Re: Input requested: append_dot_mydomain default change
On September 24, 2014 3:05:54 AM EDT, Stefan Foerster wrote: >* Wietse Venema : >> - Some distributions already ship with "append_dot_mydomain = no". >> This is an opportunity to eliminate the inconsistency. Debian (and thus Ubuntu and other derivatives) have set this for quite some time. I don't see a problem with changing the default either for any of my personal setups or with my distro developer hat on. Scott K
Re: Input requested: append_dot_mydomain default change
On 24 Sep 2014, at 11:16 , Ansgar Wiechers wrote: > On 2014-09-23 A. Schulze wrote: >> I already explicit set 'append_dot_mydomain = no'. > Same here. Is there any simple way to test if setting this will break things other than setting it and watching the logs? -- The way I see it, the longer I put it off, the better it'll end up being. Heck, school doesn't start for another 43 minutes.
Re: Input requested: append_dot_mydomain default change
On 2014-09-23 A. Schulze wrote: > wietse: >> Dammit, I want to hear from people who expect to have problems >> or not. > > OK, I don't expect problems for /my/ systems > because I already explicit set 'append_dot_mydomain = no'. Same here. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
Re: Input requested: append_dot_mydomain default change
* Wietse Venema : > - Some distributions already ship with "append_dot_mydomain = no". > This is an opportunity to eliminate the inconsistency. This will probably break mail setups that used to rely on unqualified names in a way that's hard to diagnose, especially if there is a namespace clash with one of the new TLDs. Sending mails to e.g. "r...@oracle1.prod" will probably log a "mail loops back to myself" error with "append_dot_mydomain = no", since oracle1.prod will resolve to 127.0.53.53... Stefan
Re: Input requested: append_dot_mydomain default change
On 22 Sep 2014, at 12:29 , Noel Jones wrote: > My thought: there are popular distros that have set this explicitly > to "no" for years, and yet we get very few questions here where the > artificial "no" setting causes a problem. So in a sense it's already > been tested for us. Sort of. Is there a way to test a existing install to see if this will break things? The way I look at it, someone who has never set the flag to no may have built things in their install assuming the default value and have no idea that something might break when the default is changed. Is there anything like warn_if_fail append_dot_mydomain? Should there be? As for things that COULD break, any lookups COULD break, right? -- Say, give it up, give it up, television's taking its toll That's enough, that's enough, gimme the remote control I've been nice, I've been good, please don't do this to me Turn it off, turn it off, I don't want to have to see
Re: Input requested: append_dot_mydomain default change
Am 23.09.2014 um 01:33 schrieb Wietse Venema : > Viktor Dukhovni: >> On Mon, Sep 22, 2014 at 11:41:00AM -0400, Wietse Venema wrote: >> >>> This time PLEASE refrain from sidetracking the discussion. I want >>> to know what will break when the default changes, if that is not >>> too much to ask for. >>> >>> Summary: >>> >>> Until now, Postfix has a default setting "append_dot_mydomain = yes". >>> This performs autocompletion from user@host to user@host.$mydomain. >>> But this default setting is becoming problematic. >>> >>> I need to find out what will break when the default is changed to "no". >> >> My main concern is with "user@machine" non-fqdn address forms > > Dammit, I want to hear from people who expect to have problems > or not. Can we stop the evangelizing until there is some response? The only situation I might think of: If you have several servers that are satellites to a central mail hub and they do not add their domain, but the central mail hub expects fqdn, it would probably cause problems. Servers, that only send logcheck, cron, … to the mail hub. Most local services use „localhost“ (example: root@localhost). Even if your domain was localdomain, the append_… would make localhost.localdomain which is fqdn. So a central mail hub would accept this. But turning the default off, you not even would see that there was a service that would had have to be modified. These are just my thoughts to it. Christian -- Bachelor of Science Informatik Erlenwiese 14, 36304 Alsfeld T: +49 6631 78823400, F: +49 6631 78823409, M: +49 171 9905345 USt-IdNr.: DE225643613, http://www.roessner-network-solutions.com smime.p7s Description: S/MIME cryptographic signature
Re: Input requested: append_dot_mydomain default change
Wietse Venema writes: Dammit, I want to hear from people who expect to have problems or not. I don't expect problems on our systems because we also have set append_dot_mydomain to no. Furthermore, one of the great things about Postfix is its documentation, and if the change is mentioned in the release notes, we'll see it and can act accordingly for systems that don't. Regards, Roel
Re: Input requested: append_dot_mydomain default change
wietse: Dammit, I want to hear from people who expect to have problems or not. OK, I don't expect problems for /my/ systems because I already explicit set 'append_dot_mydomain = no'. Andreas
Re: Input requested: append_dot_mydomain default change
On Sep 22, 2014, at 11.41, Wietse Venema wrote: > This time PLEASE refrain from sidetracking the discussion. I want > to know what will break when the default changes, if that is not > too much to ask for. > > Summary: > > Until now, Postfix has a default setting "append_dot_mydomain = yes". > This performs autocompletion from user@host to user@host.$mydomain. > But this default setting is becoming problematic. > > I need to find out what will break when the default is changed to "no". > > How many people expect that this change would be a problem? It *may* > affect mail that is submitted with the sendmail command line, or > aliases that expand to user@host instead of user@host.domain. Email > addresses in SMTP *should* already be fully qualified. But I also > know that the real world often does not behave as it *should*. > Hence this query to the postfix-users list. given a poll, my vote would be to change the default to “no”. this would not be a problem for me, because i set this to “no" anyway, as a general rule, on all my systems. sendmail submission and alias expansion will not break for me, as addresses used/referenced in these contexts are fully qualified. mail submitted via smtp will not break for me because reject_non_fqdn_sender/reject_non_fqdn_recipient are always included in smtpd_*_restrictions, also as a general rule. i do this because i prefer that the onus for constructing properly formed messages be placed on the client rather than on postfix, and to some degree, out of principle, driven by aspirations for “purity”, so to speak. while i have had to make concessions on occasion for uncooperative software, changing append_dot_mydomain back to “yes” has never been among them. the practical value of this for me is that it aids in identifying/correcting clients/software which aren’t behaving as desired. that being said, it’s not something i’m particularly adamant about. the value for me is that it’s something i can set. -ben
Re: Input requested: append_dot_mydomain default change
Viktor Dukhovni: > On Mon, Sep 22, 2014 at 11:41:00AM -0400, Wietse Venema wrote: > > > This time PLEASE refrain from sidetracking the discussion. I want > > to know what will break when the default changes, if that is not > > too much to ask for. > > > > Summary: > > > > Until now, Postfix has a default setting "append_dot_mydomain = yes". > > This performs autocompletion from user@host to user@host.$mydomain. > > But this default setting is becoming problematic. > > > > I need to find out what will break when the default is changed to "no". > > My main concern is with "user@machine" non-fqdn address forms Dammit, I want to hear from people who expect to have problems or not. Can we stop the evangelizing until there is some response? Wietse
Re: Input requested: append_dot_mydomain default change
On Mon, Sep 22, 2014 at 11:41:00AM -0400, Wietse Venema wrote: > This time PLEASE refrain from sidetracking the discussion. I want > to know what will break when the default changes, if that is not > too much to ask for. > > Summary: > > Until now, Postfix has a default setting "append_dot_mydomain = yes". > This performs autocompletion from user@host to user@host.$mydomain. > But this default setting is becoming problematic. > > I need to find out what will break when the default is changed to "no". My main concern is with "user@machine" non-fqdn address forms leaking out of minimally configured clients to then to be rejected by the smarthost mail hub, at which point they send non-fqdn bounces, which are also rejected, and the mail disappears when even the postmaster copy is rejected. I guess over the years I've drunk the Postfix backwards compatibily coolaid, and my gut sense is that while an occasional "@localhost.com" (reported for the first time in well over a decade) may be a problem, that this is not worth the backwards-compatibility cost. Postfix upgrades have been remarkably frictionless over the years, and I'm not convinced this issue deserves a compatibility break. There are probably also books and many HOW-TO documents that assume "append_dot_mydomain = yes", and updating either can be non-trivial. So my preference would be to just add documentation warnings about defaulting both "mydomain" and "append_dot_mydomain". Preferrably at least one of these has an explicit value in main.cf. A warning from trivial-rewrite(8) when both are defaulted might be enough to get most folks to add the appropriate safety-net for themselves. -- Viktor.
Re: Input requested: append_dot_mydomain default change
On 22/09/14 18:41, Wietse Venema wrote: > Until now, Postfix has a default setting "append_dot_mydomain = yes". > This performs autocompletion from user@host to user@host.$mydomain. > But this default setting is becoming problematic. With hindsight, append_dot_mydomain = yes is a bad idea. Partially qualified names should have never been made to work - not just in email but in the whole networking universe. In this case, it is still not too late to break the bad stuff. I vote for changing the default fwiw. -- Eray Aslan
Re: Input requested: append_dot_mydomain default change
On Sep 22, 2014, at 2:43 PM, Viktor Dukhovni wrote: > On Mon, Sep 22, 2014 at 01:29:37PM -0500, Noel Jones wrote: > >> My thought: there are popular distros that have set this explicitly >> to "no" for years, and yet we get very few questions here where the >> artificial "no" setting causes a problem. So in a sense it's already >> been tested for us. > > Thanks. [ Anyone else with strong preferences in either direction? ] > > Note, there is a difference between starting with a different > default (and building a configuration that works with that) and > having the default change on a system with an existing configuration > that relies on the previous behaviour. > > So yes, append_dot_mydomain=no has proved usable, but migration > from "yes" to "no" may require updating aliases files and the like > at sites that relied on the previous default or they can of course > simply set "append_dot_mydomain = yes" as part of the upgrade. I have no strong feelings either way, but the alias case is a great example of possible breakage. While I assume this would be pointed out in the release notes, I would think a log message on startup would be a great way to notify the folks that tend not to thoroughly examine the release notes. I know when I get lazy with an upgrade, I do always tail the maillog when restarting, and thats probably (hopefully?) common admin behavior, even amongst the rushed devops admins of the world. A Warn: append_dot_mydomain default behavior has changed from yes to no, please examine main.cf message or similar would certainly get my attention. $0.02 and all… Charles > > -- > Viktor.
Re: Input requested: append_dot_mydomain default change
On Mon, Sep 22, 2014 at 01:29:37PM -0500, Noel Jones wrote: > My thought: there are popular distros that have set this explicitly > to "no" for years, and yet we get very few questions here where the > artificial "no" setting causes a problem. So in a sense it's already > been tested for us. Thanks. [ Anyone else with strong preferences in either direction? ] Note, there is a difference between starting with a different default (and building a configuration that works with that) and having the default change on a system with an existing configuration that relies on the previous behaviour. So yes, append_dot_mydomain=no has proved usable, but migration from "yes" to "no" may require updating aliases files and the like at sites that relied on the previous default or they can of course simply set "append_dot_mydomain = yes" as part of the upgrade. -- Viktor.
Re: Input requested: append_dot_mydomain default change
On 9/22/2014 10:41 AM, Wietse Venema wrote: > This time PLEASE refrain from sidetracking the discussion. I want > to know what will break when the default changes, if that is not > too much to ask for. > > Summary: > > Until now, Postfix has a default setting "append_dot_mydomain = yes". > This performs autocompletion from user@host to user@host.$mydomain. > But this default setting is becoming problematic. > > I need to find out what will break when the default is changed to "no". > > How many people expect that this change would be a problem? It *may* > affect mail that is submitted with the sendmail command line, or > aliases that expand to user@host instead of user@host.domain. Email > addresses in SMTP *should* already be fully qualified. But I also > know that the real world often does not behave as it *should*. > Hence this query to the postfix-users list. > > Details: > > Why is the default "append_dot_mydomain = yes", anyway? > > - It can be "convenient" to send mail to "user@host" and to have > Postfix auto-complete the address to "user@host.$mydomain", or > to specify aliases to "user@host" instead of "user@host.domain". > Laziness is the primary reason append_dot_mydomain exists. > > Why change the append_dot_mydomain default to "no"? > > - The problem is that the current defauly produces incorrect results > *with Postfix default settings*, meaning it is my fault, I can't > blame the user, therefore something in Postfix needs to be changed > to fix this (and not just adding warnings to documentation). > > Specifically, when the hostname is a registered domain such as > example.com or example.ac.uk, Postfix default settings will > auto-complete "user@localhost" to "u...@localhost.com" or > "u...@localhost.ac.uk". Both forms are clearly bogus. > > - Some distributions already ship with "append_dot_mydomain = no". > This is an opportunity to eliminate the inconsistency. > > Now, Postfix could know that it should not use a single label (".com" > etc.) as the default mydomain value, but there are two-label domains > like ".ac.uk" and even three-label ones that are equally inappropriate > (though I think that their number is much smaller than the number > of single-level names such as ".com", ".nl", etc.). So avoiding > single-label suffixes (".com" etc.) is not perfect, but it may still > be useful as a safety net. > > The real fix is not to auto-complete email addresses. That requires > changing the default to "append_dot_mydomain = no". If people decide > to change this to "yes", then I can blame them for not reading the > warnings in the documentation :-) > > Wietse > My vote: Change the default and warn of the incompatible change in the release notes. Maybe suggest adding the unqualified hostname to mydestination in the notes? Don't bother with a main.cf compatibility shim. My thought: there are popular distros that have set this explicitly to "no" for years, and yet we get very few questions here where the artificial "no" setting causes a problem. So in a sense it's already been tested for us. -- Noel Jones
Re: Input requested: append_dot_mydomain default change
Am 22.09.2014 um 18:26 schrieb Viktor Dukhovni: > On Mon, Sep 22, 2014 at 05:55:16PM +0200, Robert Schetterer wrote: > >> my vote for default >> append_dot_mydomain = no > > Rationale? What problem does this solve or avoid for you? > Hi Viktor, i dont see it as a big problem whatever the parameter is set default. Its name speaks much enough to its own and should be understand quickly by anyone. But if i am called to vote i prefer not having defaults which are doing "semi automatics" like append. Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein
Re: Input requested: append_dot_mydomain default change
On Mon, Sep 22, 2014 at 05:55:16PM +0200, Robert Schetterer wrote: > my vote for default > append_dot_mydomain = no Rationale? What problem does this solve or avoid for you? -- Viktor.
Re: Input requested: append_dot_mydomain default change
Am 22.09.2014 um 17:41 schrieb Wietse Venema: > This time PLEASE refrain from sidetracking the discussion. I want > to know what will break when the default changes, if that is not > too much to ask for. > > Summary: > > Until now, Postfix has a default setting "append_dot_mydomain = yes". > This performs autocompletion from user@host to user@host.$mydomain. > But this default setting is becoming problematic. my vote for default append_dot_mydomain = no > > I need to find out what will break when the default is changed to "no". > > How many people expect that this change would be a problem? It *may* > affect mail that is submitted with the sendmail command line, or > aliases that expand to user@host instead of user@host.domain. Email > addresses in SMTP *should* already be fully qualified. But I also > know that the real world often does not behave as it *should*. > Hence this query to the postfix-users list. > > Details: > > Why is the default "append_dot_mydomain = yes", anyway? > > - It can be "convenient" to send mail to "user@host" and to have > Postfix auto-complete the address to "user@host.$mydomain", or > to specify aliases to "user@host" instead of "user@host.domain". > Laziness is the primary reason append_dot_mydomain exists. > > Why change the append_dot_mydomain default to "no"? > > - The problem is that the current defauly produces incorrect results > *with Postfix default settings*, meaning it is my fault, I can't > blame the user, therefore something in Postfix needs to be changed > to fix this (and not just adding warnings to documentation). > > Specifically, when the hostname is a registered domain such as > example.com or example.ac.uk, Postfix default settings will > auto-complete "user@localhost" to "u...@localhost.com" or > "u...@localhost.ac.uk". Both forms are clearly bogus. > > - Some distributions already ship with "append_dot_mydomain = no". > This is an opportunity to eliminate the inconsistency. > > Now, Postfix could know that it should not use a single label (".com" > etc.) as the default mydomain value, but there are two-label domains > like ".ac.uk" and even three-label ones that are equally inappropriate > (though I think that their number is much smaller than the number > of single-level names such as ".com", ".nl", etc.). So avoiding > single-label suffixes (".com" etc.) is not perfect, but it may still > be useful as a safety net. > > The real fix is not to auto-complete email addresses. That requires > changing the default to "append_dot_mydomain = no". If people decide > to change this to "yes", then I can blame them for not reading the > warnings in the documentation :-) > > Wietse > Best Regards MfG Robert Schetterer -- [*] sys4 AG http://sys4.de, +49 (89) 30 90 46 64 Franziskanerstraße 15, 81669 München Sitz der Gesellschaft: München, Amtsgericht München: HRB 199263 Vorstand: Patrick Ben Koetter, Marc Schiffbauer Aufsichtsratsvorsitzender: Florian Kirstein