> -----Original Message----- > From: Exim-dev [mailto:[email protected]] > On Behalf Of Jeremy Harris > Sent: 20 October 2015 21:11 > To: [email protected] > Subject: Re: [exim-dev] Interesting behaviour > > On 19/10/15 23:47, Warwick Brown wrote: > > Say, I am a relay for domain1.com, When you do a RCPT command, as > follows:- > > > > RCPT TO: @domain2.com:[email protected] > > That looks like you're trying to use explicitly routed addresses. > They went out with the ark. Exim does not handle them. > -- > Cheers, > Jeremy > >
Hi Jeremy, Pen-testers still test to see if legacy routed addresses are supported due to the dross of legacy still out there. I agree with your reasoning as to routed addresses being obsolete, and that is why I still use the restricted characters ACL to ensure they are not accepted. But, the issue I see is that the invalid input is silently discarded with no notice of when or why. The ":" character is in my restricted characters ACL, however in the special-case where the user-part is null, the restricted characters ACL does not seem to kick in. I am satisfied that exim fails safe, but still think it's worth a look-in to why it silently discards parts of its input data - if this is by design, then fine, but if it is an unintended consequence, then it is to me a little more concerning. Thanks and regards, Warwick -- ## List details at https://lists.exim.org/mailman/listinfo/exim-dev Exim details at http://www.exim.org/ ##
