Bug#482339: #482339: po-debconf: podebconf-report-po uses poor HELO hostname
Damyan Ivanov
dam at modsoftsys.com
Thu May 22 14:18:32 UTC 2008
Here are some thoughts.
-=| Nicolas François, Thu, May 22, 2008 at 03:04:12PM +0200 |=-
> notfound 482339 1.0.13
> found 482339 0.79-4
> reassign 482339 libmail-sendmail-perl
> thanks
>
> On Wed, May 21, 2008 at 03:53:19PM -0700, rra at debian.org wrote:
> >
> > podebconf-report-po, when sending mail via the local server, appears to
> > use a HELO string of the unqualified local hostname. This isn't a valid
> > argument to HELO per the SMTP standard as I understand it; I believe
> > HELO requires a fully-qualified domain name.
HELO is defined in (obsolete) RFC821:
HELO <SP> <domain> <CRLF>
<domain> ::= <element> | <element> "." <domain>
<element> ::= <name> | "#" <number> | "[" <dotnum> "]"
Unqualified host named looks OK as per the RFC821.
However, RFC2821 says:
4.1.1.1 Extended HELLO (EHLO) or HELLO (HELO)
These commands are used to identify the SMTP client to the SMTP
server. The argument field contains the fully-qualified domain
name of the SMTP client if one is available. In situations in
which the SMTP client system does not have a meaningful domain
name (e.g., when its address is dynamically allocated and no
reverse mapping record is available), the client SHOULD send an
address literal (see section 4.1.3), optionally followed by
information that will help to identify the client system. y
The SMTP server identifies itself to the SMTP client in the
connection greeting reply and in the response to this command.
A client SMTP SHOULD start an SMTP session by issuing the EHLO
command. If the SMTP server supports the SMTP service
extensions it will give a successful response, a failure
response, or an error response. If the SMTP server, in
violation of this specification, does not support any SMTP
service extensions it will generate an error response. Older
client SMTP systems MAY, as discussed above, use HELO (as
specified in RFC 821) instead of EHLO, and servers MUST support
the HELO command and reply properly to it.
This is muddy waters to me :) I udnerstand EHLO <fqdn> is recommended,
but the old syntax and semantics must also be supported.
> > Postfix configured to
> > reject non-FQDN HELOs (which is a helpful anti-spam measure that
> > stops
> > quite a bit of bogus mail) therefore rejects the mail.
If my reading of the above is right, this is not conformant to the
standard.
> I would propose to add
> * a dependency on libsys-hostname-long-perl:
> * use Sys::Hostname::Long; # for use of hostname in HELO
>
> and change:
> $localhost = hostname() || 'localhost';
> to
> $localhost = hostname_long()() || hostname() || 'localhost';
> (not tested)
Looking upstream, there is a "development" release from July 2006 with
the following changelog:
...
- send EHLO, and parse response (for later AUTH implementation)
...
However the EHLO implementation suffers from the same pitfall - it
uses hostname() || 'localhost'.
In my reading of RFC2821, this is clearly a no-go for EHLO, as it is
useless for identifying the system. Same holds for a raw IP-address
from the private ranges.
Perhaps there is no "best" solution for this.
I remember past discussion about passing mail to /usr/sbin/sendmail,
which in turn requires that the local mail system is configured
properly. This may be not that bad idea for podebconf-report-po,
however, as it often sends a lot of mails. Also, maintainers are
expected to be able to configure the mail on their systems :)
--
dam JabberID: dam at jabber.minus273.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.alioth.debian.org/pipermail/pkg-perl-maintainers/attachments/20080522/09108103/attachment.pgp
More information about the pkg-perl-maintainers
mailing list