Eric Shubert ha scritto:
Tonix (Antonio Nati) wrote:
Eric Shubert ha scritto:
Tonino,
I've wondered for a while about this but haven't had a chance to
test it, so I'm going to ask the expert. ;)
If /* #define CHKUSER_ALLOW_SENDER_CHAR_3 '' */ is commented out of
the build, can it be added as an environment variable such as
CHKUSER_ALLOW_SENDER_CHAR_3='/' (from the tcp.smtp file)?
If #define CHKUSER_ALLOW_SENDER_CHAR_3 '?' is defined in the build,
can its value be changed by an environment variable such as
CHKUSER_ALLOW_SENDER_CHAR_3='/' (from the tcp.smtp file)?
If CHKUSER_SENDER_FORMAT is left commented (the default) in the
build, can it be activated by setting the environment variable
CHKUSER_SENDER_FORMAT="1"?
Thanks for your great work on chkuser, and your superb support.
Hello Eric,
actually they cannot be defined as environment variable, but must be
set in "compiled" executable.
I'm wondering if these controls are still actual, as usage of email
has extented a lot, and it is more easy to find strange addresses.
I'm also starting to think to further chkuser improvements... but my
biggest thought is towards qmail improvements...
Anything to suggest?
Tonino
Hey Tonino,
Thanks for your prompt reply, and your interest in improvements.
As you probably know, I'm pretty active with the qmail-toaster
community, and we've been using chkuser since before I came aboard in
'06. We certainly appreciate your work with chkuser. Jake's the
project owner presently and he's calling the shots regarding
configuration, so I've cc'd him on this discussion.
The 'stock' (std) QMT configuration includes a patch file for chkuser
that includes the following non-default values in chkuser_settings.h:
#define CHKUSER_ALLOW_SENDER_SRS
#define CHKUSER_ALLOW_RCPT_SRS
#define CHKUSER_SENDER_NOCHECK_VARIABLE "SENDER_NOCHECK"
#define CHKUSER_ALLOW_SENDER_CHAR_1 '$'
#define CHKUSER_ALLOW_SENDER_CHAR_2 '%'
#define CHKUSER_ALLOW_SENDER_CHAR_4 '?'
#define CHKUSER_ALLOW_SENDER_CHAR_5 '*'
#define CHKUSER_ALLOW_RCPT_CHAR_1 '$'
#define CHKUSER_ALLOW_RCPT_CHAR_2 '%'
#define CHKUSER_ALLOW_RCPT_CHAR_4 '?'
#define CHKUSER_ALLOW_RCPT_CHAR_5 '*'
In addition, it appears that Jake has made the following changes
manually (since v2.0.8):
#define CHKUSER_RCPT_FORMAT
#define CHKUSER_RCPT_MX
#define CHKUSER_SENDER_FORMAT
#define CHKUSER_SENDER_MX
There is primarily one situation that comes to mind where users have
been required to customize the stock chkuser settings. This is due to
users with blackberry devices, which has recently become more frequent.
The sender address with blackberrys sometimes contains the '/'
character, so to circumvent the problem, we have added the following
customization:
#define CHKUSER_ALLOW_SENDER_CHAR_3 '/'
#define CHKUSER_ALLOW_RCPT_CHAR_3 '/'
This works well, with no ill effects noticed to date.
This brings into question the purpose of these checks in chkuser. My
understanding is that these special characters used to be thought of
as a security risk, but I believe that rationale has become outdated.
IMO, the best practice for chkuser would be to allow whatever digits
are defined in the standard for email. See
http://en.wikipedia.org/wiki/E-mail_address#RFC_specification for
details. If there needs to be any customization of the allowed
characters, it would be best to have CHKUSER_DISALLOW_RCPT_CHAR_1...n
values that DISallow certain digits. I can't think of a good reason
for these though, especially since the recipient address is verified
with vpopmail. I can see no purpose at all in restricting sender
address digits beyond what's allowed in the spec. Bottom line is that
I would simply like chkuser to check for the digits as specified in
the RFC, and leave it at that.
I'm wondering, what is the reasoning behind changing the default to
turn off the _FORMAT and _MX settings in v2.0.8? I'm thinking that
this was a good choice, and that perhaps the stock QMT should follow
suit making it the default. Doing so would eliminate this blackberry
problem entirely (and permanently), as well as solving another less
common problem regarding the SENDER_MX not found error.
If Jake concurs, then the only settings different between the stock
QMT and the default chkuser would be:
#define CHKUSER_ALLOW_SENDER_SRS
#define CHKUSER_ALLOW_RCPT_SRS
#define CHKUSER_SENDER_NOCHECK_VARIABLE "SENDER_NOCHECK"
Would it cause a problem to make these the default settings in
chkuser? If not, could you make these the defaults in the next chkuser
release? That would simplify things for Jake, as we would use the
default chkuser settings across the board in the stock QMT.
Bottom line to me is that I'd like to see the stock QMT include the
default chkuser configuration. I think that would be a good thing for
everyone involved, as there would be no 'exceptions' to document or
worry about, no patch file, etc.
Thanks for your time, effort, and attention to this. It's really a
pretty small item, but when we get it resolved it will make things
better for everyone involved.
So what do you guys think?
The reason why some settings are default, and other are not, is this:
When I feel the setting can "disturb" RFC rules, or a general settled
behaviour, I feel it's better to put it disabled as default. Usually
people uses chkuser for checking users in the most simple way, so having
not wanted filters can be annoying (and dangerous sometimes for the the
correct flow of emails).
Filtering on permitted characters of senders addresses is a personal or
organization behaviour, so I'd prefer to keep it disabled, by default.
But, as said before, it is not easy to chose the right settings, so I'm
open to discuss.
Anyway, speaking in a wider way, I'm going to plan new changes on
chkuser, but I'm having the impression qmail limits now are limiting me
more than chkuser limits, so I'm thinking if it would be the case to
start a wider project, integrating and extending qmail.
I've registered "openqmail.org", and thinking to what can be done in
order to extend qmail in a simpler way.
I've done small changes to qmail, besides chkuser,and I'm willing to
make more changes, and I feel what I need (I'm an ISP) probably is what
others need, and viceversa.
What do you think?
Tonino
--
------------------------------------------------------------
in...@zioni Interazioni di Antonio Nati
http://www.interazioni.it to...@interazioni.it
------------------------------------------------------------
!DSPAM:4be28ab832713518399060!
