Arnt Gulbrandsen:
> De/composition are pushed to the DNS. The SMTP part just says: Convert to a
> IDNA a-labels in order to do the MX lookup, and otherwise don't mess with
> the bytes you received. (My patch uses ICU to convert to a-labels.)
That is a mis-conception.
DNS is not the only interface that requires xn--mumble names. Like
a cancer, EAI has the potential to infect many aspects of address
handling and policy lookup. This is why I estimated that SMTPUTF8
would be a major project.
* The form xn--mumble will also be required in server greetings and
EHLO commands, when an MTA host- or domain name contains non-ASCII
characters. This means that Postfix must convert myhostname into
xn--mumble form in those contexts that require ASCII text.
* With multiple forms for the same domain name, xn--mumble in
HELO/EHLO (and perhaps other SMTP commands) and UTF8 in
MAIL/RCPT/ETRN/VRFY, Postfix lookup tables must either contain
multiple lookup keys for the same domain name, or Postfix must
convert all domain/email-address lookup keys into one canonical
form. That is, either convert all UTF8 domain names into xn--mumble,
or convert all xn--mumble domain names into UTF8. Having only
one lookup key per domain in Postfix lookup tables will more
secure but it will be a royal pain to implement (and here is no
way to do that with header/body_checks).
* I am not sure that we can rely on the postmap "table query" or
"create map" commands to "normalize" domain names in lookup keys.
Also, LDAP/*SQL*/etc. databases aren't "created" with postmap
commands. All this could be another argument to use only xn--mumble
or to use only UTF8 forms in databases. Again, more secure but a
royal pain to implement, because postmap doesn't really know if
a lookup key is a user, a domain, or something else.
* If xn--mumble were to become the canonical form for table lookup,
then Postfix parent-domain matching will not be broken: where
buecher.com becomes xn--bcher-kva.com, foo.buecher.com becomes
foo.xn--bcher-kva.com.
Other things:
* Postfix table queries are case-insensitive. I don't see any attempt
to implement that for UTF8 addresses. This leaves an ambiguity.
Wietse
