Debian Bug report logs - #697871
dma generated headers misses the domain part (violates section-3.4.1 of rfc2822)

version graph

Package: dma; Maintainer for dma is Arno Töll <arno@debian.org>; Source for dma is src:dma.

Reported by: Carlos Alberto Lopez Perez <clopez@igalia.com>

Date: Thu, 10 Jan 2013 18:33:01 UTC

Severity: grave

Fixed in version dma/0.9-1

Done: Arno Töll <arno@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Peter Pentchev <roam@ringlet.net>:
Bug#697871; Package dma. (Thu, 10 Jan 2013 18:33:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to Carlos Alberto Lopez Perez <clopez@igalia.com>:
New Bug report received and forwarded. Copy sent to Peter Pentchev <roam@ringlet.net>. (Thu, 10 Jan 2013 18:33:04 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Carlos Alberto Lopez Perez <clopez@igalia.com>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dma generated headers misses the domain part (violates section-3.4.1 of rfc2822)
Date: Thu, 10 Jan 2013 19:28:13 +0100
[Message part 1 (text/plain, inline)]
Package: dma
Severity: grave
Justification: violates section-3.4.1 of rfc2822, therefore could make unrelated software on the system to break or cause data loss (missing/bounced e-mails)


DMA should append the system mailname (/etc/mailname), or the system hostname when the mailname is not available automatically to the generated e-mails when the user don't specify a domain name.


Take, for example the following headers of a generated mail from cron on a system running dma:

"""
Received: from root (uid 0)
	(envelope-from root@localhost)
	id 18000e2
	by localhost (DragonFly Mail Agent);
	Thu, 10 Jan 2013 17:33:25 +0100
From: root (Cron Daemon)
To: root
Subject: Cron <root@localhost>    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.hourly ) (failed)
Content-Type: text/plain; charset=UTF-8
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <LOGNAME=root>
Date: Thu, 10 Jan 2013 07:33:25 +0100
Message-Id: <50ee60b5.18000e2.7a0902f8@localhost>
"""


The same message when generated by a sane MTA (Exim for example) will have:

"""
From: root@localhost (Cron Daemon)
To: root@localhost
"""

To reproduce, Execute the following command on a system running DMA.

echo "This is the main body of the mail" | mail -s "Testing dma sanity" mymail@address.com -- -f root

If DMA is configured to deliver to an smarthost (exim), you will get your mail bounced back.


"""
This is the DragonFly Mail Agent at satellite.address.com.

There was an error delivering your mail to <mymail@address.com>.

mail.adress.com [192.168.122.1] did not like our MAIL FROM:
501 <root>: sender address must contain a domain

Message headers follow.

Received: from root (uid 0)
	(envelope-from root)
	id 1806b45
	by satellite.address.com (DragonFly Mail Agent);
	Thu, 10 Jan 2013 19:12:42 +0100
To: mymail@address.com
Subject: Testing dma sanity
Date: Thu, 10 Jan 2013 19:12:42 +0100
Message-Id: <50ef049a.1806b45.2d33b2be@satellite.address.com>
From: <root>
"""

Now do the same test on another system running Exim and you will see how Exim automatically adds an @mailname.tld

The MTA should append _always_ an @ with the mailname/hostname part when the user don't specify it.


Since this bug potentially breaks unrelated software I am marking it as a RC bug.


I noticed this because my procmail rules stopped working as expected and because of bounced mails after installing DMA.


Regards!

[signature.asc (application/pgp-signature, attachment)]

Reply sent to Arno Töll <arno@debian.org>:
You have taken responsibility. (Sun, 07 Jul 2013 11:21:41 GMT) Full text and rfc822 format available.

Notification sent to Carlos Alberto Lopez Perez <clopez@igalia.com>:
Bug acknowledged by developer. (Sun, 07 Jul 2013 11:21:41 GMT) Full text and rfc822 format available.

Message #10 received at 697871-close@bugs.debian.org (full text, mbox):

From: Arno Töll <arno@debian.org>
To: 697871-close@bugs.debian.org
Subject: Bug#697871: fixed in dma 0.9-1
Date: Sun, 07 Jul 2013 11:17:59 +0000
Source: dma
Source-Version: 0.9-1

We believe that the bug you reported is fixed in the latest version of
dma, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 697871@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Arno Töll <arno@debian.org> (supplier of updated dma package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 07 Jul 2013 12:58:36 +0200
Source: dma
Binary: dma
Architecture: source amd64
Version: 0.9-1
Distribution: unstable
Urgency: low
Maintainer: Arno Töll <arno@debian.org>
Changed-By: Arno Töll <arno@debian.org>
Description: 
 dma        - lightweight mail transport agent
Closes: 671364 677368 689363 697871
Changes: 
 dma (0.9-1) unstable; urgency=low
 .
   * New upstream release (Closes: #671364, LP: #994003)
     - Adopt package with Peter's approval. Thank you for all your previous
       work of the years.
     - New maintainers.
 .
   [ Arno Töll ]
   * Update patches:
       - 03-debian-locations.patch: refreshed, add Debian's default for
         MAILNAME
       - 04-debian-setgid.patch: applied upstream
       - 09-typos.patch: applied upstream
       - 10-liblockfile.patch: dropped. This removes a patch rejected by
         upstream. Most users should not notice any change, however you cannot
         safely lock your mailbox anymore if you use it on a NFS file system
         without lockd running. Thus, also drop the liblockfile build
         dependency.
       - 11-double-bounce.patch: drop. See below.
       - 13-hardening.patch: applied upstream
       - 17-mailname.patch: drop. Upstream's MAILNAME directive supersets this
         behavior. Note that this might require a configuration change to
         existing installations
       - 20-parse-recipient.patch: applied upstream
       - 23-dirent-d_type.patch: drop. The code does not use d_type anymore
       - 24-random-message-id: applied upstream
       - 25-unsupported-starttls.patch: applied upstream
       - 27-int-size.patch: applied upstream
       - 28-valid-recipient.patch: applied upstream
       - 29-double-free.patch: applied upstream
       - 30-ldflags.patch: applied upstream
       - 31-sigalrm-backoff.patch: applied upstream (but using SIGHUP instead)
       - 32-comment-uncomment.patch: applied upstream
       - 33-opportunistic-tls.patch: applied upstream
       - 34-manpage-defaults.patch: applied upstream
       - 35-delivery-retry.patch: applied upstream
       - 36-sa_nocldwait.patc: drop. The code does not use SA_NOCLDWAIT anymore
       - 37-gnu-hurd.patch: applied upstream
       - 38-unresolvable-mx.patch: not needed anymore
       - 39-fix-add-host.patch: applied upstream
       - 40-smtp-banner.patch: applied upstream
       - 41-cppcheck.patch: applied upstream
       - 42-fix-ftbfs-binutils-gold.patch: applied upstream
       - 43-const.patch: applied upstream
       - 44-newline.patch: not needed anymore
       - 45-received.patch: applied upstream
       - 46-smtp-newline.patch: dropped, not needed anymore
   * Use /etc/mailname by default for fresh installs unless changed through
     debconf.
   * Drop the Debian specific dbounce-simple-safecat behavior entirely. This
     might still be useful for some users, but we prefer to keep in line with
     upstream who prefers to keep this behavior out of their sources. Moreover,
     also drop the safecat recommendation which is therefore not needed
     anymore.
   * Handle newaliases command when invoked through dma.
   * Merge patches from a upstream snapshot:
     - 0001-set_from-always-fully-qualify-envelope-from.patch (Closes: #697871)
     - 0002-aliases-log-errors-to-syslog-and-abort.patch
     - 0003-newaliases-provide-command-alias.patch
 .
 .
   [ Laurent Bigonville ]
   * Add debian/gbp.conf file
   * debian/watch: Update watch file to point to github
   * debian/control:
     - Drop DM-Upload-Allowed field: Obsolete.
     - Bump Standards-Version to 3.9.4 (no further changes)
     - Adjust VCS fields to point to collab-maint
     - Update Homepage field to point to upstream github
     - Drop hardening-includes build-dependency, not needed with debhelper 9
     - [AT] Drop dpkg-dev (build-,) pre-dependency as the required version is
       available in oldstable by now.
   * debian/rules:
     - Drastically simplify the rules file
     - Set LIBEXEC to /usr/lib/dma
     - Install spool directory with setgid bit set
   * Drop dma-migrate package, this package is not needed anymore
     (Closes: #677368, #689363)
   * Drop debian/source/options, use default compression options
   * debian/dma.maintscript: Remove /etc/dma/virtusertable, this configuration
     file is not used anymore
   * debian/rules, debian/dma.lintian-overrides: Install dma-mbox-create with
     setuid bit set
Checksums-Sha1: 
 898c4540c81435500b7ded768700cee6aae93da8 1884 dma_0.9-1.dsc
 dc82067b4c498c6e89b6973b625da551f4639ca9 45598 dma_0.9.orig.tar.gz
 e7a881451f6239da06b88762c444a61e39758b4f 24147 dma_0.9-1.debian.tar.gz
 7513e46251cf5a1aee99e4a4f38c16af43150cab 53518 dma_0.9-1_amd64.deb
Checksums-Sha256: 
 38192d8a91ab5eb29097b202fea222c25632cd6a33c476845929adb872df4190 1884 dma_0.9-1.dsc
 69a46b5a05b0be13ee547d675eed35010fe6c6aef10335e099de33a80983c262 45598 dma_0.9.orig.tar.gz
 8a8ba8b58fb1a2bafa731eaea526f1f4630ede9965b95a31649125292afae164 24147 dma_0.9-1.debian.tar.gz
 354d5f502bd709e45258019128c0cf845115bd066990678290824a95a91f3267 53518 dma_0.9-1_amd64.deb
Files: 
 945e952feed7241ec901b810e4def106 1884 mail optional dma_0.9-1.dsc
 47767b80169c70f6289cf57a1fb591f4 45598 mail optional dma_0.9.orig.tar.gz
 e4024bc176cefa3e46488587a67632fc 24147 mail optional dma_0.9-1.debian.tar.gz
 6b36fdb0b7333a48fe9ee08ca718dd64 53518 mail optional dma_0.9-1_amd64.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJR2UrtAAoJEMcrUe6dgPNtJUMP/RHydCl23And+7Y9trsRPqms
duNmSdOG1Xq3RZJysDJe3pfgJ8JH74E2mO+0DyGEeYbSVBQhsge9YDoEGQS1w/gl
or31WE5xm8njPjJCr2p4pK5kEwUERzZjr2EMie9Bsgk8tqlAnf0v7E8NtIkdpbCY
VOputxbBt/qChFrao2SXugXPiIfqEGvu036w3aB19vWhosZvPEGVoVCwe1r5yUYC
iTUST/uhjWWho5AfCG7efFAXDCEa1DrgNsYsOr6eji84Ae87ZYDJ+qyk83+Xtl1F
/nZ86E6GcrKMYXdEhH7nGxlDCPzqSTlT6QBkQF6Ho5Ja1YJojA9fh0qfOlxzPDt0
GYTd9zy+A6wIS6PG0OHzAKLOfiXVn97kORdoBOtkj0QXjgIS1ZoQC9XO1QP+Tomm
P3tmTNrfOgYLOGvzG64bD83aUWSi239EJcqBQSN/ydVYrJZnUGTVCzuUrraRCpVy
HpFHx8sSFB0SofXD1L/B66P8Wj0cOMRT2WPMLZeMdT2ApYjL5DbipWFsETIaBDcj
RfEEli1WFdqRtcJuTSAGZKKDBxMPCTN244au31BjoGa2d5Xg6PLtr4uQa41HUG44
tfW7AJUyThwe+0BiMkVYMNZIWiA/wWWgDSmeKU8ovEdbRFWcQD4aJK7Y+nNLF3y9
tmR135S2z5vN306gnbot
=QeaT
-----END PGP SIGNATURE-----




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Thu, 15 Aug 2013 07:32:42 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Fri Apr 18 19:55:29 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.