Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
On 22.8.2012, at 9.56, David Anderson wrote: > Aug 22 07:50:56 levi dovecot: lda(da...@example.com): Error: sieve: envelope > sender address 'testus...@myhost.example.com' is unparsable Also is this really rejecting the mail?.. When I looked at it I thought it would simply replace the sender with empty string.
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
Op 8/22/2012 8:56 AM, David Anderson schreef: Self-explanatory, I hope (note the period on the end of the username); sieve/pigeonhole does not allow you to have senders which end with a period, which means that any UNIX users with such usernames who send mail have it rejected by sieve: # useradd testuser. # su - testuser. $ mail da...@example.com -s 'testing' 123 . [testuser.@levi ~]$ logout # less /var/log/maillog Aug 22 07:50:56 levi dovecot: lda(da...@example.com): Error: sieve: envelope sender address 'testus...@myhost.example.com' is unparsable Versions: dovecot-pigeonhole-0.2.6-21.el5 dovecot-managesieve-0.2.6-21.el5 dovecot-2.0.18-1_134.el5 Why would anyone have a UNIX username ending in a period? For one, web hosting companies may use your domain name as your username - but be subject to a 32-character limit, so your domain name gets truncated. I would have expected to see that address escaped as "testuser."@myhost.example.com. I notice that I haven't tested such addresses much with Sieve and I don't actually know in what form MTAs provide such addresses to the LDA. I'll give that a look soon. Regards, Stephan.
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
On 22/08/12 19:20, Gábor Lénárt wrote: I guess what an RFC says about "email address syntax" is valid rule for both sender _and_ recipient. Perhaps it would be best if dovecot applied a policy (whatever policy) consistently. It was a surprise to me to transition from CMU sieve to Pigeonhole sieve and find that Dovecot LDA now was happy to deliver the mail, but that Pigeonhole sieve was unhappy. David -- WordShell - WordPress fast from the CLI - www.wordshell.net
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
On Wed, Aug 22, 2012 at 06:45:17PM +0300, David Anderson wrote:
> There are no incoming mail accounts for those users. The server in
> question is a webserver. Every website has a unique UNIX user, for
> security when running scripts. You can't virtualise that. If you run
> all your scripts under the same UNIX user on a shared server, then
> it's less secure.
>
> Sieve was complaining about the envelope *sender* address being
> invalid, on a piece of outgoing mail (generated by the website). It
> wasn't about incoming mail or maintaining accounts.
I guess what an RFC says about "email address syntax" is valid rule for both
sender _and_ recipient. Mails are usually filtered to check they are valid,
for example a *sender* what you mentioned as an example would not be able to
send mails to our ISP since syntax of sender address are checked on the MX
MTAs as well. So I don't see too much point to send mails with invalid (by
RFC) sender as most mail softwares and/or MTA admin's configuration will
reject it, like with your example, check the subject out of your mail. I
guess it's a valid decision to reject these.
But _again_: I can be wrong here.
> That's a bit academic, though. It think the main points are that:
>
> * Many Unixes allow you to set up usernames ending in periods
> * The MTAs also allow you to send and receive mail using those periods
>
> Strictly according to the RFC, the address is invalid. But if the
> MTA accepts it, why should sieve reject it? Sieve is deployed to
Which MTA? Our ISP would reject those, for example. It's matter of the kind
of the MTA, and also its configuration, but since according to the RFC which
says that invalid, it's not so suprising that some people and/or mail
related software decide not to accept. For sure, there can be
softwares/configs which allows it. It clearly shows that it's better to
avoid addresses which are often handled as invalid ("but not always", it
depends, yes), especially if "standards" says they are invalid as well.
> apply filters to mail - not to make policy decisions on valid email
> addresses. That's a layering violation.
Well, it's bit out of scope my intent, also I am not instered to start a
flame war or so :) I just wanted to point out that it's anyway a very bad
idea to use invalid addresses even if it can be said as true that sieve
should not reject things if it's MTA's job ... The basic idea is the same:
why do you want to use them, if there are problems with these anyway, and
sooner or later you will hit a rejection, even if sieve is "fixed" not
having this decision as well. Creating a system which use known to be
invalid things (even if it works locally, or other similar examples) are a
"good" sign to introduce "interesting" and hard-to-track-down problems
later, maybe in the more far future only.
I can't say anything about sieve itself, to be honest, anyway, and your
suggestion that it must be fixed or not.
Again, sorry if someone treated my mail as OT/flame/whatever.
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
On 22/08/12 18:16, Gábor Lénárt wrote: I think nowdays it's a bit outdated to have 1:1 mapping between UNIX users and email addresses anyway. Maybe it's OK, but it's surely problematic in case of mass hosting with many users with policies like you mentioned as well. Virtual users (in the sense of MTA/IMAP/etc servers) are much better idea, in my oppinion. It's OK for a small "server" used for own purposes for example. But it's only my opinion ... There are no incoming mail accounts for those users. The server in question is a webserver. Every website has a unique UNIX user, for security when running scripts. You can't virtualise that. If you run all your scripts under the same UNIX user on a shared server, then it's less secure. Sieve was complaining about the envelope *sender* address being invalid, on a piece of outgoing mail (generated by the website). It wasn't about incoming mail or maintaining accounts. That's a bit academic, though. It think the main points are that: * Many Unixes allow you to set up usernames ending in periods * The MTAs also allow you to send and receive mail using those periods Strictly according to the RFC, the address is invalid. But if the MTA accepts it, why should sieve reject it? Sieve is deployed to apply filters to mail - not to make policy decisions on valid email addresses. That's a layering violation. If my MTA accepts the mail,and then the dovecot LDA does too, I don't want sieve to over-turn the decision. It's not sieve's job to enforce that part of the RFC and over-rule the MTA and LDA. David -- WordShell - WordPress fast from the CLI - www.wordshell.net
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
Hi, On Wed, Aug 22, 2012 at 09:56:04AM +0300, David Anderson wrote: > Self-explanatory, I hope (note the period on the end of the > username); sieve/pigeonhole does not allow you to have senders which > end with a period, which means that any UNIX users with such > usernames who send mail have it rejected by sieve: > > # useradd testuser. > # su - testuser. > $ mail da...@example.com -s 'testing' > 123 > . > [testuser.@levi ~]$ logout > > # less /var/log/maillog > > Aug 22 07:50:56 levi dovecot: lda(da...@example.com): Error: sieve: > envelope sender address 'testus...@myhost.example.com' is unparsable Afaik local-part can't have period as the first or the last character by RFC ... But correct me if I am wrong. At least according to wikipedia: The local-part of the email address may use any of these ASCII characters RFC 5322 Section 3.2.3, RFC 6531 permits Unicode beyond the ASCII range: [...] Character . (dot, period, full stop) (ASCII: 46) provided that it is not the first or last character, and provided also that it does not appear two or more times consecutively (e.g. john.@example.com is not allowed.). http://en.wikipedia.org/wiki/Email_address#Local_part I think nowdays it's a bit outdated to have 1:1 mapping between UNIX users and email addresses anyway. Maybe it's OK, but it's surely problematic in case of mass hosting with many users with policies like you mentioned as well. Virtual users (in the sense of MTA/IMAP/etc servers) are much better idea, in my oppinion. It's OK for a small "server" used for own purposes for example. But it's only my opinion ...
[Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
Self-explanatory, I hope (note the period on the end of the username); sieve/pigeonhole does not allow you to have senders which end with a period, which means that any UNIX users with such usernames who send mail have it rejected by sieve: # useradd testuser. # su - testuser. $ mail da...@example.com -s 'testing' 123 . [testuser.@levi ~]$ logout # less /var/log/maillog Aug 22 07:50:56 levi dovecot: lda(da...@example.com): Error: sieve: envelope sender address 'testus...@myhost.example.com' is unparsable Versions: dovecot-pigeonhole-0.2.6-21.el5 dovecot-managesieve-0.2.6-21.el5 dovecot-2.0.18-1_134.el5 Why would anyone have a UNIX username ending in a period? For one, web hosting companies may use your domain name as your username - but be subject to a 32-character limit, so your domain name gets truncated. David -- WordShell - WordPress fast from the CLI - www.wordshell.net
