Debian Bug report logs - #450787
postfix: should handle hosts with non-existant FQDN better

version graph

Package: postfix; Maintainer for postfix is LaMont Jones <lamont@debian.org>; Source for postfix is src:postfix.

Reported by: Osamu Aoki <osamu@debian.org>

Date: Sat, 10 Nov 2007 16:27:05 UTC

Severity: normal

Found in version postfix/2.4.6-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#450787; Package postfix. Full text and rfc822 format available.

Acknowledgement sent to Osamu Aoki <osamu@debian.org>:
New Bug report received and forwarded. Copy sent to LaMont Jones <lamont@debian.org>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Osamu Aoki <osamu@debian.org>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: postfix: Smarthost set up
Date: Sun, 11 Nov 2007 01:25:03 +0900
Package: postfix
Version: 2.4.6-1
Severity: normal

Short report:
Please do not set 'myorigin = /etc/mailname' at least for 
"Internat with smarthost".  This may cause root mail etc. to be sent
outside unless user checks result of debconf carefully.

Long report:

"postfix/main_mailer_type" has 5 possible values:
  No configuration:
   Should be chosen to leave the current configuration unchanged.
  Internet site:
   Mail is sent and received directly using SMTP.
  Internet with smarthost:
   Mail is received directly using SMTP or by running a utility such
   as fetchmail. Outgoing mail is sent using a smarthost.
  Satellite system:
   All mail is sent to another machine, called a 'smarthost', for delivery.
  Local only:
   The only delivered mail is the mail for local users. There is no network.

So natuarally, except for "Satellite system", I expect no system mail to
be forwarded to smarthost in default set up.

Since policy states, /etc/mailname to be:
---
Such package should check for the existence of this file when it is being
configured. If it exists, it should be used without comment, although an MTA's
configuration script may wish to prompt the user even if it finds that this
file exists. If the file does not exist, the package should prompt the user for
the value (preferably using debconf) and store it in /etc/mailname as well as
using it in the package's configuration. The prompt should make it clear that
the name will not just be used by that package. For example, in this situation
the inn package could say something like:

     Please enter the "mail name" of your system.  This is the
     hostname portion of the address to be shown on outgoing
     news and mail messages.  The default is
     syshostname, your system's host name.  Mail
     name ["syshostname"]:

where syshostname is the output of hostname --fqdn. 
---

I expect the value in this /etc/mailname to be used for *outgoing* news
and mail messages.  For "Internet with smarthost", I expect to use such
address as ISP "pacbell.com" or forwarding address "debian.org".  All
local mail such as ones to root end up in local host.

When postfix "Template: postfix/mailname" asked me without *outgoing*:
---
Description: System mail name:
 The "mail name" is the domain name used to "qualify" mail addresses
 without a domain name.
 .
 This name will also be used by other programs. It should be the
 single, fully qualified domain name (FQDN).
 .
 Thus, if a mail address on the local host is foo@example.org,
 the correct value for this option would be example.org.
---

I have only one account with matching my debian account name on this
machine where outgoing mail is generated.  Naturally I put "debian.org"
in this question instead of $(hostname --fqdn). This set up
/etc/mailname to "debian.org" and set 'myorigin = /etc/mailname'.  (This
is normal reaction by many home users without domain registration etc.
using smarthost set up behind the broad band router.)

Then, when "postfix/destinations" asked me:
---
Description: Other destinations to accept mail for (blank for none):
 Please give a comma-separated list of domains for which this machine
 should consider itself the final destination. If this is a mail
 domain gateway, you probably want to include the top-level domain.
---
Although "debian.org" was included in the list, I eliminated it since I do not 
want mails to my fellow DD end up in my machine as undelivarable.

Alas, this seemingly normal system end up with very bad situation.  Some cron
job message to root was sent out to my smarthost and to "root@debian.org".

I understand 
 * what you ask in debconf and 
 * what you setup as "myorigin = /etc/mailname" 
match up.  So I should have placed "localhost" or $(hostname --fqdn)
which was "snoopy.invalid" in my case into the query.  

I think postfix should follow policy for /etc/mailname.  I should be
able to set it to my ISP or debian.org wthout problem.

The valid return address is required to get mail delivered over spam
prevention.  (As everyone knows these days, such invalid mail address
will be rejected by many MTA.) For this end, generic(5) serves address
rewriting for outgoing mail for postfix.

I think, at least for "Internet site" and "Internet with smarthost",  we
should set up "myorigin" as either one of:
 # postconf -e "myorigin = $(hostname --fqdn)"
or
 # postconf -e 'myorigin = localhost'

Then in my case by manual configuration for postfix 2.3:
 # vim /etc/postfix/generic
 ... make table
 # postmap /etc/postfix/generic
 # postconf -e 'smtp_generic_maps = hash:/etc/postfix/generic'

Since this is a bit too complicated for installation script, I suggest
something along following script to generate /etc/postfix/generic after
setting /etc/mailname with policy compliant quesry with *outgoing* in
the postinst (after checking file alteration, main.cf sanity check etc.)
---
cat >/etc/postfix/generic <<EOF
# This is debconf generated address rewriting routine for outgoing mail
# If you want to set up more fine grained rewriting rule, please read
# generic(5).
# Please indicate below by substituting No to Yes if you edit this:
# Manual_change = No
/^\\([^@]*\\)\$/x \$1@$(cat /etc/mailname)
/^\\([^@]*\\)@.*\$/x \$1@$(cat /etc/mailname)
EOF
---
(I hope my escaping was OK for '\'s .)

Then set up postfix (main.cf) with:
 # postconf -e 'smtp_generic_maps = regrex:/etc/postfix/generic'

This is a bit complicated and I think there may be simpler way to
prevent local mail to go outside, this at least gave me sane system.

When you do this, please consider to include /etc/postfix/sasl_passwd
with dummy contents:
---
# Please read (postfix-doc package) /usr/share/doc/postfix/SASL_README.gz
# under "Enabling SASL authentication in the Postfix SMTP client" for
# details.  Run postmap(5) after updating this file.
# Format:
#[targetmailserver.example]      login:password
#[targetmailserver.example]:587  login:password
#
---

I think this smarthost fix is needed to get postfix to be real
alternative to exim4 :-)

FYI:
In case of exim4, they use /etc/email-addresses for fine grained
outgoing mail address rewrining.  But that was not needed if
/etc/mailname was set to some valid mail domain name as long as you use
one mail domain for all accounts.  All local mail was delivered without
problem.

-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.22-3-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages postfix depends on:
ii  adduser                  3.105           add and remove users and groups
ii  debconf [debconf-2.0]    1.5.16          Debian configuration management sy
ii  dpkg                     1.14.7          package maintenance system for Deb
ii  libc6                    2.6.1-6         GNU C Library: Shared libraries
ii  libdb4.6                 4.6.21-4        Berkeley v4.6 Database Libraries [
ii  libsasl2-2               2.1.22.dfsg1-16 Cyrus SASL - authentication abstra
ii  libssl0.9.8              0.9.8g-2        SSL shared libraries
ii  lsb-base                 3.1-24          Linux Standard Base 3.1 init scrip
ii  netbase                  4.30            Basic TCP/IP networking system
ii  ssl-cert                 1.0.14          Simple debconf wrapper for openssl

postfix recommends no packages.

-- debconf information:
* postfix/mailname: localhost
  postfix/tlsmgr_upgrade_warning:
* postfix/relayhost: [vsmtp.mb.point.ne.jp]:587
* postfix/procmail: true
  postfix/bad_recipient_delimiter:
* postfix/rfc1035_violation: false
* postfix/mynetworks: 127.0.0.0/8
* postfix/protocols: all
* postfix/recipient_delim: +
* postfix/main_mailer_type: Internet with smarthost
  postfix/kernel_version_warning:
* postfix/chattr: false
* postfix/root_address:
  postfix/mydomain_warning:
* postfix/destinations: snoopy.invalid, localhost.invalid, localhost
  postfix/not_configured:
* postfix/mailbox_limit: 0





Information forwarded to debian-bugs-dist@lists.debian.org, LaMont Jones <lamont@debian.org>:
Bug#450787; Package postfix. Full text and rfc822 format available.

Acknowledgement sent to Osamu Aoki <osamu@debian.org>:
Extra info received and forwarded to list. Copy sent to LaMont Jones <lamont@debian.org>. Full text and rfc822 format available.

Message #10 received at 450787@bugs.debian.org (full text, mbox):

From: Osamu Aoki <osamu@debian.org>
To: 450787@bugs.debian.org
Subject: Bug#450787: postfix: Smarthost set up (follow-up)
Date: Sun, 11 Nov 2007 03:06:14 +0900
Hi,

Just to follow up, ..

Frst, my script example used "cat" for /etc/mailname.  Since it may contain
comments, I guess 
$(grep -m1 -v -e '^#' -e '^ *$' /etc/mailname)
may have been better.

I checked how popular to assume /etc/mailname not being localhost but ISP or
debian.org like FQDN on debian system, I checked my system and found folowing
scrips uses it to get mailname and expect somethig more like debian.org there:

Binary file /usr/bin/mutt matches
/usr/bin/dch:   if (open MAILNAME, '/etc/mailname') {
/usr/bin/debchange:     if (open MAILNAME, '/etc/mailname') {
/usr/bin/dh_make:    if ( -e '/etc/mailname'){
/usr/bin/dh_make:      chomp($mailhost = `cat /etc/mailname`);
Binary file /usr/bin/makeinfo matches
/usr/lib/pbuilder/pbuilder-modules:     hostname -f > "$BUILDPLACE/etc/mailname"
/usr/lib/gettext/user-email:# Some Debian systems have a file /etc/mailname.
/usr/lib/gettext/user-email:if test -r /etc/mailname; then
/usr/lib/gettext/user-email:  hostmailname=`cat /etc/mailname`
/etc/emacs/site-start.d/00debian-vars.el:(defun debian-clean-mailname ()
/etc/emacs/site-start.d/00debian-vars.el:;; policy/ch4.html, 4.3 Mail processing on Debian systems, /etc/mailname
/etc/emacs/site-start.d/00debian-vars.el:(let ((mailname
/etc/emacs/site-start.d/00debian-vars.el:       (debian-file->string "/etc/mailname" (function debian-clean-mailname))))
/etc/emacs/site-start.d/00debian-vars.el:  (if (not mailname)
/etc/emacs/site-start.d/00debian-vars.el:      (message "No /etc/mailname. Reverting to default...")
/etc/emacs/site-start.d/00debian-vars.el:    (setq mail-host-address mailname)))
/etc/Muttrc:# set the default here. (better: fix /etc/mailname)

I am quite annoyed after changing /etc/mailname to "localhost" and now
changing "myorigin = localhost" and set /etc/mailname back to "debian.org"  
This way I can run devscripts as it used to be in exim4.

Now, I should get proper e-mail address in my changelog :-)

Osamu





Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#450787; Package postfix. Full text and rfc822 format available.

Acknowledgement sent to LaMont Jones <lamont@debian.org>:
Extra info received and forwarded to list. Full text and rfc822 format available.

Message #15 received at 450787@bugs.debian.org (full text, mbox):

From: LaMont Jones <lamont@debian.org>
To: Osamu Aoki <osamu@debian.org>, 450787@bugs.debian.org
Subject: Re: Bug#450787: postfix: Smarthost set up
Date: Fri, 4 Jan 2008 07:06:49 -0700
On Sun, Nov 11, 2007 at 01:25:03AM +0900, Osamu Aoki wrote:
> Short report:
> Please do not set 'myorigin = /etc/mailname' at least for 
> "Internat with smarthost".  This may cause root mail etc. to be sent
> outside unless user checks result of debconf carefully.

Postfix has no concept of whether mail is leaving the machine or not at
the point where address rewriting is being done.  That is, all mail is
_outgoing_ in postfix's opinion.

See sender_canonical_maps and recipient_canonical_maps for how to deal
with using some other domain as the default for the domain on outgoing
mail.

The bug here is quite possibly that postfix's install doesn't make
dealing with a machine that needs to tweak myorigin (usually because
it's not in the DNS for the rest of the internet) easier.

lamont




Changed Bug title to `postfix: should handle hosts with non-existant FQDN better' from `postfix: Smarthost set up'. Request was from LaMont Jones <lamont@debian.org> to control@bugs.debian.org. (Sat, 19 Jan 2008 16:24:14 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 23 11:08:21 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.