Date: Thu, 24 Mar 2016 18:04:20 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 208262] contrib/dma unusable on freebsd.org cluster due to non-canonification of local addresses Message-ID: <bug-208262-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D208262 Bug ID: 208262 Summary: contrib/dma unusable on freebsd.org cluster due to non-canonification of local addresses Product: Base System Version: 11.0-CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: peter@FreeBSD.org We have encountered show-stopper bugs in the freebsd.org cluster when tryin= g to use dma as a drop-in sendmail replacement. When cron generates email and feeds it to /usr/sbin/sendmail, sendmail qualifies the addresses according to the configured hostname/domainname/masquerade. Instead, DMA leaks this onto the interne= t: Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 99157E1E for <clusteradm@freebsd.org>; Mon, 7 Jan 2013 15:40:10 +0000 (UTC) (envelope-from root@freebsd.org) Received: from halo.freebsd.org (halo.freebsd.org [IPv6:2001:1900:2254:2064::16:7]) by mx1.freebsd.org (Postfix) with ESMTP id 758A719D for <clusteradm@freebsd.org>; Mon, 7 Jan 2013 15:40:10 +0000 (UTC) Received: from root (uid 0) (envelope-from root@freebsd.org) id 4b by halo.freebsd.org (DragonFly Mail Agent v0.7); Mon, 07 Jan 2013 15:40:10 +0000 From: root (Cron Daemon) ^^^^^^^^^^^^^^^^^ To: clusteradm@freebsd.org Subject: Cron <root@halo> /usr/bin/lockf -s -t 0 /var/run/clusteradm.lock /etc/clusteradm/update.sh X-Cron-Env: <MAILTO=3Dclusteradm@freebsd.org> X-Cron-Env: <SHELL=3D/bin/sh> X-Cron-Env: <HOME=3D/root> X-Cron-Env: <PATH=3D/usr/bin:/bin> X-Cron-Env: <LOGNAME=3Droot> X-Cron-Env: <USER=3Droot> Date: Mon, 07 Jan 2013 15:40:10 +0000 Message-Id: <50eaec5a.4b.55f5d33f@halo.freebsd.org> As per RFC 2822: RFC2822: from =3D "From:" mailbox-list CRLF mailbox-list =3D (mailbox *("," mailbox)) / obs-mbox-list mailbox =3D name-addr / addr-spec addr-spec =3D local-part "@" domain ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Or there's the angle focus route via name-addr: name-addr =3D [display-name] angle-addr angle-addr =3D [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr Either way, "From: root" shouldn't be leaking onto the internet without canonification. "From:" grammar always terminates in 'local-part "@" domai= n'.=20=20 It's more than just cron that depends on this qualification behavior but th= at's the one we hit first on the freebsd.org cluster that aborted the experiment= .=20 There was another base system tool (my memory says "mail(1)" but I don't th= ink that is correct) and a bunch of user scripts that execed sendmail directly. The interface to /usr/sbin/sendmail is traditionally special.=20 /usr/sbin/sendmail was a generic message router, anything from UUCP to RFC8= 22 internet. Canonification rules varied by context. eg: UUCP had "host!user"= as canonical, vs RFC822's "user@domain". /usr/sbin/sendmail is the source of truth for how a local name should be qualified/canonified before leaving the machine and dma isn't doing it. Without this, dma isn't a sufficient drop-in replacement for /usr/sbin/sendmail. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-208262-8>