Work at SourceForge, help us to make it a better place! We have an immediate need for a Support Technician in our San Francisco or Denver office.

Close

#2825 Postfix module truncates main.cf

1.340
closed
Jamie Cameron
5
2007-05-11
2007-05-07
Anonymous
No

Enviroment

Debian Sarge on i386 and Postfix 2.1.5

Webmin 1.340 and 1.345 tested

When adding a new domain in SMTP server options / Restrict mail relaying the main.cf gets truncated, eg many of own settings in main.cf are lost. Example smtpd_recipient_restrictions are truncated

Best regards,

Johan Hansson - PCM International (jha@pcm.se)

Discussion

1 2 > >> (Page 1 of 2)
  • Jamie Cameron
    Jamie Cameron
    2007-05-07

    Logged In: YES
    user_id=129364
    Originator: NO

    That sounds like a serious bug!
    Is main.cf being completely truncated to an empty file, or cut off at some mid-point?

     
  • GNUXPloit
    GNUXPloit
    2007-05-08

    Logged In: YES
    user_id=1787489
    Originator: NO

    It´s cut off in a middle segment. eg some lines in the middle vanish. If you want I can send u before and after files

    //Johan

     
  • Jamie Cameron
    Jamie Cameron
    2007-05-08

    Logged In: YES
    user_id=129364
    Originator: NO

    Thanks - the before and after files would be very useful.

     
  • GNUXPloit
    GNUXPloit
    2007-05-10

    Logged In: YES
    user_id=1787489
    Originator: NO

    Hi Jamie

    Below are the before and after copies, as you can see must of the smtpd_recipient_restrictions are lost

    //Johan

    Before:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    myhostname = panda.capline.se
    alias_maps = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = panda.capline.se
    relayhost =
    relay_domains = $mydestination, capline.se, advokatgruppensth.se
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    smtpd_helo_required = yes
    disable_vrfy_command = yes

    smtpd_recipient_restrictions =
    #check_policy_service inet:127.0.0.1:10023,
    permit_mynetworks,
    permit_sasl_authenticated,
    reject_unauth_destination,
    reject_invalid_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unauth_pipelining,
    permit_mynetworks,
    reject_unauth_destination,
    reject_unknown_recipient_domain,
    reject_non_fqdn_recipient,
    #reject_rbl_client relays.ordb.org,
    reject_rbl_client opm.blitzed.org,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client cbl.abuseat.org,
    #reject_rbl_client dul.dnsbl.sorbs.net,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client dnsbl.njabl.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    reject_unknown_sender_domain,
    reject_unknown_recipient_domain,
    reject_unauth_pipelining,
    reject_rbl_client domain-name,
    #reject_rhsbl_client blackhole.securitysage.com,
    #reject_rhsbl_sender blackhole.securitysage.com,
    check_policy_service inet:127.0.0.1:60000,
    permit

    smtpd_data_restictions = reject_unauth_pipelining,
    permit

    # check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
    # check_helo_access dbm:/etc/postfix/helo_checks,
    # check_sender_access dbm:/etc/postfix/sender_checks,
    # check_client_access dbm:/etc/postfix/client_checks,
    # check_client_access pcre:/etc/postfix/client_checks.pcre,

    virtual_alias_maps = hash:/etc/postfix/virtual

    #header_checks = regexp:/etc/postfix/header_checks
    transport_maps = hash:/etc/postfix/transport
    #local_transport = local
    #setgid_group = maildrop
    #mailq_path = /usr/bin/mailq
    #daemon_directory = /usr/lib/postfix

    After:

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    smtpd_banner = $myhostname ESMTP $mail_name (Debian/GNU)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    myhostname = panda.capline.se
    alias_maps = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = panda.capline.se
    relayhost =
    relay_domains = $mydestination, capline.se, advokatgruppensth.se, test.se
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    inet_interfaces = all
    smtpd_helo_required = yes
    disable_vrfy_command = yes

    smtpd_recipient_restrictions =
    #check_policy_service inet:127.0.0.1:10023,
    #reject_rbl_client relays.ordb.org,
    #reject_rbl_client dul.dnsbl.sorbs.net,
    #reject_rhsbl_client blackhole.securitysage.com,
    #reject_rhsbl_sender blackhole.securitysage.com,

    smtpd_data_restictions = reject_unauth_pipelining,
    permit

    # check_recipient_access pcre:/etc/postfix/recipient_checks.pcre,
    # check_helo_access dbm:/etc/postfix/helo_checks,
    # check_sender_access dbm:/etc/postfix/sender_checks,
    # check_client_access dbm:/etc/postfix/client_checks,
    # check_client_access pcre:/etc/postfix/client_checks.pcre,

    virtual_alias_maps = hash:/etc/postfix/virtual

    #header_checks = regexp:/etc/postfix/header_checks
    transport_maps = hash:/etc/postfix/transport
    #local_transport = local
    #setgid_group = maildrop
    #mailq_path = /usr/bin/mailq
    #daemon_directory = /usr/lib/postfix

     
  • Jamie Cameron
    Jamie Cameron
    2007-05-11

    • status: open --> closed
     
  • Jamie Cameron
    Jamie Cameron
    2007-05-11

    Logged In: YES
    user_id=129364
    Originator: NO

    Thanks, I see the cause of this - Webmin wasn't properly handling a directive that is split over multiple lines.
    Until I release version 1.350, you can avoid this by combining the smtpd_recipient_restrictions onto a single line.

     
  • GNUXPloit
    GNUXPloit
    2007-05-11

    Logged In: YES
    user_id=1787489
    Originator: NO

    Hi Jamie

    Just a note to confirm that the "workaround" works 100%

    //Johan

     
  • GNUXPloit
    GNUXPloit
    2007-09-24

    Logged In: YES
    user_id=1787489
    Originator: NO

    With 1.370 and the SMTP auth options the same problem is back!

    Before

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = mail.svithiod.com
    alias_maps = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = localhost, ns.svithiod.com
    relay_domains = $mydestination, pcm.se
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    virtual_alias_maps = hash:/etc/postfix/virtual
    smtpd_recipient_restrictions = permit_mynetworks,
    permit_sasl_authenticated,
    ##check_policy_service inet:127.0.0.1:25250,
    reject_unauth_destination,
    reject_invalid_hostname,
    reject_non_fqdn_sender,
    reject_non_fqdn_recipient,
    reject_unauth_pipelining,
    reject_unknown_recipient_domain,
    reject_rbl_client sbl.spamhaus.org,
    reject_rbl_client cbl.abuseat.org,
    ##reject_rbl_client dul.dnsbl.sorbs.net,
    reject_rbl_client list.dsbl.org,
    reject_rbl_client dnsbl.njabl.org,
    reject_rbl_client bl.spamcop.net,
    reject_rbl_client sbl-xbl.spamhaus.org,
    #reject_rbl_client domain-name,
    #reject_rhsbl_client blackhole.securitysage.com,
    #reject_rhsbl_sender relays.ordb.org,
    ##reject_rbl_client opm.blitzed.org,
    #reject_unknown_sender_domain,
    ##check_relay_domains,
    permit
    check_policy_service inet:127.0.0.1:25250,
    ##reject_rbl_client dul.dnsbl.sorbs.net,
    #reject_rbl_client domain-name,
    #reject_rhsbl_client blackhole.securitysage.com,
    #reject_rhsbl_sender blackhole.securitysage.com,
    ##reject_rbl_client relays.ordb.org,
    ##reject_rbl_client opm.blitzed.org,
    #reject_unknown_sender_domain,
    ##check_relay_domains,
    header_checks = regexp:/etc/postfix/header_checks
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes

    After: (Doing something in the SMTP auth options)

    # See /usr/share/postfix/main.cf.dist for a commented, more complete version

    # Debian specific: Specifying a file name will cause the first
    # line of that file to be used as the name. The Debian default
    # is /etc/mailname.
    #myorigin = /etc/mailname

    smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
    biff = no

    # appending .domain is the MUA's job.
    append_dot_mydomain = no

    # Uncomment the next line to generate "delayed mail" warnings
    #delay_warning_time = 4h

    # TLS parameters
    smtpd_tls_cert_file = /etc/ssl/certs/ssl-cert-snakeoil.pem
    smtpd_tls_key_file = /etc/ssl/private/ssl-cert-snakeoil.key
    smtpd_use_tls = yes
    smtpd_tls_session_cache_database = btree:${queue_directory}/smtpd_scache
    smtp_tls_session_cache_database = btree:${queue_directory}/smtp_scache

    # See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
    # information on enabling SSL in the smtp client.

    myhostname = mail.svithiod.com
    alias_maps = hash:/etc/aliases
    myorigin = /etc/mailname
    mydestination = localhost, ns.svithiod.com
    relay_domains = $mydestination, pcm.se
    mynetworks = 127.0.0.0/8
    mailbox_size_limit = 0
    recipient_delimiter = +
    virtual_alias_maps = hash:/etc/postfix/virtual
    smtpd_recipient_restrictions = permit_mynetworks permit_sasl_authenticated ##check_policy_service inet:127.0.0.1:25250 reject_invalid_hostname reject_non_fqdn_sender reject_non_fqdn_recipient reject_unauth_pipelining reject_unknown_recipient_domain reject_rbl_client sbl.spamhaus.org cbl.abuseat.org ##reject_rbl_client dul.dnsbl.sorbs.net list.dsbl.org dnsbl.njabl.org bl.spamcop.net sbl-xbl.spamhaus.org #reject_rbl_client domain-name #reject_rhsbl_client blackhole.securitysage.com #reject_rhsbl_sender relays.ordb.org opm.blitzed.org #reject_unknown_sender_domain ##check_relay_domains permit check_policy_service reject_unknown_reverse_client_hostname
    ##check_policy_service inet:127.0.0.1:25250,
    ##reject_rbl_client dul.dnsbl.sorbs.net,
    #reject_rbl_client domain-name,
    #reject_rhsbl_client blackhole.securitysage.com,
    #reject_rhsbl_sender relays.ordb.org,
    ##reject_rbl_client opm.blitzed.org,
    #reject_unknown_sender_domain,
    ##check_relay_domains,
    ##reject_rbl_client dul.dnsbl.sorbs.net,
    #reject_rbl_client domain-name,
    #reject_rhsbl_client blackhole.securitysage.com,
    #reject_rhsbl_sender blackhole.securitysage.com,
    ##reject_rbl_client relays.ordb.org,
    ##reject_rbl_client opm.blitzed.org,
    #reject_unknown_sender_domain,
    ##check_relay_domains,
    header_checks = regexp:/etc/postfix/header_checks
    smtpd_sasl_local_domain =
    smtpd_sasl_auth_enable = yes
    broken_sasl_auth_clients = yes

     
  • Jamie Cameron
    Jamie Cameron
    2007-09-25

    Logged In: YES
    user_id=129364
    Originator: NO

    Actually, it looks like Postfix itself is causing this problem! Webmin doesn't actually edit main.cf directly to set values - instead, it calls a command like :

    postconf -e "smtpd_recipient_restrictions=value1 value2 value3"

    You should try this on your original config file to verify what happens is the same.

     
  • GNUXPloit
    GNUXPloit
    2007-09-25

    Logged In: YES
    user_id=1787489
    Originator: NO

    According to the POstfix maintainer of Ubuntu it replaces the line! And it´s supposed to be normal behavoiur

    Eg

    That looks right. You set "smtpd_recipient_restrictions=value1 value2 value3" and that's what you have. man 5 postconf says, "Parameters and values are specified on the command line." What did you expect to happen?

    See more

    https://bugs.launchpad.net/bugs/144679

     
1 2 > >> (Page 1 of 2)