[ mailman-Bugs-1363422 ] Valid E-mails Rejected as Invalid

SourceForge.net noreply at sourceforge.net
Wed Feb 1 10:29:33 CET 2006

Bugs item #1363422, was opened at 2005-11-22 06:26
Message generated for change (Comment added) made by m-a
You can respond by visiting: 

Please note that this message will contain a full copy of the comment thread,
including the initial issue submission, for this request,
not just the latest update.
Category: (un)subscribing
Group: 2.1 (stable)
Status: Open
Resolution: None
Priority: 7
Submitted By: Tim Wilde (krellis)
Assigned to: Nobody/Anonymous (nobody)
Summary: Valid E-mails Rejected as Invalid

Initial Comment:
I ran into a problem recently with sync_members.  I was
attempting to add a list of addresses that included
"---tim--- at krellis.org", but this address was rejected:

bin/sync_members -a=no -f
Invalid :               ---tim--- at krellis.org
You must fix the preceding invalid addresses first.

While this is an ODD address, it is perfectly legal,
per section 3.4 of RFC 2822
(http://www.faqs.org/rfcs/rfc2822.html).  Rejecting a
valid address like this seems like a pretty major
problem to me.

This was with MailMan 2.1.6 on FreeBSD 4.  If there is
any more information I can provide, please let me know.

Tim Wilde


Comment By: Matthias Andree (m-a)
Date: 2006-02-01 10:29

Logged In: YES 

Mailman is not alone in rejecting messages that start with a
"-" - some MTAs also do that, for instance, Postfix (but see
Postfix's "allow_min_user" option).

The reason is that too many sites mistake such addresses for
sendmail command-line options, because most sendmail users
are clueless and forget the "--" before the addresses.

For that reason, it is rather unwise to use mail addresses
that start with a "-" - while legal, it's not universally


Comment By: Tim Wilde (krellis)
Date: 2005-12-06 00:57

Logged In: YES 

This appears to be a problem with line 210 of Utils.py, in
the ValidateEmail function:

    if _badchars.search(s) or s[0] == '-':
        raise Errors.MMHostileAddress, s  

MailMan is explicitly rejecting e-mails that start with a
hyphen.  Why?  This is a perfectly legal e-mail address.  If
MailMan is using e-mail addresses in such an unsafe way that
they could be interpreted as command line arguments, that's
just absurd.  I can't see any other reason to forbid a
leading hyphen, though.

Can anyone tell me if I will be safe removing this check, or
if MailMan will blow up elsewhere?


You can respond by visiting: 

More information about the Mailman-coders mailing list