| Deutsch English Français Italiano |
|
<vvta2t$171gi$1@dont-email.me> View for Bookmarking (what is this?) Look up another Usenet article |
Path: news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: Stacey Marshall <stacey.marshall@gmail.com> Newsgroups: comp.mail.sendmail Subject: Question: should submit.mc include nocanonify by default? Date: Mon, 12 May 2025 18:10:52 +0100 Organization: A noiseless patient Spider Lines: 63 Message-ID: <vvta2t$171gi$1@dont-email.me> Reply-To: Stacey Marshall <INVALID_NO_CC_REMOVE_IF_YOU_DO_NOT_POST_stacey.marshall+ml@gmail.com> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 7bit Injection-Date: Mon, 12 May 2025 19:10:53 +0200 (CEST) Injection-Info: dont-email.me; posting-host="c9e7b4efecdef5ccb6fce072a0733634"; logging-data="1279506"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX18p9/qrPNk0vQbVnUy5jUVdvAo0hdVP4bM=" User-Agent: Mozilla Thunderbird Cancel-Lock: sha1:fdPoJkZ0D0Xm/W/eiuS+aaOhYCk= Content-Language: en-US Question, should submit.mc include nocanonify by default? I was a little surprised to see SMTP client queue (sendmail -Ac) trying to look up DNS names as I thought it only collected mail for local accounts. In the configuration in question the Mail Transfer Agent (sendmail -bl) is configured to forward all mail to a gateway machine for actual delivery, and only that gateway machine has access to DNS. From a fair amount of digging I found FEATURE(`nocanonify') is what was needed in submit.mc to prevent DNS lookups. Modified a copy of submit.mc with the sample from contrib/bsdi.mc: # diff submit.mc submit_nocanonify.mc 23a24,32 > dnl # Use FEATURE(`nocanonify') to skip address canonification via $[ .... $]. > dnl # This would generally only be used by sites that only act as mail gateways > dnl # or which have user agents that do full canonification themselves. > dnl # You may also want to use: > dnl # define(`confBIND_OPTS',`-DNSRCH -DEFNAMES') > dnl # to turn off the usual resolver options that do a similar thing. > dnl # Examples: > FEATURE(`nocanonify') > dnl define(`confBIND_OPTS',`-DNSRCH -DEFNAMES') # # make submit.cf test ! -f submit.cf || /usr/bin/mv submit.cf submit.cf.prev /usr/bin/m4 ../m4/cf.m4 submit.mc > submit.cf Using truss confirms no call to libresolv res_* functions: # echo canonify test@example.com | sudo truss -t\!all -f -ulibresolv:res_\* /usr/sbin/sendmail -C/etc/mail/cf/cf/submit_nocanonify.cf -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > canonify input: test @ example . com Canonify2 input: test < @ example . com > Canonify2 returns: test < @ example . com . > canonify returns: test < @ example . com . > > For comparison the standard submit.cf without nocanonify is see to call res_querydomain # echo canonify test@example.com | sudo truss -t\!all -f -ulibresolv:res_\* /usr/sbin/sendmail -C/etc/mail/cf/cf/submit.cf -bt ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > canonify input: test @ example . com Canonify2 input: test < @ example . com > 5882/1@1: -> libresolv:res_querydomain(0x7fc0b5e4a4d0, 0x4324bf, 0x1, 0x1c, 0x7fc0b5e45b70, 0x2000) 5882/1@1: <- libresolv:res_querydomain() = 197 Canonify2 returns: test < @ example . com . > canonify returns: test < @ example . com . > Thus I was wondering if submit.mc should include the nocanonify feature by default? Thanks in advance, Stacey