Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 24 Oct 2008 20:13:59 +0000 (UTC)
From:      Michael Grimm <trashcan@odo.in-berlin.de>
To:        freebsd-ports@freebsd.org
Subject:   freebsd-uucp: rmail fails on email addresses with leading dashes
Message-ID:  <gdtaa7$2c2q$1@odo.in-berlin.de>
next in thread | raw e-mail | index | archive | help 
Hi - 
 
I recently subscribed to this ML, although reading it quite some time 
at Usenet. The background for this mail has its origin in a thread in
comp.unix.bsd.freebsd.misc, see [1]. 

I'm receiving my mail via UUCP, thus '/bin/rmail' will be called by
'/usr/local/libexec/uucp/uuxqt', and I'm receiving a lot of spam from
dumb spammers using guessed email addresses with leading '-' like
'-important@example.tld'. (If I'm not mistaken, then localparts with
leading dashes are valid ones.)
 
This will result in an uuxqt call ...
	/bin/rmail -important@example.tld
... with an UUCP error, which is absolutely correct, because rmail 
doesn't know of any parameter '-important@example.tld'.
 
Workaround is a wrapper script calling 'rmail -- $*'.
 
This has been considered a security issue in [1], and the recommendation
was fixing uuxqt to call 'rmail --', instead.

Although I volunteered to fix it myself, I have to admit that this would
be far beyond my abilities. UUCP looks a rather complicated system to
me. I could't find the call to rmail in uuxqt's sourcecode. 

But, I realized that a so-called 'execute file' is used to tell uuxqt
what to do. I tried to modify an example file in a way that rmail might
have been called the way I need:

'execute file' example:
	U mail somename
	F D.somenameC4X7W
	I D.somenameC4X7W
	R spammer@spammers.invalid
	C rmail -important@example.tld
	Z

I tried to modify it to ...
        C rmail -- -important@example.tld
        C rmail '-- -important@example.tld'
        C rmail "-- -important@example.tld"
... without success:
	ERROR: Execution: Exit status 64

Well, but ...
        C rmail '-important@example.tld'
... worked. uux is generating those 'execute files', but now I'm stuck.
I can't find where I could patch the sourcecode. And, more importantly,
I can't oversee what will break if I could fix it the way I want ... :-(
 
Anyone out there who could help me? This is oooold software, I know ;-) 

This is all on 6.3-RELEASE, but I'm quite sure its the same with 7.x and
8.x.

Regards, 
Michael

[1] http://groups.google.com/group/comp.unix.bsd.freebsd.misc/msg/b653a6cbf387f971
-- 
to let

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?gdtaa7$2c2q$1>