		    Some notes on address checking

		  Seth Robertson <seth@soscorp.com>
			   SOS Corporation


Address checking is impossible to do legally: RFC 1123 5.2.16
specifies that a mail forwarder (e.g. a firewall) ``MUST NOT interpret
or modify the "local-part" of the address.''

Address checking is impossible to do perfectly: first of all, if the
destination MTA is not sendmail or Unix, the holes which it has and
address parsing rules which it uses will most likely be different.  We
are aware of no MTAs which are fully 821 and 822 compliant which
forces people to write to a defacto-standard (e.g. sendmail).
Sendmail, for example, does not do domain-literals and
group/route-addr precedence correctly.  Even if we were to restrict
ourselves to sendmail and Unix, different versions of sendmail and
even more distressing, different versions of the sendmail
configuration file, may parse addresses in different orders to come up
with a different ``local-part''.

We are aware of no address checker which rejects all addresses that it
should and accepts all address that it should or even as sendmail
does.  The latest version of sendmail, while not RFC complient, is
able to reject all addresses at final delivery time since the address
has been fully parsed and stripped at that point.  Thus, people should
NOT assume that the firewall will properly strip all potentially
problematic addresses, and thus should make sure that all internal
machines running sendmail are running the latest version.

We list below various addresses which might cause problems to some
address checking programs.  The first few are obvious, but some are
downright tricky since they depend on ``bugs'' in how sendmail
interprets addresses.

----------------------------------------------------------------------
(*) RFC valid addresses which should not be falsely rejected

Normal file mailer
	/tmp/foo, </tmp/foo>, "/tmp/foo", "</tmp/foo>"

Normal prog mailer
	|cat, <|cat>, "|cat", "<|cat>"

Check for group pullups
	Ok Man : |cat ;

Check for routing pullups
	<@beta: |cat@localhost>
	<@beta,@alpha: |cat@localhost>

Check for invalid routing pullups
	<|cat : nobody@localhost>
	<nobody> <|cat>
	<|cat> <nobody>			(*)

Check for route-addr pullups
	|cat <nobody>			(*)

Check for UUCP routing
	localhost!localhost!|cat

Check for invalid UUCP pullups
	<|/bin/cat !nobody>
	"|cat x ! nobody % localhost @ localhost"

Check for X.500 addresses
	/co=us/stupid			(*)

Check for X.500 done incorrectly
	/vmunix, foo=bar/stupid

Check for quoting done correctly
	"Joe, |cat, Cool"		(*)
	"Joe, |cat, Cool" nobody	(*)
	"Joe, <|cat>, Cool" nobody	(*)
	(Joe, <|cat>, Cool)		(*)
	<"Joe, |cat, Cool"> n		(*)
	<nobody "@localhost>, |/bin/cat, <nobody" @ localhost> (*)
	"\|cat > /tmp/bar"		(*)
	"nobody@localhost, |cat"	(*)

Sendmail does not enforce route syntax
	<@localhost,|cat@localhost>

Sendmail does not do group/route-addr precedence correctly
	<|cat>:nobody;			(*)

Sendmail does not do domain-literal correctly
	<nobody [ >, "|cat > /tmp/bar", < ] nobody>	(*)
----------------------------------------------------------------------
