[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: email lacks sender address

On Thu 28 Apr 2022 at 13:13:19 (-0400), Greg Wooledge wrote:
> On Thu, Apr 28, 2022 at 12:02:50PM -0500, David Wright wrote:
> > $ cat /etc/mailname 
> > acer.corp1
> > $ cat /etc/hosts 
> > 127.0.0.1       localhost
> > 127.0.1.1       acer1.corp      acer1
> > 192.168.1.14    axis.corp       axis
> > 
> > # The following lines are desirable for IPv6 capable hosts
> > ::1     localhost ip6-localhost ip6-loopback
> > ff02::1 ip6-allnodes
> > ff02::2 ip6-allrouters
> > $ hostname
> > acer
> 
> But you no longer have 'acer' in your /etc/hosts file.  Your hostname
> therefore won't have *any* canonical form with dots in it.

Ah, that would explain Brian's writing "127.0.1.1 test.axis.corp HOSTNAME".

> > and here's the email on axis:
> > 
> > >From auser@acer.corp Thu Apr 28 11:37:06 2022
> > Return-path: <auser@acer.corp>
> > Envelope-to: auser@axis
> > Delivery-date: Thu, 28 Apr 2022 11:37:06 -0500
> > Received: from [192.168.1.10] (helo=acer)
> >         by axis.corp with esmtp (Exim 4.92)
> >         (envelope-from <auser@acer.corp>)
> >         id 1nk78c-0001yL-Bm
> >         for auser@axis; Thu, 28 Apr 2022 11:37:06 -0500
> > Received: from auser by acer with local (Exim 4.94.2)
> >         (envelope-from <auser@acer>)
> >         id 1nk78b-0000HX-6v
> >         for auser@axis; Thu, 28 Apr 2022 11:37:05 -0500
> 
> Here, you can see that there was no canonical expansion of "acer" into
> a dot-laden name, so your system only identified itself as "acer".  Not
> as "acer.corp" or anything similar, in its HELO.

Yes, that seems to be the case.

> If one of the entries in your /etc/hosts file had contained "acer" as
> an alias, then the outcome would have been different.
> 
> Interestingly, acer.corp *does* appear in the envelope sender address,
> which you can see in the "From " line and the "Return-path:" header.
> But in the bottom Received: header, it says "envelope-from <auser@acer>".
> I find that quite interesting, but you'd need more knowledge of exim
> configuration than I possess to work out what happened there.

That is coming from the "visible domain" that is for exim's
address-hiding/rewriting facility, "stored" in dc_readhost in
/etc/exim4/update-exim4.conf.conf. When dpkg-reconfigure exim4-config
is run, it reads /etc/mailname for the system's mailname, writes back
whatever you set it to (or leave it as), and then asks for the visible
domain, offering you either the (original) /etc/mailname, or the
current visible domain if it's been set in the past. I left it as it
was originally; for extra tracking, I later changed it to "visi",
confirming that it appears in the mbox "From " line, the return
address, the upper envelope-from, and the From: header.

I've got a bit rusty on exim's wrinkles because, since the start of
lockdown (if you could call it that here in the sticks), I've
configured all my machines bar one to throw all their system emails at
a smarthost machine by IP#:25, and the latter doesn't worry about the
sender's side as long as it arrives from a LAN address. All external
mail is sent directly by mutt, using an explicit envelope-from.

Thanks.

Cheers,
David.
Reply to: