[exim] ':' not escaped in local part of recipient address

Thu, 17 Apr 2008 06:44:36 -0700 

Hello,

I just found the following error in my exim logs:

H=p15202018.pureserver.info [212.227.102.132] F=<> temporarily rejected
RCPT <"venesa-:xobtogg"@metaphysis.de>: PGSQL: query failed: ERROR:
unterminated quoted string at or near "'venesa-" at character 109

I can reproduce this in a fake exim session and get the same error.
Obviously the ':' in the RCPT TO is causing an error, but I don't know
where to further escape the address when I look at the config.
(PostgreSQL itself is happily executing the query if I try it directly.)

The config lines for the Query are the following ones:

SQL_BATV_USER = SELECT email_adr(user_name, domain_name) FROM mail_user \
  WHERE domain_name = '${quote_pgsql:$domain}' AND user_name = 
'${quote_pgsql:$local_part}' \
  AND batv_secret IS NOT NULL

addresslist batv_senders = pgsql;SQL_BATV_USER
[...]

begin acl
acl_check_rcpt:
[...]

  # Bounces: drop unsigned addresses for BATV senders
  deny      message = This address does not send an unsigned reverse path.
            senders = :
            recipients = +batv_senders

In an SMTP session what happens is the following:

>>> check recipients = +batv_senders
>>> "venesa-:xobtogg"@metaphysis.de in "pgsql;SELECT email_adr(user_name, 
>>> domain_name)
FROM mail_user WHERE domain_name = 'metaphysis.de' AND user_name = 
'venesa-:xobtogg'
AND batv_secret IS NOT NULL"? list match deferred for pgsql;SELECT 
email_adr(user_name, domain_name)
FROM mail_user WHERE domain_name = 'metaphysis.de' AND user_name = 'venesa-
>>> "venesa-:xobtogg"@metaphysis.de in "+batv_senders"? list match deferred for 
>>> +batv_senders
>>> deny: condition test deferred
451 Temporary local problem - please try later
LOG: H=p15202018.pureserver.info [212.227.102.132] F=<> temporarily rejected
RCPT <"venesa-:xobtogg"@metaphysis.de>: PGSQL: query failed: ERROR:  
unterminated quoted string
at or near "'venesa-" at character 109


So for the list of recipients in "recipients = +batv_senders" the ':' is seen
as separator for the list elements and not as part of the pgsql query.

But how can this be avoided? The address is correctly quoted for postgres 
itself.
And I don't see any similar examples in the docs that are somehow quoted to 
protect against such an error.

Version is Exim 4.69


Andreas Prieß

Attachment: signature.asc
Description: PGP signature

-- 
## List details at http://lists.exim.org/mailman/listinfo/exim-users 
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Reply via email to