On Fri, Mar 01, 2013 at 03:19:42PM +0100, Bastian Blank wrote:
> I found that one MTA bounced several mails. The mails where sent to
> " test"@example.com and accepted by Postfix. The backend LMTP then
> rejected the mails.
>
> This is what I found out:
> - RCPT TO:<" test"@example.com>
> - The ldap table gets the sanitized address: ` [email protected]'
> (note the leading space is still there).
> - This is converted into a ldap query (mail= [email protected]).
> - The ldap server sanitices the query to ([email protected]) as
> mandated by RFC 4717, 4.2.3; it removes the insignificant space.
I see the "insignificant space handling" defined in 4518 (referenced
from 4517).
https://tools.ietf.org/html/rfc4518#section-2.6.1
It seems to suggest that exact string matches should take the form
attr=<SPACE>value<SPACE>
where any spaces inside the value are encoded as <SPACE><SPACE>.
Is this backwards compatible with older LDAP servers that are not
UTF-8 based?
An easy way to achieve this would be:
query_filter = (mail = %s )
if such spaces are not removed at a higher level by the LDAP library.
Does this help?
> Not sure if something should be done about it. At least it is a
> surprising outcome for a simple question; while both parties works
> perfectly fine.
Another thing that could help is if Postfix would use the "external"
form of the address:
" test"@example.com
with the quotes as the query string. I seem to recall that this is
already the case with lookup keys in virtual_alias_maps, but it
may not be the case with other tables. Which Postfix "mumble_maps"
parameter are you using with LDAP?
Arguably, all lookup keys in tables should be in "external" (RFC-5322)
form. The suggested doubling of internal spaces is far less important
in practice that avoiding the loss of leading spaces.
--
Viktor.
