Victor Duchovni:
> On Fri, Mar 26, 2010 at 06:28:50PM +0100, Matias Surdi wrote:
>
> > The problem is that I'm receiving mails to non existent accounts, or ,
> > with an accented (non ascii) character and instead of rejecting the
> > mail postfix is replying the client with a 451 error, here is the
> > session transcript, with modified domains for privacy reasons:
>
> SMTP is not a UTF-8 protocol, it is an ASCII protocol, and envelopes
> with non-ASCII characters are malformed. In your case, you should
> reject these via a suitable check before passing them to LDAP.
>
> > In: RCPT TO:<"?myuser"@example.com>
> > Out: 451 4.3.0 < myu...@example.com>: Temporary lookup failure
>
> Don't pass non-ASCII user names to your LDAP table.
Hmm. If the Postfix LDAP driver handles only non-ASCII query keys
then we should have a smarter response from the mail system.
One obvious response is to return a "not found" result. We have
prior art with this. When Postfix is asked to look up an empty
string, some Berkeley DB implementations return an error, so we
don't do such lookups and return "not found" instead of a non-peristent
error.
> In RFC 2253, all attribute values are assumed to be UTF-8. Postfix has
> no idea what character-encoding (UTF-8, ISO-8859-1, ...) corresponds to
> a non-ASCII envelope recipient, and so cannot translate this value to
> UTF-8. The value provided is encoded in the query verbatim. In this case,
> your server objects to the malformed UTF-8 string in the search base.
Fortunately, UTF-8 is a "stateful" encoding so it knows that this
non-ASCII character is out-of-order, but I would prefer not to make
the query at all.
Wietse
