[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] Virtusertable, SiteAdmins and accept-email-for-domain...

Hi Jeff,

it's not that I don't own the bat book or not read in it before posting... actually,
the explanation of FEATURE(virtusertable) contained therein is accurate; I haven't
checked yet, but I suppose the behavior I see (multiple lookups in the virtusertable)
is due to the domain part being in class w. You can check yourself using Sendmail's
test option, which I will not quote here as I suppose you're also familiar with
sendmail...

Some member on this list wrote the issue really was about there not being a catch-all
available in the GUI... not quite so, the problem is rather that people can masquerade
as users from another domain, at least if no such virtusertable alias was explicitly
defined in the other domain. Adding a catch-all to redirect all email to undefined
users of a specific domain to another mailbox is a fix, yet it's not the right way to
fix it. One really should be able to decide whether to use a catch-all or have the RaQ
send error messages for undefined users. Just trying to deliver to a local mailbox of
the same name is inappropriate. This may or may not reach the intended
person/maildrop, and it enables other people to receive mail for a different domain
than the one they really belong to.

Jeff, please see my remarks below.

Jeff Lasman wrote:

> Jan P Tietze wrote:
>
> > Hello everyone, hi Jeff ;-),
>
> Hello <smile>.
>
> > the RaQ's implementation of the accept-email-for-domain feature seems a bit
> > broken to me. I will explain why, including how to fix it.
>
> I think it's more a limitation of how sendmail's virtusertable works...

Not quite so, it's a result of not inserting a virtusertable catch-all to the error
mailer for all undefined addresses. It's simply the wrong way to not do it, since user
login names should be considered distinguished names of mailboxes, with e-mail
addresses always being explicitly defined in the virtusertable. The GUI goes about
half-way in this direction, as even aliases such as "userA@xxxxxxxxxxxxxx userA" (user
part of email address equals mailbox name) are inserted.

> > Imagine you are hosting two or more domains, goodguy.com and badguy.com. Lou is
> > the site administrator of badguy.com, and would like to be able to masquerade as
> > someone from the sales department at goodguy.com. goodguy.com is set to accept
> > email for domain (<user>@goodguy.com), and some virtusertable aliases are
> > defined in goodguy.com through the GUI. The virtusertable then looks like this:
> >
> > webmaster@xxxxxxxxxxxxxxx               goodguy
> > # accept-email-for-domain routes
> > @goodguy.com                            %1@xxxxxxxxxxxxxxx
> >
> > Fine! Email messages for webmaster@xxxxxxxxxxx are then rewritten to
> > webmaster@xxxxxxxxxxxxxxx for which a virtusertable entry exists, so that final
> > delivery is attempted to the local user goodguy (usernames can be regarded as
> > distinguished names for mailboxes).
>
> Not necessarily fine.  See "sendmail" the O'Reilly book, Bryan Costales
> with Eric Allman, page 274:

I did before I posted, even before the initial email I sent to you...

>   Note that sendmail does a single lookup, so one line may not reference
>   another.  The following won't work:
>
>     info@xxxxxxxxxxxxxxxxxx     forsale@xxxxxxxxxxxxx
>     @fictional.com              user@xxxxxxxxxxxx
>
>   Here, mail to info@xxxxxxxxxxxxxxxxxx will be delivered to
>   forsale@xxxxxxxxxxxxx, not to user@xxxxxxxxxxxxx
>
> Of course I question Mr. Costales:  Since there is NO
> forsale@xxxxxxxxxxxxx just where will the mail be delivered?  Will it be
> delivered to user "forsale", and in the absence of user "forsale", will
> it be refused?
>
> And to your point:  will mail addressed to webmaster@xxxxxxxxxxx be
> delivered to goodguy?  Or will it be delivered to user "webmaster" if
> there is one, and refused if there isn't one?

It won't, because an explicit virtusertable entry that matches exists. I have
thoroughly tested and verified what I wrote in the first place.

> I admit, practical experience leads me to believe it will be delivered
> as you say.  But I can't help but note what the book says.

Yes, that's what I thought. Remember my first email message on this subject? As I
wrote, it only gets parsed once... what I believe this means is the virtusertable does
a lookup only once *when called through a ruleset*, but the ruleset is, in reality,
invoked anytime an e-mail address' domain part is in class w.

> This is a good question for the Mail Help list.  Perhaps I'll ask it
> there.
>
> > If Lou of badguy.com wishes to masquerade as the sales department of
> > goodguy.com, he simply creates a site user "sales". The relevant entries in the
> > virtusertable look like this now:
> >
> > webmaster@xxxxxxxxxxxxxxx               goodguy
> > sales@xxxxxxxxxxxxxx                    sales
> > # accept-email-for-domain routes
> > @goodguy.com                            %1@xxxxxxxxxxxxxxx
> >
> > Note that "sales" is the distinguished name (username) of a badguy.com site
> > user.
> >
> > What happens if a message arrives for sales@xxxxxxxxxxx?
> >
> > The message recipient is rewritten to sales@xxxxxxxxxxxxxxxx Since this is the
> > local machine, and no further virtusertable mapping can be done, delivery is
> > attempted to the RaQ3's local user "sales".
>
> >From my reading of the sendmail book,  you're right.  But then, from my
> reading of the sendmail book, your first example is wrong.

But then, reality proves me right... ;-)

> Anyone know anything I don't?

Use sendmail -bt, then use "/parse email@xxxxxxxxxxx" to see for yourself... it does
behave as I wrote.

Jan