Linux users with mixed case names

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

Linux users with mixed case names

Ralph Blach-7
On my linux system, I have uses with mixed case names.

I have one user RosaliE and I want her to get mail but postfix seems to
translate this rosalie.

How do I change this behaviour.

Thanks

Chip
Reply | Threaded
Open this post in threaded view
|

Re: Linux users with mixed case names

Terry Carmen

Quoting Ralph Blach <[hidden email]>:

> On my linux system, I have uses with mixed case names.
>
> I have one user RosaliE and I want her to get mail but postfix seems to
> translate this rosalie.
>
> How do I change this behaviour.

If this is a local user,  AFAIK, you can't change the behavior without  
hacking the code.

> CASE FOLDING
>       All delivery decisions are made using the  bare  recipient
>       name  (i.e.  the address localpart), folded to lower case.

http://www.postfix.org/local.8.html

Do you actually want "Rosalie" and "rosalie" to refer to two distinct  
users, or are you just considering this as a display problem?

Terry



Reply | Threaded
Open this post in threaded view
|

Re: Linux users with mixed case names

Ralph Blach-7
[hidden email] wrote:

>
> Quoting Ralph Blach <[hidden email]>:
>
>> On my linux system, I have uses with mixed case names.
>>
>> I have one user RosaliE and I want her to get mail but postfix seems to
>> translate this rosalie.
>>
>> How do I change this behaviour.
>
> If this is a local user,  AFAIK, you can't change the behavior without
> hacking the code.
>
>> CASE FOLDING
>>       All delivery decisions are made using the  bare  recipient
>>       name  (i.e.  the address localpart), folded to lower case.
>
> http://www.postfix.org/local.8.html
>
> Do you actually want "Rosalie" and "rosalie" to refer to two distinct
> users, or are you just considering this as a display problem?
>
> Terry
>
>
>
>
Thanks, I discovered this and I personally consider this a bug.  In
these days, users names need to be mixed case for security reasons.
If I have a domain name I could just run through a list of well known
names, and then fill it up with mail.

I created mixed case user names for the same reason that one should have
mixed case passwords.

IMHO,  at least, which is worth very little

Chip
Reply | Threaded
Open this post in threaded view
|

Re: Linux users with mixed case names

Terry Carmen

Quoting Ralph Blach <[hidden email]>:

> [hidden email] wrote:
>>
>> Quoting Ralph Blach <[hidden email]>:
>>
>>> On my linux system, I have uses with mixed case names.
>>>
>>> I have one user RosaliE and I want her to get mail but postfix seems to
>>> translate this rosalie.
>>>
>>> How do I change this behaviour.
>>
>> If this is a local user,  AFAIK, you can't change the behavior  
>> without hacking the code.
>>
>>> CASE FOLDING
>>>      All delivery decisions are made using the  bare  recipient
>>>      name  (i.e.  the address localpart), folded to lower case.
>>
>> http://www.postfix.org/local.8.html
>>
>> Do you actually want "Rosalie" and "rosalie" to refer to two  
>> distinct users, or are you just considering this as a display  
>> problem?
>>
>> Terry
>>
>>
>>
>>
> Thanks, I discovered this and I personally consider this a bug.  In
> these days, users names need to be mixed case for security reasons.
> If I have a domain name I could just run through a list of well known
> names, and then fill it up with mail.
>
> I created mixed case user names for the same reason that one should
> have mixed case passwords.

Fail2ban works very nicely at preventing dictionary attacks and will  
simply ban the IP after a specified number of failed guesses.

Terry

Reply | Threaded
Open this post in threaded view
|

Re: Linux users with mixed case names

Uwe Dippel
In reply to this post by Ralph Blach-7
Ralph Blach wrote:

> Thanks, I discovered this and I personally consider this a bug.  In
> these days, users names need to be mixed case for security reasons.
> If I have a domain name I could just run through a list of well known
> names, and then fill it up with mail.
>
> I created mixed case user names for the same reason that one should have
> mixed case passwords.
>
> IMHO,  at least, which is worth very little
>  

Not referring to your last sentence, actually your opinion is wrong.
User names do not increase any security if they are mixed case. They
only mix up things. I'd rather not have any upper case in a user name,
and that's the policy for my users.
Firstly: There is no need to have any security about the user names. The
secret belongs into the password.
Second: Chances are, that files have to be transferred to a platform
that does not distinguish upper and lower case, and then your three users
User, usEr, USER are all the same, one, user.
Third: The usual location of eventual web sites would be .../~User,
.../~usEr, .../~USER. That is anything but robust. Actually, it won't work.

Hands off! -> Make all user names lower case.

Uwe


Reply | Threaded
Open this post in threaded view
|

Re: Linux users with mixed case names

Miles Fidelman
In reply to this post by Ralph Blach-7
Ralph Blach wrote:
>>> CASE FOLDING
>>>       All delivery decisions are made using the  bare  recipient
>>>       name  (i.e.  the address localpart), folded to lower case.
>> http://www.postfix.org/local.8.html
> Thanks, I discovered this and I personally consider this a bug.  In
> these days, users names need to be mixed case for security reasons.
> If I have a domain name I could just run through a list of well known
> names, and then fill it up with mail.
>
It's not so much a bug as a direct violation of the SMTP spec.  RFC2821,
par. 2.4, states:

The local-part of a mailbox MUST BE treated as case sensitive.  Therefore, SMTP implementations
MUST take care to preserve the case of mailbox local-parts. ... In particular, for some hosts the
user "smith" is different from the user "Smith"."

Of course the the spec. goes on to say "However, exploiting
the case sensitivity of mailbox local-parts impedes interoperability
and is discouraged."

I'm actually a bit surprised to discover this.  Postfix is generally pretty good about spec. compliance.

Miles Fidelman

--
In theory, there is no difference between theory and practice.
In practice, there is.   .... Yogi Berra


Reply | Threaded
Open this post in threaded view
|

Re: Linux users with mixed case names

Wietse Venema
Miles Fidelman:

> Ralph Blach wrote:
> >>> CASE FOLDING
> >>>       All delivery decisions are made using the  bare  recipient
> >>>       name  (i.e.  the address localpart), folded to lower case.
> >> http://www.postfix.org/local.8.html
> > Thanks, I discovered this and I personally consider this a bug.  In
> > these days, users names need to be mixed case for security reasons.
> > If I have a domain name I could just run through a list of well known
> > names, and then fill it up with mail.
> >
> It's not so much a bug as a direct violation of the SMTP spec.  RFC2821,
> par. 2.4, states:
>
> The local-part of a mailbox MUST BE treated as case sensitive.  Therefore, SMTP implementations
> MUST take care to preserve the case of mailbox local-parts. ... In particular, for some hosts the
> user "smith" is different from the user "Smith"."

RFC 2821 defines SMTP mail. As required, Postfix does not case-fold
mail addresses when it relays SMTP email.

However, with LOCAL deliveries, Postfix case-folds the user name.
This improves interoperability (an issue that is mentioned in RFC
2821). The alternative is to do 2^N database file lookups for each
name of length N.

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: Linux users with mixed case names

Eray Aslan
In reply to this post by Miles Fidelman
On 31.01.2010 17:33, Miles Fidelman wrote:
> It's not so much a bug as a direct violation of the SMTP spec.  RFC2821,
> par. 2.4, states:
>
> The local-part of a mailbox MUST BE treated as case sensitive.
> Therefore, SMTP implementations
> MUST take care to preserve the case of mailbox local-parts. ... In
> particular, for some hosts the
> user "smith" is different from the user "Smith"."

I think I agree with Mark Crispin (and Wietse Venema and others):

http://mailman2.u.washington.edu/pipermail/imap-uw/2008-September/002190.html

--
Eray
Reply | Threaded
Open this post in threaded view
|

Re: Linux users with mixed case names

Ralph Blach-7
In reply to this post by Wietse Venema
I am properly chastised.

I will change the names to lower case.

Chip

Wietse Venema wrote:

> Miles Fidelman:
>    
>> Ralph Blach wrote:
>>      
>>>>> CASE FOLDING
>>>>>        All delivery decisions are made using the  bare  recipient
>>>>>        name  (i.e.  the address localpart), folded to lower case.
>>>>>            
>>>> http://www.postfix.org/local.8.html
>>>>          
>>> Thanks, I discovered this and I personally consider this a bug.  In
>>> these days, users names need to be mixed case for security reasons.
>>> If I have a domain name I could just run through a list of well known
>>> names, and then fill it up with mail.
>>>
>>>        
>> It's not so much a bug as a direct violation of the SMTP spec.  RFC2821,
>> par. 2.4, states:
>>
>> The local-part of a mailbox MUST BE treated as case sensitive.  Therefore, SMTP implementations
>> MUST take care to preserve the case of mailbox local-parts. ... In particular, for some hosts the
>> user "smith" is different from the user "Smith"."
>>      
> RFC 2821 defines SMTP mail. As required, Postfix does not case-fold
> mail addresses when it relays SMTP email.
>
> However, with LOCAL deliveries, Postfix case-folds the user name.
> This improves interoperability (an issue that is mentioned in RFC
> 2821). The alternative is to do 2^N database file lookups for each
> name of length N.
>
> Wietse
>
>