Yahoo Groups archive
Thread
2012-09-17 by vanaxel79
hi, I´m using something like this: ldapcheck "test" ldap://localhost/dc=example,dc=net?usr?one?mail=%r The problem is that the MAIL FROM is something like maillinglist**test*@domain. Can I replace the * with \2a some how? Thanks
2012-09-18 by manu@netbsd.org
vanaxel79 <alexandreasantos@...> wrote: > The problem is that the MAIL FROM is something like > maillinglist**test*@domain. Can I replace the * with \2a some how? Not for now, but we can have milter-greylist doing the escape. Could you check the RFC to get the list of characters that need escape? -- Emmanuel Dreyfus http://hcpnet.free.fr/pubz manu@...
2012-09-18 by Alexandre Santos
vanaxel79 <alexandreasantos@...> wrote:
> The problem is that the MAIL FROM is something like
> maillinglist**test*@domain. Can I replace the * with \2a some how?
Not for now, but we can have milter-greylist doing the escape. Could you
check the RFC to get the list of characters that need escape?
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@netbsd.org
2012-09-18 by Emmanuel Dreyfus
On Tue, Sep 18, 2012 at 09:47:40AM +0100, Alexandre Santos wrote: > Sure i will do that. Another thing is that possible to make milter resolve > the problem differently "451 4.7.1 Service unavailable - try again later;" > is the result because the ldap search give an error but i would like to > bypass this. IMO a temporary failure is reasonable for an error. This is not like if you had an empty reply. -- Emmanuel Dreyfus manu@...
2012-09-18 by Alexandre Santos
On Tue, Sep 18, 2012 at 09:47:40AM +0100, Alexandre Santos wrote:IMO a temporary failure is reasonable for an error. This is not like
> Sure i will do that. Another thing is that possible to make milter resolve
> the problem differently "451 4.7.1 Service unavailable - try again later;"
> is the result because the ldap search give an error but i would like to
> bypass this.
if you had an empty reply.
--
Emmanuel Dreyfus
manu@...
2012-09-18 by Emmanuel Dreyfus
On Tue, Sep 18, 2012 at 10:22:32AM +0100, Alexandre Santos wrote: > The problem is the search made in LDAP replays an error because of the "**" > to resolve this i must do a replace of the "*" for "\2a" or "\*". Sure but once you will have told me the list of characters to escape, I will release a new alpha release for 4.4, and you will not have a tempfail anymore. -- Emmanuel Dreyfus manu@...
2012-09-18 by Alexandre Santos
If any of the following special characters must appear in the search filter as literals, they must be replaced by the listed escape sequence.
ASCII character Escape sequence substitute* \2a( \28) \29\ \5cNUL \00/ \2fOn Tue, Sep 18, 2012 at 10:22:32AM +0100, Alexandre Santos wrote:Sure but once you will have told me the list of characters to escape,
> The problem is the search made in LDAP replays an error because of the "**"
> to resolve this i must do a replace of the "*" for "\2a" or "\*".
I will release a new alpha release for 4.4, and you will not have a
tempfail anymore.
--
Emmanuel Dreyfus
manu@...
2012-09-19 by Emmanuel Dreyfus
On Tue, Sep 18, 2012 at 04:54:48PM +0100, Alexandre Santos wrote: > If any of the following special characters must appear in the search filter > as literals, they must be replaced by the listed escape sequence. > ASCII characterEscape sequence substitute*\2a(\28)\29\\5cNUL\00/\2f > This is for OpenLDAP. I realize we do not perform %-encoding in URL. If I understand the thing, a litteral * should be written %5C2a (\ %-encoded as %5C) in a LDAP URL. Anyone has an opinion on this topic? -- Emmanuel Dreyfus manu@...
2012-09-20 by Emmanuel Dreyfus
On Wed, Sep 19, 2012 at 04:05:48PM +0000, Emmanuel Dreyfus wrote: > I realize we do not perform %-encoding in URL. If I understand the > thing, a litteral * should be written %5C2a (\ %-encoded as %5C) > in a LDAP URL. Anyone has an opinion on this topic? Thinking about it a bit, it seems urlcheck should perform %-encoding, and ldapcheck should just use \-escapes. I have never seen a LDAP URI using %-encoding. -- Emmanuel Dreyfus manu@...
2012-09-20 by vanaxel79
Hi, The LDAP uses; "The filter should conform to the string representation for search filters as defined in RFC 4515" - http://tools.ietf.org/html/rfc4515#page-2 - I made a simple text ldapsearch -x -LLL -h localhost -b ou=dc=test,dc=com "uid=user*" ldapsearch -x -LLL -h localhost -b ou=dc=test,dc=com "uid=user\2a" ldapsearch -x -LLL -h localhost -b ou=dc=test,dc=com "uid=user\*" conn=6 op=1 SRCH base="ou=dc=test,dc=com" scope=2 deref=0 filter="(uid=user*)" conn=7 op=1 SRCH base="ou=dc=test,dc=com" scope=2 deref=0 filter="(uid=user\2A)" conn=8 op=1 SRCH base="ou=dc=test,dc=com" scope=2 deref=0 filter="(uid=user\2A)" As you can see it resolve encode the "\*" as "\2A" this is because the ldap seach uses "ldap_search_ext(3) library" The thing i was asking is that milter did the same or some way i could enconde my self the "from" or "to". I done another test: - first test telnet <IP> 25 Trying <IP>... Connected to <host> (<IP>). Escape character is '^]'. 220 smtp-1.ci.uc.pt ESMTP Postfix HELO test 250 <host> MAIL FROM:<owner-\*\*account@...> 250 2.1.0 Ok RCPT TO:<test@...> 250 2.1.5 Ok Search made in LDAP: conn=41 op=29 SRCH base="ou=greylist,dc=test,dc=com" scope=2 deref=0 filter="(&(mailLocalAddress=teste@...)(|(mail=owner-\2A\2Aaccount@...)(mail=gmail.com)))" - second test: telnet <IP> 25 Trying <IP>... Connected to <host> (<IP>). Escape character is '^]'. 220 smtp-1.ci.uc.pt ESMTP Postfix HELO test 250 <host> MAIL FROM:<owner-**account@...> 250 2.1.0 Ok RCPT TO:<test@...> 451 4.7.1 Service unavailable - try again later Search made in LDAP: conn=61 op=29 SRCH base="ou=greylist,dc=test,dc=com" scope=2 deref=0 filter="(&(mailLocalAddress=teste@...)(|(mail=owner-**account@...)(mail=gmail.com)))" This help to explane my problem? Thanks --- In milter-greylist@yahoogroups.com, Emmanuel Dreyfus <manu@...> wrote:
> > On Wed, Sep 19, 2012 at 04:05:48PM +0000, Emmanuel Dreyfus wrote: > > I realize we do not perform %-encoding in URL. If I understand the > > thing, a litteral * should be written %5C2a (\ %-encoded as %5C) > > in a LDAP URL. Anyone has an opinion on this topic? > > Thinking about it a bit, it seems urlcheck should perform %-encoding, > and ldapcheck should just use \-escapes. I have never seen a LDAP > URI using %-encoding. > -- > Emmanuel Dreyfus > manu@... >
2012-09-20 by Emmanuel Dreyfus
On Thu, Sep 20, 2012 at 09:31:04AM +0100, Alexandre Santos wrote: > This help to explane my problem? I added %-encoding for urlcheck and \-escape for ldapcheck, it should solve your problem. Please try out http://ftp.espci.fr/pub/milter-greylist/milter-greylist-4.4a3.tgz -- Emmanuel Dreyfus manu@...
2012-09-27 by vanaxel79
Hi, i´ve tried and i have this error after make: prop.c: In function `prop_opnum_validate': prop.c:264: error: `priv_spamd_score10' undeclared (first use in this function) prop.c:264: error: (Each undeclared identifier is reported only once prop.c:264: error: for each function it appears in.) make: *** [prop.o] Error 1 options: #./configure --enable-postfix --with-openldap=/usr/ldap --with-libspf2=/usr/local --with-libmilter --enable-spamassassin --enable-dnsrbl --enable-p0f --enable-p0f3 --enable-mx #make (ERROR) thanks --- In milter-greylist@yahoogroups.com, Emmanuel Dreyfus <manu@...> wrote:
> > On Thu, Sep 20, 2012 at 09:31:04AM +0100, Alexandre Santos wrote: > > This help to explane my problem? > > I added %-encoding for urlcheck and \-escape for ldapcheck, it > should solve your problem. Please try out > http://ftp.espci.fr/pub/milter-greylist/milter-greylist-4.4a3.tgz > > -- > Emmanuel Dreyfus > manu@... >
2012-09-27 by manu@netbsd.org
vanaxel79 <alexandreasantos@...> wrote:
> prop.c: In function `prop_opnum_validate':
> prop.c:264: error: `priv_spamd_score10' undeclared (first use in this
function)
> prop.c:264: error: (Each undeclared identifier is reported only once
> prop.c:264: error: for each function it appears in.)
> make: *** [prop.o] Error 1
Please patch
Index: prop.c
===================================================================
RCS file: /cvsroot/milter-greylist/prop.c,v
retrieving revision 1.10
diff -U 4 -r1.10 prop.c
--- prop.c 20 Sep 2012 08:31:49 -0000 1.10
+++ prop.c 27 Sep 2012 18:09:31 -0000
@@ -260,9 +260,9 @@
val1 = priv->priv_rcptcount;
break;
#ifdef USE_SPAMD
case AONP_SPAMD:
- val1 = priv_spamd_score10;
+ val1 = priv->priv_spamd_score10;
break;
#endif /* USE_SPAMD */
default:
mg_log(LOG_ERR, "unexpected aonp_type");
--
Emmanuel Dreyfus
http://hcpnet.free.fr/pubz
manu@...2012-09-28 by Alexandre Santos
vanaxel79 <alexandreasantos@...> wrote:Please patch
> prop.c: In function `prop_opnum_validate':
> prop.c:264: error: `priv_spamd_score10' undeclared (first use in this
function)
> prop.c:264: error: (Each undeclared identifier is reported only once
> prop.c:264: error: for each function it appears in.)
> make: *** [prop.o] Error 1
Index: prop.c
===================================================================
RCS file: /cvsroot/milter-greylist/prop.c,v
retrieving revision 1.10
diff -U 4 -r1.10 prop.c
--- prop.c 20 Sep 2012 08:31:49 -0000 1.10
+++ prop.c 27 Sep 2012 18:09:31 -0000
@@ -260,9 +260,9 @@
val1 = priv->priv_rcptcount;
break;
#ifdef USE_SPAMD
case AONP_SPAMD:
- val1 = priv_spamd_score10;
+ val1 = priv->priv_spamd_score10;
break;
#endif /* USE_SPAMD */
default:
mg_log(LOG_ERR, "unexpected aonp_type");