freebsd-uucp: rmail fails on email addresses with leading dashes

Michael Grimm trashcan at odo.in-berlin.de
Fri Oct 24 20:29:07 UTC 2008 

Hi - 
 
I recently subscribed to this ML, although reading it quite some time 
at Usenet. The background for this mail has its origin in a thread in
comp.unix.bsd.freebsd.misc, see [1]. 

I'm receiving my mail via UUCP, thus '/bin/rmail' will be called by
'/usr/local/libexec/uucp/uuxqt', and I'm receiving a lot of spam from
dumb spammers using guessed email addresses with leading '-' like
'-important at example.tld'. (If I'm not mistaken, then localparts with
leading dashes are valid ones.)
 
This will result in an uuxqt call ...
	/bin/rmail -important at example.tld
... with an UUCP error, which is absolutely correct, because rmail 
doesn't know of any parameter '-important at example.tld'.
 
Workaround is a wrapper script calling 'rmail -- $*'.
 
This has been considered a security issue in [1], and the recommendation
was fixing uuxqt to call 'rmail --', instead.

Although I volunteered to fix it myself, I have to admit that this would
be far beyond my abilities. UUCP looks a rather complicated system to
me. I could't find the call to rmail in uuxqt's sourcecode. 

But, I realized that a so-called 'execute file' is used to tell uuxqt
what to do. I tried to modify an example file in a way that rmail might
have been called the way I need:

'execute file' example:
	U mail somename
	F D.somenameC4X7W
	I D.somenameC4X7W
	R spammer at spammers.invalid
	C rmail -important at example.tld
	Z

I tried to modify it to ...
        C rmail -- -important at example.tld
        C rmail '-- -important at example.tld'
        C rmail "-- -important at example.tld"
... without success:
	ERROR: Execution: Exit status 64

Well, but ...
        C rmail '-important at example.tld'
... worked. uux is generating those 'execute files', but now I'm stuck.
I can't find where I could patch the sourcecode. And, more importantly,
I can't oversee what will break if I could fix it the way I want ... :-(
 
Anyone out there who could help me? This is oooold software, I know ;-) 

This is all on 6.3-RELEASE, but I'm quite sure its the same with 7.x and
8.x.

Regards, 
Michael

[1] http://groups.google.com/group/comp.unix.bsd.freebsd.misc/msg/b653a6cbf387f971
-- 
to let

More information about the freebsd-ports mailing list