Loading ...
Sorry, an error occurred while loading the content.

Using resolve_numeric_domain=yes in master.cf

Expand Messages
  • Ralf Hildebrandt
    Tryied to whitelist a SUN ILOM interface sending non-compliant mails like this: May 18 18:19:24 root1 postfix/smtpd[9998]: connect from mail1[80.XXX.XXX.XXX]
    Message 1 of 7 , May 20, 2013
    • 0 Attachment
      Tryied to "whitelist" a SUN ILOM interface sending non-compliant mails
      like this:

      May 18 18:19:24 root1 postfix/smtpd[9998]: connect from mail1[80.XXX.XXX.XXX]
      May 18 18:19:25 root1 postfix/smtpd[9998]: warning: Illegal address syntax from mail1[80.XXX.XXX.XXX] in MAIL command: <ilom-alert@192.168.250.110>
      May 18 18:19:25 root1 postfix/smtpd[9998]: warning: Illegal address syntax from mail1[80.XXX.XXX.XXX] in MAIL command: <ilom-alert@192.168.250.110>
      May 18 18:19:25 root1 postfix/smtpd[9998]: disconnect from mail1[80.XXX.XXX.XXX]


      Clearly, the [] around the IP are missing.

      So I added resolve_numeric_domain=yes to a specific smtpd listening on
      port 10026 - since I don'T want to allo the []-less form globally:

      localhost:10026
      inet n - - - - smtpd
      -o smtpd_client_restrictions=
      -o smtpd_helo_restrictions=
      -o smtpd_sender_restrictions=
      -o smtpd_recipient_restrictions=permit_mynetworks,reject
      -o smtpd_end_of_data_restrictions=
      -o mynetworks=127.0.0.0/8
      -o smtpd_authorized_xforward_hosts=127.0.0.0/8
      -o smtpd_authorized_xclient_hosts=127.0.0.0/8
      -o syslog_name=reinjection
      -o receive_override_options=no_unknown_recipient_checks
      -o content_filter=
      -o strict_rfc821_envelopes=no
      -o resolve_numeric_domain=yes

      And then I tried:

      root@mail2:/etc/postfix# telnet localhost 10026
      Trying 127.0.0.1...
      Connected to localhost.
      Escape character is '^]'.
      220 mail2.charite.de ESMTP
      HELO foo
      250 mail2.charite.de
      MAIL FROM:<ilom-alert@192.168.250.110>
      501-5.1.7 Bad sender address syntax
      501 5.1.7 Contact your postmaster/admin for technical assistance. Or send a fax to: +49 (0)30 450 7570600 containing: time (May 20 18:25:56), client (127.0.0.1) and server (mail2.charite.de).
      quit
      221 2.0.0 Bye
      Connection closed by foreign host.

      I was able to "fix" this using smtpd_command_filter like this:
      /^MAIL FROM:<(.*)@([0-9.]+)>/ MAIL FROM:<$1@[$2]>

      But why does resolve_numeric_domain=yes for port 10026 not work?

      --
      [*] sys4 AG

      http://sys4.de, +49 (89) 30 90 46 64
      Franziskanerstraße 15, 81669 München

      Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
      Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
      Aufsichtsratsvorsitzender: Florian Kirstein
    • Viktor Dukhovni
      ... Does not look like an smtpd parameter to me... ... Thus not likely to help much here. This is a trivial-rewrite parameter. ... See above. -- Viktor.
      Message 2 of 7 , May 20, 2013
      • 0 Attachment
        On Mon, May 20, 2013 at 06:37:19PM +0200, Ralf Hildebrandt wrote:

        > So I added resolve_numeric_domain=yes to a specific smtpd listening on
        > port 10026 - since I don'T want to allo the []-less form globally:

        Does not look like an smtpd parameter to me...

        > localhost:10026 inet n - - - - smtpd
        > -o resolve_numeric_domain=yes

        Thus not likely to help much here. This is a trivial-rewrite parameter.

        > I was able to "fix" this using smtpd_command_filter like this:
        > /^MAIL FROM:<(.*)@([0-9.]+)>/ MAIL FROM:<$1@[$2]>
        >
        > But why does resolve_numeric_domain=yes for port 10026 not work?

        See above.

        --
        Viktor.
      • Wietse Venema
        ... Alas, this feature is implemented in trivial-rewrite. Instead, you could use smtpd_command_filter: / / ilom-alert@something-else
        Message 3 of 7 , May 20, 2013
        • 0 Attachment
          Ralf Hildebrandt:
          > Tryied to "whitelist" a SUN ILOM interface sending non-compliant mails
          > like this:
          >
          > May 18 18:19:24 root1 postfix/smtpd[9998]: connect from mail1[80.XXX.XXX.XXX]
          > May 18 18:19:25 root1 postfix/smtpd[9998]: warning: Illegal address syntax from mail1[80.XXX.XXX.XXX] in MAIL command: <ilom-alert@192.168.250.110>
          > May 18 18:19:25 root1 postfix/smtpd[9998]: disconnect from mail1[80.XXX.XXX.XXX]
          >
          > Clearly, the [] around the IP are missing.
          >
          > So I added resolve_numeric_domain=yes to a specific smtpd listening on
          > port 10026 - since I don'T want to allo the []-less form globally:

          Alas, this feature is implemented in trivial-rewrite.

          Instead, you could use smtpd_command_filter:

          /<ilom-alert@192.168.250.110>/ ilom-alert@something-else

          Requires Postfix 2.8 or later.

          Wietse
        • Wietse Venema
          ... You can ignore that part of my reply. I think that smtpd_command_filter is a reasonable solution for clients that are RFC-challenged. Wietse
          Message 4 of 7 , May 20, 2013
          • 0 Attachment
            Wietse Venema:
            > Ralf Hildebrandt:
            > > Tryied to "whitelist" a SUN ILOM interface sending non-compliant mails
            > > like this:
            > >
            > > May 18 18:19:24 root1 postfix/smtpd[9998]: connect from mail1[80.XXX.XXX.XXX]
            > > May 18 18:19:25 root1 postfix/smtpd[9998]: warning: Illegal address syntax from mail1[80.XXX.XXX.XXX] in MAIL command: <ilom-alert@192.168.250.110>
            > > May 18 18:19:25 root1 postfix/smtpd[9998]: disconnect from mail1[80.XXX.XXX.XXX]
            > >
            > > Clearly, the [] around the IP are missing.
            > >
            > > So I added resolve_numeric_domain=yes to a specific smtpd listening on
            > > port 10026 - since I don'T want to allo the []-less form globally:
            >
            > Alas, this feature is implemented in trivial-rewrite.
            >
            > Instead, you could use smtpd_command_filter:

            You can ignore that part of my reply. I think that smtpd_command_filter
            is a reasonable solution for clients that are RFC-challenged.

            Wietse
          • Viktor Dukhovni
            ... +++ src/smtpd/smtpd.c @@ -90,10 +90,6 @@ /* not contain RFC 822 style comments or phrases. /* .PP /* Available in Postfix version 2.1 and later: -/* .IP
            Message 5 of 7 , May 20, 2013
            • 0 Attachment
              On Mon, May 20, 2013 at 05:04:32PM +0000, Viktor Dukhovni wrote:

              > On Mon, May 20, 2013 at 06:37:19PM +0200, Ralf Hildebrandt wrote:
              >
              > > So I added resolve_numeric_domain=yes to a specific smtpd listening on
              > > port 10026 - since I don'T want to allo the []-less form globally:
              >
              > Does not look like an smtpd parameter to me...

              Related documentation patch:

              --- src/smtpd/smtpd.c
              +++ src/smtpd/smtpd.c
              @@ -90,10 +90,6 @@
              /* not contain RFC 822 style comments or phrases.
              /* .PP
              /* Available in Postfix version 2.1 and later:
              -/* .IP "\fBresolve_null_domain (no)\fR"
              -/* Resolve an address that ends in the "@" null domain as if the
              -/* local hostname were specified, instead of rejecting the address as
              -/* invalid.
              /* .IP "\fBsmtpd_reject_unlisted_sender (no)\fR"
              /* Request that the Postfix SMTP server rejects mail from unknown
              /* sender addresses, even when no explicit reject_unlisted_sender
              --- src/trivial-rewrite/trivial-rewrite.c
              +++ src/trivial-rewrite/trivial-rewrite.c
              @@ -83,10 +83,14 @@
              /* .IP "\fBresolve_dequoted_address (yes)\fR"
              /* Resolve a recipient address safely instead of correctly, by
              /* looking inside quotes.
              +/* .PP
              +/* Available with Postfix version 2.2 and later:
              /* .IP "\fBresolve_null_domain (no)\fR"
              /* Resolve an address that ends in the "@" null domain as if the
              /* local hostname were specified, instead of rejecting the address as
              /* invalid.
              +/* .PP
              +/* Available with Postfix version 2.3 and later:
              /* .IP "\fBresolve_numeric_domain (no)\fR"
              /* Resolve "user@ipaddress" as "user@[ipaddress]", instead of
              /* rejecting the address as invalid.
            • Viktor Dukhovni
              ... My version check is off by one, as this feature was added in 2.1.0 as well as the 2.2 development development snapshot. I only searched trunk revisions,
              Message 6 of 7 , May 20, 2013
              • 0 Attachment
                On Mon, May 20, 2013 at 05:21:20PM +0000, Viktor Dukhovni wrote:

                > --- src/trivial-rewrite/trivial-rewrite.c
                > +++ src/trivial-rewrite/trivial-rewrite.c
                > @@ -83,10 +83,14 @@
                > /* .IP "\fBresolve_dequoted_address (yes)\fR"
                > /* Resolve a recipient address safely instead of correctly, by
                > /* looking inside quotes.
                > +/* .PP
                > +/* Available with Postfix version 2.2 and later:
                > /* .IP "\fBresolve_null_domain (no)\fR"
                > /* Resolve an address that ends in the "@" null domain as if the
                > /* local hostname were specified, instead of rejecting the address as
                > /* invalid.

                My version check is off by one, as this feature was added in 2.1.0
                as well as the 2.2 development development snapshot. I only searched
                trunk revisions, not release branches.

                --
                Viktor.
              • Ralf Hildebrandt
                ... Thanks :) -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München:
                Message 7 of 7 , May 21, 2013
                • 0 Attachment
                  * Viktor Dukhovni <postfix-users@...>:
                  > On Mon, May 20, 2013 at 05:04:32PM +0000, Viktor Dukhovni wrote:
                  >
                  > > On Mon, May 20, 2013 at 06:37:19PM +0200, Ralf Hildebrandt wrote:
                  > >
                  > > > So I added resolve_numeric_domain=yes to a specific smtpd listening on
                  > > > port 10026 - since I don'T want to allo the []-less form globally:
                  > >
                  > > Does not look like an smtpd parameter to me...
                  >
                  > Related documentation patch:

                  Thanks :)

                  --
                  [*] sys4 AG

                  http://sys4.de, +49 (89) 30 90 46 64
                  Franziskanerstraße 15, 81669 München

                  Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263
                  Vorstand: Patrick Ben Koetter, Axel von der Ohe, Marc Schiffbauer
                  Aufsichtsratsvorsitzender: Florian Kirstein
                Your message has been successfully submitted and would be delivered to recipients shortly.