[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Virtusertable, SiteAdmins and accept-email-for-domain...

Jan P Tietze wrote:

> Hello everyone, hi Jeff ;-),

Hello <smile>.

> the RaQ's implementation of the accept-email-for-domain feature seems a bit
> broken to me. I will explain why, including how to fix it.

I think it's more a limitation of how sendmail's virtusertable works...

> Imagine you are hosting two or more domains, goodguy.com and badguy.com. Lou is
> the site administrator of badguy.com, and would like to be able to masquerade as
> someone from the sales department at goodguy.com. goodguy.com is set to accept
> email for domain (<user>@goodguy.com), and some virtusertable aliases are
> defined in goodguy.com through the GUI. The virtusertable then looks like this:
> 
> webmaster@xxxxxxxxxxxxxxx               goodguy
> # accept-email-for-domain routes
> @goodguy.com                            %1@xxxxxxxxxxxxxxx
> 
> Fine! Email messages for webmaster@xxxxxxxxxxx are then rewritten to
> webmaster@xxxxxxxxxxxxxxx for which a virtusertable entry exists, so that final
> delivery is attempted to the local user goodguy (usernames can be regarded as
> distinguished names for mailboxes).

Not necessarily fine.  See "sendmail" the O'Reilly book, Bryan Costales
with Eric Allman, page 274:

  Note that sendmail does a single lookup, so one line may not reference
  another.  The following won't work:
  
    info@xxxxxxxxxxxxxxxxxx	forsale@xxxxxxxxxxxxx
    @fictional.com		user@xxxxxxxxxxxx
  
  Here, mail to info@xxxxxxxxxxxxxxxxxx will be delivered to
  forsale@xxxxxxxxxxxxx, not to user@xxxxxxxxxxxxx

Of course I question Mr. Costales:  Since there is NO
forsale@xxxxxxxxxxxxx just where will the mail be delivered?  Will it be
delivered to user "forsale", and in the absence of user "forsale", will
it be refused?

And to your point:  will mail addressed to webmaster@xxxxxxxxxxx be
delivered to goodguy?  Or will it be delivered to user "webmaster" if
there is one, and refused if there isn't one?

I admit, practical experience leads me to believe it will be delivered
as you say.  But I can't help but note what the book says.

This is a good question for the Mail Help list.  Perhaps I'll ask it
there.

> If Lou of badguy.com wishes to masquerade as the sales department of
> goodguy.com, he simply creates a site user "sales". The relevant entries in the
> virtusertable look like this now:
> 
> webmaster@xxxxxxxxxxxxxxx               goodguy
> sales@xxxxxxxxxxxxxx                    sales
> # accept-email-for-domain routes
> @goodguy.com                            %1@xxxxxxxxxxxxxxx
> 
> Note that "sales" is the distinguished name (username) of a badguy.com site
> user.
> 
> What happens if a message arrives for sales@xxxxxxxxxxx?
> 
> The message recipient is rewritten to sales@xxxxxxxxxxxxxxxx Since this is the
> local machine, and no further virtusertable mapping can be done, delivery is
> attempted to the RaQ3's local user "sales".