Bugs item #1363422, was opened at 2005-11-22 06:26
Message generated for change (Comment added) made by m-a
You can respond by visiting:

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: (un)subscribing
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 7
Submitted By: Tim Wilde (krellis)
Assigned to: Nobody/Anonymous (nobody)
Summary: Valid E-mails Rejected as Invalid

Initial Comment:
I ran into a problem recently with sync_members. I was
attempting to add a list of addresses that included
"---tim--- at krellis.org", but this address was rejected:

bin/sync_members -a=no -f
Invalid : ---tim--- at krellis.org
You must fix the preceding invalid addresses first.

While this is an ODD address, it is perfectly legal,
per section 3.4 of RFC 2822
(http://www.faqs.org/rfcs/rfc2822.html). Rejecting a
valid address like this seems like a pretty major
problem to me.

This was with MailMan 2.1.6 on FreeBSD 4. If there is
any more information I can provide, please let me know.

Tim Wilde


Comment By: Matthias Andree (m-a)
Date: 2006-02-01 10:29

Logged In: YES

Mailman is not alone in rejecting messages that start with a
"-" - some MTAs also do that, for instance, Postfix (but see
Postfix's "allow_min_user" option).

The reason is that too many sites mistake such addresses for
sendmail command-line options, because most sendmail users
are clueless and forget the "--" before the addresses.

For that reason, it is rather unwise to use mail addresses
that start with a "-" - while legal, it's not universally


Comment By: Tim Wilde (krellis)
Date: 2005-12-06 00:57

Logged In: YES

This appears to be a problem with line 210 of Utils.py, in
the ValidateEmail function:

if _badchars.search(s) or s[0] == '-':
raise Errors.MMHostileAddress, s

MailMan is explicitly rejecting e-mails that start with a
hyphen. Why? This is a perfectly legal e-mail address. If
MailMan is using e-mail addresses in such an unsafe way that
they could be interpreted as command line arguments, that's
just absurd. I can't see any other reason to forbid a
leading hyphen, though.

Can anyone tell me if I will be safe removing this check, or
if MailMan will blow up elsewhere?


You can respond by visiting:

Search Discussions

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-coders @
postedFeb 1, '06 at 9:29a
activeFeb 1, '06 at 9:29a

1 user in discussion

SourceForge.net: 1 post



site design / logo © 2022 Grokbase