On Fri, Mar 26, 2010 at 04:54:00PM -0400, Wietse Venema wrote:
> > Don't pass non-ASCII user names to your LDAP table.
>
> Hmm. If the Postfix LDAP driver handles only non-ASCII query keys
> then we should have a smarter response from the mail system.
Agreed. By the time I read your message, I had already implemented this
idea. Arguably, something similar should be done for MySQL and PgSQL,
since even with the databases willing to convert local encodings to
UTF-8, the data Postfix sends into the query is not known to be in the
local character-set, and so all such queries are dubious.
How useful is support for non-ASCII "RCPT TO" and "MAIL FROM"? It seems
to me that it may be best to just reject them as invalid SMTP syntax long
before we get to the database layer.
Index: src/global/dict_ldap.c
--- src/global/dict_ldap.c 10 Mar 2010 04:39:57 -0000 1.1.1.1.12.1
+++ src/global/dict_ldap.c 26 Mar 2010 21:10:55 -0000
@@ -1180,12 +1180,21 @@
static VSTRING *result;
int rc = 0;
int sizelimit;
+ const char *cp;
dict_errno = 0;
if (msg_verbose)
msg_info("%s: In dict_ldap_lookup", myname);
+ for (cp = name; *cp; ++cp)
+ if (!ISASCII(*cp)) {
+ if (msg_verbose)
+ msg_info("%s: %s: Skipping lookup of non-ASCII key '%s'",
+ myname, dict_ldap->parser->name, name);
+ return (0);
+ }
+
/*
* Optionally fold the key.
*/
@@ -1203,7 +1212,8 @@
*/
if (db_common_check_domain(dict_ldap->ctx, name) == 0) {
if (msg_verbose)
- msg_info("%s: Skipping lookup of '%s'", myname, name);
+ msg_info("%s: %s: Skipping lookup of key '%s': domain mismatch",
+ myname, dict_ldap->parser->name, name);
return (0);
}
#define INIT_VSTR(buf, len) do { \
--
Viktor.
P.S. Morgan Stanley is looking for a New York City based, Senior Unix
system/email administrator to architect and sustain our perimeter email
environment. If you are interested, please drop me a note.
