Per Jessen wrote:

> Matt Kettler wrote:
>
>> Per Jessen wrote:
>>> Occasionally I'd like to do something like this:
>>>
>>> whitelist_from_rcvd *@domain.fr /^smtp[0-9]+\.orange\.fr$/
>>>

>> One problem.. That involves a regex, but whitelist_from is a "regular
>> user" config option.
>>
>> In general, regular expressions are intentionally not used in
>> "regular user" options due to the potential for a to possibly exploit
>> the system. (this is why user_prefs can't contain rules unless you
>> define allow_user_rules).
>>
>> So, SA actually went out of its way to prevent that from being
>> allowed.

>
> Yes, I saw that in the code


I've been reading some more and it looks like it is actually possible to
use regex syntax in the domain part of whitelist_from_rcvd. The
address part is sanitized, but the domain part isn't.


/Per Jessen, Z├╝rich