Brian wrote: > Bob Proulx wrote: > > Here are the places that need to be changed on every system. A non-exclusive list. There will also be other places too. > > /etc/hosts > > /etc/hostname > > /etc/mailname > > Would (or should) it be necessary to change /etc/mailname? mailname(5) > describes this file as containing ". . . the fully qualified domain > name that the program wishing to get the mail name should use (that is, > everything after the @)." I guess it depends upon what you have in that file but in 100% of my machines I have the FQDN (fully qualified domain name) of the system. I think that is typical and therefore it would always need to be changed. But it might not be typical for everyone. Others may do things quite differently. That is the problem with a flexible configurable system. There are many different ways to do things. Everyone thinks the way they do things is best. :-) All of my email behind my site router can send mail from the machine itself. This is very useful on headless servers for notifications. On the private network I want to see the actual hostname. Hiding the hostname would be counterproductive. My desktop that I am sending this message from is being sent from such a configuration. But wait you say you don't see the FQDN on this email. That's right. On my site mail relay I configure Postfix for site masquerading. I set the following in my site router relay configuration. masquerade_domains = proulx.com masquerade_exceptions = root masquerade_classes = envelope_sender, header_sender local_header_rewrite_clients = permit_mynetworks, permit_sasl_authenticated That causes mail outbound from my desktop to change from my local hostname over to the shorter domain only address. This is the best plan for me since I may send email from my desktop or from my laptop. When I break my laptop and buy another one the new one will be masqueraded. When I change desktops the new desktop is usually up and running in parallel with the previous one for some time. Because the masquerading configuration is in my site mail relay I don't have to do anything special on the local client workstations. But as with all things other people may have other ideas. If they want to masquerade at each system then they might set the myorigin to be their domain email address. They might only have one system. (Horrors! <grin/>) Then all email will be sent to and from that domain address. In which case that file won't change when the hostname changes. The upstream Postfix docs even recommend this. The Debian specific change to allow "myorigin = /etc/mailname" supports this. It just doesn't happen to be best for everyone. Among other things it means you should also set up a domain wide alias database for all addresses in use. Most large sites have this. It just so happens that I don't. You could argue that I should. As a side note I always block outgoing port 25 traffic at the site router. This prevents a virus infected MS Windows machine from being able to send mail outbound from my network and putting me on a DNSBL. > I use Exim but I'd expect Postfix's manpage to be identical. I expect so too. Since /etc/mailname is a Debian specific thing I expect it to be Policy across all mail transport agents so I assume that includes Exim too. But I wouldn't expect to find that on other non-Debian systems. The idea is to give a global place to configure whatever is installed without really knowing what might actually be installed. One place didn't exist for all of them and therefore Debian created that location for use in Debian. Other non-Debian systems won't have that file. And won't have a centralized place to configure all of the MTAs either. Or if they do it will likely be in a different location. In Postfix the configuration is up to the local admin to keep or remove. It is "myorigin = /etc/mailname" and the Debian specific part is that it is allowed to be a file. A lot of Postfix admins will not need that setting and will have a custom file of their choosing replacing the entire default template. http://www.postfix.org/postconf.5.html#myorigin myorigin (default: $myhostname) The domain name that locally-posted mail appears to come from, and that locally posted mail is delivered to. The default, $myhostname, is adequate for small sites. If you run a domain with multiple machines, you should (1) change this to $mydomain and (2) set up a domain-wide alias database that aliases each user to user@that.users.mailhost. Example: myorigin = $mydomain Since the default is myhostname and on Debian the default hostname is the short name not the FQDN then for Postfix one value or the other always needs to be set. Either myhostname needs to be set to the FQDN or myorigin needs to be set to something. To understand the myhostname issue you have to understand that Postfix by default wants to see the FQDN set as the hostname but that isn't typical for Debian. Possible to set up but not typical by default. myhostname (default: see "postconf -d" output) The internet hostname of this mail system. The default is to use the fully-qualified domain name (FQDN) from gethostname(), or to use the non-FQDN result from gethostname() and append ".$mydomain". $myhostname is used as a default value for many other configuration parameters. Example: myhostname = host.example.com mydomain (default: see "postconf -d" output) The internet domain name of this mail system. The default is to use $myhostname minus the first component, or "localdomain" (Postfix 2.3 and later). $mydomain is used as a default value for many other configuration parameters. Example: mydomain = domain.tld If you were on a system with the hostname set to the FQDN such as is classic BSD system style then myhostname is FQDN and therefore myorigin is also FQDN and everything works. Due to this I believe that Postfix was written on such a system. That seems to be native for Postfix. Then it was adapted for others. Which is good because for various reasons Debian prefers to use short names. On a Debian system: # postconf -d myorigin myorigin = $myhostname # postconf -d mydomain mydomain = localdomain # postconf -d myhostname myhostname = phobia.localdomain And so we see that at least one of the three variables myhostname, mydomain, myorigin must be set to a FQDN. If not then something is going to be unhappy. Also note that the above myhostname and mydomain are circular. Each one has a possible effect on the other! The circle is stopped by the presence of a FQDN. In the above you can see that if you don't set myhostname then Postfix will default to gethostname().$mydomain and since mydomain is by default the string "localdomain" then the result is almost certainly not correct nor sufficient. (The "localdomain" domain string is interesting too. Maybe I should say something in another posting about it.) For me personally I use a scripted system configuration that I wrote years ago. It is similar to puppet, chef, cfengine. I should convert to puppet or chef one day so that I am "standard" with others but I know mine so I use it. It sets the configuration on the hosts. Using it there is no trouble to have it automatically configure a large number of configuration files. I always have it configure the Postfix myhostname variable to the FQDN of the host. That seems like the lowest level where things are not set and should be set. These lead into Postfix's mydestination variable. The docs for it are long so I will avoid posting them. http://www.postfix.org/postconf.5.html#mydestination The default is default: "$myhostname, localhost.$mydomain, localhost" and therefore once again an appropriate setting for myhostname and mydomain is critical to correct operation. This is why I prefer to set myhostname for Postfix. By setting that one variable the other three are also all set correctly. It just feels like the best configuration to me. However Debian didn't choose to set myhostname from /etc/myfqdnhostname. Instead Debian chose myorigin to be set from /etc/mailname. Which kind'a chooses to ignore an incorrect myhostname and/or mydomain setting. Because if myorigin is set to a domain name then the value of myhostname isn't immediately visible. You won't see it on outgoing email. But it flows into mydestination. It won't be happy with just a setting of myorigin. It doesn't "feel" right to leave that hanging. # postconf mydomain mydomain = proulx.com # postconf myhostname myhostname = phobia.proulx.com # postconf myorigin myorigin = /etc/mailname Bob
Attachment:
signature.asc
Description: Digital signature