Loading ...
Sorry, an error occurred while loading the content.
 

Possible bug with recipient_delimiter minus in usernames

Expand Messages
  • decoder
    Hello, today, we stumbled across a possible bug with the recipient_delimiter option. Steps to reproduce are: 1. Set recipient_delimiter to - (minus sign),
    Message 1 of 7 , Dec 15, 2012
      Hello,


      today, we stumbled across a possible bug with the recipient_delimiter
      option. Steps to reproduce are:


      1. Set recipient_delimiter to - (minus sign), instead of the typical + sign.
      2. Create a local system user with a - sign, e.g. foo-test.
      3. Send mail to foo-test@mailhost

      Postfix will log this:

      Dec 15 17:59:09 mailhost postfix/local[7486]: B4D124341:
      to=<foo-test@mailhost>, relay=local, delay=0, status=bounced (unknown
      user: "foo-test")

      and bounce the message.

      Now if you disable the recipient_delimiter, or set the delimiter to +
      instead, delivery to foo-test works fine. Also, if you create a user
      "foo" and re-enable the minus delimiter, mail to foo-test goes to foo
      instead.

      I verified this behavior on 3 different systems, the newest one running
      Postfix 2.9.3, the oldest running 2.2.x (ancient, I know), and it seems
      like a bug to me. According to the documentation, Postfix should try to
      deliver to foo-test first, if that doesn't exist, it should try foo. In
      any case, logging 'unknown user: "foo-test"' while getent passwd shows
      the user exists is a bug itself already. I also confirmed with some
      people in #postfix on Freenode that this isn't expected behavior.

      It would be very helpful for us if this could be fixed, as we're trying
      to migrate a system where users have been using the minus sign for
      recipient_delimiter to a system which has users with a minus sign in the
      name.


      Thank you very much in advance,

      Chris
    • Wietse Venema
      ... Don t use a delimiter that is part of an unextended recipient address. Wietse
      Message 2 of 7 , Dec 15, 2012
        decoder:
        > Hello,
        >
        >
        > today, we stumbled across a possible bug with the recipient_delimiter
        > option. Steps to reproduce are:
        >
        >
        > 1. Set recipient_delimiter to - (minus sign), instead of the typical + sign.
        > 2. Create a local system user with a - sign, e.g. foo-test.
        > 3. Send mail to foo-test@mailhost

        Don't use a delimiter that is part of an unextended recipient address.

        Wietse
      • decoder
        Hello Wietse, the documentation on this (the comment in the main.cf file also) says that foo-test will first be checked and only if that doesn t exist it will
        Message 3 of 7 , Dec 15, 2012
          Hello Wietse,

          the documentation on this (the comment in the main.cf file also) says
          that foo-test will first be checked and only if that doesn't exist it
          will use foo. Is the documentation wrong then?

          Also, at least the log message is clearly a bug, it states that a user
          does not exist although it exists, please read it again carefully.

          Best,

          Chris


          On 12/16/2012 01:08 AM, Wietse Venema wrote:
          > decoder:
          >> Hello,
          >>
          >>
          >> today, we stumbled across a possible bug with the recipient_delimiter
          >> option. Steps to reproduce are:
          >>
          >>
          >> 1. Set recipient_delimiter to - (minus sign), instead of the typical + sign.
          >> 2. Create a local system user with a - sign, e.g. foo-test.
          >> 3. Send mail to foo-test@mailhost
          > Don't use a delimiter that is part of an unextended recipient address.
          >
          > Wietse
        • Wietse Venema
          ... Which comment? I don t recall that Postfix documentation promises this for UNIX system account lookups. You will aos have problems with
          Message 4 of 7 , Dec 15, 2012
            decoder:
            > Hello Wietse,
            >
            > the documentation on this (the comment in the main.cf file also) says
            > that foo-test will first be checked and only if that doesn't exist it
            > will use foo. Is the documentation wrong then?

            Which comment? I don't recall that Postfix documentation promises
            this for UNIX system account lookups.

            You will aos have problems with recipient_delimniter of "@" or "!"
            or other special characters. Don't do it.

            Wietse
          • decoder
            ... This one: # Basically, the software tries user+foo and .forward+foo before trying user and .forward. And it mentioned local(8) immediately before that.
            Message 5 of 7 , Dec 15, 2012
              On 12/16/2012 01:22 AM, Wietse Venema wrote:
              > decoder:
              >> Hello Wietse,
              >>
              >> the documentation on this (the comment in the main.cf file also) says
              >> that foo-test will first be checked and only if that doesn't exist it
              >> will use foo. Is the documentation wrong then?
              > Which comment? I don't recall that Postfix documentation promises
              > this for UNIX system account lookups.

              This one:

              # Basically, the software tries user+foo and .forward+foo before trying
              user and .forward.

              And it mentioned local(8) immediately before that. Isn't that the kind
              of delivery we're talking about? Or is that a layer inbetween?


              Best,

              Chris
            • Peter
              ... That s from postconf(5) recipient_delimiter, btw, and it does look confusing to me, what is the intended meaning wrt user+foo and user here? ... Wouldn t
              Message 6 of 7 , Dec 15, 2012
                On 16/12/12 13:45, decoder wrote:
                > On 12/16/2012 01:22 AM, Wietse Venema wrote:
                >> I don't recall that Postfix documentation promises
                >> this for UNIX system account lookups.
                >
                > This one:
                >
                > # Basically, the software tries user+foo and .forward+foo before trying
                > user and .forward.

                That's from postconf(5) recipient_delimiter, btw, and it does look
                confusing to me, what is the intended meaning wrt user+foo and user here?

                Also the log entry says this:
                > Dec 15 17:59:09 mailhost postfix/local[7486]: B4D124341:
                > to=<foo-test@mailhost>, relay=local, delay=0, status=bounced (unknown
                > user: "foo-test")

                Wouldn't that be better if it says, '(unknown user: "foo")'? This in
                consideration that the user foo-test actually does exist in the system,
                and the reason it couldn't find it is that it was looking for "foo", or
                is there something I am missing here?


                Peter
              • Wietse Venema
                ... Perhaps you mean the text in the postconf(5) manpage (which also appears in the stock main.cf file). recipient_delimiter The separator between user names
                Message 7 of 7 , Dec 15, 2012
                  decoder:
                  > On 12/16/2012 01:22 AM, Wietse Venema wrote:
                  > > decoder:
                  > >> Hello Wietse,
                  > >>
                  > >> the documentation on this (the comment in the main.cf file also) says
                  > >> that foo-test will first be checked and only if that doesn't exist it
                  > >> will use foo. Is the documentation wrong then?
                  > > Which comment? I don't recall that Postfix documentation promises
                  > > this for UNIX system account lookups.
                  >
                  > This one:
                  >
                  > # Basically, the software tries user+foo and .forward+foo before trying
                  > user and .forward.
                  >
                  > And it mentioned local(8) immediately before that. Isn't that the kind
                  > of delivery we're talking about? Or is that a layer inbetween?

                  Perhaps you mean the text in the postconf(5) manpage (which also
                  appears in the stock main.cf file).

                  recipient_delimiter

                  The separator between user names and address extensions (user+foo).
                  See canonical(5), local(8), relocated(5) and virtual(5) for the
                  effects this has on aliases, canonical, virtual, relocated and
                  on .forward file lookups. Basically, the software tries user+foo
                  and .forward+foo before trying user and .forward.

                  The above text defines recipient_delimiter as "The separator between
                  user names and address extensions." In other words user names must
                  not contain the delimiter.

                  I don't recall over the 14 years since the Postfix release that this
                  has ever been a source of confusion or disappointment.

                  The definition is followed with additional text that points to
                  specific manpages for how the delimiter works in specific usage
                  contexts. That is a lot of text, and to help the reader it summarizes
                  those pointers as "Basically, the software tries user+foo and
                  .forward+foo before trying user and .forward." That summary doesn't
                  discharge you of the responsibility to read the specific manpages
                  that apply to your usage context.

                  As mentioned before I don't recall that the documentation for the
                  local delivery agent promises that it will look up user+foo (or
                  whatever the delimiter is) in the UNIX system account database.

                  Wietse
                Your message has been successfully submitted and would be delivered to recipients shortly.