[pfx] Bug Report: main.cf smtpd_client_restrictions check_ccert_access fails when table spec contains spaces inside braces
I have been trying to understand why check_ccert_access does not work
with an inline:{} table and I believe I have uncovered a subtle bug.
My investigation has focused on
https://github.com/vdukhovni/postfix/blob/master/postfix/src/global/map_search.c
To cut to the chase, I believe line 161 should call mystrtokq() instead
of mystrtok().
Reasoning..
from http://www.postfix.org/postconf.5.html we have the example:
check_ccert_access { type:table, { search_order = cert_fingerprint,
pubkey_fingerprint } }
from this, lets choose an "inline" table as per
http://www.postfix.org/DATABASE_README.html
check_ccert_access { inline:{ key=value, { key = text with whitespace or
comma }}, { search_order = cert_fingerprint, pubkey_fingerprint } }
Now lets see how the parser in map_search.c performs.
We can follow the code to the call:
map_search_create("{ inline:{ key=value, { key = text with whitespace or
comma }}, { search_order = cert_fingerprint, pubkey_fingerprint } }")
Line 156 detects this is a "Long form" because it starts with a "{"
Line 158 strips away the outermost pair of braces "{" "}" and then trims
whitespace, leaving:
"inline:{ key=value, { key = text with whitespace or comma }}, {
search_order = cert_fingerprint, pubkey_fingerprint }"
Line 161 then calls mystrtok() which splits the string at the next
whitespace separator - WITHOUT REGARD FOR BRACES
So now we have
map_type_name = "inline:{"
bp = "key=value, { key = text with whitespace or comma }}, {
search_order = cert_fingerprint, pubkey_fingerprint }"
THIS IS CLEARLY NOT WHAT WAS INTENDED
Line 183 expects bp to point to the attribute part, i.e. we want
bp = "{ search_order = cert_fingerprint, pubkey_fingerprint }"
What should have happened is the inline table should have been skimmed
over by counting opening and closing braces.
This is exactly what the function mystrtokq() does. "q" for "quote"
presumably.
Repeating the analysis, assuming line 161 calls mystrtokq(), we get
map_type_name = "inline:{ key=value, { key = text with whitespace or
comma }}"
bp = " { search_order = cert_fingerprint, pubkey_fingerprint }"
Line 183 now gives us:
attr_name_val = "{ search_order = cert_fingerprint, pubkey_fingerprint
}" and sanity follows.
This one character "q" in the source would have saved many hours of my
time.
--
This email has been checked for viruses by AVG antivirus software.
www.avg.com___
Postfix-users mailing list -- postfix-users@postfix.org
To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: MySQL error from not all the receiver
for only 200 users, you are adding a lot of complexity with an SQL database and no real benefits. my suggestion for small systems, is to use dovecot with the Maildir format, and to separate domains/virtual hosts as separate system users, thus email accounts are stored as (for example the email i...@domain.com) : /home/domain/mail/domain.com/mail/info email accounts can be stored as simple passwd files under : /home/domain/etc/domain.com/passwd a system like that can easily handle thousands of email accounts. An extra benefit, is that each domain is isolated and separated from other account domains, which is something supported by SELinux on enterprise linux distros (Alma, Rocky, Oracle, etc). no need for an SQL database. On Mon, 13 Mar 2023 13:42:42 +0100 Antonino Di Mauro via Postfix-users wrote: > about 200 users... > > > Il 13/03/23 13:33, mailmary--- via Postfix-users ha scritto: > > out of curiosity, why do you want to use an SQL database? Do you have more > > than 1,000,000 email accounts? > > > > I don't really see any benefit by using SQL for small to medium sized > > systems. > > ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: MySQL error from not all the receiver
about 200 users... Il 13/03/23 13:33, mailmary--- via Postfix-users ha scritto: out of curiosity, why do you want to use an SQL database? Do you have more than 1,000,000 email accounts? I don't really see any benefit by using SQL for small to medium sized systems. On Mon, 13 Mar 2023 13:26:47 +0100 Antonino Di Mauro via Postfix-users wrote: It seems i found the problem. With Hash file it works fine! With MySQL DB, I found out Postfix not read encrypt password. Effectively in my db, password field is encrypted. although I don't understand why it sends it to Gmail... suggest ? Thanks Il 11/03/23 13:46, antonino.dimauro--- via Postfix-users ha scritto: Hi to all, this is my first Postfix configuration. I create virtual users in a mariadb database. I implemented TLS security. Until now, i used an external smarthost to send mail to external destinations. It's works fine! Now i implemented DKIM with OpenDKIM, add DMARC record and improve SPF record, but (and here I don't understand why?) some times, for not all of address, my mail remaining in queue. In the log when it happens, i can see this: - postfix/smtp[313760]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (2) - postfix/smtp[313760]: warning: mysql:/etc/postfix/mysql_virtual_alias_maps.cf lookup error for "mail.any_external_domain.it" - postfix/smtp[313760]: warning: 839744C0210: smtp_sasl_password_maps lookup error smtp_sasl_password_maps is configured with a connection parameter to db connection and a simply select query. I think, if i mistake some configuration, the mails never send, why some time yes and sometimes not ? if i send an internal mail, it's always works fine ! if i send a mail in my private gmail, it's always works fine ! if i use external smarthost, this mail is always sent regularly. what can i check? is the problem the server configuration or the SPF record? Very very thanks to all... Regards. Antonio ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: MySQL error from not all the receiver
out of curiosity, why do you want to use an SQL database? Do you have more than 1,000,000 email accounts? I don't really see any benefit by using SQL for small to medium sized systems. On Mon, 13 Mar 2023 13:26:47 +0100 Antonino Di Mauro via Postfix-users wrote: > It seems i found the problem. > > With Hash file it works fine! > > With MySQL DB, I found out Postfix not read encrypt password. > > Effectively in my db, password field is encrypted. > > > although I don't understand why it sends it to Gmail... > > > suggest ? > > Thanks > > > > Il 11/03/23 13:46, antonino.dimauro--- via Postfix-users ha scritto: > > Hi to all, > > > > this is my first Postfix configuration. > > I create virtual users in a mariadb database. > > I implemented TLS security. > > Until now, i used an external smarthost to send mail to external > > destinations. > > It's works fine! > > > > Now i implemented DKIM with OpenDKIM, add DMARC record and improve SPF > > record, but (and here I don't understand why?) some times, for not all > > of address, my mail remaining in queue. > > > > In the log when it happens, i can see this: > > > > - postfix/smtp[313760]: warning: connect to mysql server localhost: > > Can't connect to local MySQL server through socket > > '/run/mysqld/mysqld.sock' (2) > > > > - postfix/smtp[313760]: warning: > > mysql:/etc/postfix/mysql_virtual_alias_maps.cf lookup error for > > "mail.any_external_domain.it" > > > > - postfix/smtp[313760]: warning: 839744C0210: smtp_sasl_password_maps > > lookup error > > > > smtp_sasl_password_maps is configured with a connection parameter to > > db connection and a simply select query. > > > > I think, if i mistake some configuration, the mails never send, why > > some time yes and sometimes not ? > > > > > > if i send an internal mail, it's always works fine ! > > if i send a mail in my private gmail, it's always works fine ! > > if i use external smarthost, this mail is always sent regularly. > > > > what can i check? > > is the problem the server configuration or the SPF record? > > > > > > Very very thanks to all... > > > > Regards. > > > > Antonio > > ___ > > Postfix-users mailing list -- postfix-users@postfix.org > > To unsubscribe send an email to postfix-users-le...@postfix.org > > > ___ > Postfix-users mailing list -- postfix-users@postfix.org > To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
[pfx] Re: MySQL error from not all the receiver
It seems i found the problem. With Hash file it works fine! With MySQL DB, I found out Postfix not read encrypt password. Effectively in my db, password field is encrypted. although I don't understand why it sends it to Gmail... suggest ? Thanks Il 11/03/23 13:46, antonino.dimauro--- via Postfix-users ha scritto: Hi to all, this is my first Postfix configuration. I create virtual users in a mariadb database. I implemented TLS security. Until now, i used an external smarthost to send mail to external destinations. It's works fine! Now i implemented DKIM with OpenDKIM, add DMARC record and improve SPF record, but (and here I don't understand why?) some times, for not all of address, my mail remaining in queue. In the log when it happens, i can see this: - postfix/smtp[313760]: warning: connect to mysql server localhost: Can't connect to local MySQL server through socket '/run/mysqld/mysqld.sock' (2) - postfix/smtp[313760]: warning: mysql:/etc/postfix/mysql_virtual_alias_maps.cf lookup error for "mail.any_external_domain.it" - postfix/smtp[313760]: warning: 839744C0210: smtp_sasl_password_maps lookup error smtp_sasl_password_maps is configured with a connection parameter to db connection and a simply select query. I think, if i mistake some configuration, the mails never send, why some time yes and sometimes not ? if i send an internal mail, it's always works fine ! if i send a mail in my private gmail, it's always works fine ! if i use external smarthost, this mail is always sent regularly. what can i check? is the problem the server configuration or the SPF record? Very very thanks to all... Regards. Antonio ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org ___ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
