Date: Thu, 24 Mar 2016 18:04:20 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 208262] contrib/dma unusable on freebsd.org cluster due to non-canonification of local addresses Message-ID: <bug-208262-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208262 Bug ID: 208262 Summary: contrib/dma unusable on freebsd.org cluster due to non-canonification of local addresses Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: peter@FreeBSD.org We have encountered show-stopper bugs in the freebsd.org cluster when trying to use dma as a drop-in sendmail replacement. When cron generates email and feeds it to /usr/sbin/sendmail, sendmail qualifies the addresses according to the configured hostname/domainname/masquerade. Instead, DMA leaks this onto the internet: Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 99157E1E for <clusteradm@freebsd.org>; Mon, 7 Jan 2013 15:40:10 +0000 (UTC) (envelope-from root@freebsd.org) Received: from halo.freebsd.org (halo.freebsd.org [IPv6:2001:1900:2254:2064::16:7]) by mx1.freebsd.org (Postfix) with ESMTP id 758A719D for <clusteradm@freebsd.org>; Mon, 7 Jan 2013 15:40:10 +0000 (UTC) Received: from root (uid 0) (envelope-from root@freebsd.org) id 4b by halo.freebsd.org (DragonFly Mail Agent v0.7); Mon, 07 Jan 2013 15:40:10 +0000 From: root (Cron Daemon) ^^^^^^^^^^^^^^^^^ To: clusteradm@freebsd.org Subject: Cron <root@halo> /usr/bin/lockf -s -t 0 /var/run/clusteradm.lock /etc/clusteradm/update.sh X-Cron-Env: <MAILTO=clusteradm@freebsd.org> X-Cron-Env: <SHELL=/bin/sh> X-Cron-Env: <HOME=/root> X-Cron-Env: <PATH=/usr/bin:/bin> X-Cron-Env: <LOGNAME=root> X-Cron-Env: <USER=root> Date: Mon, 07 Jan 2013 15:40:10 +0000 Message-Id: <50eaec5a.4b.55f5d33f@halo.freebsd.org> As per RFC 2822: RFC2822: from = "From:" mailbox-list CRLF mailbox-list = (mailbox *("," mailbox)) / obs-mbox-list mailbox = name-addr / addr-spec addr-spec = local-part "@" domain ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Or there's the angle focus route via name-addr: name-addr = [display-name] angle-addr angle-addr = [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr Either way, "From: root" shouldn't be leaking onto the internet without canonification. "From:" grammar always terminates in 'local-part "@" domain'. It's more than just cron that depends on this qualification behavior but that's the one we hit first on the freebsd.org cluster that aborted the experiment. There was another base system tool (my memory says "mail(1)" but I don't think that is correct) and a bunch of user scripts that execed sendmail directly. The interface to /usr/sbin/sendmail is traditionally special. /usr/sbin/sendmail was a generic message router, anything from UUCP to RFC822 internet. Canonification rules varied by context. eg: UUCP had "host!user" as canonical, vs RFC822's "user@domain". /usr/sbin/sendmail is the source of truth for how a local name should be qualified/canonified before leaving the machine and dma isn't doing it. Without this, dma isn't a sufficient drop-in replacement for /usr/sbin/sendmail. -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-208262-8>