Bug#1062357: systemd-cron: broken result mailing implementation
control: tag +1 help
I'm running out of ideads.
Le ven. 2 févr. 2024 à 08:32, Martin-Éric Racine
a écrit :
> > > Also, can this variable be configured in a file that is dropped into
> > > some directory, to avoid editing the global /etc/crontab? e.g.
> > > /etc/crontab.d/ or something similar?
> >
> > /etc/crontab _is_ the main config file which other jobs
> > (like in /etc/cron.{d,hourly,daily,...}/ will inherit mailing settings from.
> > ("std::optional fallback_mailto;" in code)
> >
> > /etc/sysconfig/crond & /etc/default/PACKAGE are old Redhat & Debian
> > things, mostly deprecated by systemd config drop-ins.
>
> A systemd drop-in would work too. It just needs to be documented.
> Which file? Which configuration key? Just as long as there's somewhere
> I can drop a file to configure the MAILFROM on all my hosts, I'm good
> to go.
https://people.math.wisc.edu/~emeitner/setting-a-global-mailto-environment-variable-in-cron.html
Maybe playing around with DefaultEnvironment and having MAILTO= defined
in every single process launched by systemd.
This looks a bit overkill...
https://askubuntu.com/questions/1334312/reliable-cron-errors-notifications-how-to
> > _cron-failure is a technical user, it should never leaks into e-mail
> > envelopes.
> > I'm using nullmailer myself but I can't reproduce it.
>
> It does if delivery of the cron job report fails.
I don't know enought the email protocol & usages to fix this.
Again I carefuly monitor the cronie & Debian cron fork codebases;
but found no clue.
Greetings
Bug#1062357: systemd-cron: broken result mailing implementation
pe 2. helmik. 2024 klo 8.30 Alexandre Detiste
(alexandre.deti...@gmail.com) kirjoitti:
>
> Le jeu. 1 févr. 2024 à 09:11, Martin-Éric Racine
> a écrit :
> > > 1)
> > >
> > > MAILFROM= is supported for a long time, is it enough ?
> > >
> > > v1.5.18 : 2020-12-26
> >
> > Thanks. Good to know. It's not documented in the crontab(5) man page.
>
> I added it now.
> It matches cronie alternative implementation roughly at the same time
> https://github.com/cronie-crond/cronie/commit/6181605fafe6aaedc0c19a8bdc85a335403b42d8
Cheers!
> > Also, can this variable be configured in a file that is dropped into
> > some directory, to avoid editing the global /etc/crontab? e.g.
> > /etc/crontab.d/ or something similar?
>
> /etc/crontab _is_ the main config file which other jobs
> (like in /etc/cron.{d,hourly,daily,...}/ will inherit mailing settings from.
> ("std::optional fallback_mailto;" in code)
>
> /etc/sysconfig/crond & /etc/default/PACKAGE are old Redhat & Debian
> things, mostly deprecated by systemd config drop-ins.
A systemd drop-in would work too. It just needs to be documented.
Which file? Which configuration key? Just as long as there's somewhere
I can drop a file to configure the MAILFROM on all my hosts, I'm good
to go.
> Maybe you'd want to read from /etc/aliases ?
> I think this one is only for receiving email, not sending.
>
> > > 2) _cron-failure should had been (re-)created by systemd-sysusers:
> >
> > helmi 01 06:20:08 p8h61 nullmailer-send[1286]: From:
> > <_cron-fail...@iki.fi> to:
> >
> > _cron-failure does not exist as a user on iki.fi (a public e-mail
> > account e.g. gmail.com, hotmail.com), and therefore bounces.
>
> _cron-failure is a technical user, it should never leaks into e-mail
> envelopes.
> I'm using nullmailer myself but I can't reproduce it.
It does if delivery of the cron job report fails.
Martin-Éric
Bug#1062357: systemd-cron: broken result mailing implementation
Le jeu. 1 févr. 2024 à 09:11, Martin-Éric Racine
a écrit :
> > 1)
> >
> > MAILFROM= is supported for a long time, is it enough ?
> >
> > v1.5.18 : 2020-12-26
>
> Thanks. Good to know. It's not documented in the crontab(5) man page.
I added it now.
It matches cronie alternative implementation roughly at the same time
https://github.com/cronie-crond/cronie/commit/6181605fafe6aaedc0c19a8bdc85a335403b42d8
> Also, can this variable be configured in a file that is dropped into
> some directory, to avoid editing the global /etc/crontab? e.g.
> /etc/crontab.d/ or something similar?
/etc/crontab _is_ the main config file which other jobs
(like in /etc/cron.{d,hourly,daily,...}/ will inherit mailing settings from.
("std::optional fallback_mailto;" in code)
/etc/sysconfig/crond & /etc/default/PACKAGE are old Redhat & Debian
things, mostly deprecated by systemd config drop-ins.
Maybe you'd want to read from /etc/aliases ?
I think this one is only for receiving email, not sending.
> > 2) _cron-failure should had been (re-)created by systemd-sysusers:
>
> helmi 01 06:20:08 p8h61 nullmailer-send[1286]: From:
> <_cron-fail...@iki.fi> to:
>
> _cron-failure does not exist as a user on iki.fi (a public e-mail
> account e.g. gmail.com, hotmail.com), and therefore bounces.
_cron-failure is a technical user, it should never leaks into e-mail envelopes.
I'm using nullmailer myself but I can't reproduce it.
I'm off, I'll check again next week
Greetings
Bug#1062357: systemd-cron: broken result mailing implementation
to 1. helmik. 2024 klo 9.33 Alexandre Detiste (alexandre.deti...@gmail.com) kirjoitti: > 1) > > MAILFROM= is supported for a long time, is it enough ? > > v1.5.18 : 2020-12-26 > >Various improvements to email on error: >* Revert "Use DynamicUser=yes for error email generator" >* Use sysusers.d snippet instead >* Support for MAILFROM variable [thanks MarcoCLA] Thanks. Good to know. It's not documented in the crontab(5) man page. Also, can this variable be configured in a file that is dropped into some directory, to avoid editing the global /etc/crontab? e.g. /etc/crontab.d/ or something similar? > 2) _cron-failure should had been (re-)created by systemd-sysusers: > > $ cat debian/systemd-cron.sysusers > u _cron-failure -:systemd-journal - /nonexistent /usr/sbin/nologin > > $ cat debian/rules > execute_after_dh_auto_install: > # automatic with DebHelper >= 14 > dh_installsysusers helmi 01 06:20:08 p8h61 nullmailer-send[1286]: From: <_cron-fail...@iki.fi> to: _cron-failure does not exist as a user on iki.fi (a public e-mail account e.g. gmail.com, hotmail.com), and therefore bounces. Martin-Éric
Bug#1062357: systemd-cron: broken result mailing implementation
Hi, 1) MAILFROM= is supported for a long time, is it enough ? v1.5.18 : 2020-12-26 Various improvements to email on error: * Revert "Use DynamicUser=yes for error email generator" * Use sysusers.d snippet instead * Support for MAILFROM variable [thanks MarcoCLA] 2) _cron-failure should had been (re-)created by systemd-sysusers: $ cat debian/systemd-cron.sysusers u _cron-failure -:systemd-journal - /nonexistent /usr/sbin/nologin $ cat debian/rules execute_after_dh_auto_install: # automatic with DebHelper >= 14 dh_installsysusers Le jeu. 1 févr. 2024 à 08:09, Martin-Éric Racine a écrit : > > Package: systemd-cron > Version: 2.3.0-1~bpo12+1 > Severity: important > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > 1) In its current form, systemd-cron mails the result of global cron jobs > from root@fqdn, which fails since we aren't FQDN's administrator. > > 2) As a result, systemd-cron tries to notify the administrator of the failed > delivery, but does so from a non-existent mail account _cron-failure, which > thus also fails. > > Fixing this requires systemd-cron to support the SENDFROM variable. >
Bug#1062357: systemd-cron: broken result mailing implementation
Package: systemd-cron Version: 2.3.0-1~bpo12+1 Severity: important -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 1) In its current form, systemd-cron mails the result of global cron jobs from root@fqdn, which fails since we aren't FQDN's administrator. 2) As a result, systemd-cron tries to notify the administrator of the failed delivery, but does so from a non-existent mail account _cron-failure, which thus also fails. Fixing this requires systemd-cron to support the SENDFROM variable. - -- Package-specific info: - -- System Information: Debian Release: 12.4 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 6.1.0-17-amd64 (SMP w/4 CPU threads; PREEMPT) Locale: LANG=fi_FI.utf8, LC_CTYPE=fi_FI.utf8 (charmap=UTF-8), LANGUAGE=fi:en Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages systemd-cron depends on: ii cron-daemon-common 3.0pl1-162 ii libc6 2.36-9+deb12u4 ii libssl3 3.0.11-1~deb12u2 ii libstdc++6 12.2.0-14 ii systemd [systemd-sysusers] 252.19-1~deb12u1 ii systemd-sysv252.19-1~deb12u1 systemd-cron recommends no packages. Versions of packages systemd-cron suggests: ii nullmailer [mail-transport-agent] 1:2.2-4 - -- no debconf information -BEGIN PGP SIGNATURE- iQIzBAEBCgAdFiEEyJACx3qL7GpObXOQrh+Cd8S017YFAmW7QzMACgkQrh+Cd8S0 17bN9A//bzMRtMlJqd2WplMmaKQAoTPxzOa/atj8etNtNcuukBqz/UrEXOpN0mIY 8PX6gtMjbqDbXjmkkkGHNIwgQhmjn+XOfQBm7emHQ0dbbIbILE5nL6NBSe9mLjW4 8nQp3ayAKmgS3BCdtWyyoWaY5K9ifdeM4rK5gphshC2nQ9sZ/++VtzG1x8uBfnBc HW4ixPxrm2yhz2WLP3tzSGW6wV0Xs4QnJtwXhQROJZFH+6scV/n9KVeoqB+q/xBB JaAnfk7s8GH9P6oU+Y6t3fglEAPudT7Rrwty47mL4CXzDdJU/LWFo5ykTy7BNPW/ 8f7qDlb2Yj+/y6EYMqz6Wsu80rg4SQA4Xm+I/8Kd6BiqZqSgCaXbioR6A4U3u76V vBooi6+oT/StVk8n6xXh6xU1vkya/JV30nJMeyCixEJRsuVy48zah68mgcNLqKUu CoYhgzRV0XnCnT8Jww1qdY3uZdLqbTvE8ezkH8BHZb1aDj6I24deS6a4eFJqQaSP nAuI5IJsgyMc5RMocI6LETtxEpf420upllXd6VfajrAU9dA68EzemxoBkGaDpPqm hYj5xyz3VuOMz2Z+eXrK/W30Lo98jXxrijDYPvbEJCqlApSC0VATKze/IdXgjaal xPUmkQlFZGBNfF7hsWQhQXCP0rQ/t8qkWTKL2jFsJlG3t6bWtrM= =B0xd -END PGP SIGNATURE-
