Bad sender address syntax ..
Mark Martinec
Mark.Martinec+amavis at ijs.si
Mon Jul 16 14:31:54 CEST 2012
Amedeo,
> Weird 'Bad sender address syntax', where '""@' come from ? some
> ideas? (see info below)
> Ok.. I've investigated a little and it come out that my postfix is
> accepting email addresses with an empty local-part.
> The postfix 'strict_rfc821_envelopes' configuration parameter handles
> also this behaviour.. (default: disabled).
> Amavis don't love it too much ( ""@domain.tld ) and "gracefully" stuck
> .. with a probable DoS risk.
>
> So, my fault.. I wasn't aware of this requirement
> (strict_rfc821_envelopes=yes).
It's a case of 'garbage-in/garbage-out'. Neither a null local part
nor a "" are valid, but Postfix chose to mercifully permit the
first but not the second, unless strict_rfc821_envelopes=yes.
RFC 5322 requires quoting of a local part which is not following
a dot-atom syntax, which is what amavisd did, at least until
version 2.4.0:
amavisd-new-2.4.0 release notes
- no longer bother to convert addresses like <""@yahoo.com> to <@yahoo.com>,
both forms are invalid anyway, and recent versions of Postfix treat them
the same. It is probably a good idea to set strict_rfc821_envelopes=yes
in main.cf to reject such non-replyable sender addresses straight away,
otherwise we end up processing such mail with inability to bounce it when
needed, effectively losing it;
Mark
More information about the amavis-users
mailing list