> On 26. Apr 2020, at 18:30, Eric Faurot <e...@faurot.net> wrote: > > When a catch-all entry (@) is used in a virtual alias table, it > eventually (and mistakenly) catches everything that expands to a > username. For example, with: > > f...@example.com user > @ catchall > > "f...@example.com" expands to "user" as expected, but then "user" > expands to "catchall" because it is interpreted as "user@" (empty > domain).
Which makes sense to me. If one doesn’t specify a domain after the ‘@‘, I would expect to really catch-all for all domains and all users. > The catch-all fallback mechanism is really meant for full email > addresses in virtual context, and should not happen for usernames. > The following diff fixes it. Yes, I agree that catch-all only really meant to be used for single virtual domain context and not with primary domains. But instead of allowing the syntax and ignoring the case in aliases.c as in your diff below, I would prefer to “fail" on parsing of the table and error logging that an empty domain after ‘@‘ is not a valid syntax, no? Also this change might break existing valid setups (e.g. with mailing list servers), but people will likely know how to cope with it. Regards, Joerg > Index: aliases.c > =================================================================== > RCS file: /cvs/src/usr.sbin/smtpd/aliases.c,v > retrieving revision 1.77 > diff -u -p -r1.77 aliases.c > --- aliases.c 28 Dec 2018 12:47:28 -0000 1.77 > +++ aliases.c 26 Apr 2020 16:04:51 -0000 > @@ -164,6 +164,10 @@ aliases_virtual_get(struct expand *expan > if (ret) > goto expand; > > + /* Do not try catch-all entries if there is no domain */ > + if (domain[0] == '\0') > + return 0; > + > if (!bsnprintf(buf, sizeof(buf), "@%s", domain)) > return 0; > /* Failed ? We lookup for catch all for virtual domain */ >