JP - thx. i did not know other mail systems had this issue as well. has anyone else experienced other systems than those mentioned exhibiting this behavior? has anyone tested/seen an exploit for allowing the 'illegal' characters?
_____ From: Jean-Paul van de Plasse [mailto:[EMAIL PROTECTED] Sent: Friday, October 26, 2007 1:16 PM To: [email protected] Subject: Re: [qmailtoaster] I hate Blackberry , 5.1.0 - Unknown address error 571-'sorry, (#5.7.1 - chkuser)' Btw, its not just blackberry that needs this fix.. also mails from for example ticketmaster.co.uk and some mails from paypal. So I really suggest to change this behaviour for all incoming connections.. You will not know what emails were lost and that I think is a bigger problem then the very small security problem.. qmail does not use the email address in any file, only if you would have an external program doing something with the filesystem based on the address it could give problems (imo).. If anyone does see real security implications I would like to hear them really.. JP ----- Original Message ----- From: Helmut Fritz <mailto:[EMAIL PROTECTED]> To: [email protected] Sent: Friday, October 26, 2007 7:42 PM Subject: RE: [qmailtoaster] I hate Blackberry , 5.1.0 - Unknown address error 571-'sorry, (#5.7.1 - chkuser)' understood, but if it is just one server there may be enough log entries for folks to collaborate to find it - and make appropriate entries and engage blackberry about it. i have also seen comments that say those characters are not against the rfc and other comments that say they are. if they are not, then qmail should not choke on them. if they are, blackberry should be engaged. _____ From: Jake Vickers [mailto:[EMAIL PROTECTED] Sent: Friday, October 26, 2007 10:37 AM To: [email protected] Subject: Re: [qmailtoaster] I hate Blackberry , 5.1.0 - Unknown address error 571-'sorry, (#5.7.1 - chkuser)' Helmut Fritz wrote: i wonder - is there a way to id this one? or do they all masquerade as the same hostname/ip? i am thinking not, since we could then add a line for that ip and it would cover all of them. If you look at the wiki, you'll see where I did a MX lookup on their domain and started to name each server to allow the characters - this particular one was NOT listed in the MX records - it seems to be a "stealth" server. It may appear in the SPF records, but by that time a client was literally screaming at me on the phone, so I just fixed it with a broad stroke, albeit a blunt one. I did some testing afterwards to see if I should go back and make it look pretty (ie: do it the right way), but found no need myself.
