Bug 208262

Summary: contrib/dma unusable on freebsd.org cluster due to non-canonification of local addresses
Product: Base System Reporter: Peter Wemm <peter>
Component: binAssignee: Baptiste Daroussin <bapt>
Status: New ---    
Severity: Affects Some People CC: emaste, feld
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   
URL: https://github.com/corecode/dma/commit/0ecb0ebe635681a9cf97591af89f8a8ffb367fee
Bug Depends on:    
Bug Blocks: 208263    

Description Peter Wemm freebsd_committer freebsd_triage 2016-03-24 18:04:20 UTC
We have encountered show-stopper bugs in the freebsd.org cluster when trying to use dma as a drop-in sendmail replacement.

When cron generates email and feeds it to /usr/sbin/sendmail, sendmail qualifies the addresses according to the configured hostname/domainname/masquerade.    Instead, DMA leaks this onto the internet:

Received: from mx1.freebsd.org (mx1.FreeBSD.org [])
	by hub.freebsd.org (Postfix) with ESMTP id 99157E1E
	for <clusteradm@freebsd.org>; Mon,  7 Jan 2013 15:40:10 +0000 (UTC)
	(envelope-from root@freebsd.org)
Received: from halo.freebsd.org (halo.freebsd.org [IPv6:2001:1900:2254:2064::16:7])
	by mx1.freebsd.org (Postfix) with ESMTP id 758A719D
	for <clusteradm@freebsd.org>; Mon,  7 Jan 2013 15:40:10 +0000 (UTC)
Received: from root (uid 0)
	(envelope-from root@freebsd.org)
	id 4b
	by halo.freebsd.org (DragonFly Mail Agent v0.7);
	Mon, 07 Jan 2013 15:40:10 +0000
From: root (Cron Daemon)
To: clusteradm@freebsd.org
Subject: Cron <root@halo> /usr/bin/lockf -s -t 0 /var/run/clusteradm.lock /etc/clusteradm/update.sh
X-Cron-Env: <MAILTO=clusteradm@freebsd.org>
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
X-Cron-Env: <USER=root>
Date: Mon, 07 Jan 2013 15:40:10 +0000
Message-Id: <50eaec5a.4b.55f5d33f@halo.freebsd.org>

As per RFC 2822:


from            =       "From:" mailbox-list CRLF
mailbox-list    =       (mailbox *("," mailbox)) / obs-mbox-list
mailbox         =       name-addr / addr-spec
addr-spec       =       local-part "@" domain
Or there's the angle focus route via name-addr:
name-addr       =       [display-name] angle-addr
angle-addr      =       [CFWS] "<" addr-spec ">" [CFWS] / obs-angle-addr

Either way, "From: root" shouldn't be leaking onto the internet without canonification.  "From:" grammar always terminates in 'local-part "@" domain'.  

It's more than just cron that depends on this qualification behavior but that's the one we hit first on the freebsd.org cluster that aborted the experiment.  There was another base system tool (my memory says "mail(1)" but I don't think that is correct) and a bunch of user scripts that execed sendmail directly.

The interface to /usr/sbin/sendmail is traditionally special.  /usr/sbin/sendmail was a generic message router, anything from UUCP to RFC822 internet.  Canonification rules varied by context. eg: UUCP had "host!user" as canonical, vs RFC822's "user@domain".  /usr/sbin/sendmail is the source of truth for how a local name should be qualified/canonified before leaving the machine and dma isn't doing it.

Without this, dma isn't a sufficient drop-in replacement for /usr/sbin/sendmail.
Comment 1 Mark Felder freebsd_committer 2016-03-24 20:21:02 UTC
This upstream bug may be relevant

Comment 2 Ed Maste freebsd_committer 2016-10-20 19:20:51 UTC
as bapt@ reports, presumably fixed by https://github.com/corecode/dma/commit/0ecb0ebe635681a9cf97591af89f8a8ffb367fee
Comment 3 Ed Maste freebsd_committer 2018-09-05 20:44:31 UTC
bapt this is done now?