Loading ...
Sorry, an error occurred while loading the content.

Re: using the character @ in the local part

Expand Messages
  • martijn.list
    ... Are you sure this is not reported by the policy daemon running on 127.0.0.1:10023 in your smtpd_recipient_restrictions: check_policy_service
    Message 1 of 31 , Jan 3, 2013
    • 0 Attachment
      On 01/03/2013 04:12 PM, Michael Blessenohl wrote:
      > Am 03.01.2013 06:05, schrieb Viktor Dukhovni:
      >> On Thu, Jan 03, 2013 at 04:49:50AM +0100, Michael Blessenohl wrote:
      >>
      >>> /var/log/mail.info:
      >>> Jan 3 03:09:45 hostname postfix/smtpd[5781]: connect from
      >>> mail-we0-f173.google.com[74.125.82.173]
      >>> Jan 3 03:09:45 hostname postfix/smtpd[5781]: warning: Illegal
      >>> address syntax from mail-we0-f173.google.com[74.125.82.173] in RCPT
      >>> command: <"@"@...>
      >> The RFC specifies the maximal valid character set for email addresses.
      >> Not all the constructs in this maximally valid character set are
      >> safe on security, anti-relay, robustness, legacy-compatibility and
      >> other grounds.
      >>
      >> This thread is a dead-end. If you want to waste your time, you could
      >> try setting:
      >>
      >> resolve_dequoted_address = no
      >>
      >> that might help, but I would not bet on it.
      >>
      >
      > Um, it still doesn't work. Now I get a bounce with the error message
      >
      > 554 5.7.1<@@...>: Relay access denied (state 13)
      >
      > why does it dequote the address? The RCPT TO command was using the
      > quoted address!

      Are you sure this is not reported by the policy daemon running on
      127.0.0.1:10023

      in your smtpd_recipient_restrictions:

      check_policy_service inet:127.0.0.1:10023

      Kind regards,

      Martijn Brinkers

      --
      DJIGZO email encryption
    • Wietse Venema
      ... Come on, don t be so naive. The backup MX scenario is an EXAMPLE of how @ in local-part can result in trouble. The same problem may happen in ANY piece of
      Message 31 of 31 , Jan 4, 2013
      • 0 Attachment
        Michael Blessenohl:
        > The security issue is, as far as I understand, that a backup MX uses an
        > @ in the local part for internal purposes. Which, in theory, can be
        > exploited to use the server as open relay. As long as I don't use a
        > backup MX, I don't have an open relay and everything is fine, isn't it?

        Come on, don't be so naive. The backup MX scenario is an EXAMPLE
        of how @ in local-part can result in trouble. The same problem may
        happen in ANY piece of software that decisions based on the content
        of an email address.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.