Subject: daily (& security) mail not delivered
To: NetBSD current list <current-users@netbsd.org>
From: William Allen Simpson <wsimpson@greendragon.com>
List: tech-security
Date: 06/27/2003 18:47:17 
Apparently, for the past couple of months, the default install stopped 
sending mail to root@localhost.  (I didn't notice until I did a clean 
install of current recently, having stopped at Oct version.)

Investigating, I found 2 obvious reasons (there may be more): 
 * the mail is queued in /var/spool/clientmqueue/ and never delivered,
   due to insufficiently tested changes to sendmail in late March.
 * the mail is attempting to deliver to "localhost.dom.ain.", instead 
   of "localhost."

 (A) PR install/21998

     Obviously, failing to process the daily and security mail is a 
     security flaw.  Also, a pretty bad software bug.

     My proposed solution is to abandon sendmail, and use postfix as 
     the default install.  Perry Metzger proposed a single line fix. 
     This has been controversial. 

     Andrew Brown has suggested a somewhat larger patch for the
     sendmail install, instead. 

     Anyway, I'm thinking my approach would be a marked change of 
     policy, timely for a 2.0 release, that warrants wide discussion.

 (B) PR install/21999

     My proposed solution was to add the "localhost.dom.ain" line to 
     /etc/hosts.  I even found the spot where an obsolete duplicate 
     localhost line could be replaced cleanly.

     An alternative solution was proposed that we find all the bad 
     libraries, applications, and scripts, and fix them to always use 
     "localhost." (note trailing dot).  Maybe that's the long-term 
     solution, but I argue that's a lot of work with no guarantee of 
     success, and I've always disliked the piecemeal approach.

     It has been suggested that we don't need to worry about somebody 
     else announcing "localhost.dom.ain." and intercepting all our 
     root@localhost traffic.  This could even be considered a _feature_
     of RFC-1912, which explicitly allows "localhost.dom.ain." as a 
     valid hostname.  I'm not sure that's the kind of security hole 
     I'd want to have in my default install.

     Again, this probably needs wider discussion.
-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32