1. Forum
  2. Usenet
  3. COMP.MAIL.SENDMAIL

  • Re: Question: should submit.mc include nocanonify by default?

    From Marco Moock@21:1/5 to All on Tue May 13 21:28:58 2025
    On 12.05.2025 18:10 Uhr Stacey Marshall wrote:

    Question, should submit.mc include nocanonify by default?

    I was a little surprised to see SMTP client queue (sendmail -Ac)
    trying to look up DNS names as I thought it only collected mail for
    local accounts. In the configuration in question the Mail Transfer
    Agent (sendmail -bl) is configured to forward all mail to a gateway
    machine for actual delivery, and only that gateway machine has access
    to DNS.

    Most machines that handle mail have access to DNS nowadays. If your's
    doesn't, disable such lookups.

    Thus I was wondering if submit.mc should include the nocanonify
    feature by default?

    I do not see a reason for that as most machines have access to DNS. A
    default setting is something that fits general situations and not
    corner cases.

    Most servers also check the recipient domains and reject stuff that
    isn't an FQDN or unresolvable, so the default checks are sane.


    --
    kind regards
    Marco

    Send spam to 1747066252muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Andrzej Adam Filip@21:1/5 to Marco Moock on Wed May 14 20:27:36 2025
    Marco Moock <mm@dorfdsl.de> wrote:
    On 12.05.2025 18:10 Uhr Stacey Marshall wrote:

    Question, should submit.mc include nocanonify by default?

    I was a little surprised to see SMTP client queue (sendmail -Ac)
    trying to look up DNS names as I thought it only collected mail for
    local accounts. In the configuration in question the Mail Transfer
    Agent (sendmail -bl) is configured to forward all mail to a gateway
    machine for actual delivery, and only that gateway machine has access
    to DNS.

    Most machines that handle mail have access to DNS nowadays. If your's doesn't, disable such lookups.

    Thus I was wondering if submit.mc should include the nocanonify
    feature by default?

    I do not see a reason for that as most machines have access to DNS. A
    default setting is something that fits general situations and not
    corner cases.

    Most servers also check the recipient domains and reject stuff that
    isn't an FQDN or unresolvable, so the default checks are sane.

    As I understand submit.mc is supposed to be "one size fits *ALL* ".
    IMHO Your argument makes very good sense only if submit.mc is supposed
    to be modified not only in super rare cases.

    --
    [Andrew] Andrzej A. Filip

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Marco Moock@21:1/5 to All on Tue Jun 17 21:19:46 2025
    On 12.05.2025 18:10 Uhr Stacey Marshall wrote:

    I was a little surprised to see SMTP client queue (sendmail -Ac)
    trying to look up DNS names as I thought it only collected mail for
    local accounts.

    True, and default is to restrict those users to their own mail address
    (local user name and hostname of machine), but that can be lifted (see TrustedUser). In that case it makes sense to check if the domain exist.

    If you don't want that, disable it. :-)

    --
    kind regards
    Marco

    Send spam to 1747066252muell@stinkedores.dorfdsl.de

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Claus =?iso-8859-1?Q?A=DFmann?= @21:1/5 to Stacey Marshall on Wed Jun 18 01:42:35 2025
    Stacey Marshall wrote:

    I was a little surprised to see SMTP client queue (sendmail -Ac) trying
    to look up DNS names as I thought it only collected mail for local
    accounts.

    What gave you that impression?
    It's the "MSP": mail submission program - all local mail submissions
    use it unless they use SMTP directly.
    Hence that program (sendmail with the submit.cf file) makes all the
    changes required for mail submission, e.g, add missing headers and
    fix incomplete addresses - which means it should "canonify" addresses
    so the MTA doesn't have to do it.

    See sendmail/SECURITY.

    --
    Note: please read the netiquette before posting. I will almost never
    reply to top-postings which include a full copy of the previous
    article(s) at the end because it's annoying, shows that the poster
    is too lazy to trim his article, and it's wasting the time of all readers.

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)