Hi Bruno,
Am 24.06.19 um 17:05 schrieb Bruno de Paula Larini via dovecot:
I'm using dovecot as postfix's LDA. The version is 2.3.6.
Last week some spammer set the envelope's FROM to "foo@b...@domain.com"
(with two @). While trying to deliver (as this one didn't hit the
spamassassin's score), dovecot said the following:
Jun 21 02:35:58 mymailserver postfix/pipe[29736]: ADA268195E:
to=<user@mydomain>, relay=dovecot, delay=0.08, delays=0.03/0.02/0/0.04,
dsn=5.3.0, status=bounced (command line usage error. Command output:
lda: Fatal: Invalid -f parameter: Invalid character in path )
Which caused postfix to put it on the bounce list, but the spammer's
destiny don't really exist.
I could successfully mimic the spammer using telnet and putting two @ in
"mail from" address.
I don't think this should be an expected behaviour, right? Or is this
some config based error?
No, this is a bug in Dovecot's logic tracked internally at Open-Xchange
AG / Dovecot OY as DOP-1045.
Dovecot LDA and LMTP should just not care about remote address validity
when delivering locally. It's not the LDA's business.
See <6386018f-22b2-9562-b5a2-36e81cbe2...@debian.org> (bounces on
invalid UTF-8 in localpart) for my error report from March.
There have been multiple other users asking about this on the ML, too.
Kind regards,
Daniel
