Re: using the character @ in the local part
- On 01/03/2013 04:12 PM, Michael Blessenohl wrote:
> Am 03.01.2013 06:05, schrieb Viktor Dukhovni:Are you sure this is not reported by the policy daemon running on
>> On Thu, Jan 03, 2013 at 04:49:50AM +0100, Michael Blessenohl wrote:
>>> Jan 3 03:09:45 hostname postfix/smtpd: connect from
>>> Jan 3 03:09:45 hostname postfix/smtpd: warning: Illegal
>>> address syntax from mail-we0-f173.google.com[220.127.116.11] in RCPT
>>> command: <"@"@...>
>> The RFC specifies the maximal valid character set for email addresses.
>> Not all the constructs in this maximally valid character set are
>> safe on security, anti-relay, robustness, legacy-compatibility and
>> other grounds.
>> This thread is a dead-end. If you want to waste your time, you could
>> try setting:
>> resolve_dequoted_address = no
>> that might help, but I would not bet on it.
> Um, it still doesn't work. Now I get a bounce with the error message
> 554 5.7.1<@@...>: Relay access denied (state 13)
> why does it dequote the address? The RCPT TO command was using the
> quoted address!
in your smtpd_recipient_restrictions:
DJIGZO email encryption
- Michael Blessenohl:
> The security issue is, as far as I understand, that a backup MX uses anCome on, don't be so naive. The backup MX scenario is an EXAMPLE
> @ in the local part for internal purposes. Which, in theory, can be
> exploited to use the server as open relay. As long as I don't use a
> backup MX, I don't have an open relay and everything is fine, isn't it?
of how @ in local-part can result in trouble. The same problem may
happen in ANY piece of software that decisions based on the content
of an email address.