[Mimedefang] canonicalize_email error

Alan Premselaar alien at 12inch.com
Mon May 9 21:23:57 EDT 2005


Jan Pieter Cornet wrote:

[snip]
>>
>>sub canonicalize_email ($) {
>>        my ($email) = @_;
>>
>>        $email =~ s/^<//;
>>        $email =~ s/>$//;
>>
>>        return lc($email);
>>}
>>
>>basically all it does is remove any < or > from the email and return it 
>>in lowercase.
> 

Actually, looking at this code again (with a clear mind) all it does is 
remove a preceeding < and a trailing >

if i'm not mistaken, i yanked the code from DFS's Verisign SiteFinder 
checking code that circulated the list awhile back.

> 
> Have you considered
> 
> RCPT To:< "aL\ien+foo"@mail.12inch.com.>
> 
> which your mailer could accept as valid and deliver to you (Except
> that in your case, you're not accepting mail to the hostname of
> your MX, which is good, but in some cases that or something similar
> might be configured).
> 

I very specifically do not accept mail for the hostname of my MX server 
(unless it's generated locally) as I don't *ever* use it. (and it's 
prone to changes at any given point in time) ... my experience has been 
that any mail (not locally generated) to *@mail.12inch.com is 100% SPAM.

even if ' "aL\ien+foo"@mail.12inch.com.' gets passed to sendmail having 
passed thru my filters, if sendmail knows to strip the plussed content 
and handle the \i as an 'i' then it'll still get delivered, but 
SpamAssassin / CLAMAV / etc will still be run on the message.

and *anything*@mail.12inch.com should be rejected.

(I'll have to re-read thru my filter to double check all of this... I've 
pretty much got it in 'set and forget' mode for awhile)

> I've got a somewhat monstrous routine that will actually rewrite this
> to a canonicalized email address, and it does a loose RFC2821 compliance
> check too (somewhat less monstrous than the last chapter of mastering
> regular expressions, though).
> 
I wouldn't mind seeing the code if you're planning to share it, although 
I probably won't spend a lot of time/resources implenting it on my 
personal server(s) just yet.

[snip]

alan



More information about the MIMEDefang mailing list