AW: Re: using the character @ in the local part
- Can't I report it as a Bug? The Mailman software for example handles this kind of addresses quite nicely.
Am 03.01.2013 16:20 schrieb Wietse Venema <wietse@...>:
> > The RFC specifies the maximal valid character set for email addresses.As Victor wrote don't bet on it. You can stop wasting your time.
> > Not all the constructs in this maximally valid character set are
> > safe on security, anti-relay, robustness, legacy-compatibility and
> > other grounds.
> > This thread is a dead-end. If you want to waste your time, you could
> > try setting:
> > resolve_dequoted_address = no
> > that might help, but I would not bet on it.
> Um, it still doesn't work. Now I get a bounce with the error message
> 554 5.7.1<@@...>: Relay access denied (state 13)
> why does it dequote the address? The RCPT TO command was using the
> quoted address!
- Michael Blessenohl:
> The security issue is, as far as I understand, that a backup MX uses anCome on, don't be so naive. The backup MX scenario is an EXAMPLE
> @ in the local part for internal purposes. Which, in theory, can be
> exploited to use the server as open relay. As long as I don't use a
> backup MX, I don't have an open relay and everything is fine, isn't it?
of how @ in local-part can result in trouble. The same problem may
happen in ANY piece of software that decisions based on the content
of an email address.