[cpx] Re: [vps2] php mail() weirdness

[Sherm Pierce <shermy@xxxxxxxxxxxx>]

[cross-posted to vps-mail and cpx lists for archiving]

On Thu, Sep 15, 2005 at 11:24:28AM -0400, Norman R. Prevett wrote:
> Hi Nicholas:
> 
> We have observed a similar problem with FormMail.pl and variations 
> thereof which do not work under cpx when "error:nouser" catchalls are 
> used but do work if you use a bit bucket (/dev/null) catch all. The 
> problem has been verified by Verio support and I presume there is a bug 
> report entered for cpx.

C'mon Norman! It is not a bug with cpx, but a problem with the mail
setup under modern sendmail. It has been well-discussed already in
several fora (several searches found posts from you, even):

  <http://www.groupmail.org/lists/cpx/msg00836.html>
  <http://www.perlcode.org/lists/vps-mail/msg01451.html>

So pay attention:

If you put an 'error:nouser' catchall in your virtusertable file,
you're telling sendmail, "for this domain, do not accept any mail for
anyone not explicitly listed as a recipient". Got that? Simple.

CPX sets things up this way and it is the general practice at large
and a sign of a good netizen. People who mistype an address get an
immediate response: "no such user", which is a Good Thing.

/dev/null'ing your catchall (a) gives no feedback at all to people who
make a mistake and (b) makes sendmail actually receive each message,
wasting time and resources on your server.

Now, why a 'error:nouser' catchall causes formmail, php, some
autoreplies, and other scripts to break:

Modern sendmail runs two (2) daemons: the usual MTA and a submission
daemon. The submission daemon was split out for security reasons
nearly two years ago (or so--give or take). The submission daemon's
only purpose is to accept mail into the queue for sending. The MTA
does the actual sending.

When an autoreply, formmail, or a php script tries to "send mail" from
your server, the process that does that runs under some user (e.g.,
formmail and php run under Apache's "www" user; the autoreply usually
runs under the user account where the autoreply is found).

If that autoreply, formmail, or php script does not explicitly set the
'from' sender, the 'from' sender is set by the sendmail submission
daemon to be 'username@hostname' where 'username' is "www" for
Apache-based autoreplies, or just the username for email autoreplies
and 'hostname' is the primary hostname of the server.

(pay attention again):

If that username@hostname entry does not exist in virtusertable, the
sendmail MTA will reject the mail because it's configured to reject
all mail that does not have an entry for that domain.

Four ways to "fix" this:

- create a genericstable entry for this user. This is the "correct"
  way for sendmail. In /etc/mail/genericstable:

    www          www@xxxxxxxxxxxxxx

  Then make sure that 'www@xxxxxxxxxxxxxx' has a virtusertable entry
  that can accept mail (be sure to run 'make' in /etc/mail after
  making these changes).

  The reason this is the "correct" way to do it is that your
  autoreplies will all have consistent headers.

- create a virtusertable entry for username@hostname in
  /etc/mail/virtusertable.

  This is the easiest way to make it work. Your envelope headers will
  say 'username@hostname' and your mail headers will say whatever you
  set it to (e.g., 'username@xxxxxxxxxxxxxx').

- configure your script to set "from" to a valid entry in
  virtusertable. This can sometimes be accomplished with sendmail's
  '-f' flag in the script. Unless the user in question is a sendmail
  'trusted user', you'll get an 'X-Authentication-Warning' header.

- alter or remove the catchall for the primary hostname (not
  recommended)

Sherm
-- 
Sherman Pierce
shermy@xxxxxxxxxxxx
======================================================================
This is <cpx@xxxxxxxxxxxxx>      <http://www.groupmail.org/lists/cpx/>
Before posting a question, please search the archives (see above URL).