.125.82.173]
      > Jan 3 03:09:45 hostname postfix/smtpd[5781]: warning: Illegal
      > address syntax from mail-we0-f173.google.com[74.125.82.173] in RCPT
      > command: <"@"@...>

      The RFC specifies the maximal valid character set for email addresses.
      Not all the constructs in this maximally valid character set are
      safe on security, anti-relay, robustness, legacy-compatibility and
      other grounds.

      This thread is a dead-end. If you want to waste your time, you could
      try setting:

      resolve_dequoted_address = no

      that might help, but I would not bet on it.

      --
      Viktor.
    • Wietse Venema
      ... Come on, don t be so naive. The backup MX scenario is an EXAMPLE of how @ in local-part can result in trouble. The same problem may happen in ANY piece of
      Message 31 of 31 , Jan 4, 2013
      • 0 Attachment
        Michael Blessenohl:
        > The security issue is, as far as I understand, that a backup MX uses an
        > @ in the local part for internal purposes. Which, in theory, can be
        > exploited to use the server as open relay. As long as I don't use a
        > backup MX, I don't have an open relay and everything is fine, isn't it?

        Come on, don't be so naive. The backup MX scenario is an EXAMPLE
        of how @ in local-part can result in trouble. The same problem may
        happen in ANY piece of software that decisions based on the content
        of an email address.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.