[BUG?] Problem whitelisting address containing '+'

Mariano Absatz el.baby at GMAIL.COM
Fri Jul 30 14:35:11 IST 2004 

On Fri, 30 Jul 2004 03:23:11 +0100, Julian Field
<mailscanner at ecs.soton.ac.uk> wrote:
> At 13:18 29/07/2004, you wrote:
> >change this:
> >
> >    # Now it's got an @ sign and something both sides of it
> >    # Change . into \., @ into \@, * into .*
> >    $rule =~ s/\@/\\@/g;
> >    $rule =~ s/\./\\./g;
> >    $rule =~ s/\*/.*/g;
> >
> >to this:
> >
> >    # Now it's got an @ sign and something both sides of it
> >    # Change . into \., @ into \@, + into \+, * into .*
> >    $rule =~ s/\@/\\@/g;
> >    $rule =~ s/\./\\./g;
> >    $rule =~ s/\+/\\+/g;
> >    $rule =~ s/\*/.*/g;
> >A Question
> >----------
> >But is this omitting to escape '+' characters in addresses a bug or
> >deliberate design decision?  [Julian?]
>
> It's a bug. Well spotted. Fixed for the next release.
Great!... I've been using regexes for this for sometime...

>
> >*  if a bug then the above tweak fixes it (but are there any other
> >    metacharacters that should also be escaped?)
>
> Not many are allowed in email addresses anyway.
Well IIRC, both RFC2821 and RFC2822 (I won't reread them now, so DON'T
take my word for it) leave most of the syntax of the local part of
e-mail addresses as a local problem.

They must be 7 bit ASCII
They can't containt '<' or '>'
They shouldn't contain control characters
I think the can't contain spaces (but I'm not sure)... anyway, I don't
think most MUAs allow you to use spaces, so noone should be as stupid
as to use them...

I don't know what happens about square brackets, question marks or
stars... I get the feeling that they're not outlawed by the RFCs...
one should be very stupid to have an address like what?@example.com...
but there's plenty of stupid people out there :-)

I would definitively beware of backslashes (\) which are used as nt
domain/username separator... I've seen them in the wild, but they
usually fail (in fact disappear) miserably when they pass thru most
MTAs.

In order to choose which ones to escape, I'd to for:
+
/
\
and maybe *


--
Mariano Absatz - El Baby
el (dot) baby (AT) gmail (dot) com
el (punto) baby (ARROBA:@) gmail (punto) com

-------------------------- MailScanner list ----------------------
To leave, send    leave mailscanner    to jiscmail at jiscmail.ac.uk
Before posting, please see the Most Asked Questions at
http://www.mailscanner.biz/maq/     and the archives at
http://www.jiscmail.ac.uk/lists/mailscanner.html

More information about the MailScanner mailing list