Hello!
Maybe experiment with auth_username_chars:
# List of allowed characters in username. If the user-given username contains
# a character not listed in here, the login automatically fails. This is just
# an extra check to make sure user can't exploit any potential quote escaping
# vulnerabilities with SQL/LDAP databases. If you want to allow all characters,
# set this value to empty.
#auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@
Good luck,
Reio
On 07.03.18 14:46, Philipp Berger wrote:
I wrapped the LDA command in a script. I can see that Postfix passes
"@@mydomain.tld" as the -d argument, without quotes.
I then adapted the script to specifically replace this address with
"@"@mydomain.tld, but this results in the following error message by
Dovecot:
auth: Info: userdb(?): Username character disallowed by
auth_username_chars: 0x22 (username: "@"@mydomain.tld)
So what would be the appropriate quoting/setting for this address?
Kind regards,
Philipp
Am 06-Mar-18 um 15:08 schrieb Stephan Bosch:
Op 6-3-2018 om 14:34 schreef Philipp Berger:
I upgraded to Dovecot 2.3.0.1 as advised, but it still seems broken. In
the Postfix log I now see:
Mar 6 13:49:03 myhost amavis[7165]: (07165-10) K00VtLRHdrYw FWD from
<ad...@mydomain.tld> -> <"@"@mydomain.tld>, BODY=7BIT 250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B8CA22DA1B37
Mar 6 13:49:03 myhost amavis[7165]: (07165-10) Passed CLEAN
{RelayedInbound}, [someIp]:11439 [someIp] <ad...@mydomain.tld> ->
<"@"@mydomain.tld>, Queue-ID: D27792DA167C, Message-ID:
<22b95756-e95e-86cf-219c-3b603f758...@mydomain.tld>, mail_id:
K00VtLRHdrYw, Hits: -3, size: 7472, queued_as: B8CA22DA1B37, 1863 ms
Mar 6 13:49:03 myhost postfix/smtp[2329]: D27792DA167C:
to=<@@mydomain.tld>, relay=127.0.0.1[127.0.0.1]:10024, delay=2,
delays=0.15/0.01/0/1.9, dsn=2.0.0, status=sent (250 2.0.0 from
MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as B8CA22DA1B37)
Mar 6 13:49:03 myhost postfix/pipe[2282]: B8CA22DA1B37:
to=<@@mydomain.tld>, relay=dovecot, delay=0.2, delays=0.11/0/0/0.09,
dsn=5.1.1, status=bounced (user unknown)
Mar 6 13:49:03 myhost postfix/cleanup[2280]: EA37E2DA1F80:
message-id=<20180306124903.ea37e2da1...@mydomain.tld>
Mar 6 13:49:04 myhost postfix/bounce[2334]: B8CA22DA1B37: sender
non-delivery notification: EA37E2DA1F80
Mar 6 13:49:04 myhost postfix/qmgr[21911]: EA37E2DA1F80: from=<>,
size=9830, nrcpt=1 (queue active)
Mar 6 13:49:04 myhost postfix/qmgr[21911]: B8CA22DA1B37: removed
Mar 6 13:49:04 myhost postfix/pipe[2282]: EA37E2DA1F80:
to=<ad...@mydomain.tld>, relay=dovecot, delay=0.07,
delays=0.05/0/0/0.02, dsn=5.3.0, status=bounced (command line usage
error. Command output: lda: Fatal: Invalid -f parameter: Missing
domain )
I can see in my MySQL Log that Dovecot queried at the same time with %n
= "" (empty) and %d = "@mydomain.tld". So now the "@" is dropped
entirely.
What does the "Fatal: Invalid -f parameter: Missing domain" tell us? Do
I need to change the way Postfix calls Dovecot? Add more quotes? :D
Can you check what Postfix is feeding to Dovecot exactly (i.e.,
whether it is properly escaped)? Maybe wrap dovecot-lda in some shell
script and see what is passed.
Regards,
Stephan.
Kind regards,
Philipp
Am 04-Mar-18 um 21:12 schrieb Stephan Bosch:
Op 3/1/2018 om 2:07 PM schreef Philipp Berger:
Dear all,
I have a working setup with Postfix + Dovecot, storing users in a
MySQL
table.
I ran into problems setting up and using a mail address like
a"@"b...@mydomain.tld, which by RFC should be valid, but leads to
problems
in Dovecot. From my debugging, I can see that on the lookup, Dovecot
replaces %n with "a" (quotes added by me) and %d with "b...@mydomain.tld"
(quotes added by me). So the original quotes are gone, and the
domain/user split is incorrect.
I am not sure of Postfix passes the address without quotes to
Dovecot or
whether Dovecot can not handle quotes correctly, but I was hoping that
someone with more insight into Dovecot could help me out here.
System Info: Debian 9, Postifx 3.1.6-0+deb9u1, Dovecot 2.2.27-3+deb9u1
Postfix master.cf for Dovecot:
dovecot unix - n n - - pipe
flags=DRhu user=virtual:virtual
argv=/usr/lib/dovecot/dovecot-lda -f
${sender} -d ${user}@${nexthop}
I am grateful for any hints :)
Thank you in advance, kind regards,
Yeah, Dovecot v2.2 is doing some funky stuff with SMTP address parsing.
Dovecot v2.3 should do a better job. I am still not sure if this can be
fixed well for Dovecot v2.2.
Regards,
Stephan.
