Page MenuHomeSoftware Heritage

Internal servers send mails from invalid hostnames
Closed, MigratedEdits Locked

Description

Some (all) servers send cron mails with invalid hostnames in the From: envelope field.

Example:

Jan 10 09:42:01 somerset postfix/qmgr[440]: 7C81020D40: from=<postgres@somerset.internal.softwareheritage.org>, size=774, nrcpt=1 (queue active)

Somerset.internal.softwareheritage.org doesn't exist or exists only locally. Random Internet hosts see this:

$ host somerset.internal.softwareheritage.org
Host somerset.internal.softwareheritage.org not found: 3(NXDOMAIN)

Event Timeline

I entirely agree that mail originating from our servers should have a routeable envelope from address, else it'll be rejected by more and more MTAs.

On my personal machines, I use my local MTA to force the envelope from address of all outgoing mail to <somealias+$hostname@olasd.eu>.

However, some of our services (the forge, our wikis, the vault) send mail from explicit envelope from addresses which are routeable and necessary for operation of the services, as it allows them to process bounces automatically and disable bogus accounts. This rules out unconditionally changing the envelope from addresses from all outgoing mail.

Looking at the Postfix address rewriting manual (http://www.postfix.org/ADDRESS_REWRITING_README.html), what we would like to change is the

Rewrite "user" to "user@$myorigin"

step of trivial-rewrite(8).

I think a tractable solution would be to use a canonical rewrite map, using a pcre map to rewrite /([^@]+)@$myorigin/ to sysop+$1_$myorigin@softwareheritage.org. This should leave all other explicit addresses untouched.

This will become a problem if we ever start using SPF / DKIM / DMARC for outgoing @softwareheritage.org mail, but then it'll be easy enough to switch to another SPF-less domain for cron mail.

As an added benefit, we can also use the canonical rewrite map to rewrite <human@internal-machine.softwareheritage.org> to <human@softwareheritage.org>.

zack lowered the priority of this task from Unbreak Now! to Normal.Jan 11 2018, 2:33 PM
zack removed ftigeot as the assignee of this task.Sep 8 2020, 9:00 AM