Heiko Schlittermann
2016-Nov-21 11:16 UTC
Exim still accepting emails to nonexistent users
Hi, Heiko Schlittermann <hs at schlittermann.de> (Mo 21 Nov 2016 11:50:13 CET):> a) Routing stage > You need to interact with the user database dovecot uses. > Either you access the user database directory (flat file, LDAP, > whatever) or you use the ${readsocket?} feature of Exim to talk to > dovecot.The readsocket trick doesn't seem to work anymore. Using $ socat STDIO UNIX:/run/dovecot/auth-master < VERSION 1 1 < SPID 16290 > VERSION 1 1 > USER 42 hs12 service=imap < USER 1 hs12 uid=500 gid=500 home=/var/vmail/home/h/hs12 (the spaces are tabs). But using Exim exim -be '${readsocket{/run/dovecot/auth-userdb}{VERSION\t1\t1\nUSER\t1\hs12\tservice=imap\n}}' does not work. Exim closes the sending side right after the final \n with shutdown(2). Dovecot seems to see this as if the connection should be closed now and closes the connection, w/o any response. As it's not unusual to shutdown(2) the sender if the message is sent, I'd see this as a bug on the dovecot side. There is no reason to consider the connection as dead, just because the sender closed its sending side of the connection. Best regards from Dresden/Germany Viele Gr??e aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20161121/ce9b50c2/attachment.sig>
Hi Heiko,
Sorry for using your private email address. :/
I managed to get this working using local_user changes by adding ldap user
verification there:
local_user:
debug_print = "R: local_user LDAP lookup for $local_part@$domain"
driver = accept
domains = +local_domains
condition = CHECK_VIRTUAL_USER
transport = dovecot_lmtp
cannot_route_message = Unknown user
Where CHECK_VIRTUAL_USER is:
# Query that tests the existence of the user
CHECK_VIRTUAL_USER = \
${lookup ldap{user="cn=exim4,ou=dsa,dc=mydomain,dc=com"
pass=PASS \
ldap:///dc=mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)(mail=$local_part@
$domain))}{$value}fail}
Thanks again for all the support. You pointed me in the right direction. :)
2016-11-21 11:16 GMT+00:00 Heiko Schlittermann <hs at schlittermann.de>:
> Hi,
>
> Heiko Schlittermann <hs at schlittermann.de> (Mo 21 Nov 2016 11:50:13
CET):
> > a) Routing stage
> > You need to interact with the user database dovecot uses.
> > Either you access the user database directory (flat file, LDAP,
> > whatever) or you use the ${readsocket?} feature of Exim to talk to
> > dovecot.
>
> The readsocket trick doesn't seem to work anymore.
>
> Using
> $ socat STDIO UNIX:/run/dovecot/auth-master
> < VERSION 1 1
> < SPID 16290
> > VERSION 1 1
> > USER 42 hs12 service=imap
> < USER 1 hs12 uid=500 gid=500 home=/var/vmail/home/h/hs12
>
> (the spaces are tabs).
>
> But using Exim
>
> exim -be '${readsocket{/run/dovecot/auth-userdb}{VERSION\t1\t1\
> nUSER\t1\hs12\tservice=imap\n}}'
>
> does not work. Exim closes the sending side right after the final \n
> with shutdown(2). Dovecot seems to see this as if the connection should
> be closed now and closes the connection, w/o any response.
>
> As it's not unusual to shutdown(2) the sender if the message is sent,
> I'd see this as a bug on the dovecot side. There is no reason to
> consider the connection as dead, just because the sender closed
> its sending side of the connection.
>
> Best regards from Dresden/Germany
> Viele Gr??e aus Dresden
> Heiko Schlittermann
> --
> SCHLITTERMANN.de ---------------------------- internet & unix support
-
> Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} -
> gnupg encrypted messages are welcome --------------- key ID: F69376CE -
> ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ -
>
--
Marti Markov
Pursuing a Bachelor Degree of Science in Computer Science at the University
of Southampton
Cell phone: +359886621454
Twitter: https://twitter.com/martimarkov
Facebook: https://facebook.com/Marti.Markov
Heiko Schlittermann
2016-Nov-23 09:18 UTC
Exim still accepting emails to nonexistent users
Hi Marti, Marti Markov <marti.markov at gmail.com> (Mi 23 Nov 2016 09:21:07 CET):> Hi Heiko, > > Sorry for using your private email address. :/? the problem is the duplicat suppression on our mailsystem, normally it passes the 'unicasted' message and supresses the 'broadcasted' messages (as the unicasted message comes first). The unicasted message doesn't carry all the list headers. That's one reason, why duplicate suppression is a bad thing.> I managed to get this working using local_user changes by adding ldap user > verification there:?> ldap:///dc=mydomain,dc=com?mail?sub?(&(objectClass=inetOrgPerson)(mail=$local_part@ > $domain))}{$value}fail} > > Thanks again for all the support. You pointed me in the right direction. :)You're welcome. Best regards from Dresden/Germany Viele Gr??e aus Dresden Heiko Schlittermann -- SCHLITTERMANN.de ---------------------------- internet & unix support - Heiko Schlittermann, Dipl.-Ing. (TU) - {fon,fax}: +49.351.802998{1,3} - gnupg encrypted messages are welcome --------------- key ID: F69376CE - ! key id 7CBF764A and 972EAC9F are revoked since 2015-01 ------------ - -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: Digital signature URL: <http://dovecot.org/pipermail/dovecot/attachments/20161123/fc04d81b/attachment.sig>