Re: [vchkpw] ampersand (&) in email-address possible ?
On Nov 9, 2004, at 9:57 AM, Jesse Guardiani wrote: On Tuesday 09 November 2004 12:17 pm, Tom Collins wrote: On Nov 9, 2004, at 5:48 AM, Rainer Duffner wrote: Is it possible to create these addresses with qmail or vpopmail ? Yes, but you will have problems modifying them with QmailAdmin. I know what the problem is, but haven't had the time to correct it. Basically, I'll be adding functions to rewrite strings in HTML form (converting &, < and > at least) and CGI value form (most special chars to %xx, space to +, etc.). Then the fun task of going through the source and converting strings wherever necessary. It'd definitely be nice to get this fixed. That "First+Last" bug in vqadmin (and possibly qmailadmin) is really annoying. :( I now have code on my test machine that addresses this problem. It also prevents possible cross site scripting attacks by escaping "<" and ">". I also noted that QmailAdmin didn't allow '&' in an email address, so I've updated that as well. I'm doing some more tests, but when I'm done you'll even be able to have a domain admin with an address like [EMAIL PROTECTED] Currently, it's impossible for that user to accomplish much of anything in QmailAdmin. I haven't gotten involved in the vqadmin project (Vpopmail and QmailAdmin eat too much of my time already), but if anyone is actively maintaining it, they can email me for info on how to fix vqadmin as well. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] ampersand (&) in email-address possible ?
On Tuesday 09 November 2004 12:17 pm, Tom Collins wrote: > On Nov 9, 2004, at 5:48 AM, Rainer Duffner wrote: > > Is it possible to create these addresses with qmail or vpopmail ? > > Yes, but you will have problems modifying them with QmailAdmin. I know > what the problem is, but haven't had the time to correct it. > > Basically, I'll be adding functions to rewrite strings in HTML form > (converting &, < and > at least) and CGI value form (most special chars > to %xx, space to +, etc.). Then the fun task of going through the > source and converting strings wherever necessary. It'd definitely be nice to get this fixed. That "First+Last" bug in vqadmin (and possibly qmailadmin) is really annoying. :( -- Jesse Guardiani, Systems Administrator WingNET Internet Services, P.O. Box 2605 // Cleveland, TN 37320-2605 423-559-LINK (v) 423-559-5145 (f) http://www.wingnet.net
Re: [vchkpw] ampersand (&) in email-address possible ?
On Nov 9, 2004, at 5:48 AM, Rainer Duffner wrote: Is it possible to create these addresses with qmail or vpopmail ? Yes, but you will have problems modifying them with QmailAdmin. I know what the problem is, but haven't had the time to correct it. Basically, I'll be adding functions to rewrite strings in HTML form (converting &, < and > at least) and CGI value form (most special chars to %xx, space to +, etc.). Then the fun task of going through the source and converting strings wherever necessary. -- Tom Collins - [EMAIL PROTECTED] QmailAdmin: http://qmailadmin.sf.net/ Vpopmail: http://vpopmail.sf.net/ Info on the Sniffter hand-held Network Tester: http://sniffter.com/
Re: [vchkpw] ampersand (&) in email-address possible ?
On Tuesday 09 November 2004 09:24 am, Rainer Duffner wrote: > Clayton Milos wrote: > >Sure it is... Very simple really... > > > >~vpopmail/bin/vadduser "john&[EMAIL PROTECTED]" password > > > >And OE6 doesn't complain about it for some reason (strange how a M$ app > >doesn't complain. Then again it's a stupid idea so it goes with them) > > D'uh. > > I tried vadduser -r -q 300 "john&[EMAIL PROTECTED] > > and it complained that > "You did not use a full email address for the user name > Only full email addresses should be used" you probably didn't quote it properly and your shell treated it like you were trying to background the vadduser command. [EMAIL PROTECTED] install]# ~vpopmail/bin/vadduser 'larry&[EMAIL PROTECTED]' bobbo [EMAIL PROTECTED] install]# shows up with vuserinfo and I'm able to authenticate with it properly, and a test message successfully arrives in larry&frank's mailbox, etc. -Jeremy -- Jeremy Kitchen ++ Systems Administrator ++ Inter7 Internet Technologies, Inc. [EMAIL PROTECTED] ++ www.inter7.com ++ 866.528.3530 ++ 815.776.9465 int'l kitchen @ #qmail #gentoo on EFnet ++ scriptkitchen.com/qmail GnuPG Key ID: 481BF7E2 ++ scriptkitchen.com/kitchen.asc pgpcRZQAfZp2T.pgp Description: PGP signature
Re: [vchkpw] ampersand (&) in email-address possible ?
Clayton Milos wrote: Sure it is... Very simple really... ~vpopmail/bin/vadduser "john&[EMAIL PROTECTED]" password And OE6 doesn't complain about it for some reason (strange how a M$ app doesn't complain. Then again it's a stupid idea so it goes with them) D'uh. I tried vadduser -r -q 300 "john&[EMAIL PROTECTED] and it complained that "You did not use a full email address for the user name Only full email addresses should be used" Now, I tried to specify the password directly and it worked. Strange. Thanks a lot ! Rainer -- === ~ Rainer Duffner - [EMAIL PROTECTED] ~ ~ Freising - Munich - Germany ~ ~Unix - Linux - BSD - OpenSource - Security ~ ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ ===
Re: [vchkpw] ampersand (&) in email-address possible ?
Sure it is... Very simple really... ~vpopmail/bin/vadduser "john&[EMAIL PROTECTED]" password And OE6 doesn't complain about it for some reason (strange how a M$ app doesn't complain. Then again it's a stupid idea so it goes with them) Regards Clay - Original Message - From: "Rainer Duffner" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Tuesday, November 09, 2004 3:48 PM Subject: [vchkpw] ampersand (&) in email-address possible ? > Hi, > > my research showed that it should pe possible (legal, as far as the > standard is concerned) to use the ampersand-character (&) in an > email-address (like john&[EMAIL PROTECTED]). > > I migrated an installation to vpopmail, where the previous system > (postfix) apparently had such email-addresses. > > Is it possible to create these addresses with qmail or vpopmail ? > > > Note that I personally consider this idea to be complete BS, because you > can't be sure what the next infestation of OE makes of it (when entering > the address at the client-side) but nevertheless... > > > > > Rainer > > -- > === > ~ Rainer Duffner - [EMAIL PROTECTED] ~ > ~ Freising - Munich - Germany ~ > ~Unix - Linux - BSD - OpenSource - Security ~ > ~ http://www.ultra-secure.de/~rainer/pubkey.pgp ~ > === >
