Re: mail.local NSS awareness

[Manuel Bouyer <bouyer%antioche.eu.org@localhost>]

On Wed, Apr 30, 2008 at 08:47:05AM +0000, Emmanuel Dreyfus wrote:
> On Wed, Apr 30, 2008 at 10:04:32AM +0200, Manuel Bouyer wrote:
> > Shouldn't the last line be "err(EX_UNAVAILABLE, "unknown name: %s", name) ?
> 
> Well, it depends: if you return EX_OK, the message is dropped (which is
> the current behavior), and if you return EX_UNAVAILABLE, the MTA
> generates a DSN. 
> 
> But that can only happen if the MTA thought the user existed and mail.local
> reports it does not. You could get that if the MTA and mail.local use two
> different sources, ot if the user was deleted between the two lookups.

Do all MTAs check that the local user exists before calling mail.local ?
Hum, in light of this I don't understand your problem any more
(I mean, I see the benefit of having mail.local handle nss failures
gracefully, but I don't understand how you did run into it).
If the MTA checks that the user exists, if there's a LDAP failure
it should fail the message before calling mail.local, isn't it ?

> 
> I think returning EX_UNAVAILABLE would be better. OTOH, I wonder if
> we should restrict EX_TEMPFAIL to EGAIN ang ETIMEDOUT. I think it would
> make sense to return EX_TEMPFAIL for any getpwnam_r() error. After all,
> if you fail because of something like ENOMEM, it should be a temporary 
> failure.

I think so.

-- 
Manuel Bouyer <bouyer%antioche.eu.org@localhost>
     NetBSD: 26 ans d'experience feront toujours la difference
--