Brian wrote:
> Bob Proulx wrote:
> > Here are the places that need to be changed on every system.
A non-exclusive list. There will also be other places too.
> > /etc/hosts
> > /etc/hostname
> > /etc/mailname
>
> Would (or should) it be necessary to change /etc/mailname? mailname(5)
> describes this file as containing ". . . the fully qualified domain
> name that the program wishing to get the mail name should use (that is,
> everything after the @)."
I guess it depends upon what you have in that file but in 100% of my
machines I have the FQDN (fully qualified domain name) of the system.
I think that is typical and therefore it would always need to be
changed. But it might not be typical for everyone. Others may do
things quite differently. That is the problem with a flexible
configurable system. There are many different ways to do things.
Everyone thinks the way they do things is best. :-)
All of my email behind my site router can send mail from the machine
itself. This is very useful on headless servers for notifications.
On the private network I want to see the actual hostname. Hiding the
hostname would be counterproductive. My desktop that I am sending
this message from is being sent from such a configuration. But wait
you say you don't see the FQDN on this email. That's right.
On my site mail relay I configure Postfix for site masquerading. I
set the following in my site router relay configuration.
masquerade_domains = proulx.com
masquerade_exceptions = root
masquerade_classes = envelope_sender, header_sender
local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated
That causes mail outbound from my desktop to change from my local
hostname over to the shorter domain only address. This is the best
plan for me since I may send email from my desktop or from my laptop.
When I break my laptop and buy another one the new one will be
masqueraded. When I change desktops the new desktop is usually up and
running in parallel with the previous one for some time. Because the
masquerading configuration is in my site mail relay I don't have to do
anything special on the local client workstations.
But as with all things other people may have other ideas. If they
want to masquerade at each system then they might set the myorigin to
be their domain email address. They might only have one system.
(Horrors! <grin/>) Then all email will be sent to and from that
domain address. In which case that file won't change when the
hostname changes. The upstream Postfix docs even recommend this. The
Debian specific change to allow "myorigin = /etc/mailname" supports
this. It just doesn't happen to be best for everyone. Among other
things it means you should also set up a domain wide alias database
for all addresses in use. Most large sites have this. It just so
happens that I don't. You could argue that I should.
As a side note I always block outgoing port 25 traffic at the site
router. This prevents a virus infected MS Windows machine from being
able to send mail outbound from my network and putting me on a DNSBL.
> I use Exim but I'd expect Postfix's manpage to be identical.
I expect so too. Since /etc/mailname is a Debian specific thing I
expect it to be Policy across all mail transport agents so I assume
that includes Exim too. But I wouldn't expect to find that on other
non-Debian systems. The idea is to give a global place to configure
whatever is installed without really knowing what might actually be
installed. One place didn't exist for all of them and therefore
Debian created that location for use in Debian. Other non-Debian
systems won't have that file. And won't have a centralized place to
configure all of the MTAs either. Or if they do it will likely be in
a different location.
In Postfix the configuration is up to the local admin to keep or
remove. It is "myorigin = /etc/mailname" and the Debian specific part
is that it is allowed to be a file. A lot of Postfix admins will not
need that setting and will have a custom file of their choosing
replacing the entire default template.
http://www.postfix.org/postconf.5.html#myorigin
myorigin (default: $myhostname)
The domain name that locally-posted mail appears to come from, and
that locally posted mail is delivered to. The default,
$myhostname, is adequate for small sites. If you run a domain with
multiple machines, you should (1) change this to $mydomain and (2)
set up a domain-wide alias database that aliases each user to
user@that.users.mailhost.
Example:
myorigin = $mydomain
Since the default is myhostname and on Debian the default hostname is
the short name not the FQDN then for Postfix one value or the other
always needs to be set. Either myhostname needs to be set to the
FQDN or myorigin needs to be set to something. To understand the
myhostname issue you have to understand that Postfix by default wants
to see the FQDN set as the hostname but that isn't typical for Debian.
Possible to set up but not typical by default.
myhostname (default: see "postconf -d" output)
The internet hostname of this mail system. The default is to use
the fully-qualified domain name (FQDN) from gethostname(), or to
use the non-FQDN result from gethostname() and append
".$mydomain". $myhostname is used as a default value for many
other configuration parameters.
Example:
myhostname = host.example.com
mydomain (default: see "postconf -d" output)
The internet domain name of this mail system. The default is to
use $myhostname minus the first component, or "localdomain"
(Postfix 2.3 and later). $mydomain is used as a default value for
many other configuration parameters.
Example:
mydomain = domain.tld
If you were on a system with the hostname set to the FQDN such as is
classic BSD system style then myhostname is FQDN and therefore
myorigin is also FQDN and everything works. Due to this I believe
that Postfix was written on such a system. That seems to be native
for Postfix. Then it was adapted for others. Which is good because
for various reasons Debian prefers to use short names.
On a Debian system:
# postconf -d myorigin
myorigin = $myhostname
# postconf -d mydomain
mydomain = localdomain
# postconf -d myhostname
myhostname = phobia.localdomain
And so we see that at least one of the three variables myhostname,
mydomain, myorigin must be set to a FQDN. If not then something is
going to be unhappy.
Also note that the above myhostname and mydomain are circular. Each
one has a possible effect on the other! The circle is stopped by the
presence of a FQDN.
In the above you can see that if you don't set myhostname then
Postfix will default to gethostname().$mydomain and since mydomain is
by default the string "localdomain" then the result is almost
certainly not correct nor sufficient. (The "localdomain" domain
string is interesting too. Maybe I should say something in another
posting about it.)
For me personally I use a scripted system configuration that I wrote
years ago. It is similar to puppet, chef, cfengine. I should convert
to puppet or chef one day so that I am "standard" with others but I
know mine so I use it. It sets the configuration on the hosts. Using
it there is no trouble to have it automatically configure a large
number of configuration files. I always have it configure the Postfix
myhostname variable to the FQDN of the host. That seems like the
lowest level where things are not set and should be set.
These lead into Postfix's mydestination variable. The docs for it are
long so I will avoid posting them.
http://www.postfix.org/postconf.5.html#mydestination
The default is default: "$myhostname, localhost.$mydomain, localhost"
and therefore once again an appropriate setting for myhostname and
mydomain is critical to correct operation.
This is why I prefer to set myhostname for Postfix. By setting that
one variable the other three are also all set correctly. It just
feels like the best configuration to me.
However Debian didn't choose to set myhostname from /etc/myfqdnhostname.
Instead Debian chose myorigin to be set from /etc/mailname. Which
kind'a chooses to ignore an incorrect myhostname and/or mydomain
setting. Because if myorigin is set to a domain name then the value
of myhostname isn't immediately visible. You won't see it on outgoing
email. But it flows into mydestination. It won't be happy with just
a setting of myorigin. It doesn't "feel" right to leave that hanging.
# postconf mydomain
mydomain = proulx.com
# postconf myhostname
myhostname = phobia.proulx.com
# postconf myorigin
myorigin = /etc/mailname
Bob
Attachment:
signature.asc
Description: Digital signature