On Fri, Mar 26, 2010 at 06:28:50PM +0100, Matias Surdi wrote:
> The problem is that I'm receiving mails to non existent accounts, or ,
> with an accented (non ascii) character and instead of rejecting the
> mail postfix is replying the client with a 451 error, here is the
> session transcript, with modified domains for privacy reasons:
SMTP is not a UTF-8 protocol, it is an ASCII protocol, and envelopes
with non-ASCII characters are malformed. In your case, you should
reject these via a suitable check before passing them to LDAP.
> In: RCPT TO:<"?myuser"@example.com>
> Out: 451 4.3.0 < myu...@example.com>: Temporary lookup failure
Don't pass non-ASCII user names to your LDAP table.
> search_base = uid=%u,ou=users,dc=example,dc=com
In RFC 2253, all attribute values are assumed to be UTF-8. Postfix has
no idea what character-encoding (UTF-8, ISO-8859-1, ...) corresponds to
a non-ASCII envelope recipient, and so cannot translate this value to
UTF-8. The value provided is encoded in the query verbatim. In this case,
your server objects to the malformed UTF-8 string in the search base.
Use a fixed search base with a "scope" of "sub" or "one".
search_base = ou=users,dc=example,dc=com
and add (uid=%u) to your search filter if necessary.
> search_base = uid=%u,ou=users,dc=example,dc=com
> query_filter =
> (&(mail...@example.com)(memberOf=cn=service_email,ou=groups,dc=example,dc=com))
> result_format = ./example.com/%s/
> result_attribute = uid
> scope = base
Perhaps the LDAP server will tolerate non-ASCII data in the query value
and return "not-found".
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
