Re: [Dovecot] dovecot auth is case insensitive, but fs is sensitive :) (SOLVED)
On ons 19 aug 2009 22:39:02 CEST, Benny Pedersen wrote could you mail me that config to horde ?, but still i also like to make a better dovecot.conf if its possible so it will say user unknown instaed of just accept case insensitive on auth just to the mail archives, i sorted this problem with auth case error with upgrade from 1.1.7 to 1.1.16, no more problems with 2 fs users pr mysql auth super, keep up the good work all -- xpoint
Re: [Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
On ons 19 aug 2009 15:31:39 CEST, Patrick Domack wrote My fix was to adjust the ldap schema to have case sensitivty, and then add for user idiot proofing, force usernames to lowercase in horde. could you mail me that config to horde ?, but still i also like to make a better dovecot.conf if its possible so it will say user unknown instaed of just accept case insensitive on auth -- xpoint
Re: [Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wed, 19 Aug 2009, pod wrote: But the username in the authentication db is completely independent of any localpart that might be used to deliver to a mailbox - access to which is authenticated by providing creds for that username. I don't see how the fact that MTAs may or may not consider localparts to be case-sensitive has any bearing on the case-sensitivity of usernames stored in the authentication database. I understood the problem so: If you construct the path in the local file system from the username derived from the local part, you need to be prepared to handle different case names, hence, use %L modifier or return a new spelling from the auth DB. E.g. recipient addresses: fore.surn...@example.com, fore.surn...@example.com ... mail_location = maildir:/var/mail/%u/Maildir Bye, - -- Steffen Kaiser -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (GNU/Linux) iQEVAwUBSowLW3WSIuGy1ktrAQLa1gf+PHG8AcZbHluLS32GvE7imIQJrLV0UJ2k 4rHwm0eaOi0EH5sy9LqThyc2ooeqlI9hds3PFzS3EUMpXOLS7sm794x1KbHY8E1L yTLRLi+Lfb/u4Ahsz6+xWddL7zZ7NQA3RGxX5qdXidzjJzkECseGT6E15e/PpcJ5 HOivl9v5YREy0ZFU7TmNgXb5pDxXD9z9SkTWlr8StyYPi2yaeB8m1qUo6YI+OKB4 5iL7VhRrDvsxgHCBhaqIXAjO1woeB+8xAjpi/qXRdWwb2pqrEj43YhscMteidLay YQM5NzFDy0nxi3EC5zIi2EZlD7pwPKOk1astInhPLLIe05LtX3vkJg== =oOud -END PGP SIGNATURE-
Re: [Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
Noel Butler writes: > On Wed, 2009-08-19 at 01:41 -0400, Timo Sirainen wrote: > >> Dovecot auth isn't case-insensitive. But MySQL is, and I guess you're >> using it? There are several different ways around it. > > > Which is not a problem since most (all) MTA's normally treat user@ as > case insensitive. But the username in the authentication db is completely independent of any localpart that might be used to deliver to a mailbox - access to which is authenticated by providing creds for that username. I don't see how the fact that MTAs may or may not consider localparts to be case-sensitive has any bearing on the case-sensitivity of usernames stored in the authentication database.
Re: [Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
Actually that isn't the issue. The issue is like one I had with ldap, till I modified it to be case sensitive. And that is, atleast in my old pre-1.0 version of dovecot, it would authenicate the user with mixed or uppercase letters, then use that username for the mailpath. Since the mailpath is case sensitive, it would respond to the user saying they have no email, cause the path isn't found. But in reality they have email, in the all lower case letter version of their username. My fix was to adjust the ldap schema to have case sensitivty, and then add for user idiot proofing, force usernames to lowercase in horde. Quoting Noel Butler : On Wed, 2009-08-19 at 01:41 -0400, Timo Sirainen wrote: On Aug 19, 2009, at 1:37 AM, Benny Pedersen wrote: > others have found this problem ? Dovecot auth isn't case-insensitive. But MySQL is, and I guess you're using it? There are several different ways around it. Which is not a problem since most (all) MTA's normally treat user@ as case insensitive. Only an incompetently written portal or mail-management script/software/setup would allow a user foo@ *and then* allow FOO@ or Foo@ etc to be added. If you use management software that does that, dump it, and if it's in-house written, I'd kick the programmers ass for allowing it to be so poorly designed in the first place. RFC2821 The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. Mailbox domains are not case sensitive. In particular, for some hosts the user "smith" is different from the user "Smith". However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged. ^ So although permitted, it is only a fool that actually does it.
Re: [Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
On Wed, 2009-08-19 at 01:41 -0400, Timo Sirainen wrote: > On Aug 19, 2009, at 1:37 AM, Benny Pedersen wrote: > > > others have found this problem ? > > Dovecot auth isn't case-insensitive. But MySQL is, and I guess you're > using it? There are several different ways around it. Which is not a problem since most (all) MTA's normally treat user@ as case insensitive. Only an incompetently written portal or mail-management script/software/setup would allow a user foo@ *and then* allow FOO@ or Foo@ etc to be added. If you use management software that does that, dump it, and if it's in-house written, I'd kick the programmers ass for allowing it to be so poorly designed in the first place. RFC2821 The local-part of a mailbox MUST BE treated as case sensitive. Therefore, SMTP implementations MUST take care to preserve the case of mailbox local-parts. Mailbox domains are not case sensitive. In particular, for some hosts the user "smith" is different from the user "Smith". However, exploiting the case sensitivity of mailbox local-parts impedes interoperability and is discouraged. ^ So although permitted, it is only a fool that actually does it.
Re: [Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
On Aug 19, 2009, at 1:37 AM, Benny Pedersen wrote: others have found this problem ? Dovecot auth isn't case-insensitive. But MySQL is, and I guess you're using it? There are several different ways around it.
[Dovecot] dovecot auth is case insensitive, but fs is sensitive :)
others have found this problem ? this possible bug can be used by user in that way that one password login can use 2 maildirs in filesystem effitively give them all space qoutas and lost of other goodies so to speak: f...@example.com with a password can login with f...@example.com and f...@example.com add more chars to get more mailbox :/ confirms ? i found the problem when i had horde installed dovecot 1.1.7 -- xpoint # 1.1.7: /etc/dovecot/dovecot.conf # OS: Linux 2.6.30-gentoo-r5 x86_64 Gentoo Base System release 1.12.11.1 ext3 base_dir: /var/run/dovecot/ protocols: pop3 imap managesieve pop3s imaps ssl_listen: * ssl_ca_file: /etc/ssl/certs/ca-certificates.crt ssl_cert_file: /etc/ssl/private/home_server.pem ssl_key_file: /etc/ssl/private/home_privatekey.pem ssl_cipher_list: ALL:!LOW disable_plaintext_auth: no login_dir: /var/run/dovecot/login login_executable(default): /usr/libexec/dovecot/imap-login login_executable(imap): /usr/libexec/dovecot/imap-login login_executable(pop3): /usr/libexec/dovecot/pop3-login login_executable(managesieve): /usr/libexec/dovecot/managesieve-login login_greeting_capability(default): yes login_greeting_capability(imap): yes login_greeting_capability(pop3): no login_greeting_capability(managesieve): no login_processes_count: 2 login_max_processes_count: 10 first_valid_uid: 125 last_valid_uid: 125 first_valid_gid: 125 last_valid_gid: 125 mail_location: maildir:/home/vmail/%d/%u/.maildir mail_executable(default): /usr/libexec/dovecot/imap mail_executable(imap): /usr/libexec/dovecot/imap mail_executable(pop3): /usr/libexec/dovecot/pop3 mail_executable(managesieve): /usr/libexec/dovecot/managesieve mail_plugins(default): quota imap_quota mail_plugins(imap): quota imap_quota mail_plugins(pop3): quota mail_plugins(managesieve): mail_plugin_dir(default): /usr/lib/dovecot/imap mail_plugin_dir(imap): /usr/lib/dovecot/imap mail_plugin_dir(pop3): /usr/lib/dovecot/pop3 mail_plugin_dir(managesieve): /usr/lib64/dovecot/managesieve imap_client_workarounds(default): outlook-idle imap_client_workarounds(imap): outlook-idle imap_client_workarounds(pop3): imap_client_workarounds(managesieve): pop3_lock_session(default): no pop3_lock_session(imap): no pop3_lock_session(pop3): yes pop3_lock_session(managesieve): no pop3_client_workarounds(default): pop3_client_workarounds(imap): pop3_client_workarounds(pop3): outlook-no-nuls oe-ns-eoh pop3_client_workarounds(managesieve): sieve_storage(default): sieve_storage(imap): sieve_storage(pop3): sieve_storage(managesieve): /home/vmail/%d/%u/.sieve sieve(default): sieve(imap): sieve(pop3): sieve(managesieve): /home/vmail/%d/%u/.dovecot.sieve namespace: type: private inbox: yes list: yes subscriptions: yes auth default: mechanisms: plain login worker_max_count: 4 passdb: driver: sql args: /etc/dovecot/dovecot-sql.conf userdb: driver: sql args: /etc/dovecot/dovecot-sql.conf socket: type: listen client: path: /var/spool/postfix/private/auth mode: 432 user: postfix group: postfix master: path: /var/run/dovecot/auth-master mode: 438