Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. exim>
  3. dev
exim overzealously cleaning local parts of mail addresses
mh+exim-dev at zugschlus
Mar 20, 2005, 8:35 AM
Post #1 of 6 (1622 views)
Permalink
Hi,

I am having a strange issue with exim and a rather exotic user name.
The user in question is running exim against an active directory, and
thus has local user account names like "DOMAIN\First Last". It looks
like exim does some cleanup on the localpart, thus failing to match
the local part of the address to the user account in the
check_local_part option:

$ getent passwd 1002
DOMAIN\First Last:x:1002:100::/home/DOMAIN\First Last:
$ /usr/sbin/exim4 -bt -d '"DOMAIN\First Last"'
Exim version 4.50 uid=1001 gid=1001 pid=29845 D=fbb95cfd
<snip>
Considering "DOMAIN\First Last"@lefler.int.l21.ma.zugschlus.de
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing "DOMAIN\First Last"@lefler.int.l21.ma.zugschlus.de
--------> local_user router <--------
local_part=domainfirst last domain=lefler.int.l21.ma.zugschlus.de
checking for local user
local_user router skipped: domainfirst last is not a local user
no more routers

If I double the backslash, and put the account name in /etc/passwd in
lower case, exim manages to route the address:

$ getent passwd 1003
domain\first2 last:x:1003:100::/home/DOMAIN\First Last:
$ /usr/sbin/exim4 -bt -d '"domain\\first2 last"'
<snip>
Considering "domain\\first2 last"@lefler.int.l21.ma.zugschlus.de
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
routing "domain\\first2 last"@lefler.int.l21.ma.zugschlus.de
--------> local_user router <--------
local_part=domain\first2 last domain=lefler.int.l21.ma.zugschlus.de
checking for local user
R: local_user for domain\first2 last@lefler.int.l21.ma.zugschlus.de
calling local_user router
local_user router called for "domain\\first2 last"@lefler.int.l21.ma.zugschlus.de

I am now wondering whether exim is actually supposed to remove
backslashes and mess with the character case of the local part while
routing and would like to hear your comments (or is that more a topic
for exim-users?)

Here is my exim4.conf:
admin_groups=mh

begin acl

begin routers

local_user:
debug_print = "R: local_user for $local_part@$domain"
driver = accept
check_local_user
transport = mail_spool

begin transports

mail_spool:
debug_print = "T: appendfile for $local_part@$domain"
driver = appendfile
file = /var/mail/$local_part
group = mail
mode = 0660
mode_fail_narrower = false

begin retry

begin rewrite

begin authenticators




and here is the script that I used to make sure that no shell quoting
interferes:

#!/usr/bin/perl -w

use strict;

my @cmd=( "/usr/sbin/exim4",
"-bt",
);

if( $ARGV[0] eq "d" ) {
push( @cmd, "-d" );
shift @ARGV;
}

if( $ARGV[0] eq "1" ) {
push( @cmd, "mh");
} elsif( $ARGV[0] eq "2" ) {
push( @cmd, "\"DOMAIN\\First Last\"" );
} elsif( $ARGV[0] eq "3" ) {
push( @cmd, "\"DOMAIN\\\\First Last\"" );
} elsif( $ARGV[0] eq "4" ) {
push( @cmd, "\"domain\\\\first2 last\"" );
} elsif( $ARGV[0] eq "5" ) {
push( @cmd, "Debian-exim" );
} else {
die "illegal argument";
}


print join("\n", @cmd). "\n";

system(@cmd);


Greetings
Marc


--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Re: exim overzealously cleaning local parts of mail addresses [ In reply to ]
kjetilho at ifi
Mar 20, 2005, 9:57 AM
Post #2 of 6 (1587 views)
Permalink
On Sun, 2005-03-20 at 16:35 +0100, Marc Haber wrote:
> I am now wondering whether exim is actually supposed to remove
> backslashes

yes. see RFC 2821. a backslash only protects the next characters.
consider the e-mail address <Smith\,John@example.org>

> and mess with the character case of the local part while
> routing and would like to hear your comments (or is that more a topic
> for exim-users?)

see caseful_local_part. if you want case-insensitive matching, you need
to make sure your source for usernames is normalised to just lower case.

--
Kjetil T.
Re: exim overzealously cleaning local parts of mail addresses [ In reply to ]
mh+exim-dev at zugschlus
Mar 20, 2005, 10:08 AM
Post #3 of 6 (1583 views)
Permalink
Hi,

On Sun, Mar 20, 2005 at 05:57:12PM +0100, Kjetil Torgrim Homme wrote:
> On Sun, 2005-03-20 at 16:35 +0100, Marc Haber wrote:
> > I am now wondering whether exim is actually supposed to remove
> > backslashes
>
> yes. see RFC 2821. a backslash only protects the next characters.
> consider the e-mail address <Smith\,John@example.org>

Looks like I misinterepreted. I thought that this rule only applied
outside of quoted local parts, making <Smith\,John@example.org> the
same then <"Smith,John"@example.org>.

> > and mess with the character case of the local part while
> > routing and would like to hear your comments (or is that more a topic
> > for exim-users?)
>
> see caseful_local_part. if you want case-insensitive matching, you need
> to make sure your source for usernames is normalised to just lower case.

Lowercasing all usernames is not possible if you get the user name
list from some entity not under your control (for example, a LDAP
directory). I'd prefer exim doing a case-insensitive comparision if
caseful_local_part is false. I am not sure about the implications of
doing this changce though.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Re: exim overzealously cleaning local parts of mail addresses [ In reply to ]
kjetilho at ifi
Mar 20, 2005, 10:31 AM
Post #4 of 6 (1585 views)
Permalink
On Sun, 2005-03-20 at 18:08 +0100, Marc Haber wrote:
> > yes. see RFC 2821. a backslash only protects the next characters.
> > consider the e-mail address <Smith\,John@example.org>
>
> Looks like I misinterepreted. I thought that this rule only applied
> outside of quoted local parts, making <Smith\,John@example.org> the
> same then <"Smith,John"@example.org>.

consider an address with a quote mark in it: <"foo\""@example.org>

> Lowercasing all usernames is not possible if you get the user name
> list from some entity not under your control (for example, a LDAP
> directory).

with LDAP it is simple, the LDAP server does all the work since the
attribute should have the correct matching algorithm associated with it.

> I'd prefer exim doing a case-insensitive comparision if
> caseful_local_part is false. I am not sure about the implications of
> doing this changce though.

it would require quite a bit of code changes, and it would make Exim
less efficient for everyone else (by definition _every_ existing Exim
installation has no need for changing strcmp to strcasecmp everywhere).
I can't say I sympathise with this request.
--
Kjetil T.
Re: exim overzealously cleaning local parts of mail addresses [ In reply to ]
mh+exim-dev at zugschlus
Mar 20, 2005, 10:52 AM
Post #5 of 6 (1587 views)
Permalink
On Sun, Mar 20, 2005 at 06:31:44PM +0100, Kjetil Torgrim Homme wrote:
> On Sun, 2005-03-20 at 18:08 +0100, Marc Haber wrote:
> > > yes. see RFC 2821. a backslash only protects the next characters.
> > > consider the e-mail address <Smith\,John@example.org>
> >
> > Looks like I misinterepreted. I thought that this rule only applied
> > outside of quoted local parts, making <Smith\,John@example.org> the
> > same then <"Smith,John"@example.org>.
>
> consider an address with a quote mark in it: <"foo\""@example.org>

A _very_ strong point. Thanks for pointing that out to me.

> > Lowercasing all usernames is not possible if you get the user name
> > list from some entity not under your control (for example, a LDAP
> > directory).
>
> with LDAP it is simple, the LDAP server does all the work since the
> attribute should have the correct matching algorithm associated with it.

It is harder when the LDAP server is actually an Active Directory
service where people either can't configure things, or don't know
about how to configure things.

> > I'd prefer exim doing a case-insensitive comparision if
> > caseful_local_part is false. I am not sure about the implications of
> > doing this changce though.
>
> it would require quite a bit of code changes, and it would make Exim
> less efficient for everyone else (by definition _every_ existing Exim
> installation has no need for changing strcmp to strcasecmp everywhere).
> I can't say I sympathise with this request.

I can understand that.

Greetings
Marc

--
-----------------------------------------------------------------------------
Marc Haber | "I don't trust Computers. They | Mailadresse im Header
Mannheim, Germany | lose things." Winona Ryder | Fon: *49 621 72739834
Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835
Re: exim overzealously cleaning local parts of mail addresses [ In reply to ]
ph10 at cus
Mar 21, 2005, 2:50 AM
Post #6 of 6 (1581 views)
Permalink
On Sun, 20 Mar 2005, Marc Haber wrote:

> > it would require quite a bit of code changes, and it would make Exim
> > less efficient for everyone else (by definition _every_ existing Exim
> > installation has no need for changing strcmp to strcasecmp everywhere).
> > I can't say I sympathise with this request.
>
> I can understand that.

I certainly wouldn't want to make changes in this area now, as it would
almost certainly break *somebody's* configuration. I believe the default
is "right" because in most installations, people want/expect local parts
to be treated case-insensitively.

If your local parts are case-sensitive, but you do not actually have
differently cased ones (e.g. if you have a local part "PhilHazel" you do
not also have "philhazel") the recommended thing to do is to convert the
incoming local part into the right case with a leading router, if you
can, so that external people don't have to worry about the case. Don't
know if you could do this with LDAP, but with a flat file such as

philhazel: PhilHazel

you could do this:

convert:
driver = redirect
domains = .... whatever
data = ${lookup{$local_part}lsearch{/the/file}{$value@$domain}}

and then set caseful_local_part on all the following routers (but not on
this router).


--
Philip Hazel University of Cambridge Computing Service,
ph10@cus.cam.ac.uk Cambridge, England. Phone: +44 1223 334714.
Get the Exim 4 book: http://www.uit.co.uk/exim-book

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal