Chkuser rejects the blackberry messages because of the '/' character in
the sender address, right?
We were experiencing this issue and I tried editing tcp.smtp as
suggested by Helmut Fritz (thanks Helmut!). But due to the stealth
server issue I broke down and reconfigured chkuser using the procedure
found at: http://wiki.qmailtoaster.com/index.php/Chkuser
I added '/' as a CHKUSER_ALLOW_SENDER_CHAR
All is well now with blackberry emails for us, but because of the
trouble this issue caused I check the logs daily to make sure nothing is
being blocked from RIM. Because of this I have noticed other messages
that are blocked by chkuser due to invalid characters. Most of these
are spam but for some I can't be certain.
Some of the characters that chkuser seems to block on appear to be
listed in RFC 2822 as legal. I would add these characters to my chkuser
configuration as additional CHKUSER_ALLOW_SENDER_CHAR entries but the
version of chkuser (v2.0.8) in the current qmailtoaster package only
allows 6 entries. The latest version, v2.0.9, allows up to 10. Are
there any plans to go to the new version?
Brent Gardner
Jean-Paul van de Plasse wrote:
Btw, its not just blackberry that needs this fix.. also mails from for example
ticketmaster.co.uk and some mails from paypal.
So I really suggest to change this behaviour for all incoming connections.. You
will not know what emails were lost and that I think is a bigger problem then
the very small security problem.. qmail does not use the email address in any
file, only if you would have an external program doing something with the
filesystem based on the address it could give problems (imo)..
If anyone does see real security implications I would like to hear them really..
JP
----- Original Message -----
From: Helmut Fritz
To: qmailtoaster-list@qmailtoaster.com
Sent: Friday, October 26, 2007 7:42 PM
Subject: RE: [qmailtoaster] I hate Blackberry , 5.1.0 - Unknown address error
571-'sorry, (#5.7.1 - chkuser)'
understood, but if it is just one server there may be enough log entries for
folks to collaborate to find it - and make appropriate entries and engage
blackberry about it.
i have also seen comments that say those characters are not against the rfc
and other comments that say they are. if they are not, then qmail should not
choke on them. if they are, blackberry should be engaged.
------------------------------------------------------------------------------
From: Jake Vickers [mailto:[EMAIL PROTECTED]
Sent: Friday, October 26, 2007 10:37 AM
To: qmailtoaster-list@qmailtoaster.com
Subject: Re: [qmailtoaster] I hate Blackberry , 5.1.0 - Unknown address error
571-'sorry, (#5.7.1 - chkuser)'
Helmut Fritz wrote:
i wonder - is there a way to id this one? or do they all masquerade as the same hostname/ip? i am thinking not, since we could then add a line for that ip and it would cover all of them.
If you look at the wiki, you'll see where I did a MX lookup on their domain and started
to name each server to allow the characters - this particular one was NOT listed in the
MX records - it seems to be a "stealth" server. It may appear in the SPF
records, but by that time a client was literally screaming at me on the phone, so I just
fixed it with a broad stroke, albeit a blunt one. I did some testing afterwards to see
if I should go back and make it look pretty (ie: do it the right way), but found no need
myself.
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
