Re: IDN domain name support
Dear all, I've just made a test from Gmail and my Thunderbird mail client sending a mail to a non-real IDN mail user: alejan...@años.com.ar - My Thunderbird says: An error ocurred while sending mail. Tha mail servers responded: 5.1.3 Bad recipient address syntax (THIS IS A SERVER RESPONSE) - The Gmail webmail says: One o more mail address in To: box is not recognized (THIS IS A CLIENT RESPONSE) So, I think the IDN domain name support is not complete nowadays, neither by mail servers nor by mail clients. So it's not convenient the IDN mail implementation in this bad situation. What do you think about this matter ??? Really thanks 2010/5/26 Wietse Venema wie...@porcupine.org: Alejandro Cabrera Obed: Wietse, thanks...but in Postfix I have to work with the ?o?o.com.ar domain name or with the xn--oo-yjab.gov.ar punycode domain name ??? Read carefully. The MAIL CLIENT must tranform non-ASCII domain names before sending MAIL FROM or RCPT TO commands. Wietse -- Alejandro Cabrera Obed aco1...@gmail.com www.alejandrocabrera.com.ar
Re: IDN domain name support
On 5/27/2010 2:29 PM, Alejandro Cabrera Obed wrote: Dear all, I've just made a test from Gmail and my Thunderbird mail client sending a mail to a non-real IDN mail user: alejan...@años.com.ar - My Thunderbird says: An error ocurred while sending mail. Tha mail servers responded: 5.1.3 Bad recipient address syntax (THIS IS A SERVER RESPONSE) This is due to a (very old) CLIENT bug, [1] The server is just complaining about bad CLIENT syntax. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=127399 - The Gmail webmail says: One o more mail address in To: box is not recognized (THIS IS A CLIENT RESPONSE) So, I think the IDN domain name support is not complete nowadays, neither by mail servers nor by mail clients. So it's not convenient the IDN mail implementation in this bad situation. What do you think about this matter ??? Really thanks 2010/5/26 Wietse Venema wie...@porcupine.org: Alejandro Cabrera Obed: Wietse, thanks...but in Postfix I have to work with the ?o?o.com.ar domain name or with the xn--oo-yjab.gov.ar punycode domain name ??? Read carefully. The MAIL CLIENT must tranform non-ASCII domain names before sending MAIL FROM or RCPT TO commands. Wietse
Re: IDN domain name support
OK, this is in case of my Thunderbird Debian lenn package, but what about the Gmail syntax error warning ??? In Hotmail is the same, it tells me that the recipient address just must have 1-9, a-z and @ charactersin this case with my IDN domain I wiil remain isolate of the Hotmail, Yahoo, Gmail world and it's not good !!! Any comment ??? 2010/5/27 Brian Evans - Postfix List grkni...@scent-team.com: On 5/27/2010 2:29 PM, Alejandro Cabrera Obed wrote: Dear all, I've just made a test from Gmail and my Thunderbird mail client sending a mail to a non-real IDN mail user: alejan...@años.com.ar - My Thunderbird says: An error ocurred while sending mail. Tha mail servers responded: 5.1.3 Bad recipient address syntax (THIS IS A SERVER RESPONSE) This is due to a (very old) CLIENT bug, [1] The server is just complaining about bad CLIENT syntax. [1] https://bugzilla.mozilla.org/show_bug.cgi?id=127399 - The Gmail webmail says: One o more mail address in To: box is not recognized (THIS IS A CLIENT RESPONSE) So, I think the IDN domain name support is not complete nowadays, neither by mail servers nor by mail clients. So it's not convenient the IDN mail implementation in this bad situation. What do you think about this matter ??? Really thanks 2010/5/26 Wietse Venema wie...@porcupine.org: Alejandro Cabrera Obed: Wietse, thanks...but in Postfix I have to work with the ?o?o.com.ar domain name or with the xn--oo-yjab.gov.ar punycode domain name ??? Read carefully. The MAIL CLIENT must tranform non-ASCII domain names before sending MAIL FROM or RCPT TO commands. Wietse -- Alejandro Cabrera Obed aco1...@gmail.com www.alejandrocabrera.com.ar
Re: IDN domain name support
Alejandro Cabrera Obed wrote: Dear all, I've just made a test from Gmail and my Thunderbird mail client sending a mail to a non-real IDN mail user: alejan...@años.com.ar - My Thunderbird says: An error ocurred while sending mail. Tha mail servers responded: 5.1.3 Bad recipient address syntax (THIS IS A SERVER RESPONSE) - The Gmail webmail says: One o more mail address in To: box is not recognized (THIS IS A CLIENT RESPONSE) So, I think the IDN domain name support is not complete nowadays, neither by mail servers nor by mail clients. So it's not convenient the IDN mail implementation in this bad situation. What do you think about this matter ??? I think you're wrong - my thunderbird and my postfix does fine with mails to and from @ënidan.ch (a test domain I set about two years ago). /Per Jessen, Zürich
Re: IDN domain name support
On Thu, May 27, 2010 at 04:01:41PM -0300, Alejandro Cabrera Obed wrote: OK, this is in case of my Thunderbird Debian lenn package, but what about the Gmail syntax error warning ??? In Hotmail is the same, it tells me that the recipient address just must have 1-9, a-z and @ charactersin this case with my IDN domain I wiil remain isolate of the Hotmail, Yahoo, Gmail world and it's not good !!! Please waste no further time on this list. Postfix works with IDN. If many clients still don't, that is NOT a Postfix issue. The clients MUST (if they support IDN domains) send punycode encoded domains to the SMTP server. -- Viktor.
Re: IDN domain name support
Per Jessen wrote: So, I think the IDN domain name support is not complete nowadays, neither by mail servers nor by mail clients. So it's not convenient the IDN mail implementation in this bad situation. What do you think about this matter ??? I think you're wrong - my thunderbird and my postfix does fine with mails to and from @ënidan.ch (a test domain I set about two years ago). Correction - thunderbird doesn't work with IDNs. TB 3.0 is supposed to though. /Per Jessen, Zürich
Re: IDN domain name support
Wietse, thanks...but in Postfix I have to work with the ?o?o.com.ar domain name or with the xn--oo-yjab.gov.ar punycode domain name ??? The MAIL CLIENT must tranform non-ASCII domain names before sending MAIL FROM or RCPT TO commands. ICANN did not really consider the security and portability of IDNs before permitting them. The reasons for this are many, and speak poorly to ICANN's management structure. It is important to remember that ICANN's action does not mean that end-users are prepared to accept mail from such domains, or that doing so would be secure, much less that operating systems, libraries, and applications are capable of dealing with IDNs safely. Whether IDNs will ever be portable is a matter of debate. Right now they are in early-alpha status i.e., not ready for production. This might be OK for some DNS and SMTP implementations but for most production systems they pose too high of a risk. The increase in complexity of each OS, lib, and app required to accommodate IDNs is non-trivial. Widespread implementation would degrade security in and of itself (because of the relationship between code size and security among other factors). Speaking only for myself, for the foreseeable future we are not interested in experimental code and do not want to use a version of bind or postfix that cannot be compiled to refuse IDNs. Pat
Re: IDN domain name support
On 27-May-2010, at 13:36, Pat wrote: we are not interested in experimental code and do not want to use a version of bind or postfix that cannot be compiled to refuse IDNs. If you refuse properly delegated IDNs then you are broken, pure and simple. This is WHY punycode exists, as it requires no rewriting (or very little) of libraries to be UTF-8 clean. -- There's nothing to do, so you just stay in bed [ah, poor thing] Why live in the world when you can live in your head?
Re: IDN domain name support
On Thu, May 27, 2010 at 03:36:19PM -0400, Pat wrote: ICANN did not really consider the security and portability of IDNs before permitting them. The reasons for this are many, and speak poorly to ICANN's management structure. It is important to remember that ICANN's action does not mean that end-users are prepared to accept mail from such domains, or that doing so would be secure, much less that operating systems, libraries, and applications are capable of dealing with IDNs safely. However true any of the above may be, it is not Postfix related. Whether IDNs will ever be portable is a matter of debate. Right now they are in early-alpha status i.e., not ready for production. This might be OK for some DNS and SMTP implementations but for most production systems they pose too high of a risk. The only place that IDNs are in any way interesting is in user-agents, since that's where xn--foo-bar gets turned into something that a user who can read the relevant glyphs can understand. Infrastructure (as opposed to user-facing client software) is IDN agnostic, because IDN domain names are just like any other ASCII domain name. Speaking only for myself, for the foreseeable future we are not interested in experimental code and do not want to use a version of bind or postfix that cannot be compiled to refuse IDNs. There is no code in Postfix to support IDN, and nothing to re-compile. IDN domains are just like non-IDN domains, and work out of the box. If you absolutely want to reject IDN dns labels, just adjust your access tables: sender_access.pcre: /@(\S+\.)*?xn--/REJECT No room for IDN domains on my soapbox -- Viktor.
IDN domain name support
Dear all, I live in Argentina and now we can use the Ñ letter in our domain names. I have a mail system conformed with Debian Lenny / Postfix 2.5.5-1.1. My question is this: Does Postfix 2.5.5-1.1 support IDN domain names in case I create a @ñoño.com.ar domain ??? Or is it a problem inherent only to mail clients like Outlook, Thunderbird, etc. ??? Special thanks Alejandro
Re: IDN domain name support
On Wed, May 26, 2010 at 03:11:41PM -0300, Alejandro Cabrera Obed wrote: Dear all, I live in Argentina and now we can use the ?? letter in our domain names. I have a mail system conformed with Debian Lenny / Postfix 2.5.5-1.1. My question is this: Does Postfix 2.5.5-1.1 support IDN domain names in case I create a @??o??o.com.ar domain ??? Or is it a problem inherent only to mail clients like Outlook, Thunderbird, etc. ??? Displaying IDN domain names is a client-only issue. Postfix works with ASCII on-the-wire xn-punycode names. Even in bounce messages, where Postfix could arguably process IDN names, it is far from clear that making bounces only readable by people who can read Chinese, Arabic, Russian, ... is a good idea. It is best to rely on MUAs display the structured bounce in the most appropriate way. -- Viktor.
Re: IDN domain name support
Thanks Viktor, sorry but I don't understand this: you say Postfix works with ASCII on-the-wire, so if in my Postfix I create a virtual domain called ñandu.gov.ar you tell me that Postfix will automatically encoded it to Punycode and resulting the domain: xn--andu-fqa.gov.ar So I can create IDN domain names in my Postfix, and now my unique objective is ensure that mail clients (MUA's) work with IDN names and anymore ??? Thanks again Alejandro 2010/5/26 Victor Duchovni victor.ducho...@morganstanley.com: On Wed, May 26, 2010 at 03:11:41PM -0300, Alejandro Cabrera Obed wrote: Dear all, I live in Argentina and now we can use the ?? letter in our domain names. I have a mail system conformed with Debian Lenny / Postfix 2.5.5-1.1. My question is this: Does Postfix 2.5.5-1.1 support IDN domain names in case I create a @??o??o.com.ar domain ??? Or is it a problem inherent only to mail clients like Outlook, Thunderbird, etc. ??? Displaying IDN domain names is a client-only issue. Postfix works with ASCII on-the-wire xn-punycode names. Even in bounce messages, where Postfix could arguably process IDN names, it is far from clear that making bounces only readable by people who can read Chinese, Arabic, Russian, ... is a good idea. It is best to rely on MUAs display the structured bounce in the most appropriate way. -- Viktor. -- Alejandro Cabrera Obed aco1...@gmail.com www.alejandrocabrera.com.ar
Re: IDN domain name support
Alejandro Cabrera Obed: Dear all, I live in Argentina and now we can use the ? letter in our domain names. I have a mail system conformed with Debian Lenny / Postfix 2.5.5-1.1. My question is this: Does Postfix 2.5.5-1.1 support IDN domain names in case I create a @?o?o.com.ar domain ??? Or is it a problem inherent only to mail clients like Outlook, Thunderbird, etc. ??? Mail clients must translate non-ASCII domain names into punycode (xn-mumble) format before issuing SMTP commands (MAIL FROM, RCPT TO). Wietse
Re: IDN domain name support
Wietse, thanks...but in Postfix I have to work with the ñoño.com.ar domain name or with the xn--oo-yjab.gov.ar punycode domain name ??? For example, in my mail server I define my virtual domains in /etc/postfix/vmaildomains. How di I have to define it: ñoño.com.ar required or xn--oo-yjab.gov.ar required ? The same for the Maildir paths, do they have to be under: /var/vmail/ñoño.com.ar/user/Maildir or /var/vmail/xn--oo-yjab.gov.ar/user/Maildir Thanks a lot Alejandro 2010/5/26 Wietse Venema wie...@porcupine.org: Alejandro Cabrera Obed: Dear all, I live in Argentina and now we can use the ? letter in our domain names. I have a mail system conformed with Debian Lenny / Postfix 2.5.5-1.1. My question is this: Does Postfix 2.5.5-1.1 support IDN domain names in case I create a @?o?o.com.ar domain ??? Or is it a problem inherent only to mail clients like Outlook, Thunderbird, etc. ??? Mail clients must translate non-ASCII domain names into punycode (xn-mumble) format before issuing SMTP commands (MAIL FROM, RCPT TO). Wietse -- Alejandro Cabrera Obed aco1...@gmail.com www.alejandrocabrera.com.ar
Re: IDN domain name support
On Wed, May 26, 2010 at 05:53:17PM -0300, Alejandro Cabrera Obed wrote: Wietse, thanks...but in Postfix I have to work with the ??o??o.com.ar domain name or with the xn--oo-yjab.gov.ar punycode domain name ??? The latter. For example, in my mail server I define my virtual domains in /etc/postfix/vmaildomains. How di I have to define it: ??o??o.com.ar required or xn--oo-yjab.gov.ar required The latter. The same for the Maildir paths, do they have to be under: /var/vmail/??o??o.com.ar/user/Maildir Entirely up to you and your preferences for file names on your server. /var/vmail/xn--oo-yjab.gov.ar/user/Maildir Postfix does not dictate how you name (parent) maildir directories. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
Re: IDN domain name support
Alejandro Cabrera Obed: Wietse, thanks...but in Postfix I have to work with the ?o?o.com.ar domain name or with the xn--oo-yjab.gov.ar punycode domain name ??? Read carefully. The MAIL CLIENT must tranform non-ASCII domain names before sending MAIL FROM or RCPT TO commands. Wietse
