lmtpd service does not respect user_deny.db

[brong]

From: Deniss Gaplevsky
Bugzilla-Id: 3856
Version: 2.4.17
Owner: Bron Gondwana

[brong]

From: Deniss Gaplevsky

lmtpd network service should respect user_deny.db to bounce new incoming messages with 4xx code back to an queue for the users listed.
lmtpd should works as imapd,pop3d here to allow complete freeze mailbox from updates for maintenance.

[brong]

From: Ken Murchison

Fixed in master. Will be in 2.5

[brong]

From: Deniss Gaplevsky

please backport it to stable branch

[brong]

From: Ken Murchison

Committed to cyrus-imapd-2.4

[brong]

From: Leena Heino

This patch seems to break delivery to shared mailboxes when postuser in imapd.conf is set to its default empty value.

If one tries to sent email to shared mailbox then lmtpd just silently closes the connection. No errors are seen in the lmtpd output nor are any errors logged to the logs. The connection is just silently closed and messages will remain undelivered in the mail queue.

[brong]

From: Deniss Gaplevsky

the patch does not convert cyrus internal mailbox name into external format (ie ^ => . in username part) before matching user_deny entries.
So imap and others search for "some.user" while lmtpd looks for "some^user"

[brong]

From: Deniss Gaplevsky

following patch fix the issue with lmtpd.

--- lmtpd.c     2015-07-06 06:38:29.000000000 +0300
+++ lmtpd.c     2016-03-04 14:50:02.000000000 +0200
@@ -1068,7 +1070,9 @@
            user = namebuf;
        }
 
-       if (userdeny(user, config_ident, msg, sizeof(msg)))
+       (*lmtpd_namespace.mboxname_toexternal)(&lmtpd_namespace, user, user, namebuf);
+
+       if (userdeny(namebuf, config_ident, msg, sizeof(msg)))
            return IMAP_MAILBOX_DISABLED;
     }

Indeed other services (imap/pop) do improper user_deny.db checking against internal username every time but at login

Mar 4 14:59:27 lv-test-2 imap[7799]: fetching user_deny.db entry for 'slim.test'
Mar 4 14:59:27 lv-test-2 imap[7799]: fetching user_deny.db entry for 'slim^test'
Mar 4 14:59:27 lv-test-2 imap[7799]: fetching user_deny.db entry for 'slim^test'

[brong]

From: Deniss Gaplevsky

(In reply to comment 6)

correct patch that works with domains is:

--- imap/lmtpd.c        2015-07-06 06:38:29.000000000 +0300
+++ imap/lmtpd.c        2016-03-04 16:11:28.000000000 +0200
@@ -1062,6 +1064,10 @@
 
     if (!r && user) {
        char msg[MAX_MAILBOX_PATH+1];
+       char namebufext[MAX_MAILBOX_BUFFER] = "";
+
+       (*lmtpd_namespace.mboxname_toexternal)(&lmtpd_namespace, user, user, namebufext);
+       if (namebufext) { user = namebufext; }
 
        if (domain) {
            snprintf(namebuf, sizeof(namebuf), "%s@%s", user, domain);