Per Jessen wrote:

> Matt Kettler wrote:
>> Per Jessen wrote:
>>> Occasionally I'd like to do something like this:
>>> whitelist_from_rcvd * /^smtp[0-9]+\.orange\.fr$/

>> One problem.. That involves a regex, but whitelist_from is a "regular
>> user" config option.
>> In general, regular expressions are intentionally not used in
>> "regular user" options due to the potential for a to possibly exploit
>> the system. (this is why user_prefs can't contain rules unless you
>> define allow_user_rules).
>> So, SA actually went out of its way to prevent that from being
>> allowed.

> Yes, I saw that in the code

I've been reading some more and it looks like it is actually possible to
use regex syntax in the domain part of whitelist_from_rcvd. The
address part is sanitized, but the domain part isn't.

/Per Jessen, Z├╝rich