On 7/04/2023 12:32 am, Viktor Dukhovni via Postfix-users wrote:
On Thu, Apr 06, 2023 at 04:57:51PM +1000, Sean Gallagher via Postfix-users
wrote:
What a can of worms..
IDNA2003 allowed UTF8 in domain names
IDNA specified an encoding system for mapping UTF8 labels to
ACE-prefixed LDH labels that can be used in DNS. The resulting data in
DNS (in zone files and on the wire) is ASCII LDH.
IDNA2008 subsequently forbid non-ASCII characters in domain names.
This is false. IDNA tweaked the encoding rules, mostly to make sure
that both:
A-label -> valid U-label -> A-label
valid U-label -> A-label -> valid U-label
are the identity function.
The SMTP HELO name was always 7-bit, none of the above changed this.
I stand corrected. IDNA2003 did in fact include punycode DNS encodings.
Which seems to leave "reject_non_fqdn_helo_hostname" to non-standard,
private systems that do place UTF8 directly into domain names.
This also seems to leave a small hole in Postfix's sanity checks.
Perhaps what is needed is a new HELO/EHLO restriction that understands
the RFC4390 ACE prefix ("xn--") prefixed domain names and checks that
they are well formed and can be successfully converted into permitted
unicode code points. What would happen if someone included emojis in
their hostname? Granted, this is easier said than done. The set of
permitted unicode code points has changed over time.
--
This email has been checked for viruses by AVG antivirus software.
www.avg.com
_______________________________________________
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
