Subject: Re: daily (& security) mail not delivered
To: NetBSD current list <current-users@netbsd.org>
From: William Allen Simpson <wsimpson@greendragon.com>
List: tech-security
Date: 06/28/2003 08:47:00
Given the recent revelation that this fellow is the guy that checked
in without thorough testing, and his admission that "sysinst isn't
something i know all that much about", maybe I ought to test his
other claims as well....
Andrew Brown wrote:
>
> >> sendmail likes to fully qualify things, especially for smtp
> >> transactions. if i "echo test | mail root", my fully qualified
> >> hostname gets added. if i "echo test | mail root@localhost", the
> >> localhost piece gets removed and replaced with my fully qualified
> >> hostname. it sounds to me like your machine wasn't completely
> >> configured.
> >
> >You mean "sounds to me like your machine wasn't completely configured
> >BY SYSINST." Yes, that's why I'm raising the issues.
>
> sysinst isn't something i know all that much about. i do, however,
> know how i want my machines to behave, so i check all sorts of things
> and tweak stuff manually all the time. as to what sysinst does, or
> how much it should or should not, i can't say.
>
OK, let's try it:
dreamer: {1} echo test | mail root
dreamer: {2} echo testlocal | mail root@localhost
dreamer: {4} su
Password:
dreamer: {1} cd /var/spool/clientmqueue
dreamer: {2} ll
[elided]
===
dreamer: {3} more qfh5SCZjnD029201
V6
T1056803745
K1056803746
N1
P30010
MDeferred: Connection refused by localhost.citi.umich.edu.
Fbs
$_current@localhost
${daemon_flags}c u
Scurrent
Acurrent@dreamer.citi.umich.edu
MDeferred: Connection refused by localhost.citi.umich.edu.
C:root
rRFC822; root@dreamer.citi.umich.edu
RPFD:root
H?P?Return-Path: <<81>g>
H??Received: (from current@localhost)
by dreamer.citi.umich.edu (8.12.9/8.12.9) id h5SCZjnD029201
for root; Sat, 28 Jun 2003 08:35:45 -0400 (EDT)
H?D?Date: Sat, 28 Jun 2003 08:35:45 -0400 (EDT)
H?F?From: current
H?M?Message-Id: <200306281235.h5SCZjnD029201@dreamer.citi.umich.edu>
H??To: root
.
Yes, he's partially correct. The fully qualified hostname gets added,
but only to rRFC822 line.
The delivery is attempted to "localhost.citi.umich.edu".
===
dreamer: {4} more qfh5SCabs6013389
V6
T1056803797
K1056803797
N1
P30020
MDeferred: Connection refused by localhost.citi.umich.edu.
Fbs
$_current@localhost
${daemon_flags}c u
Scurrent
Acurrent@dreamer.citi.umich.edu
MDeferred: Connection refused by localhost.citi.umich.edu.
C:root@localhost
rRFC822; root@localhost
RPFD:root@localhost
H?P?Return-Path: <<81>g>
H??Received: (from current@localhost)
by dreamer.citi.umich.edu (8.12.9/8.12.9) id h5SCabs6013389
for root@localhost; Sat, 28 Jun 2003 08:36:37 -0400 (EDT)
H?D?Date: Sat, 28 Jun 2003 08:36:37 -0400 (EDT)
H?F?From: current
H?M?Message-Id: <200306281236.h5SCabs6013389@dreamer.citi.umich.edu>
H??To: root@localhost
.
No, he's wrong! The localhost piece IS NOT "replaced with my fully
qualified hostname."
The delivery is attempted to "localhost.citi.umich.edu".
===
I don't know where or how he ran his regression testing, but it wasn't
against -current.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32