On Thu, Jul 04, 2002 at 12:03:52AM -0500, Glen Lee Edwards wrote: | Derrick, | | I can't do it that way. We'll work that out. | I'm the system administrator for several Christian sites, including | fcwm.org, nazarene.ch, and wesleyan.net. I have a half dozen email | addresses that I have to be able to place in the "From:" field, | including glen@fcwm.org, glen@nazarene.ch, GLEdwards@wesleyan.net, | support@(fcwm.org|nazarene.ch|wesleyan.net). That sounds just fine. I have some alter idenities as well that sometimes appear in the From: header. The From: header and the envelope sender are disparate entities, though for many people they contain the same value. | Any type of envelope masquerading is out. You need a correct envelope in the first place, regardless of whether or not you think it is masquerading. You also wrote : | I have an 8 IP subnet with static IP addresses that all resolve. This is irrelevant. The difference is "host" vs. "domain". You can have a million hosts in the same domain, and the domain is still what is relevant (in terms of email addressing), not the host. Hosts will handle the actual operations, but domains are what the routing and handling logic is based on. | is still living in the 70's when Unix was dominant and each | person's email address was determined by their username @ | machine.name. Today we live in a virtual world. My primary | virtual email address, which I use both here and on the road, is | glen@fcwm.org. I intentionally cut out your accusation of the apache folks living in the 70's because it is your hosts that are reminiscent of the 70's. Notice that "fcwm.org" and "hope-in-christ@fcwm.org" are *COMPLETELY DIFFERENT DOMAINS*. I could just as easily write that "rit.edu" and "dman.ddts.net" are completely different domains, and the only thing that changes is that one is not a sub-domain of the other, however sub-domains are irrelevant in SMTP. This is why your setup is reminiscent of the 70's with each *host* being its own *domain*. Here's how it works : You have the hosts 'foo1', 'foo2', 'foo3', etc. in the domain "fcwm.org". fcwm.org has one (or more) MX records that point to the actual host which will receive incoming mail for your domain. You and your users have the addresses "addr1", "addr2", "addr3", etc, in the domain "fcwm.org". For maintainability (and performance) reasons, you _should_ have only one host in the network delivering "outgoing" mail. The name of that host is irrelevant. All other hosts (regardless of whether they are unix or not and regardless of whether the MUA tries to use SMTP or a local pipe to a local MTA) should be configured to use that one host as a "smarthost". While this isn't strictly necessary, it will limit maintenance issues to a single host, and updates to the config won't need to be synchronized across multiple systems. Now when you send mail out, there is both a message and an envelope. The message consists of headers and a body. The message headers don't necessarily match the envelope -- particularly if .forward files are in use, or if a message is Bcc'd. However, the envelope MUST be correct for SMTP to function. The RCPT, obviously, can't be wrong. The MAIL FROM: (aka envelope sender) must be correct or else bounce messages in the case of a delivery failure will not arrive. Due to the high rate of forgery by spammers, some sites use "callbacks" to ensure that the sender address really exists and will refuse to accept messages from invalid envelope senders. Also, a number of lists are "closed" lists, only accepting submissions from subscribed members. This is a rather effective way of stopping the spammers. I am subscribed to some such lists (well, 2 that I'm aware of, I don't know about the others), and one of them I'm subscribed to via a different identity. There are 2 ways of injecting a message into the mail system : 1) use a local pipe to /usr/sbin/sendmail 2) initiate an SMTP session as if you are the MTA With your wife's windows machine you are surely using #2, and having configured the MUA (outhouse or whatever) correctly, it puts "glen@fcwm.org" as the envelope sender. This is the correct behavior *BECAUSE THE SOFTWARE WAS CONFIGURED CORRECTLY*. The typical/traditional method on unix systems is #1. Also due to the tradition in unix of being a real internet site, the *DEFAULT* envelope sender is user@machine. For some sites this is still the correct behavior, but for a "desktop"-like system it isn't. More recent unix mailers (eg (AFAIK) kmail, evolution, etc) allow you to use method #2, in which case you (the user configuring the software) will behave as if you were using your wife's windows machine and pretend that you have no MTA on your system. (IMO #2 is the wrong way to inject mail anyways) If you want to use method #1 (you must if you use mutt, emacs/gnus probably uses this method as well) you now need to work on rewrite rules. This is what I was trying to tell you before. The default debian/exim setup installs a rewrite rule that looks like this, for a host named "foo.invalid" : # look up the real MAIL FROM: address of all local users in /etc/email-addresses *@foo.invalid "${lookup{$1}lsearch{/etc/email-addresses} {$value}fail}" frFs For the typical "home" user of debian who is not their own ISP, this is exactly what is needed. In the /etc/email-addresses file they will list the local username and the *real* email address of that user. Eg : dman: dsh8290@rit.edu With this configuration, I can now send out mail (via exim from mutt or /bin/mail or whatever) from my desktop system using my provider's smarthost and have the correct envelope sender. All is well. For a larger installation with an actual domain, like your site, I would instead use this rewrite rule, to cover all users and all hosts at once : # convert user@host.domain to user@domain for all hosts in my domain *@*.fcwm.org "$1@fcwm.org" frFs You can put this in the configuration of the "smarthost" of your domain. This is why, back at the beginning, I recommended using a smarthost-style configuration for outgoing mail. Otherwise you need to install this rule on all the hosts at your site. Once you've done that, I believe all your difficulties with the apache mailling lists' requirements will vanish. *That* is the correct mail setup for your domain. That is how your wife's windows mail client behaves and why it doesn't exhibit the misconfiguration your unix systems are exhibiting. You won't be losing any traceability with this rewrite rule. The traceability comes from the Received: headers, which will always remain intact. This is why having multiple addresses (at different domains) is irrelevant to the issue of setting the proper envelope sender for this domain. As for the lists I'm on (namely exim-users), simply changing the From: header in mutt suffices to bypass the "moderation required for non-member posting" warning. I don't need to muck with my envelope for that list. I'm not on the apache list so I don't know precisely how rigorous their sanity checks are, but if after implementing my suggestions above you are still having trouble, I'll subscribe to their list (with an alter identity) and see how their tests work. If you choose to use sendmail on the smarthost, I can't help you with the rewrites there. Oh, also note that your mail setup is not completely correct for other reasons : $ host -t mx fcwm.org fcwm.org MX 20 nazarene.fcwm.org fcwm.org MX 10 wesleyan.fcwm.org $ telnet nazarene.fcwm.org smtp Trying 208.42.116.27... Connected to nazarene.fcwm.org. Escape character is '^]'. 2002-07-04 13:45:42 Failed to open configuration file /etc/exim/exim.conf Connection closed by foreign host. $ HAND, -D -- It took the computational power of three Commodore 64s to fly to the moon. It takes at least a 486 to run Windows 95. Something is wrong here. http://dman.ddts.net/~dman/
Attachment:
pgpxz17fFesDn.pgp
Description: PGP signature