[courier-users] ldapaliasd + FDS + asterisks in mail address = 400 service temporarily unavailable.

[Yevheniy Demchenko]

Recently i've noticed that one of our heavily used mail servers started 
to throw "400 service temporarily unavailable" messages to logs. Problem 
occurs when courier tries to check an email with asterisks in address 
(i.e. rcpt to:<a**...@some.domain.com>) against ldap alias database.
Esmtpd accepts those messages (RFC allows asterisks in mail addresses) 
and passes this address to ldapaliasd, which subsequently passes it 
unmodified to LDAP server in search filter 
(mail=a**...@some.domain.com). LDAP interprets asterisks as special 
wildcard symbol. At this point there is a problem. Instead of finding an 
exact a***** record in database, ldap server would return something 
matching the wildcard.
Some LDAP servers (i.e., redhat directory server) don't allow consequent 
asterisks in search filter, throw a "Bad search filter" error and set 
non-zero errorcode. ldapaliasd than stops working for a while and 
rejects even regular-addressed messages with a "400 service temporarily 
unavailable" error.
It seems, that asterisks (and possibly other special symbols) in mail 
addresses should be escaped before passing them to ldap.

BTW, it's almost impossible to have mail aliases under the same search 
scope as regular mail accounts for ldapaliasd doesn't set objectclass in 
filter string. This simple patch makes things more straightforward, 
please consider accepting it.

--- ./old/courier/ldapaliasd.c  2006-11-12 16:33:23.000000000 +0100
+++ ./new/courier/ldapaliasd.c  2009-10-01 17:08:10.000000000 +0200
@@ -277,14 +277,14 @@

         filter=malloc(strlen(mail)+(source ? strlen(source):0)+
                       (sourcefield ? strlen(sourcefield):0)+
-                     strlen(mailfield)+80);
+                     strlen(mailfield)+80+30);
         if (!filter)
         {
                 syslog(LOG_DAEMON|LOG_CRIT, "malloc failed: %m");
                 return (0);
         }

-       strcpy(filter, "(&(");
+       strcpy(filter, "(&(objectclass=CourierMailAlias)(");
         strcat(filter, mailfield);
         strcat(filter, "=");


-- 
Ing. Yevheniy Demchenko
Senior Linux Administrator
UVT s.r.o.


------------------------------------------------------------------------------
This SF.Net email is sponsored by the Verizon Developer Community
Take advantage of Verizon's best-in-class app development support
A streamlined, 14 day to market process makes app distribution fast and easy
Join now and get one step closer to millions of Verizon customers
http://p.sf.net/sfu/verizon-dev2dev 
_______________________________________________
courier-users mailing list
courier-users@lists.sourceforge.net
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users