On Wed, Jan 26, 2011 at 10:32 PM, Phil Pennock <[email protected]>wrote:
> On 2011-01-26 at 18:56 +0300, Odhiambo Washington wrote: > > Funnily, I still don't know how to handle an address such as > > john'[email protected] <john%[email protected]> > > <john%[email protected]<john%[email protected]>> > with Exim. > > Anybody doing it? > > Yes. You don't percent-hex-encode addresses in email. > > Here are two addresses which are perfectly valid and *explicitly* > configured on my mail-system, not handled by defaults: > > a~`*&^$#_-={}'[email protected] > > "X'); DROP TABLE domains; DROP TABLE passwords; --"@spodhuis.org > > I hope you know your shell quoting rules, if you want to test those. > > > What are the dangers of having such an address working? Does M Sex Change > > allow it? > > It took me a moment to figure out what you were talking about and my > first glance over the mail, seeing those words, led me to flag it as > spam before the name caught up and I went back and unflagged it. > > While I understand that it's not always feasible to be polite about some > of the competition, we can do better than stooping to those sorts of > insults. I don't want to see the Exim community be a place where that > sort of thing, about any vendor, is accepted unchallenged. > Sorry. I did not mean to hurt the competition. I apologize unreservedly. > > The dangers: if you wrote your system and didn't use ${quote:...} style > rules in the appropriate places, while handling remote attacker-supplied > data, you might end up with your rules not doing what you think they > mean. Be careful. > I run a mailing list (using Mailman) and someone requested that they be subscribed, but their address was john'[email protected] <john%[email protected]> - yes, and it immediately reminded me that I once got someone who wanted a mailing list with the name cars&transport, which I meant to find a way to handle but forgot to follow up. I am shelving this idea unless someone believes they cannot survive without such characters. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254733744121/+254722743223 _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ Damn!! -- ## List details at http://lists.exim.org/mailman/listinfo/exim-users ## Exim details at http://www.exim.org/ ## Please use the Wiki with this list - http://wiki.exim.org/
