I think that making this a runtime configurable option is the best option.
Not that much of a problem to implement, and when we default it to the same
behaviour it has now it is up to the admins what they do with it.
Can you find yourself in that Erik?
JP
----- Original Message -----
From: "Tim Mancour" <[EMAIL PROTECTED]>
To: <qmailtoaster-list@qmailtoaster.com>
Sent: Tuesday, January 16, 2007 5:15 PM
Subject: RE: [qmailtoaster] apostrophe
Erik,
Which characters in the sender's mailbox identifier represent a security
issue? In my thinking these should be the only characters that are
restricted in the "C" code. The badmailfrom file can then be used to allow
site to site customization.
I know that everytime that I upgrade I have to do the hand building step
to
allow the '+' character and would really like to be able to configure thus
sort of thing in a control file.
Regards,
Tim
-----Original Message-----
From: Erik Espinoza [mailto:[EMAIL PROTECTED]
Sent: Monday, January 15, 2007 8:09 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] apostrophe
Tim,
Not a good idea. If you write this patch, it shall not be included into
the
Toaster.
Qmail gets a lot of security by not allowing certain characters. For
example, any e-mail address that contains a "." is stored in the file
system
as a ":" because the period is a file system navigation character.
Thanks,
Erik
On 1/15/07, Tim Mancour <[EMAIL PROTECTED]> wrote:
Hi,
The toaster seems to be more restrictive than the current SMTP
specification. RFC 2821 (page 37) only specifically prohibts ASCII
characters 0 through 31 and characters greater than 126 from the name
of a mailbox.
As a long term solution, couldn't we modify the "C" code (specifically
the function check_sender_address_format) to allow any character in
the ASCII range 33 through 126. We could then use the badmailfrom
control file to filter out sender addresses that contain characters
that are undesirable. A single line with an explicit set of characters
could be used - e.g. [ ,;:"'`&%\$\^\{\[\(\|\)\]\}\*\+\?\\].
I could be missing something but I think that this will allow each
site to customize as required without rebuilding the "C" code and
without losing any functionality. I'd be happy to make the C code
changes if this make sense to everyone.
Regards,
Tim
-----Original Message-----
From: Trung Pham [mailto:[EMAIL PROTECTED]
Sent: Friday, January 12, 2007 5:14 PM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] apostrophe
Yeah, you will need to edit the C code before compiling it.
> eh no..
> Its just that to change qmailtoaster/checkuser you have to change
> the code a bit.
>
> Like Eric explained below.
>
>
> ----- Original Message -----
> From: "Dan Herbon" <[EMAIL PROTECTED]>
> To: <qmailtoaster-list@qmailtoaster.com>
> Sent: Friday, January 12, 2007 10:48 PM
> Subject: RE: [qmailtoaster] apostrophe
>
>
>> So I have to have any user emailing this person to add a \ in front
>> of the email address?:
>>
>> Bd\'[EMAIL PROTECTED]
>>
>>
>>
>> -----Original Message-----
>> From: Trung Pham [mailto:[EMAIL PROTECTED]
>> Sent: Friday, January 12, 2007 4:37 PM
>> To: qmailtoaster-list@qmailtoaster.com
>> Subject: Re: [qmailtoaster] apostrophe
>>
>> #define CHKUSER_ALLOW_SENDER_CHAR_2 '\''
>> that's the correct syntax
>>
>>> Dan Herbon wrote:
>>>> I've been live on the new qmailtoaster server now for about 3
>>>> weeks and no problems have arisen, everythings been great.
>>>>
>>>>
>>>>
>>>> Today however I came across my first problem. A user we used to
>>>> email back and forth has an apostrophe in her name and for some
>>>> strange odd reason whoever set this person up put the apostrophe
>>>> in her
email
>>>> address. So her email address is: bd'[EMAIL PROTECTED]
>>>>
>>>>
>>>>
>>>> The qmail server is rejecting this with:
>>>>
>>>>
>>>>
>>>> --------
>>>>
>>>> 2007-01-12 15:09:52.456145500 CHKUSER rejected sender: from
>>>> <BD'[EMAIL PROTECTED]::> remote
>>>> <mail-bh.server.com:unknown:12.19.*.*> rcpt <> : invalid sender
>>>> address format
>>>>
>>>> ---------
>>>>
>>>>
>>>>
>>>> Is there an easy way to allow an apostrophe in the email address
>>>> be delivered? Perhaps add just this users email address to some
>>>> sort of whitelist somewhere. Any help would be great. I have to
>>>> get this working.
>>>>
>>>>
>>>>
>>>> thank
>>>>
>>>
>>> You should try very hard to have the admin for that domain change
>>> the name.
>>>
>>> Short of success with that, you *can* tailor chkuser to accept
>>> additional special characters, but tailoring chkuser is somewhat
>>> of a PITA. See http://wiki.qmailtoaster.com/index.php/Chkuser. In
>>> chkuser.h you'll want to modify
>>> /* #define CHKUSER_ALLOW_SENDER_CHAR_2 '%' */ by uncommenting the
>>> #define, and specifying the apostrophe as the special character.
>>> I'm not sure how to do that properly in C, but it might be #define
>>> CHKUSER_ALLOW_SENDER_CHAR_2 '\''
>>> or
>>> #define CHKUSER_ALLOW_SENDER_CHAR_2 ''''
>>> Maybe a C guru can help you out on that.
>>>
>>> HTH
>>> --
>>> -Eric 'shubes'
>>>
>>> ---------------------------------------------------------------------
>>> QmailToaster hosted by: VR Hosted <http://www.vr.org>
>>> ------------------------------------------------------------------
>>> --
>>> - To unsubscribe, e-mail:
>>> [EMAIL PROTECTED]
>>> For additional commands, e-mail:
>>> [EMAIL PROTECTED]
>>>
>>>
>>
>>
>>
>> ---------------------------------------------------------------------
>> QmailToaster hosted by: VR Hosted <http://www.vr.org>
>> -------------------------------------------------------------------
>> --
>> To unsubscribe, e-mail:
>> [EMAIL PROTECTED]
>> For additional commands, e-mail:
>> [EMAIL PROTECTED]
>>
>>
>>
>> ---------------------------------------------------------------------
>> QmailToaster hosted by: VR Hosted <http://www.vr.org>
>> -------------------------------------------------------------------
>> --
>> To unsubscribe, e-mail:
>> [EMAIL PROTECTED]
>> For additional commands, e-mail:
>> [EMAIL PROTECTED]
>>
>>
>
>
> ---------------------------------------------------------------------
> QmailToaster hosted by: VR Hosted <http://www.vr.org>
> --------------------------------------------------------------------
> - To unsubscribe, e-mail:
> [EMAIL PROTECTED]
> For additional commands, e-mail:
> [EMAIL PROTECTED]
>
>
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail:
[EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
