Loading ...
Sorry, an error occurred while loading the content.

Re: check_recipient_access, regexp and case sensitivity

Expand Messages
  • Wietse Venema
    ... I do not expect that removing the lowercase() call will break other code. It sits in code that maintains a cache of resolved recipient addresses. However,
    Message 1 of 5 , Mar 27, 2013
    • 0 Attachment
      Viktor Dukhovni:
      > src/smtpd/smtpd_resolve.c:
      > lowercase(STR(reply->recipient)); /* XXX */

      Wietse Venema:
      > This may have escaped the code cleanup when forced lowercase
      > was removed from access maps.

      Fabio Sangiovanni:
      > Thanks for your answer, Wietse. Should we then expect a bugfix in
      > one of the next 2.10.x releases (and in the other maintained
      > branches)? As far as I understand, this is not an intended behaviour
      > (since Postfix 2.3), right?

      I do not expect that removing the lowercase() call will break other
      code. It sits in code that maintains a cache of resolved recipient
      addresses. However, this needs to be verified before anything can
      be changed in a stable release.

      Considering that this has not been a problem in the last 7 years,
      this is not a high-priority item.

      Generally, it is unwise to have access policy that depends on the
      recipient address case. First, the case is under control by the
      adversary. Second, the policy is prone to accidental matches
      and non-matches.

      Wietse
    Your message has been successfully submitted and would be delivered to recipients shortly.