Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
Op 8/22/2012 8:56 AM, David Anderson schreef: Self-explanatory, I hope (note the period on the end of the username); sieve/pigeonhole does not allow you to have senders which end with a period, which means that any UNIX users with such usernames who send mail have it rejected by sieve: # useradd testuser. # su - testuser. $ mail da...@example.com -s 'testing' 123 . [testuser.@levi ~]$ logout # less /var/log/maillog Aug 22 07:50:56 levi dovecot: lda(da...@example.com): Error: sieve: envelope sender address 'testus...@myhost.example.com' is unparsable Versions: dovecot-pigeonhole-0.2.6-21.el5 dovecot-managesieve-0.2.6-21.el5 dovecot-2.0.18-1_134.el5 Why would anyone have a UNIX username ending in a period? For one, web hosting companies may use your domain name as your username - but be subject to a 32-character limit, so your domain name gets truncated. I would have expected to see that address escaped as testuser.@myhost.example.com. I notice that I haven't tested such addresses much with Sieve and I don't actually know in what form MTAs provide such addresses to the LDA. I'll give that a look soon. Regards, Stephan.
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
On 22.8.2012, at 9.56, David Anderson wrote: Aug 22 07:50:56 levi dovecot: lda(da...@example.com): Error: sieve: envelope sender address 'testus...@myhost.example.com' is unparsable Also is this really rejecting the mail?.. When I looked at it I thought it would simply replace the sender with empty string.
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
On 22/08/12 19:20, Gábor Lénárt wrote: I guess what an RFC says about email address syntax is valid rule for both sender _and_ recipient. Perhaps it would be best if dovecot applied a policy (whatever policy) consistently. It was a surprise to me to transition from CMU sieve to Pigeonhole sieve and find that Dovecot LDA now was happy to deliver the mail, but that Pigeonhole sieve was unhappy. David -- WordShell - WordPress fast from the CLI - www.wordshell.net
[Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
Self-explanatory, I hope (note the period on the end of the username); sieve/pigeonhole does not allow you to have senders which end with a period, which means that any UNIX users with such usernames who send mail have it rejected by sieve: # useradd testuser. # su - testuser. $ mail da...@example.com -s 'testing' 123 . [testuser.@levi ~]$ logout # less /var/log/maillog Aug 22 07:50:56 levi dovecot: lda(da...@example.com): Error: sieve: envelope sender address 'testus...@myhost.example.com' is unparsable Versions: dovecot-pigeonhole-0.2.6-21.el5 dovecot-managesieve-0.2.6-21.el5 dovecot-2.0.18-1_134.el5 Why would anyone have a UNIX username ending in a period? For one, web hosting companies may use your domain name as your username - but be subject to a 32-character limit, so your domain name gets truncated. David -- WordShell - WordPress fast from the CLI - www.wordshell.net
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
On 22/08/12 18:16, Gábor Lénárt wrote: I think nowdays it's a bit outdated to have 1:1 mapping between UNIX users and email addresses anyway. Maybe it's OK, but it's surely problematic in case of mass hosting with many users with policies like you mentioned as well. Virtual users (in the sense of MTA/IMAP/etc servers) are much better idea, in my oppinion. It's OK for a small server used for own purposes for example. But it's only my opinion ... There are no incoming mail accounts for those users. The server in question is a webserver. Every website has a unique UNIX user, for security when running scripts. You can't virtualise that. If you run all your scripts under the same UNIX user on a shared server, then it's less secure. Sieve was complaining about the envelope *sender* address being invalid, on a piece of outgoing mail (generated by the website). It wasn't about incoming mail or maintaining accounts. That's a bit academic, though. It think the main points are that: * Many Unixes allow you to set up usernames ending in periods * The MTAs also allow you to send and receive mail using those periods Strictly according to the RFC, the address is invalid. But if the MTA accepts it, why should sieve reject it? Sieve is deployed to apply filters to mail - not to make policy decisions on valid email addresses. That's a layering violation. If my MTA accepts the mail,and then the dovecot LDA does too, I don't want sieve to over-turn the decision. It's not sieve's job to enforce that part of the RFC and over-rule the MTA and LDA. David -- WordShell - WordPress fast from the CLI - www.wordshell.net
Re: [Dovecot] Sieve/pigeonhole rejects email addresses for valid UNIX users
On Wed, Aug 22, 2012 at 06:45:17PM +0300, David Anderson wrote: There are no incoming mail accounts for those users. The server in question is a webserver. Every website has a unique UNIX user, for security when running scripts. You can't virtualise that. If you run all your scripts under the same UNIX user on a shared server, then it's less secure. Sieve was complaining about the envelope *sender* address being invalid, on a piece of outgoing mail (generated by the website). It wasn't about incoming mail or maintaining accounts. I guess what an RFC says about email address syntax is valid rule for both sender _and_ recipient. Mails are usually filtered to check they are valid, for example a *sender* what you mentioned as an example would not be able to send mails to our ISP since syntax of sender address are checked on the MX MTAs as well. So I don't see too much point to send mails with invalid (by RFC) sender as most mail softwares and/or MTA admin's configuration will reject it, like with your example, check the subject out of your mail. I guess it's a valid decision to reject these. But _again_: I can be wrong here. That's a bit academic, though. It think the main points are that: * Many Unixes allow you to set up usernames ending in periods * The MTAs also allow you to send and receive mail using those periods Strictly according to the RFC, the address is invalid. But if the MTA accepts it, why should sieve reject it? Sieve is deployed to Which MTA? Our ISP would reject those, for example. It's matter of the kind of the MTA, and also its configuration, but since according to the RFC which says that invalid, it's not so suprising that some people and/or mail related software decide not to accept. For sure, there can be softwares/configs which allows it. It clearly shows that it's better to avoid addresses which are often handled as invalid (but not always, it depends, yes), especially if standards says they are invalid as well. apply filters to mail - not to make policy decisions on valid email addresses. That's a layering violation. Well, it's bit out of scope my intent, also I am not instered to start a flame war or so :) I just wanted to point out that it's anyway a very bad idea to use invalid addresses even if it can be said as true that sieve should not reject things if it's MTA's job ... The basic idea is the same: why do you want to use them, if there are problems with these anyway, and sooner or later you will hit a rejection, even if sieve is fixed not having this decision as well. Creating a system which use known to be invalid things (even if it works locally, or other similar examples) are a good sign to introduce interesting and hard-to-track-down problems later, maybe in the more far future only. I can't say anything about sieve itself, to be honest, anyway, and your suggestion that it must be fixed or not. Again, sorry if someone treated my mail as OT/flame/whatever.
