Yahoo Groups archive

Milter-greylist

Index last updated: 2026-04-28 23:32 UTC

Message

Re: problem with "*"

2012-09-20 by vanaxel79

Hi,

The LDAP uses; "The filter should conform to the string representation for search filters as defined in RFC 4515" - http://tools.ietf.org/html/rfc4515#page-2 -

I made a simple text

ldapsearch -x -LLL -h localhost -b ou=dc=test,dc=com "uid=user*"
ldapsearch -x -LLL -h localhost -b ou=dc=test,dc=com "uid=user\2a"
ldapsearch -x -LLL -h localhost -b ou=dc=test,dc=com "uid=user\*"

conn=6 op=1 SRCH base="ou=dc=test,dc=com" scope=2 deref=0 filter="(uid=user*)"
conn=7 op=1 SRCH base="ou=dc=test,dc=com" scope=2 deref=0 filter="(uid=user\2A)"
conn=8 op=1 SRCH base="ou=dc=test,dc=com" scope=2 deref=0 filter="(uid=user\2A)"

As you can see it resolve encode the "\*" as "\2A" this is because the ldap seach uses "ldap_search_ext(3) library"

The thing i was asking is that milter did the same or some way i could enconde my self the "from" or "to".

I done another test:

- first test

telnet <IP> 25
Trying <IP>...
Connected to <host> (<IP>).
Escape character is '^]'.
220 smtp-1.ci.uc.pt ESMTP Postfix
HELO test
250 <host>
MAIL FROM:<owner-\*\*account@...>
250 2.1.0 Ok
RCPT TO:<test@...>
250 2.1.5 Ok

Search made in LDAP:
conn=41 op=29 SRCH base="ou=greylist,dc=test,dc=com" scope=2 deref=0 filter="(&(mailLocalAddress=teste@...)(|(mail=owner-\2A\2Aaccount@...)(mail=gmail.com)))"

- second test:

telnet <IP> 25
Trying <IP>...
Connected to <host> (<IP>).
Escape character is '^]'.
220 smtp-1.ci.uc.pt ESMTP Postfix
HELO test
250 <host>
MAIL FROM:<owner-**account@...>
250 2.1.0 Ok
RCPT TO:<test@...>
451 4.7.1 Service unavailable - try again later

Search made in LDAP: 
conn=61 op=29 SRCH base="ou=greylist,dc=test,dc=com" scope=2 deref=0 filter="(&(mailLocalAddress=teste@...)(|(mail=owner-**account@...)(mail=gmail.com)))"

This help to explane my problem?

Thanks


--- In milter-greylist@yahoogroups.com, Emmanuel Dreyfus <manu@...> wrote:
>
> On Wed, Sep 19, 2012 at 04:05:48PM +0000, Emmanuel Dreyfus wrote:
> > I realize we do not perform %-encoding in URL. If I understand the
> > thing, a litteral * should be written %5C2a (\ %-encoded as %5C) 
> > in a LDAP URL. Anyone has an opinion on this topic?
> 
> Thinking about it a bit, it seems urlcheck should perform %-encoding,
> and ldapcheck should just use \-escapes. I have never seen a LDAP 
> URI using %-encoding.
> -- 
> Emmanuel Dreyfus
> manu@...
>

Attachments

  • No local attachments were found for this message.

Move to quarantaine

This moves the raw source file on disk only. The archive index is not changed automatically, so you still need to run a manual refresh afterward.