[SunHELP] Sendmail Address Canonicalization on Solaris 10
David Eisner
deisner at gmail.com
Wed Jan 27 13:49:56 CST 2010
I'm having a he.. of a time figuring this one out, and I believe it
may have something to do with modifications to the version of sendmail
that ships with Solaris.
The problem I'm having has to do with canonicalization of addresses in
From: and Sender: headers in mail sent from the host. In particular,
sendmail is rewriting headers when I don't want it to. I've boiled it
down to a simple test case. On a Linux system I have, also running
sendmail 8.13.8, the rewriting doesn't happen, but on the Solaris box,
it does. Read on for the details.
==SETUP==
Solaris 10 11/06 s10x_u3wos_10 X86
Sendmail Version 8.13.8+Sun
In the following, I've obfuscated IP and hostnames to protect the
innocent, but in a (hopefully) consistent manner.
On the Solaris box, I have two network interfaces, nge0 and nge1, each
with its own IP.
nge0: 10.0.0.10
nge1: 10.0.0.20
Multiple hostnames map to to each IP:
sun-adam.bar.org A 10.0.0.10
sun-eve.bar.org A 10.0.0.10
sun-internal.bar.org A 10.0.0.20
sun-external.bar.org A 10.0.0.20
The hostname command returns "sun-adam.bar.org". The reverse IP for
10.0.0.10 has PTR records to both sun-adam.bar.org and
sun-eve.bar.org. The reverse IP for 10.0.0.20 just has a PTR record to
sun-internal.bar.org.
The /etc/hosts looks roughly like this:
127.0.0.1 localhost
10.0.0.10 sun-adam.bar.org sun-adam sun-eve.bar.org
10.0.0.20 sun-internal.bar.org sun-external.bar.org
==PROBLEM==
The problem is that if I send mail "From: user at sun-external.bar.org",
the header gets rewritten to "From: user at sun-internal.bar.org". I was
able to track it down to this rewrite rule in sendmail.cf (in the
Canonify2 rule set):
# pass to name server to make hostname canonical
R$* $| $* < @ $* > $* $: $2 < @ $[ $3 $] > $4
So the $[ $] canonicalization is the culprit. This simple test.cf
config file illustrates the problem:
V10
SCanon
R $* $@ $[ $1 $] Testing
Here's what happens:
[sun]$ /usr/sbin/sendmail -bt -Ctest.cf
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> Canon sun-external.bar.org
Canon input: sun-external . bar . org
Canon returns: sun-internal . bar . org .
I tried using the -d8.8 debug flag to follow the name resolution
(dns_getcanonname), but it looks like the sendmail that ships with
Solaris wasn't compiled to support this flag.
When I repeat this experiment on a similarly configured Linux box
running sendmail 8.13.8 (it only has one network interface, but still
multiple A records for the one IP, and only one PTR record for the
reverse IP lookup), I get different results:
[linux]$ /usr/sbin/sendmail -bt -Ctest.cf -d8.8
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> Canon linux-external.pointland.org
Canon input: linux-external . foo . org
dns_getcanonname(linux-external.foo.org, trymx=1)
dns_getcanonname: trying linux-external.foo.org. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying linux-external.foo.org. (A)
YES
dns_getcanonname: linux-external.foo.org
Canon returns: linux-external . foo . org .
One difference is that sun-internal.bar.org and sun-external.bar.org
both have MX records that point back to themselves, but there are no
MX records for linux-internal.foo.org or linux-external.foo.org. I'll
try adding the MX records in the linux case, but that will take some
time to propagate before I can test it. In any case, it doesn't seem
like it should matter because sendmail is supposed to return from the
canonicalization when it finds the A record, which is checked before
the MX record.
If you're still reading:
1) Thanks you.
2) Any ideas?
-David
--
David Eisner http://cradle.brokenglass.com
More information about the SunHELP
mailing list