Re: [courier-users] ldapaliasd + FDS + asterisks in mail address = 400 service temporarily unavaila
Brought to you by:
mrsam
From: Yevheniy D. <zh...@uv...> - 2009-12-16 23:45:44
|
On 12/16/2009 09:54 PM, Yevheniy Demchenko wrote: > Recently i've noticed that one of our heavily used mail servers started > to throw "400 service temporarily unavailable" messages to logs. Problem > occurs when courier tries to check an email with asterisks in address > (i.e. rcpt to:<a*****@some.domain.com>) against ldap alias database. > Esmtpd accepts those messages (RFC allows asterisks in mail addresses) > and passes this address to ldapaliasd, which subsequently passes it > unmodified to LDAP server in search filter > (mail=a*****@some.domain.com). LDAP interprets asterisks as special > wildcard symbol. At this point there is a problem. Instead of finding an > exact a***** record in database, ldap server would return something > matching the wildcard. > Some LDAP servers (i.e., redhat directory server) don't allow consequent > asterisks in search filter, throw a "Bad search filter" error and set > non-zero errorcode. ldapaliasd than stops working for a while and > rejects even regular-addressed messages with a "400 service temporarily > unavailable" error. > It seems, that asterisks (and possibly other special symbols) in mail > addresses should be escaped before passing them to ldap. > Proposed patch attached. Tested briefly. May need somewhat better memory handling. -- Ing. Yevheniy Demchenko Senior Linux Administrator UVT s.r.o. |