On Thu, Jul 04, 2002 at 12:03:52AM -0500, Glen Lee Edwards wrote:
| Derrick,
|
| I can't do it that way.
We'll work that out.
| I'm the system administrator for several Christian sites, including
| fcwm.org, nazarene.ch, and wesleyan.net. I have a half dozen email
| addresses that I have to be able to place in the "From:" field,
| including glen@fcwm.org, glen@nazarene.ch, GLEdwards@wesleyan.net,
| support@(fcwm.org|nazarene.ch|wesleyan.net).
That sounds just fine. I have some alter idenities as well that
sometimes appear in the From: header. The From: header and the
envelope sender are disparate entities, though for many people they
contain the same value.
| Any type of envelope masquerading is out.
You need a correct envelope in the first place, regardless of whether
or not you think it is masquerading.
You also wrote :
| I have an 8 IP subnet with static IP addresses that all resolve.
This is irrelevant. The difference is "host" vs. "domain". You can
have a million hosts in the same domain, and the domain is still what
is relevant (in terms of email addressing), not the host. Hosts will
handle the actual operations, but domains are what the routing and
handling logic is based on.
| is still living in the 70's when Unix was dominant and each
| person's email address was determined by their username @
| machine.name. Today we live in a virtual world. My primary
| virtual email address, which I use both here and on the road, is
| glen@fcwm.org.
I intentionally cut out your accusation of the apache folks living in
the 70's because it is your hosts that are reminiscent of the 70's.
Notice that "fcwm.org" and "hope-in-christ@fcwm.org" are *COMPLETELY
DIFFERENT DOMAINS*. I could just as easily write that "rit.edu" and
"dman.ddts.net" are completely different domains, and the only thing
that changes is that one is not a sub-domain of the other, however
sub-domains are irrelevant in SMTP. This is why your setup is
reminiscent of the 70's with each *host* being its own *domain*.
Here's how it works :
You have the hosts 'foo1', 'foo2', 'foo3', etc. in the domain
"fcwm.org". fcwm.org has one (or more) MX records that point to the
actual host which will receive incoming mail for your domain. You and
your users have the addresses "addr1", "addr2", "addr3", etc, in the
domain "fcwm.org".
For maintainability (and performance) reasons, you _should_ have only
one host in the network delivering "outgoing" mail. The name of that
host is irrelevant. All other hosts (regardless of whether they are
unix or not and regardless of whether the MUA tries to use SMTP or a
local pipe to a local MTA) should be configured to use that one host
as a "smarthost". While this isn't strictly necessary, it will limit
maintenance issues to a single host, and updates to the config won't
need to be synchronized across multiple systems.
Now when you send mail out, there is both a message and an envelope.
The message consists of headers and a body. The message headers don't
necessarily match the envelope -- particularly if .forward files are
in use, or if a message is Bcc'd. However, the envelope MUST be
correct for SMTP to function. The RCPT, obviously, can't be wrong.
The MAIL FROM: (aka envelope sender) must be correct or else bounce
messages in the case of a delivery failure will not arrive. Due to
the high rate of forgery by spammers, some sites use "callbacks" to
ensure that the sender address really exists and will refuse to accept
messages from invalid envelope senders. Also, a number of lists are
"closed" lists, only accepting submissions from subscribed members.
This is a rather effective way of stopping the spammers. I am
subscribed to some such lists (well, 2 that I'm aware of, I don't know
about the others), and one of them I'm subscribed to via a different
identity.
There are 2 ways of injecting a message into the mail system :
1) use a local pipe to /usr/sbin/sendmail
2) initiate an SMTP session as if you are the MTA
With your wife's windows machine you are surely using #2, and having
configured the MUA (outhouse or whatever) correctly, it puts
"glen@fcwm.org" as the envelope sender. This is the correct behavior
*BECAUSE THE SOFTWARE WAS CONFIGURED CORRECTLY*.
The typical/traditional method on unix systems is #1. Also due to the
tradition in unix of being a real internet site, the *DEFAULT*
envelope sender is user@machine. For some sites this is still the
correct behavior, but for a "desktop"-like system it isn't. More
recent unix mailers (eg (AFAIK) kmail, evolution, etc) allow you to
use method #2, in which case you (the user configuring the software)
will behave as if you were using your wife's windows machine and
pretend that you have no MTA on your system. (IMO #2 is the wrong way
to inject mail anyways) If you want to use method #1 (you must if you
use mutt, emacs/gnus probably uses this method as well) you now need
to work on rewrite rules.
This is what I was trying to tell you before. The default debian/exim
setup installs a rewrite rule that looks like this, for a host named
"foo.invalid" :
# look up the real MAIL FROM: address of all local users in /etc/email-addresses
*@foo.invalid "${lookup{$1}lsearch{/etc/email-addresses} {$value}fail}" frFs
For the typical "home" user of debian who is not their own ISP, this
is exactly what is needed. In the /etc/email-addresses file they will
list the local username and the *real* email address of that user. Eg :
dman: dsh8290@rit.edu
With this configuration, I can now send out mail (via exim from mutt
or /bin/mail or whatever) from my desktop system using my provider's
smarthost and have the correct envelope sender. All is well.
For a larger installation with an actual domain, like your site, I
would instead use this rewrite rule, to cover all users and all hosts
at once :
# convert user@host.domain to user@domain for all hosts in my domain
*@*.fcwm.org "$1@fcwm.org" frFs
You can put this in the configuration of the "smarthost" of your
domain. This is why, back at the beginning, I recommended using a
smarthost-style configuration for outgoing mail. Otherwise you need
to install this rule on all the hosts at your site.
Once you've done that, I believe all your difficulties with the apache
mailling lists' requirements will vanish. *That* is the correct mail
setup for your domain. That is how your wife's windows mail client
behaves and why it doesn't exhibit the misconfiguration your unix
systems are exhibiting.
You won't be losing any traceability with this rewrite rule. The
traceability comes from the Received: headers, which will always
remain intact.
This is why having multiple addresses (at different domains) is
irrelevant to the issue of setting the proper envelope sender for this
domain.
As for the lists I'm on (namely exim-users), simply changing the From:
header in mutt suffices to bypass the "moderation required for
non-member posting" warning. I don't need to muck with my envelope
for that list. I'm not on the apache list so I don't know precisely
how rigorous their sanity checks are, but if after implementing my
suggestions above you are still having trouble, I'll subscribe to
their list (with an alter identity) and see how their tests work. If
you choose to use sendmail on the smarthost, I can't help you with the
rewrites there.
Oh, also note that your mail setup is not completely correct for other
reasons :
$ host -t mx fcwm.org
fcwm.org MX 20 nazarene.fcwm.org
fcwm.org MX 10 wesleyan.fcwm.org
$ telnet nazarene.fcwm.org smtp
Trying 208.42.116.27...
Connected to nazarene.fcwm.org.
Escape character is '^]'.
2002-07-04 13:45:42 Failed to open configuration file /etc/exim/exim.conf
Connection closed by foreign host.
$
HAND,
-D
--
It took the computational power of three Commodore 64s to fly to the moon.
It takes at least a 486 to run Windows 95.
Something is wrong here.
http://dman.ddts.net/~dman/
Attachment:
pgpxz17fFesDn.pgp
Description: PGP signature