Mailing List Archive: exim: users

dot at the end of a local part

1 2

View All

Index | Next | Previous | View Threaded

P.A.Chambers at exeter

May 1, 2008, 1:22 AM

Post #1 of 27 (499 views)
Permalink

dot at the end of a local part

I have just seen examples of mail with a sender address whith the local part
ending with a dot:

<MikeG.@continentalways.com>

(I was surprised to see Exchange reject this because it is willing to accept
all sorts of rubbish in addresses without complaint!)

Exim seems to allow this through despite it not conforming to RFC2822. As I
read it:

local-part = dot-atom / quoted-string / obs-local-part

dot-atom = [CFWS] dot-atom-text [CFWS]
dot-atom-text = 1*atext *("." 1*atext)

Its not quoted-string

obs-local-part = word *("." word)
word = atom / quoted-string
atom = [CFWS] 1*atext [CFWS]
atext does not include "."

I can put in a specific ACL to reject this but it really aught to be picked up
by Exim at a more fundamental level.

I am running exim-4.68 and I don't see a change in the change-log for 4.69.

Phil.
---------------------------------------
Phil Chambers (postmaster[at]exeter.ac.uk)
University of Exeter

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Richard.Rogers at staffs

May 1, 2008, 8:34 AM

Post #2 of 27 (478 views)
Permalink

Re: dot at the end of a local part [In reply to]

exim-users-bounces[at]exim.org wrote:
> I have just seen examples of mail with a sender address whith the
> local part ending with a dot:
>
> <MikeG.@continentalways.com>
>
> (I was surprised to see Exchange reject this because it is willing to
> accept all sorts of rubbish in addresses without complaint!)
>
> Exim seems to allow this through despite it not conforming to
> RFC2822. As I read it:
>
> local-part = dot-atom / quoted-string / obs-local-part
>
> dot-atom = [CFWS] dot-atom-text [CFWS]
> dot-atom-text = 1*atext *("." 1*atext)
>
> Its not quoted-string
>
> obs-local-part = word *("." word)
> word = atom / quoted-string
> atom = [CFWS] 1*atext [CFWS]
> atext does not include "."
>
>
> I can put in a specific ACL to reject this but it really
> aught to be picked up
> by Exim at a more fundamental level.
>
> I am running exim-4.68 and I don't see a change in the change-log for
> 4.69.
>
> Phil.
> ---------------------------------------
> Phil Chambers (postmaster[at]exeter.ac.uk)
> University of Exeter

I added the following ACLs to our configs to avoid passing messages
through to Exchange that it would then reject, leading to a bounce. I
agree, it might be nice if there were a "strict address checking" option
incorporated into Exim that would do this job. (For our purposes, an
alternative would be to use the envelope sender address in the call
forward that we use to verify the recipient, but I don't think that is
currently an option either, is it?)

regards

Richard

# Deny any message whose envelope sender address has consecutive dots
(illegal)
# (do this for all messages irrespective of recipient's spam preference
# because Exchange will reject them if we attempt to deliver)
deny senders = ^.*[.][.]
message = Sender address syntax error (consecutive dots):
$sender_address

# Deny any message whose envelope sender address starts with a dot
(illegal)
# (do this for all messages irrespective of recipient's spam preference
# because Exchange will reject them if we attempt to deliver)
deny senders = ^[.]
message = Sender address syntax error (leading dot):
$sender_address

# Deny any message whose envelope sender address ends with a dot
(illegal)
# (do this for all messages irrespective of recipient's spam preference
# because Exchange will reject them if we attempt to deliver)
deny senders = ^.*[.][@]
message = Sender address syntax error (trailing dot):
$sender_address

# Deny any message whose envelope sender address is ""@some.domain
# (do this for all messages irrespective of recipient's spam preference
# because Exchange will reject them if we attempt to deliver)
deny senders = ^["]["][@]
message = Sender address syntax error: $sender_address

# Deny any message whose envelope sender address contains 8-bit
characters,
# a violation of RFC2821 and only done by spammers.
# (do this for all messages irrespective of recipient's spam preference
# because Exchange will reject them if we attempt to deliver)
deny senders = \N^[^@]*[\x80-\xFF][^@]*\@.*\N
message = Sender address syntax error (8 bit characters):
$sender_address

--
Richard Rogers
IT Development and Innovation Manager
Information Services, Staffordshire University

The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

eximX1211 at linuxwan

May 1, 2008, 6:28 PM

Post #3 of 27 (473 views)
Permalink

Re: dot at the end of a local part [In reply to]

ROGERS Richard wrote:
> exim-users-bounces[at]exim.org wrote:
>> I have just seen examples of mail with a sender address whith the
>> local part ending with a dot:
[snip]
> I added the following ACLs to our configs to avoid passing messages
> through to Exchange that it would then reject, leading to a bounce. I
> agree, it might be nice if there were a "strict address checking" option
> incorporated into Exim that would do this job. (For our purposes, an
> alternative would be to use the envelope sender address in the call
> forward that we use to verify the recipient, but I don't think that is
> currently an option either, is it?)
[snip]

This isn't much of a help for you issue but more a question as to why
you would be running into it.

None of my servers have ever accepted a local part with a dot on the end
and I will never run into the issue because it's not an account name.
Why are you accepting local parts that don't have a valid account?

--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Richard.Rogers at staffs

May 2, 2008, 12:49 AM

Post #4 of 27 (472 views)
Permalink

Re: dot at the end of a local part [In reply to]

Ted Cooper wrote:
> ROGERS Richard wrote:
>> exim-users-bounces[at]exim.org wrote:
>>> I have just seen examples of mail with a sender address whith the
>>> local part ending with a dot:
> [snip]
>> I added the following ACLs to our configs to avoid passing messages
>> through to Exchange that it would then reject, leading to a bounce. I
>> agree, it might be nice if there were a "strict address checking"
>> option incorporated into Exim that would do this job. (For our
>> purposes, an alternative would be to use the envelope sender address
>> in the call forward that we use to verify the recipient, but I don't
>> think that is currently an option either, is it?)
> [snip]
>
> This isn't much of a help for you issue but more a question as to why
> you would be running into it.
>
> None of my servers have ever accepted a local part with a dot
> on the end
> and I will never run into the issue because it's not an account name.
> Why are you accepting local parts that don't have a valid account?

We're not - it's the sender address that has this problem. Thus the call
forward for the recipient is OK (I think it's done with null sender,
yes?), but the actual delivery is rejected. By then it's too late to
reject with a 5xx at the Exim gateway.

regards

Richard

--
Richard Rogers
IT Development and Innovation Manager
Information Services, Staffordshire University

The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

peter at bowyer

May 2, 2008, 1:01 AM

Post #5 of 27 (471 views)
Permalink

Re: dot at the end of a local part [In reply to]

On 02/05/2008, ROGERS Richard <Richard.Rogers[at]staffs.ac.uk> wrote:
> Ted Cooper wrote:
> > ROGERS Richard wrote:
> >> exim-users-bounces[at]exim.org wrote:
> >>> I have just seen examples of mail with a sender address whith the
> >>> local part ending with a dot:
> > [snip]
> >> I added the following ACLs to our configs to avoid passing messages
> >> through to Exchange that it would then reject, leading to a bounce. I
> >> agree, it might be nice if there were a "strict address checking"
> >> option incorporated into Exim that would do this job. (For our
> >> purposes, an alternative would be to use the envelope sender address
> >> in the call forward that we use to verify the recipient, but I don't
> >> think that is currently an option either, is it?)
> > [snip]
> >
> > This isn't much of a help for you issue but more a question as to why
> > you would be running into it.
> >
> > None of my servers have ever accepted a local part with a dot
> > on the end
> > and I will never run into the issue because it's not an account name.
> > Why are you accepting local parts that don't have a valid account?
>
> We're not - it's the sender address that has this problem. Thus the call
> forward for the recipient is OK (I think it's done with null sender,
> yes?), but the actual delivery is rejected. By then it's too late to
> reject with a 5xx at the Exim gateway.

This might help:

verify = recipient/callout=use_sender

Peter

--
Peter Bowyer
Email: peter[at]bowyer.org
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Richard.Rogers at staffs

May 2, 2008, 1:10 AM

Post #6 of 27 (467 views)
Permalink

Re: dot at the end of a local part [In reply to]

exim-users-bounces[at]exim.org wrote:
> On 02/05/2008, ROGERS Richard <Richard.Rogers[at]staffs.ac.uk> wrote:
>> Ted Cooper wrote:
>>> ROGERS Richard wrote:
>>>> exim-users-bounces[at]exim.org wrote:
>>>>> I have just seen examples of mail with a sender address whith the
>>>>> local part ending with a dot:
>>> [snip]
>>>> I added the following ACLs to our configs to avoid passing messages
>>>> through to Exchange that it would then reject, leading to a
>>>> bounce. I agree, it might be nice if there were a "strict address
>>>> checking" option incorporated into Exim that would do this job.
>>>> (For our purposes, an alternative would be to use the envelope
>>>> sender address in the call forward that we use to verify the
>>>> recipient, but I don't think that is currently an option either,
>>>> is it?) [snip]
>>>
>>> This isn't much of a help for you issue but more a question as to
>>> why you would be running into it.
>>>
>>> None of my servers have ever accepted a local part with a dot
>>> on the end
>>> and I will never run into the issue because it's not an account
>>> name. Why are you accepting local parts that don't have a valid
>>> account?
>>
>> We're not - it's the sender address that has this problem. Thus the
>> call forward for the recipient is OK (I think it's done with null
>> sender, yes?), but the actual delivery is rejected. By then it's too
>> late to reject with a 5xx at the Exim gateway.
>
> This might help:
>
> verify = recipient/callout=use_sender
>
> Peter

Thanks Peter, that sounds like exactly what we need. Not sure why I
hadn't picked up on that before - anyway, I'll give it a go...

regards

Richard

--
Richard Rogers
IT Development and Innovation Manager
Information Services, Staffordshire University

The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

j at jdh28

May 2, 2008, 1:36 AM

Post #7 of 27 (466 views)
Permalink

Re: dot at the end of a local part [In reply to]

On Fri, May 2, 2008 at 2:28 AM, Ted Cooper <eximX1211[at]linuxwan.net> wrote:

> ROGERS Richard wrote:
>

> > exim-users-bounces[at]exim.org wrote:
> >> I have just seen examples of mail with a sender address whith the
> >> local part ending with a dot:
> [snip]
> > I added the following ACLs to our configs to avoid passing messages
> > through to Exchange that it would then reject, leading to a bounce. I
> > agree, it might be nice if there were a "strict address checking" option
> > incorporated into Exim that would do this job. (For our purposes, an
> > alternative would be to use the envelope sender address in the call
> > forward that we use to verify the recipient, but I don't think that is
> > currently an option either, is it?)
> [snip]
>
> This isn't much of a help for you issue but more a question as to why
> you would be running into it.
>
> None of my servers have ever accepted a local part with a dot on the end
> and I will never run into the issue because it's not an account name.
> Why are you accepting local parts that don't have a valid account?

Ted,

The ACL snippets are checking the sender address, not the local address -
Exchange rejects some invalid sender addresses that a default Exim
configuration will accept.

Regards,
John
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

P.A.Chambers at exeter

May 2, 2008, 1:47 AM

Post #8 of 27 (467 views)
Permalink

Re: dot at the end of a local part [In reply to]

On Fri, 02 May 2008 11:28:53 +1000 Ted Cooper <eximX1211[at]linuxwan.net> wrote:

> [snip]
>
> This isn't much of a help for you issue but more a question as to why
> you would be running into it.
>
> None of my servers have ever accepted a local part with a dot on the end
> and I will never run into the issue because it's not an account name.
> Why are you accepting local parts that don't have a valid account?
>

I'm not accepting recipients that don't exist. The issue arose because there
were trailing dots on some sender_address_local_part. Exim was accepting this
but Exchange was rejecting when Exim tried to pass it on.

Indeed, when I saw this I then found countless examples where Exim was
rejecting attempts to send to recipients with trailing dots on the local_part.
The rejections were not because the address was invalid but because we don't
have any such addresses.

Phil.
---------------------------------------
Phil Chambers (postmaster[at]exeter.ac.uk)
University of Exeter

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

P.A.Chambers at exeter

May 2, 2008, 1:50 AM

Post #9 of 27 (466 views)
Permalink

Re: dot at the end of a local part [In reply to]

On Fri, 2 May 2008 09:01:22 +0100 Peter Bowyer <peter[at]bowyer.org> wrote:

> snip snip
> This might help:
>
> verify = recipient/callout=use_sender
>
> Peter

I am doing that but the callout succeeds! (Or rather, I was before I put in
ACLs to reject the addresses as invalid.)

Phil.
---------------------------------------
Phil Chambers (postmaster[at]exeter.ac.uk)
University of Exeter

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

P.A.Chambers at exeter

May 2, 2008, 1:55 AM

Post #10 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

On Fri, 2 May 2008 09:50:12 +0100 (GMT Daylight Time) Phil Chambers
<P.A.Chambers[at]exeter.ac.uk> wrote:

>
> On Fri, 2 May 2008 09:01:22 +0100 Peter Bowyer <peter[at]bowyer.org> wrote:
>
> > snip snip
> > This might help:
> >
> > verify = recipient/callout=use_sender
> >
> > Peter
>
> I am doing that but the callout succeeds! (Or rather, I was before I put in
> ACLs to reject the addresses as invalid.)
>
> Phil.

OOps. I did not read carefully enough before replying!!

I don't do 'verify = recipient/callout=use_sender' because my Exim box has a
complete list of all valid recipients.

Phil.
---------------------------------------
Phil Chambers (postmaster[at]exeter.ac.uk)
University of Exeter

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

peter at bowyer

May 2, 2008, 1:56 AM

Post #11 of 27 (466 views)
Permalink

Re: dot at the end of a local part [In reply to]

On 02/05/2008, Phil Chambers <P.A.Chambers[at]exeter.ac.uk> wrote:
>
> On Fri, 2 May 2008 09:01:22 +0100 Peter Bowyer <peter[at]bowyer.org> wrote:
>
> > snip snip
> > This might help:
> >
> > verify = recipient/callout=use_sender
> >
> > Peter
>
> I am doing that but the callout succeeds! (Or rather, I was before I put in
> ACLs to reject the addresses as invalid.)

I guess that means that Exchange is rejecting on invalid senders after
DATA rather than at RCPT... can you debug the SMTP conversation to
verify this?

Peter

--
Peter Bowyer
Email: peter[at]bowyer.org
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

peter at bowyer

May 2, 2008, 2:00 AM

Post #12 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

On 02/05/2008, Phil Chambers <P.A.Chambers[at]exeter.ac.uk> wrote:
>
> On Fri, 2 May 2008 09:50:12 +0100 (GMT Daylight Time) Phil Chambers
> <P.A.Chambers[at]exeter.ac.uk> wrote:
>
> >
> > On Fri, 2 May 2008 09:01:22 +0100 Peter Bowyer <peter[at]bowyer.org> wrote:
> >
> > > snip snip
> > > This might help:
> > >
> > > verify = recipient/callout=use_sender
> > >
> > > Peter
> >
> > I am doing that but the callout succeeds! (Or rather, I was before I put in
> > ACLs to reject the addresses as invalid.)
> >
> > Phil.
>
> OOps. I did not read carefully enough before replying!!
>
> I don't do 'verify = recipient/callout=use_sender' because my Exim box has a
> complete list of all valid recipients.

Then I'm confused - didn't you say that Exchange was accepting on a
recipient callout but rejecting on a delivery?

Peter

--
Peter Bowyer
Email: peter[at]bowyer.org
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

eximX1211 at linuxwan

May 2, 2008, 2:16 AM

Post #13 of 27 (466 views)
Permalink

Re: dot at the end of a local part [In reply to]

John Hall wrote:
>> This isn't much of a help for you issue but more a question as to why
>> you would be running into it.
>>
>> None of my servers have ever accepted a local part with a dot on the end
>> and I will never run into the issue because it's not an account name.
>> Why are you accepting local parts that don't have a valid account?
>
> Ted,
>
> The ACL snippets are checking the sender address, not the local address -
> Exchange rejects some invalid sender addresses that a default Exim
> configuration will accept.

Ahhhh .. missed that point. That it explains it then anyway.

Sounds a lot like the email addresses I've been seeing of late with the
"-" on the end of them. I put in an ACL to flat out reject them just in
time for all of those source addresses to disappear.

--
The Exim Manual
http://www.exim.org/docs.html
http://docs.exim.org/current/

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Richard.Rogers at staffs

May 2, 2008, 2:26 AM

Post #14 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

exim-users-bounces[at]exim.org wrote:
> On 02/05/2008, Phil Chambers <P.A.Chambers[at]exeter.ac.uk> wrote:
>>
>> On Fri, 2 May 2008 09:50:12 +0100 (GMT Daylight Time) Phil Chambers
>> <P.A.Chambers[at]exeter.ac.uk> wrote:
>>
>>>
>>> On Fri, 2 May 2008 09:01:22 +0100 Peter Bowyer <peter[at]bowyer.org>
>>> wrote:
>>>
>>>> snip snip
>>>> This might help:
>>>>
>>>> verify = recipient/callout=use_sender
>>>>
>>>> Peter
>>>
>>> I am doing that but the callout succeeds! (Or rather, I was before
>>> I put in ACLs to reject the addresses as invalid.)
>>>
>>> Phil.
>>
>> OOps. I did not read carefully enough before replying!!
>>
>> I don't do 'verify = recipient/callout=use_sender' because my Exim
>> box has a complete list of all valid recipients.
>
> Then I'm confused - didn't you say that Exchange was accepting on a
> recipient callout but rejecting on a delivery?

I think it was me that said that (but that was before I put ACLs in to
prevent Exim accepting the messages in the first place).

regards

Richard

--
Richard Rogers
IT Development and Innovation Manager
Information Services, Staffordshire University

The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

peter at bowyer

May 2, 2008, 2:28 AM

Post #15 of 27 (467 views)
Permalink

Re: dot at the end of a local part [In reply to]

On 02/05/2008, ROGERS Richard <Richard.Rogers[at]staffs.ac.uk> wrote:
> exim-users-bounces[at]exim.org wrote:
> > On 02/05/2008, Phil Chambers <P.A.Chambers[at]exeter.ac.uk> wrote:
> >>
> >> On Fri, 2 May 2008 09:50:12 +0100 (GMT Daylight Time) Phil Chambers
> >> <P.A.Chambers[at]exeter.ac.uk> wrote:
> >>
> >>>
> >>> On Fri, 2 May 2008 09:01:22 +0100 Peter Bowyer <peter[at]bowyer.org>
> >>> wrote:
> >>>
> >>>> snip snip
> >>>> This might help:
> >>>>
> >>>> verify = recipient/callout=use_sender
> >>>>
> >>>> Peter
> >>>
> >>> I am doing that but the callout succeeds! (Or rather, I was before
> >>> I put in ACLs to reject the addresses as invalid.)
> >>>
> >>> Phil.
> >>
> >> OOps. I did not read carefully enough before replying!!
> >>
> >> I don't do 'verify = recipient/callout=use_sender' because my Exim
> >> box has a complete list of all valid recipients.
> >
> > Then I'm confused - didn't you say that Exchange was accepting on a
> > recipient callout but rejecting on a delivery?
>
> I think it was me that said that (but that was before I put ACLs in to
> prevent Exim accepting the messages in the first place).

Ah. there's 2 of you - stop trying to confuse me :-)

--
Peter Bowyer
Email: peter[at]bowyer.org
Follow me on Twitter: twitter.com/peeebeee

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

j at jdh28

May 2, 2008, 2:38 AM

Post #16 of 27 (466 views)
Permalink

Re: dot at the end of a local part [In reply to]

On Fri, May 2, 2008 at 9:56 AM, Peter Bowyer <peter[at]bowyer.org> wrote:

> On 02/05/2008, Phil Chambers <P.A.Chambers[at]exeter.ac.uk> wrote:
> >
> > On Fri, 2 May 2008 09:01:22 +0100 Peter Bowyer <peter[at]bowyer.org> wrote:
> >
> > > snip snip
> > > This might help:
> > >
> > > verify = recipient/callout=use_sender
> > >
> > > Peter
> >
> > I am doing that but the callout succeeds! (Or rather, I was before I put
> in
> > ACLs to reject the addresses as invalid.)
>
> I guess that means that Exchange is rejecting on invalid senders after
> DATA rather than at RCPT... can you debug the SMTP conversation to
> verify this?

On my Exchange 2000 box, the callout works - Exchange rejects syntactically
invalid sender addresses at SMTP time. It also rejects syntactically invalid
recipient addresses at SMTP time, but accepts and then generates bounces for
unknown recipient addresses.

I believe Exchange 2003 can be configured to do more thorough recipient
validation at SMTP time.

Cheers,
John
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

P.A.Chambers at exeter

May 2, 2008, 2:40 AM

Post #17 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

On Fri, 2 May 2008 10:00:06 +0100 Peter Bowyer <peter[at]bowyer.org> wrote:

> On 02/05/2008, Phil Chambers <P.A.Chambers[at]exeter.ac.uk> wrote:
> >
> > On Fri, 2 May 2008 09:50:12 +0100 (GMT Daylight Time) Phil Chambers
> > <P.A.Chambers[at]exeter.ac.uk> wrote:
> >
> > >
> > > On Fri, 2 May 2008 09:01:22 +0100 Peter Bowyer <peter[at]bowyer.org> wrote:
> > >
> > > > snip snip
> > > > This might help:
> > > >
> > > > verify = recipient/callout=use_sender
> > > >
> > > > Peter
> > >
> > > I am doing that but the callout succeeds! (Or rather, I was before I put in
> > > ACLs to reject the addresses as invalid.)
> > >
> > > Phil.
> >
> > OOps. I did not read carefully enough before replying!!
> >
> > I don't do 'verify = recipient/callout=use_sender' because my Exim box has a
> > complete list of all valid recipients.
>
> Then I'm confused - didn't you say that Exchange was accepting on a
> recipient callout but rejecting on a delivery?
>
> Peter

I'm sorry for the confusion. I replied to say I was doing recipient verify
with callout but that was not correct. I then realised my mistake and sent out
a message to try to correct it.

The true situation is that my Exim box has a list of all the Exchange
recipients and verifies recipient addresses against that, rather that using
callout. On the basis of that it was accepting the messages with trailing dots
in the sender address. These were then being rejected by Exchange.

Phil.
---------------------------------------
Phil Chambers (postmaster[at]exeter.ac.uk)
University of Exeter

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

nigel.metheringham at dev

May 2, 2008, 2:46 AM

Post #18 of 27 (466 views)
Permalink

Re: dot at the end of a local part [In reply to]

As I understand it, addresses with trailing dots and other odd
characters in the local part are not RFC valid - are they
realistically used across the network?

On that assumption, should the general local part validation of
addresses accept those forms, be modified to reject them (which
obviously *can* be done in ACLs), or modified to reject them with an
override (like the helo characters one)?

Modifications would be an incompatible change - working configurations
could then be stopped working, which might be a good thing (unless you
are the one caught out by it).

Nigel.
--
[ Nigel Metheringham Nigel.Metheringham[at]InTechnology.com ]
[. - Comments in this message are my own and not ITO opinion/policy - ]

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Richard.Rogers at staffs

May 2, 2008, 2:48 AM

Post #19 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

exim-users-bounces[at]exim.org wrote:

>
>
> On my Exchange 2000 box, the callout works - Exchange rejects
> syntactically invalid sender addresses at SMTP time. It also rejects
> syntactically invalid
> recipient addresses at SMTP time, but accepts and then
> generates bounces for
> unknown recipient addresses.
>
> I believe Exchange 2003 can be configured to do more thorough
> recipient validation at SMTP time.
>
> Cheers,
> John

Yes, that sounds right. Before I stopped these messages being accepted
by Exim, it was trying to pass them on having accepted them, only for
them to be rejected by Exchange because of the invalid sender address
(the call forward having succeeded because the recipient address was
valid). That left Exim having to send a bounce (which is what I wanted
to avoid!)

Yes, Exchange 2003 can be set up to reject invalid recipient addresses
at SMTP time (which is what allows the call forward to be useful).

regards

Richard

--
Richard Rogers
IT Development and Innovation Manager
Information Services, Staffordshire University

The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Richard.Rogers at staffs

May 2, 2008, 2:54 AM

Post #20 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

exim-users-bounces[at]exim.org wrote:
> As I understand it, addresses with trailing dots and other odd
> characters in the local part are not RFC valid - are they
> realistically used across the network?
>
> On that assumption, should the general local part validation of
> addresses accept those forms, be modified to reject them (which
> obviously *can* be done in ACLs), or modified to reject them with an
> override (like the helo characters one)?
>
> Modifications would be an incompatible change - working configurations
> could then be stopped working, which might be a good thing (unless you
> are the one caught out by it).
>
> Nigel.
> --
> [ Nigel Metheringham Nigel.Metheringham[at]InTechnology.com ]
> [. - Comments in this message are my own and not ITO opinion/policy - ]

Well, rejecting such addresses hasn't caused any "false positive"
rejections here (that I know of).

Would it not be possible to do such rejections without loss of
compatibility by offering it as an "opt in", at least in the first
instance? (that is, you would have to set strict address checking on,
but the default is off)

regards

Richard

--
Richard Rogers
IT Development and Innovation Manager
Information Services, Staffordshire University

The information in this email is confidential and is intended solely for the addressee. Access to this email by anyone else is unauthorised.

If you are not the intended recipient, any disclosure, copying, distribution or any action taken or omitted to be taken in reliance on it, except for the purpose of delivery to the addressee, is prohibited and may be unlawful. Kindly notify the sender and delete the message and any attachment from your computer.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Neil.Youngman at wirefast

May 2, 2008, 5:19 AM

Post #21 of 27 (467 views)
Permalink

Re: dot at the end of a local part [In reply to]

> From: ROGERS Richard [mailto:Richard.Rogers[at]staffs.ac.uk]

> Would it not be possible to do such rejections without loss of
> compatibility by offering it as an "opt in", at least in the first
> instance? (that is, you would have to set strict address checking on,
> but the default is off)

I would suggest that a compatible approach would be a new ACL in the
default exim.conf. This would mean new installs would get the checking
by default and old installs would be able to merge the change if they
chose.

Neil Youngman

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

j at jdh28

May 2, 2008, 5:32 AM

Post #22 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

On Fri, May 2, 2008 at 10:48 AM, ROGERS Richard <Richard.Rogers[at]staffs.ac.uk>
wrote:

> > On my Exchange 2000 box, the callout works - Exchange rejects
> > syntactically invalid sender addresses at SMTP time. It also rejects
> > syntactically invalid
> > recipient addresses at SMTP time, but accepts and then
> > generates bounces for
> > unknown recipient addresses.
> >
> > I believe Exchange 2003 can be configured to do more thorough
> > recipient validation at SMTP time.
>

> Yes, that sounds right. Before I stopped these messages being accepted
> by Exim, it was trying to pass them on having accepted them, only for
> them to be rejected by Exchange because of the invalid sender address
> (the call forward having succeeded because the recipient address was
> valid). That left Exim having to send a bounce (which is what I wanted
> to avoid!)
>

I've just added 'verify = recipient/callout=use_sender' to my ACLs and
Exchange 2000 rejects the callouts with invalid sender addresses correctly.
Perhaps callouts didn't work for you in the past, because you didn't have
the 'use_sender' part?

John
--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

maillist at ovb

May 2, 2008, 6:13 AM

Post #23 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

Neil Youngman wrote:
>> From: ROGERS Richard [mailto:Richard.Rogers[at]staffs.ac.uk]
>>
>> Would it not be possible to do such rejections without loss of
>> compatibility by offering it as an "opt in", at least in the first
>> instance? (that is, you would have to set strict address checking on,
>> but the default is off)
>>
>
> I would suggest that a compatible approach would be a new ACL in the
> default exim.conf. This would mean new installs would get the checking
> by default and old installs would be able to merge the change if they
> chose.
>
>
I opt for the way Richard has suggested it.
My reason: The method used to reject something that is not RFC
conforming by a lengthy ACL makes the configuration just bigger and more
prone to errors than a new option like strict_sender_address_check ON/OFF.

But that are just my 2 cents...

Oliver

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

Lena at lena

May 2, 2008, 12:57 PM

Post #24 of 27 (465 views)
Permalink

Re: dot at the end of a local part [In reply to]

> From: Nigel Metheringham

> As I understand it, addresses with trailing dots and other odd
> characters in the local part are not RFC valid - are they
> realistically used across the network?

Localparts of email addresses of real people - members of a
discussion mailing list (on yahooGroups) I run:
<---leshey---2001@***.ru>, <_veronika@***.by>, <__elle__@***.ru>,
<nataliya_@***.com>, <alisa_@***.ru>, <luna__@***.ru>, <svetlana_@***.ru>,
<oksana_sh_@***.ru>, <_____sun_____@***.ru>
and so on (13 more with trailing dashes and underscores).
And <Julia...@***.ru> (really three trailing dots).
The domains are various large free webmail services.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

chris at eng

May 3, 2008, 7:08 AM

Post #25 of 27 (437 views)
Permalink

Re: dot at the end of a local part [In reply to]

On Fri, 2 May 2008, Lena[at]lena.kiev.ua wrote:

|
| and so on (13 more with trailing dashes and underscores).
|

Those seem quite common - I assume they're RFC-valid - right ?

FWIW I host a list with about 16,000 members, of which:

32 localparts end in underscore (_)
1 localpart ends in hypen (-)
0 localparts end in dot (.)

all other localparts end in [a-z0-9].

|
| And <Julia...@***.ru> (really three trailing dots).
|

Out of interest does that address actually work ? I don't suppose it
could have somehow got onto the list as an error.

--
## List details at http://lists.exim.org/mailman/listinfo/exim-users
## Exim details at http://www.exim.org/
## Please use the Wiki with this list - http://wiki.exim.org/

1 2

View All

Index | Next | Previous | View Threaded

Interested in having your list archived? Contact lists@gossamer-threads.com