[Bug 208262] contrib/dma unusable on freebsd.org cluster due to non-canonification of local addresses

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Mar 24 18:04:20 UTC 2016 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208262

            Bug ID: 208262
           Summary: contrib/dma unusable on freebsd.org cluster due to
                    non-canonification of local addresses
           Product: Base System
           Version: 11.0-CURRENT
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: bin
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: peter at FreeBSD.org

We have encountered show-stopper bugs in the freebsd.org cluster when trying to
use dma as a drop-in sendmail replacement.

When cron generates email and feeds it to /usr/sbin/sendmail, sendmail
qualifies the addresses according to the configured
hostname/domainname/masquerade.    Instead, DMA leaks this onto the internet:

Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
        by hub.freebsd.org (Postfix) with ESMTP id 99157E1E
        for <clusteradm at freebsd.org>; Mon,  7 Jan 2013 15:40:10 +0000 (UTC)
        (envelope-from root at freebsd.org)
Received: from halo.freebsd.org (halo.freebsd.org
[IPv6:2001:1900:2254:2064::16:7])
        by mx1.freebsd.org (Postfix) with ESMTP id 758A719D
        for <clusteradm at freebsd.org>; Mon,  7 Jan 2013 15:40:10 +0000 (UTC)
Received: from root (uid 0)
        (envelope-from root at freebsd.org)
        id 4b
        by halo.freebsd.org (DragonFly Mail Agent v0.7);
        Mon, 07 Jan 2013 15:40:10 +0000
From: root (Cron Daemon)
^^^^^^^^^^^^^^^^^
To: clusteradm at freebsd.org
Subject: Cron <root at halo> /usr/bin/lockf -s -t 0 /var/run/clusteradm.lock
/etc/clusteradm/update.sh
X-Cron-Env: <MAILTO=clusteradm at freebsd.org>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Date: Mon, 07 Jan 2013 15:40:10 +0000
Message-Id: <50eaec5a.4b.55f5d33f at halo.freebsd.org>

As per RFC 2822:

RFC2822:

from            =       "From:" mailbox-list CRLF
mailbox-list    =       (mailbox *("," mailbox)) / obs-mbox-list
mailbox         =       name-addr / addr-spec
addr-spec       =       local-part "@" domain
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Or there's the angle focus route via name-addr:
name-addr       =       [display-name] angle-addr
angle-addr      =       [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr

Either way, "From: root" shouldn't be leaking onto the internet without
canonification.  "From:" grammar always terminates in 'local-part "@" domain'.  

It's more than just cron that depends on this qualification behavior but that's
the one we hit first on the freebsd.org cluster that aborted the experiment. 
There was another base system tool (my memory says "mail(1)" but I don't think
that is correct) and a bunch of user scripts that execed sendmail directly.

The interface to /usr/sbin/sendmail is traditionally special. 
/usr/sbin/sendmail was a generic message router, anything from UUCP to RFC822
internet.  Canonification rules varied by context. eg: UUCP had "host!user" as
canonical, vs RFC822's "user at domain".  /usr/sbin/sendmail is the source of
truth for how a local name should be qualified/canonified before leaving the
machine and dma isn't doing it.

Without this, dma isn't a sufficient drop-in replacement for
/usr/sbin/sendmail.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list