Dovecot LMTP rejecting mail from address with apostrophe
Hi,
I have an OpenSMTPD / Dovecot installation on an OpenBSD server. I recently came across an issue where Dovecot LMTP would reject a message sent to a local user from an address which contains a single apostrophe (e.g. firstname.o'lastname@example.com). Apparently apostrophe, as well as a number of other special characters, are valid characters in the local part of the email address (that's everything to the left of the @ character).
The message I get in the logs is:
Jun 14 11:57:34 atlantic smtpd[42606]: 21749fd12ac76b57 mda delivery evpid=56aed6237d6444a0 from=firstname.o'lastname@example.com to=me@example.org rcpt=me@example.org user=me delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 501 5.5.4 Invalid FROM: Invalid character in localpart")
where example.com is external domain and example.org is a local one.
The part of the message: LMTP server error: 501 5.5.4 Invalid FROM: Invalid character in localpart is returned by dovecot-lmtp. I’ve had a brief look at the source code, and it seems the responsible code is somewhere inside src/lib-smtp/smtp-address.c and, if I understand the code correctly, the address parsing in actually done in src/lib-smtp/smtp-parser.c.
My question is is there a configuration option, similar to auth_username_chars which lists valid characters in the email address, to stop Dovecot LMTP from rejecting such emails? or maybe you know another way of getting it to accept an email from such address?
My dovecot version is:
$ dovecot --version 2.3.5.1 (7ec6d0ade)
And in case that makes any difference, I'm running OpenBSD 6.5 patched to 005_libssl.
Thanks! Mike
-- Michal Krzysztofowicz http://beautifulocean.org/
Am 14.06.19 um 16:20 schrieb Michal Krzysztofowicz via dovecot:
Jun 14 11:57:34 atlantic smtpd[42606]: 21749fd12ac76b57 mda delivery evpid=56aed6237d6444a0 from=firstname.o'lastname@example.com to=me@example.org rcpt=me@example.org user=me delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 501 5.5.4 Invalid FROM: Invalid character in localpart")
That's essentially the same bug as mentioned in 6386018f-22b2-9562-b5a2-36e81cbe2892@debian.org (bounces on invalid UTF-8 in localpart) that got assigned DOP-1045. Dovecot LDA and LMTP should just not care about remote address validity when delivering locally. It's not the LDA's business.
On 14 Jun 2019, at 17:01, Daniel Lange DLange@debian.org wrote:
Am 14.06.19 um 16:20 schrieb Michal Krzysztofowicz via dovecot:
Jun 14 11:57:34 atlantic smtpd[42606]: 21749fd12ac76b57 mda delivery evpid=56aed6237d6444a0 from=firstname.o'lastname@example.com to=me@example.org rcpt=me@example.org user=me delay=0s result=PermFail stat=Error ("mail.lmtp: LMTP server error: 501 5.5.4 Invalid FROM: Invalid character in localpart")
That's essentially the same bug as mentioned in 6386018f-22b2-9562-b5a2-36e81cbe2892@debian.org (bounces on invalid UTF-8 in localpart) that got assigned DOP-1045. Dovecot LDA and LMTP should just not care about remote address validity when delivering locally. It's not the LDA's business.
Ah, thanks a lot for that. I was trying to find any information about that, but couldn’t really (perhaps my google-fu isn’t that great)!
Would you know if Dovecot project uses an issue tracker which is publicly available, and which I can check? I didn’t see Issues section on the GitHub page with the repo..
Thanks again! Best Regards, mike
-- Michal Krzysztofowicz http://beautifulocean.org/
Am 15.06.19 um 00:36 schrieb Michal Krzysztofowicz via dovecot:
Would you know if Dovecot project uses an issue tracker which is publicly available, and which I can check?
I am not aware of public access to the Open Exchange AG / Dovecot OY issue tracker. I guess that is a perk that comes with buying commercial support.
On 15 June 2019 10:56 Daniel Lange via dovecot dovecot@dovecot.org wrote:
Am 15.06.19 um 00:36 schrieb Michal Krzysztofowicz via dovecot:
Would you know if Dovecot project uses an issue tracker which is publicly available, and which I can check?
I am not aware of public access to the Open Exchange AG / Dovecot OY issue tracker. I guess that is a perk that comes with buying commercial support.
This issue is in our issue tracker. Michal, can you post your doveconf -n?
Aki
On 15 Jun 2019, at 21:09, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 15 June 2019 10:56 Daniel Lange via dovecot dovecot@dovecot.org wrote:
Am 15.06.19 um 00:36 schrieb Michal Krzysztofowicz via dovecot:
Would you know if Dovecot project uses an issue tracker which is publicly available, and which I can check?
I am not aware of public access to the Open Exchange AG / Dovecot OY issue tracker. I guess that is a perk that comes with buying commercial support.
This issue is in our issue tracker. Michal, can you post your doveconf -n?
Aki
Hi Aki,
Sorry for a delay in responding. Please find my config below.
# # #
# 2.3.5.1 (7ec6d0ade): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.5 (2483b085) # OS: OpenBSD 6.5 amd64 # Hostname: smtp.example.com auth_cache_size = 10 M auth_verbose = yes base_dir = /var/dovecot/ default_vsz_limit = 128 M first_valid_uid = 1000 hostname = mail.example.com imap_client_workarounds = delay-newmail tb-extra-mailbox-sep tb-lsub-flags lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes lmtp_rcpt_check_quota = yes lmtp_save_to_detail_mailbox = yes login_greeting = Server Ready. mail_attribute_dict = file:%h/.dovecot-attributes mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_plugins = " quota" managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve mbox_write_locks = fcntl mmap_disable = yes namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } mailbox postpond { special_use = \Drafts } mailbox sent { special_use = \Sent } prefix = } passdb { driver = bsdauth } plugin { imapsieve_mailbox1_before = file:/usr/local/lib/dovecot/sieve-pipe/report-spam.sieve imapsieve_mailbox1_causes = COPY APPEND imapsieve_mailbox1_name = Junk imapsieve_mailbox2_before = file:/usr/local/lib/dovecot/sieve-pipe/report-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Junk imapsieve_mailbox2_name = * imapsieve_url = sieve://127.0.0.1:4190 quota = fs:Disk quota sieve = file:~/sieve;active=~/.dovecot.sieve sieve_default = /var/dovecot/sieve/default.sieve sieve_global = /var/dovecot/sieve/ sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment sieve_pipe_bin_dir = /usr/local/lib/dovecot/sieve-pipe sieve_plugins = sieve_imapsieve sieve_extprograms } postmaster_address = postmaster@example.com protocols = imap pop3 lmtp sieve quota_full_tempfail = yes service imap-login { service_count = 1 } service managesieve-login { inet_listener sieve { port = 4190 } } service pop3 { process_limit = 16 } ssl_cert =
# # #
Best Regards, mike
-- Michal Krzysztofowicz http://beautifulocean.org/
On 17.6.2019 14.07, Michal Krzysztofowicz wrote:
On 15 Jun 2019, at 21:09, Aki Tuomi aki.tuomi@open-xchange.com wrote:
On 15 June 2019 10:56 Daniel Lange via dovecot dovecot@dovecot.org wrote:
Am 15.06.19 um 00:36 schrieb Michal Krzysztofowicz via dovecot:
Would you know if Dovecot project uses an issue tracker which is publicly available, and which I can check? I am not aware of public access to the Open Exchange AG / Dovecot OY issue tracker. I guess that is a perk that comes with buying commercial support. This issue is in our issue tracker. Michal, can you post your doveconf -n?
Aki Hi Aki,
Sorry for a delay in responding. Please find my config below.
# # #
# 2.3.5.1 (7ec6d0ade): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.5 (2483b085) # OS: OpenBSD 6.5 amd64 # Hostname: smtp.example.com
<snip/>
Have you tried setting
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@'
Aki
<snip/>
Have you tried setting
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@'
Aki
Hi Aki,
I have indeed. I’m still getting the same error in the logs:
Jun 18 09:53:39 mail smtpd[95887]: 88142e1ef398de69 mda delivery evpid=27d472ffef86feb1 from=
I didn’t think that auth_username_chars is used for testing if the sender email address is valid - I thought it was only used for authentication with dovecot.
In addition, I’m not sure that LMTP should even be concerned about any validation of the sender address (and certainly, if it does the validation, it should ensure it allows for all cases conforming to the RFC5321, RFC5322 and generally as described in this Wiki article: https://en.wikipedia.org/wiki/Email_address).
Thanks a lot for looking into this!
Best Regards, Mike
-- Michal Krzysztofowicz http://beautifulocean.org/
participants (3)
-
Aki Tuomi
-
Daniel Lange
-
Michal Krzysztofowicz