Chr. von Stuckrad wrote:
> Hi!
>
> Lately we found out, that a local combination of software (svn with
> kerberos auth and python mailscripting) *always* generates Addresses
> the following way ...: For a given SVN-User it simply mails to 'Usrname'
> assuming the typical "sendmail ...<usernam>" will correctly qualify.
>
> Bad luck, because Kerberos-Users are 'Principals', themselves of the
> form "username@???". So NO qualify, AND wrong domain.
> Even worse, this Domain exists, receives mail, but almost never by
> <username@???> because Mails nomally go to subdomains.
>
> So the only 'feasible' workaround may be, to ONLY REWRITE THE UPPERCASE
> FORM, because Kerberos Principals always are uppercase, but mails (should)
> have lowercase domains.
>
> The SMTP-Rewrites (patterns) seem to work as it shall be,
> hopefully really never 'hitting' the lowercase variant,
> but I have not found a solution for the Headers!
>
> Which flag in combination with what (acl, router, whatever) can
> rewrite only "ONE SPECIFIC UPPERCASE ONLY Domainname", so that the
> Mail completely 'belongs' to the rewritten Domain (if possible
> in all Headers)?
I suspect that what you have left still to do just might be too unusual
to be a problem Exim expects to have to deal with.
At least not with just a flag or three..
You could *perhaps*:
- Save what comes in.
- Pass it to an [external] executable
- meanwhile have Exim headers_remove [offending | all ] headers
- drop in the corrected ones returned by the external tool
COULD be internal - embedded perl for one...
>
> In the exim_spec documentaion (10.20) it is:
>
> The domain portion of an address is always lowercased
> before matching it to an address list.
>
> May be I have no chance anyway to find these cases?
> May be work with a combiation of 'condition' and 'redirect'
> and transport to another MTA?
Or simply reject.
svn+python mailscript with kerberos have no sacred ignore-RFC permit.
That MAY just be a config error at source, but even if coding is needed
- their job, not the mailadmin's.
>
> Clueless after two days of reading and testig,
>
> Stucki
>
>
Routing to some other MTA doesn't seem to be a solution, as Exim is far
from the only MTA that would balk at such formats.
EVEN IF 'sendmail' would pass them (not convinced of that), what then
happens at the far-end target MTA?
Bill