mirror of
https://github.com/mail-in-a-box/mailinabox.git
synced 2024-11-26 02:57:04 +00:00
our users/aliases database is case sensitive - force new users/aliases to lowercase
Unfortunately our users/aliases database is case sensitive. (Perhaps I should have defined the columns with COLLATE NOCASE, see https://www.sqlite.org/datatype3.html.) Postfix always queries the tables in lowecase, so mail delivery would fail if a user or alias were defined with any capital letters. It would have also been possible to add multiple euqivalent addresses into the database with different case. This commit rejects new mail users that have capital letters and forces new aliases to lowecase. I prefer to reject rather than casefold user accounts so that the login credentials the user gave are exactly what goes into the database. https://discourse.mailinabox.email/t/recipient-address-rejected-user-unknown-in-virtual-mailbox-table/512/4
This commit is contained in:
parent
b5269bb28e
commit
202c4a948b
@ -6,6 +6,7 @@ In Development
|
|||||||
|
|
||||||
* ownCloud updated to version 8.0.3.
|
* ownCloud updated to version 8.0.3.
|
||||||
* SMTP Submission (port 587) began offering the insecure SSLv3 protocol due to a misconfiguration in the previous version.
|
* SMTP Submission (port 587) began offering the insecure SSLv3 protocol due to a misconfiguration in the previous version.
|
||||||
|
* Users and aliases weren't working if they were entered with any uppercase letters. Now only lowercase is allowed.
|
||||||
|
|
||||||
v0.09 (May 8, 2015)
|
v0.09 (May 8, 2015)
|
||||||
-------------------
|
-------------------
|
||||||
|
@ -32,8 +32,11 @@ def validate_email(email, mode=None):
|
|||||||
# unusual characters in the address. Bah. Also note that since
|
# unusual characters in the address. Bah. Also note that since
|
||||||
# the mailbox path name is based on the email address, the address
|
# the mailbox path name is based on the email address, the address
|
||||||
# shouldn't be absurdly long and must not have a forward slash.
|
# shouldn't be absurdly long and must not have a forward slash.
|
||||||
|
# Our database is case sensitive (oops), which affects mail delivery
|
||||||
|
# (Postfix always queries in lowercase?), so also only permit lowercase
|
||||||
|
# letters.
|
||||||
if len(email) > 255: return False
|
if len(email) > 255: return False
|
||||||
if re.search(r'[^\@\.a-zA-Z0-9_\-]+', email):
|
if re.search(r'[^\@\.a-z0-9_\-]+', email):
|
||||||
return False
|
return False
|
||||||
|
|
||||||
# Everything looks good.
|
# Everything looks good.
|
||||||
@ -253,7 +256,7 @@ def add_mail_user(email, pw, privs, env):
|
|||||||
elif not validate_email(email):
|
elif not validate_email(email):
|
||||||
return ("Invalid email address.", 400)
|
return ("Invalid email address.", 400)
|
||||||
elif not validate_email(email, mode='user'):
|
elif not validate_email(email, mode='user'):
|
||||||
return ("User account email addresses may only use the ASCII letters A-Z, the digits 0-9, underscore (_), hyphen (-), and period (.).", 400)
|
return ("User account email addresses may only use the lowercase ASCII letters a-z, the digits 0-9, underscore (_), hyphen (-), and period (.).", 400)
|
||||||
elif is_dcv_address(email) and len(get_mail_users(env)) > 0:
|
elif is_dcv_address(email) and len(get_mail_users(env)) > 0:
|
||||||
# Make domain control validation hijacking a little harder to mess up by preventing the usual
|
# Make domain control validation hijacking a little harder to mess up by preventing the usual
|
||||||
# addresses used for DCV from being user accounts. Except let it be the first account because
|
# addresses used for DCV from being user accounts. Except let it be the first account because
|
||||||
@ -403,6 +406,10 @@ def add_mail_alias(source, destination, env, update_if_exists=False, do_kick=Tru
|
|||||||
# convert Unicode domain to IDNA
|
# convert Unicode domain to IDNA
|
||||||
source = sanitize_idn_email_address(source)
|
source = sanitize_idn_email_address(source)
|
||||||
|
|
||||||
|
# Our database is case sensitive (oops), which affects mail delivery
|
||||||
|
# (Postfix always queries in lowercase?), so force lowercase.
|
||||||
|
source = source.lower()
|
||||||
|
|
||||||
# validate source
|
# validate source
|
||||||
source = source.strip()
|
source = source.strip()
|
||||||
if source == "":
|
if source == "":
|
||||||
|
Loading…
Reference in New Issue
Block a user