I recently started acting as a backup MX for a friends domain. He
unfortunately receives a bit of spam. His MTA, Postfix, turns out is a
bit more anal about the format of email addresses than Courier is.
The result is that his system would not accept this command:
MAIL FROM:<<[EMAIL PROTECTED]>
whereas Courier would. That resulted in my system accepting quite a bit
of his spam email, which his system would refuse and since it was spam,
had invalid envelope from addresses and I would get lots of double
bounces.
This one line patch explicitily catches extra < characters in the MAIL
FROM: and RCPT TO: commands. This isn't strictly RFC 821 compliant since
the RFC specifies much tighter set of allowed characters. Sam, would you
be interested in something a bit more restrictive than this?
JE
--- courier-0.38.0/courier/module.esmtp/courieresmtpd.c.orig Fri Apr 19 18:10:42
2002
+++ courier-0.38.0/courier/module.esmtp/courieresmtpd.c Fri Apr 19 18:10:50 2002
@@ -399,6 +399,7 @@
while (*p)
{
+ if (*p == '<' && !inquote) return (0);
if (*p == '>' && !inquote) return (p);
if (*p == '"') inquote ^= 1;
if (*p == '\\' && p[1]) ++p;
