> > > > > > We have been running majordomo 1.94.5 successfully for a
> > > > long time using
> > > > > > sendmail 8.11.x. We recently switched to 8.12.11, and now
> > > > are having an
> > > > > > issue with alias list expansion.
> > > > > >
> > > > > > listname: "|/usr/local/majordomo/wrapper resend -l
> > > > listname listname-out"
> > > > > > listname-out: :include:/usr/local/majordomo/lists/listname
> > > > > >
> > > > > > When an email is sent to the list, sendmail tries to
> > > > deliver the email to:
> > > > > > listname-out@server.name
> > > > > >
> > >
> > > I'm running much the same setup (sendmail 8.12.8-9.80, majordomo 1.94.5)
> > > but I've not seen this behavor.
> > >
> > > > > > instead of parsing the include list for sending to the
> > > > subscribers. It
> > > > > > seems the MSP/MSA portion with submit.cf is causing the
> > > > problem. We can
> > > > > > work around it by changing the $mailer command in
> > > > majordomo.cf by adding:
> > > > > > -Am -OQueueDirectory=/usr/local/majordomo/queue
> > > > > >
>
> ok, was also posting at comp.os.sendmail, and I think we have figured it
> out. We had a virtusertable entry for the hostname of the server:
> @hostname devnull
>
> to stop any spam to the hostname of the server itself. Explanation from
> newsgroup (courtesy of Per Hedeland:
> ---
> Rather, 8.11 had the MSP and MTA in one, i.e. when you invoked sendmail
> directly it would do the actual delivery rather than passing it to the
> local MTA. In 8.12 and later, the MSP doesn't make any delivery
> decisions but just passes the message to the local MTA using SMTP - and
> since it's SMTP, unqualified addresses like 'list-outgoing' will be
> qualified with the local host name before the MTA receives the message.
>
> This isn't normally a problem, since the MTA will basically just strip
> off the the @hostname part and resolve to the local mailer => alias
> lookup. You're preventing this by having an entry ('@hostname' ?) in
> your virtusertable that matches list-outgoing@hostname, and does
> something other than resolve to the local mailer - this didn't come into
> play when the 8.11 MSP+MTA was passed just 'list-outgoing'.
>
> You can:
>
> - remove the virtusertable entry/ies that matches, or
> - add specific entries 'list-outgoing@hostname list-outgoing' in
> virtusertable for your lists, or
> - make the address passed to resend qualified with something that won't
> match your virtusertable entries, or matches entries that resolve to
> the local mailer - e.g. list-outgoing@domain or something.
> ---
>
> So, we remove the catchall @hostname entry, and it now works as before.
> We've always had the @hostname with 8.11.x, so never would have thought
> this was the culprit. Of course now we have to figure out how to handle
> email at the hostname more cleanly, but at least it is working now.
> Further feedback on this issue or more discussion is welcome.
This has the ramification of allowing anyone from the outside world to
post directly to the list-outgoing alias at the hostname though. So, we
are back to security by obscurity, or reverting to the "-Am" method of
forcing local delivery by majordomo to get around this issue. This would
allow us to have a "@hostname" entry for the virtusertable to prevent the
outside world from posting directly to the outgoing alias.
Any other thoughts, or have I beat this horse to death? :)
Rob
Follow-Ups:
References:
|
|
