Lindsay Haisley writes:
I just discovered that in Courier 0.66.1 setting up a .courier forward in the alias folder for a virtual mail account fails if the mail user portion contains a ".", thus:.courier-abc defines mail processing for a...@example.com .courier-a+b defines mail processing for a...@example.com.courier-a.b "RCPT TO <a...@example.com> failed: User <a...@example.com> unknown".courier-foo.bar [same as previous failure] AFAIK, there is nothing special about a "." in the personal part of an email address, so why is Courier unable to detect it?
Not in email addresses, but email addresses get mapped to the filesystem in a number of contexts. Periods are quite sensitive in the filesystem context.
This is a subtle security issue.You could have addresses of the form lists/users@domain and lists/bugs@domain, which would get translasted to .courier-lists/users and .courier-lists/domain.
You can actually create a subdirectory like that, and stuff the actual files in there. This opens up a subtle security hole. It's possible that something like lists/../../../etc/passwd@domain might be a valid path on the filesystem.
There's not really a lot you can do with that, but it's something to be avoided.
But what's happening here is that periods get replaced by colons, so use colons, as in .courier-a:b for a...@domain.com.
And this is actually documented in the dot-courier(5) man page, surprisingly.
pgp8tJBqUF7Ld.pgp
Description: PGP signature
------------------------------------------------------------------------------ How ServiceNow helps IT people transform IT departments: 1. A cloud service to automate IT design, transition and operations 2. Dashboards that offer high-level views of enterprise services 3. A single system of record for all IT processes http://p.sf.net/sfu/servicenow-d2d-j
_______________________________________________ courier-users mailing list courier-users@lists.sourceforge.net Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
