Page MenuHomekolab.org

Recipient access denied when inserting into the cache fails
Open, Needs TriagePublic

Description

When I tried to send mail to Kolab user Johannes Ranke with a long sender address, his kolab_smtp_access_policy rejected my emails. As it turned out, the issue was that in his MySQL database table kolab.policy_result the column sender is too short. (This is not the case on my Kolab installation, so I guess it is a remnant of an older version of setup-kolab.) What worries my though, is that the recipient policy in
kolab_smtp_access_policy returns a REJECT when there is a MySQL error.

As a case in point, the issue can be reproduced by revoking insertion privileges from the kolab user in MySQL. Since this does not disable the cache, kolab_smtp_access_policy will try to insert into the cache when it encounters a new sender and an error will be generated. It then immediately returns "REJECT: Recipient access denied".

pykolab version: 0.8.19-0~kolab1

Details

Differential Revisions
D3343: Catch exceptions in `cache_update()`
Ticket Type
Task

Event Timeline

sicherha assigned this task to mollekopf.Feb 4 2022, 7:42 AM
sicherha added a subscriber: sicherha.

Do you happen to have a log containing a backtrace for the case where the sender column is too short? After skimming the code, I would assume SQLAlchemy throws an exception which then gets caught in bin/kolab_smtp_access_policy.py:1717. That's obviously too late.

If your backtrace shows that the exception comes from inside cache_update(), then we should add a try-except block there, I guess.

The exception comes from inside cache_update(). See attached the traceback, from the log file that Johannes sent me.