This is probably the wrong place to raise this, sorry, but I wonder if anybody else has had the same trouble we've just had.

We're running 2.0.8 with exim and recently a user sent a message with the following sort of "To:" header..

To: listname@listserver.domain>

Notice the trailing '>' character.

Mailman processed this message just fine and sent it out to several hundred subscribers. A small group of these messages failed with 550 result codes from the remote SMTP servers, mostly from one fairly large ISP.

Putting aside the issue of whether or not this is a valid reason for returning a 550 result code, a malicious user could (a) use this technique to exclude users from a discussion or (b) bump these users from the list by sending a flurry of messages that result in their subscriptions being disabled or revoked.

Clearly mailman cannot parse and validate all message headers, but those that it examines (such as "To:") should probably be rejected if they contain syntax errors.

What do other list server owners think?