IDN domain name support
in [Postfix]
|
From: Victor Duchovni on 27 May 2010 16:10 On Thu, May 27, 2010 at 03:36:19PM -0400, Pat wrote: > ICANN did not really consider the security and portability of IDNs > before permitting them. The reasons for this are many, and speak > poorly to ICANN's management structure. It is important to remember > that ICANN's action does not mean that end-users are prepared to accept > mail from such domains, or that doing so would be secure, much less > that operating systems, libraries, and applications are > capable of dealing with IDNs safely. However true any of the above may be, it is not Postfix related. > Whether IDNs will ever be portable is a matter of debate. Right now > they are in early-alpha status i.e., not ready for production. This > might be OK for some DNS and SMTP implementations but for most production > systems they pose too high of a risk. The only place that IDNs are in any way interesting is in user-agents, since that's where xn--foo-bar gets turned into something that a user who can read the relevant glyphs can understand. Infrastructure (as opposed to user-facing client software) is IDN agnostic, because IDN domain names are just like any other ASCII domain name. > Speaking only for myself, for the foreseeable future we are not interested in > experimental code and do not want to use a version of bind or postfix > that cannot be compiled to refuse IDNs. There is no code in Postfix to support IDN, and nothing to re-compile. IDN domains are just like non-IDN domains, and work out of the box. If you absolutely want to reject IDN dns labels, just adjust your access tables: sender_access.pcre: /@(\S+\.)*?xn--/ REJECT No room for IDN domains on my soapbox -- Viktor. |