Package: postfix Severity: normal X-Debbugs-Cc: [email protected]
Dear Maintainer, I've discovered that Postfix handles two malformed RCPT TO addresses inconsistently, which may have security and interoperability implications. # Issue Postfix treats these two malformed addresses differently when relaying: RCPT TO:<u.com!> -> RCPT TO:<".com"@u> RCPT TO:<u!.com> -> RCPT TO:<""@u.com> Strictly speaking, both addresses violate RFC 5321 Section 4.1.2 because they lack the required "@domain" component. Postfix rejects most other queries without @domain, but does the above conversion when involving "!". # Comparing with other MTAs Exim will treat both these sequences as a local-part and forward with the server's domain name appended (e.g. RCPT TO:<[email protected]>). Other MTAs we tested on do not have this feature in general and simply reject these requests. -- System Information: Debian Release: 12.11 APT prefers oldstable-updates APT policy: (500, 'oldstable-updates'), (500, 'oldstable-security'), (500, 'oldstable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-35-amd64 (SMP w/128 CPU threads; PREEMPT) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
