firewall-wizards@listserv.icsalabs.com
To subscribe or unsubscribe via the World Wide Web, visit
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
or, via email, send a message with subject or body 'help' to
firewall-wizards-request@listserv.icsalabs.com
You can reach the person managing the list at
firewall-wizards-owner@listserv.icsalabs.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of firewall-wizards digest..."
Today's Topics:
1. obscure email address formats (ArkanoiD)
2. Re: obscure email address formats (Carson Gaspar)
3. Re: obscure email address formats (Chuck Swiger)
4. Re: obscure email address formats (david@lang.hm)
5. Re: obscure email address formats (Carl Friedberg)
6. Re: obscure email address formats (Kurt Buff)
7. Re: obscure email address formats (Marcus J. Ranum)
----------------------------------------------------------------------
Message: 1
Date: Tue, 24 May 2011 00:30:24 +0400
From: ArkanoiD <ark@eltex.net>
Subject: [fw-wiz] obscure email address formats
To: firewall-wizards@listserv.cybertrust.com
Message-ID: <20110523203024.GA10147@eltex.net>
Content-Type: text/plain; charset=koi8-r
Is there any good reason to allow email addresses (in smtp, imap and alikes)
in any format different from mailbox@fqdn ?
There is plenty of other stuff defined in RFCs and I wonder if anyone really uses it so
I should *not* just filter it out.
------------------------------
Message: 2
Date: Mon, 23 May 2011 15:13:29 -0700
From: Carson Gaspar <carson@taltos.org>
Subject: Re: [fw-wiz] obscure email address formats
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <4DDADC09.7030506@taltos.org>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 5/23/11 1:30 PM, ArkanoiD wrote:
> Is there any good reason to allow email addresses (in smtp, imap and alikes)
> in any format different from mailbox@fqdn ?
>
> There is plenty of other stuff defined in RFCs and I wonder if anyone really uses it so
> I should *not* just filter it out.
I assume you really mean mailbox@fqdn for the actual address part only,
but in case you didn't...
mailbox@fqdn isn't enough - you must at _least_ handle full names in the
address etc. The quoting rules are byzantine, but really required as
mail clients emit all sorts of stuff.
I don't think there is any reason to support ! or % addressing any more.
Be careful when you validate "mailbox" so that you allow all legal names
(unlike !@##$% javascript validators that refuse user+subfolder@fqdn
addresses).
------------------------------
Message: 3
Date: Mon, 23 May 2011 15:19:06 -0700
From: Chuck Swiger <chuck@codefab.com>
Subject: Re: [fw-wiz] obscure email address formats
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <FF3331CF-1FFE-4723-850E-67E3EEF6E73C@codefab.com>
Content-Type: text/plain; CHARSET=US-ASCII
On May 23, 2011, at 1:30 PM, ArkanoiD wrote:
> Is there any good reason to allow email addresses (in smtp, imap and alikes)
> in any format different from mailbox@fqdn ?
>
> There is plenty of other stuff defined in RFCs and I wonder if anyone really uses it so
> I should *not* just filter it out.
People around these parts use address tags <user+mailbox@fqdn.example.org> all of the time to attempt delivery to a particular mailbox (if it exists) rather than INBOX.
RFC-5322 discusses obsolete addressing and header formats and suggests how they should be handled. Nobody is likely to use explicit address routing nowadays, or UUCP !-paths, or headers with arbitrary amounts of whitespace between a header and the colon (ie, "Date : " rather than "Date: ").
Regards,
--
-Chuck
------------------------------
Message: 4
Date: Mon, 23 May 2011 15:18:31 -0700 (PDT)
From: david@lang.hm
Subject: Re: [fw-wiz] obscure email address formats
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.cybertrust.com>
Message-ID: <alpine.DEB.2.02.1105231517110.8167@asgard.lang.hm>
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
what sort of obscure formats are you thinking of eliminating?
there's good reason to allow mailbox+folder@fqdn for some people that's
considered obscure, for others it's just less common.
David Lang
On Tue, 24 May 2011, ArkanoiD wrote:
> Is there any good reason to allow email addresses (in smtp, imap and alikes)
> in any format different from mailbox@fqdn ?
>
> There is plenty of other stuff defined in RFCs and I wonder if anyone really uses it so
> I should *not* just filter it out.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
------------------------------
Message: 5
Date: Mon, 23 May 2011 18:32:36 -0400
From: Carl Friedberg <friedberg@exs.esb.com>
Subject: Re: [fw-wiz] obscure email address formats
To: 'Firewall Wizards Security Mailing List'
<firewall-wizards@listserv.icsalabs.com>
Message-ID:
<A52149436D8D9E438646C80BB222A67F3201C2069A@Boltzmann.esb.com>
Content-Type: text/plain; charset="us-ascii"
Outbound (if you are sending e-mail to an external server) there might be either of these formats:
xtl.com:foobar@example.com
foobar%example.com@xtl.com
I use both of those formats with a mail forwarding service.
Carl Friedberg
-----Original Message-----
From: firewall-wizards-bounces@listserv.icsalabs.com [mailto:firewall-wizards-bounces@listserv.icsalabs.com] On Behalf Of ArkanoiD
Sent: Monday, May 23, 2011 4:30 PM
To: firewall-wizards@listserv.cybertrust.com
Subject: [fw-wiz] obscure email address formats
Is there any good reason to allow email addresses (in smtp, imap and alikes)
in any format different from mailbox@fqdn ?
There is plenty of other stuff defined in RFCs and I wonder if anyone really uses it so
I should *not* just filter it out.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
------------------------------
Message: 6
Date: Mon, 23 May 2011 15:23:55 -0700
From: Kurt Buff <kurt.buff@gmail.com>
Subject: Re: [fw-wiz] obscure email address formats
To: Firewall Wizards Security Mailing List
<firewall-wizards@listserv.icsalabs.com>
Message-ID: <BANLkTimp-Y1qZQuaF=ctivWogt+xAr4NvQ@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8
I know that '+' addressing is commonly used. Don't know about others,
such as '!' routing, etc.
On Mon, May 23, 2011 at 13:30, ArkanoiD <ark@eltex.net> wrote:
> Is there any good reason to allow email addresses (in smtp, imap and alikes)
> in any format different from mailbox@fqdn ?
>
> There is plenty of other stuff defined in RFCs and I wonder if anyone really uses it so
> I should *not* just filter it out.
>
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@listserv.icsalabs.com
> https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
>
------------------------------
Message: 7
Date: Mon, 23 May 2011 18:25:15 -0400
From: "Marcus J. Ranum" <mjr@ranum.com>
Subject: Re: [fw-wiz] obscure email address formats
To: firewall-wizards@listserv.icsalabs.com
Message-ID: <4DDADECB.60108@ranum.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
On 5/23/2011 4:30 PM, ArkanoiD wrote:
> Is there any good reason to allow email addresses (in smtp, imap and alikes)
> in any format different from mailbox@fqdn ?
There is a good reason not to allow them: it will help force
everyone to use the de facto standard, correctly. If you
start accepting variants then the variants will work, and
might survive in the wild.
I made exactly that argument about X.400 in 1989, if I
recall. :) I was trying to make my firewall only pass
u@h.d format, because I felt it would be an honor to
hammer my own small nail into that particular coffin. :)
mjr.
--
Marcus J. Ranum CSO, Tenable Network Security, Inc.
http://www.tenable.com
------------------------------
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
End of firewall-wizards Digest, Vol 58, Issue 11
************************************************
No comments:
Post a Comment