Recipient delimiter and lmtp proxying
Dave
dovecot-e51 at deemzed.uk
Fri Jun 17 12:39:21 UTC 2016
On 16/06/2016 20:49, Dave wrote:
>
> Hi,
>
> I'm attempting to proxy lmtp using director to hash to the same backend
> as pop3/imap. My pop3/imap users are of the form:
>
> username
>
> and my lmtp users are of the form:
>
> <username at domain>
>
> Where domain is fairly redundant but does carry some useful information.
>
> Now, I can proxy lmtp using user=%{username} and
> destuser=%{orig_user}, and this all appears to work correctly.
>
> However, if I also try to pass a detail part through to the backend the
> lmtp users now take the form:
>
> <username+detail at domain>
>
> I can still use user=%{username}
> with recipient_delimiter = +, and the detail is correctly stripped,
> hashing works as expected.
>
> However, I can no longer use destuser=%{orig_user}
>
> Because recipient_delimiter = +, destuser becomes:
>
> <username at domain>
>
> And the detail part never reaches the backend.
>
> There doesn't appear to be any variables suitable for the destuser
> expansion - %{auth_user} is unsupported (UNSUPPORTED_VARIABLE_auth_user)
> on override_fields and in the sql passdb driver.
>
> Is there any "correct" way to do this? I can think of a couple of
> approaches that may work, but both seem like hacks to me:
>
> 1. Unset recipient_delimiter and manually strip the detail from the
> username in the passdb lookup.
What I will say is that LMTP proxying doesn't quite work in all cases:
director:
recipient_delimiter =
protocol lmtp {
auth_username_chars =
...
passdb {
driver = sql
override_fields = proxy=y destuser=%{orig_user}
...
}
}
...
driver = mysql
password_query = SELECT username AS user, \
NULL AS password, \
'y' AS nopassword \
FROM users WHERE username=SUBSTRING_INDEX('%u','+',1)
...
This sucessfully accepts '<user+detail at domain>' and passes through to
the backend, but still experiences problems where the local part is quoted:
<"user+Junk\ Email"@domain>
will extract user in director, but passes through the unescaped:
<user+Junk Email at domain>
to the backend, which leads to a 501 5.5.4 Invalid parameter.
%{login_user} gives a blank string, %{auth_user} is unsupported.
I supposed that %{orig_user} was unaltered, but it appears to be
interpreted by both unescaping quoted local parts and removing detail if
recipient_delimiter is set. I'm not suggesting this behaviour is
changed, obviously it makes sense.
So I guess the question is is there any way to pass the original pure,
unaltered login string through lmtp proxy to the backend, or for lmtp
proxy to correctly use a quoted local part with escapes if the destuser
contains non dot-atom characters, as per RFC?
--
Dave
More information about the dovecot
mailing list