Loading ...
Sorry, an error occurred while loading the content.

Re: check_recipient_access, regexp and case sensitivity

Expand Messages
  • Fabio Sangiovanni
    ... Thanks for your answer, Wietse. Should we then expect a bugfix in one of the next 2.10.x releases (and in the other maintained branches)? As far as I
    Message 1 of 5 , Mar 27, 2013
    • 0 Attachment
      Wietse Venema <wietse <at> porcupine.org> writes:

      >
      > Viktor Dukhovni:
      > > src/smtpd/smtpd_resolve.c:
      > > lowercase(STR(reply->recipient)); /* XXX */
      >
      > This may have escaped the code cleanup when forced lowercase
      > was removed from access maps.
      >
      > Wietse
      >
      >

      Thanks for your answer, Wietse. Should we then expect a bugfix in one of the next
      2.10.x releases (and in the other maintained branches)? As far as I understand,
      this is not an intended behaviour (since Postfix 2.3), right?

      Thanks,
      Fabio
    • Wietse Venema
      ... I do not expect that removing the lowercase() call will break other code. It sits in code that maintains a cache of resolved recipient addresses. However,
      Message 2 of 5 , Mar 27, 2013
      • 0 Attachment
        Viktor Dukhovni:
        > src/smtpd/smtpd_resolve.c:
        > lowercase(STR(reply->recipient)); /* XXX */

        Wietse Venema:
        > This may have escaped the code cleanup when forced lowercase
        > was removed from access maps.

        Fabio Sangiovanni:
        > Thanks for your answer, Wietse. Should we then expect a bugfix in
        > one of the next 2.10.x releases (and in the other maintained
        > branches)? As far as I understand, this is not an intended behaviour
        > (since Postfix 2.3), right?

        I do not expect that removing the lowercase() call will break other
        code. It sits in code that maintains a cache of resolved recipient
        addresses. However, this needs to be verified before anything can
        be changed in a stable release.

        Considering that this has not been a problem in the last 7 years,
        this is not a high-priority item.

        Generally, it is unwise to have access policy that depends on the
        recipient address case. First, the case is under control by the
        adversary. Second, the policy is prone to accidental matches
        and non-matches.

        Wietse
      Your message has been successfully submitted and would be delivered to recipients shortly.