-
-
Notifications
You must be signed in to change notification settings - Fork 1.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: Dovecot Quota dummy accounts for aliases should check for existing users with an exact user key lookup #2640
Conversation
@polarathene does this already suffice when it comes to the issue of adding „wildcard“ aliases (#2637 (comment))? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only match what's relevant, the user column. Ensure the value is the start of the line and ends at the delimiter :
to avoid the current bug.
Additionally I don't think we want to accidentally have two users with different casing, so use case insensitive match -i
.
No. That is a separate issue. If I understand correctly, the method would still accept a You would have to reject an address that starts with That said, this methods purpose only is as an awful workaround for supporting In that sense, by not addressing it like I mentioned, yes, this PR should also fix that issue. It may not fix it fully for that user as they had recursive aliases (aliases that referenced aliases). A similar issue may be present with support for multiple recipients to an alias, as I don't think the current code handles that either. Unless someone adds a proper policy service to resolve aliases to actual users, the quota support is going to be flakey. AFAIK even then, I think it would be an issue with multiple recipients, as you either accept or reject when at least one alias mapped user has a known quota overage. It'd seem wrong to block delivery to other recipients for the alias, but not doing so would defeat the purpose afaik regarding backscatter prevention. |
The rest is irrelevant for this check. An exact match avoids accidentally matching substring of an existing user key.
We can squeeze in this fix for 11.1 I think. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, this is fine to be in 11.1.0 :)
Well, thanks guys. |
Description
Fixes #2639
Type of change
Checklist:
docs/
)