Re: policy daemon protocol quoted sender localpart

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: policy daemon protocol quoted sender localpart

Wietse Venema
Omicron:
> Sender address
> "AAA [hidden email]"@AAA.AAA
> is passed by postfix to the policy daemon as:
> sender=AAA [hidden email]@AAA.AAA
> which is invalid without the quotes. I would expect to get
> sender="AAA [hidden email]"@AAA.AAA

The form is valid unqoted form.

As you probably know, one address can be represented in multiple ways.
For example,

        [hidden email]
        "user"@example.com

should be treated as equivalent. RFC 821 and successors allow
more perverse forms, but Postfix does not pay my bills.

Multiple forms of the same thing are not only bad for security,
they also complicate Postfix configuration (Postfix tables would
have to match every equivalent form of the same envelope address).

To avoid such complexity, Postfix handles envelope addresses in the
unquoted form, and produces a canonically quoted form on delivery
which may differ from the original.

> How can I get the original envelope address including the
> quotes around the local part in the policy daemon?

That would require additional code. Or you could quote localparts,
knowing that Postfix always renders them in the unquoted form.

Would you really want to write access rules for every equivalent
form of the same address?

        Wietse
Reply | Threaded
Open this post in threaded view
|

Re: policy daemon protocol quoted sender localpart

Viktor Dukhovni


> On Jun 14, 2018, at 8:33 AM, Omicron <[hidden email]> wrote:
>
> I'm implementing a policy daemon and I realized
> the sender attribute value of the Postfix
> policy delegation protocol does not preserve the
> quotes of the original envelope address.
> If Postfix accepts a mail address I think it
> should pass this address to the policy daemon without
> modifying it.

Quoting of addresses is only needed in contexts where more
than one address might be present, or there is additional
context around the address.  For example:

  Header: From: <addr2>, <addr2>, ...
  Envelope: MAIL FROM:<addr> NOTIFY=success

In the policy service the address has already been parsed out of
the context in which quoting is required and is presented in a
canonical de-quoted form.  This is the same form used in access(5)
lookups.

--
        Viktor.

Reply | Threaded
Open this post in threaded view
|

Re: policy daemon protocol quoted sender localpart

Wietse Venema
Viktor Dukhovni:

>
>
> > On Jun 14, 2018, at 8:33 AM, Omicron <[hidden email]> wrote:
> >
> > I'm implementing a policy daemon and I realized
> > the sender attribute value of the Postfix
> > policy delegation protocol does not preserve the
> > quotes of the original envelope address.
> > If Postfix accepts a mail address I think it
> > should pass this address to the policy daemon without
> > modifying it.
>
> Quoting of addresses is only needed in contexts where more
> than one address might be present, or there is additional
> context around the address.  For example:
>
>   Header: From: <addr2>, <addr2>, ...
>   Envelope: MAIL FROM:<addr> NOTIFY=success
>
> In the policy service the address has already been parsed out of
> the context in which quoting is required and is presented in a
> canonical de-quoted form.  This is the same form used in access(5)
> lookups.

With Postfix 3.2 I started a transition towards 'canonical external'
forms in lookup tables, but for now, the 'internal' form is still
looked up for backwards compatibility.

It should be possible to add external-form attributes (new names
to avoid breaking compatibility) to the policy protocol, which
requires a bit of extra code.

        Wietse