OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: recipient OK? Sendmail YES, Postfix NO
From: Wietse Venema (wietseporcupine.org)
Date: Fri Oct 13 2000 - 05:16:30 CDT

Big Brother:
>
> Apparently, I need to reduce the checking that postfix performs on
> incoming email (or turn on some dandy feature). The staff has bounced
> this problem to me...
>
> We recently switched from Sendmail to Postfix, and:
>
> Aida is still pushing for answers. I found out that the actual mailing
> list address is indeed:
>
> Post message: -1mature_xfiles_fansegroups.com

That is rejected by a hard coded piece of C inside the queue manager.
A little bit of grep will find it for you, you already have the
error message.

Removing that restriction may be unsafe. But removing it would
require changing all the Postfixen out there in the world.

Addresses starting with '-' can cause all kinds of trouble on a
UNIX system, because they can be interpreted as command-line options.

The Postfix pipe mailer is an example of an interface that talks
to programs that want recipient addresses on the command line, and
no doubt the same happens with programs called from the Postfix
local delivery agent for mail delivery.

Making all those interfaces safe against recipients starting with
'-' is very problematic. Putting the security burden on the Postfix
user was unacceptable. So I took the bold step of disallowing
addresses starting with '-'.

If someone has a 100% safe way to eliminate this misfeature without
putting the security burden on the Postfix user, you're welcome to
produce a patch.

        Wietse