Re: [exim] local_user section with check_local_user removed …

トップ ページ
このメッセージを削除
このメッセージに返信
著者: Luke Kenneth Casson Leighton
日付:  
To: exim-users
題目: Re: [exim] local_user section with check_local_user removed (as advised
ok.

philip, your advice is excellent: it has allowed me to see what is going
on and compare two sets of results.

you can, if you so wish, see these two files and the diff, at:

    http:hands.com/~lkcl/exim4_debug/


the diff (in the randomly named file 'f') highlights an example config
option that shows how to specify 'empty' (in the acl section covering
greylisting)

actually - it's _not_ comparing against 'empty', it's comparing against
a list of two items where the 2nd item is implicity ignored because
it's next to the end-of-line character, where the first item ends up
being the empty string. not quite the same thing, and a very odd
workaround, but close enough :)

[btw it's very very odd to have config files which don't use matched
characters to delimit parameters, but anyway...]

anyway - it answers one of my questions, but i don't believe that it
solves the issue.


ok. i think i know what's happening - or, more specifically, what
_isn't_ happening.

the combinations are as follows:

<>
<@localhost>
<fakeuser>
<fakeuser@>

if you try <@localhost>, then you get this:

    MAIL FROM:<@localhost>
    SMTP<< MAIL FROM:<@localhost>
    LOG: smtp_syntax_error MAIN
      SMTP syntax error in "MAIL FROM:<@localhost>" H=localhost [127.0.0.1] no local part
    SMTP>> 501 <@localhost>: no local part


ok, so _that's_ ok - it says 'no local part' (which, btw is exactly how
<> should be treated, but i'll get on to that in a second...)

so, let's try the next one:

    MAIL FROM:<fakeuser>
    SMTP<< MAIL FROM:<fakeuser>
    SMTP>> 501 <fakeuser>: sender address must contain a domain
    501 <fakeuser>: sender address must contain a domain
    LOG: smtp_syntax_error MAIN REJECT
      unqualified sender rejected: <fakeuser> H=localhost [127.0.0.1]


ok, so _that_ isn't acceptable.

now, finally, let's try this:

    MAIL FROM:<fakeuser@>
    SMTP<< MAIL FROM:<fakeuser@>
    LOG: smtp_syntax_error MAIN
      SMTP syntax error in "MAIL FROM:<fakeuser@>" H=localhost [127.0.0.1] domain missing or malformed
    SMTP>> 501 <fakeuser@>: domain missing or malformed
    501 <fakeuser@>: domain missing or malformed


ok, so _that_ isn't accepted, _either_!

so, what's so special about <> that it has to be allowed and accepted by
exim4????

if you can't do <user> because you have to do <user@localhost>

if you can't do <@localhost> because it doesn't have a 'local part'

if you can't do <user@> because it doesn't have a 'domain'

then _what_ is so damn special about <> that it has to be accepted
and then has to be dealt with by configuration files?
at least there's a temporary fix without requiring a recompiled
exim4, and the bad thing is that the temporary fix needs to go into
absolutely _everyone's_ exim4 config files, and i mean absolutely
everyone.

_now_ can you appreciate why i believe this to be a bug in exim4, that
has nothing to do with configuration files??

if exim4 special-cases <@localhost> hard-coded handling without config
file intervention, if exim4 special-cases <fakeuser> hard-coded handling
without config file intervention, if exim4 special-cases <fakeuser@>
hard-coded handling without config file intervention, then why isn't it
special-case hard-coded rejecting <> as well???

in the mean-time, i am adding this, and it actually appears to work:

    deny
        message = <$sender_address> is an invalid address!
        log_message = <> is an invalid address.
        senders = :


i've added it into the acl_check_rcpt section (debian's exim4 config
section name which is actually acl_smtp_rcpt)

there are probably better places to put it - like in the acl which deals
with mail from - but i don't know its name. acl_mail_from, by chance?

:)

l.



On Thu, Feb 01, 2007 at 04:42:19PM +0000, Philip Hazel wrote:
> On Thu, 1 Feb 2007, Luke Kenneth Casson Leighton wrote:
>
> > HELO localhost
> > MAIL FROM:<>
> > RCPT TO:llllllllllllltotallyfakeaddress@localhost
> >
> > and _that_ was accepted (!)
>
> Instead of doing this using telnet, try using Exim's -bh debugging
> facility, possibly also with -d for additional debugging data. It will
> show you exactly what Exim is doing.
>
> -- 
> Philip Hazel            University of Cambridge Computing Service
> Get the Exim 4 book:    http://www.uit.co.uk/exim-book


--
--
lkcl.net - mad free software computer person, visionary and poet.
--