[Pymilter] hostname in Authentication-Results

Marco Moock mm at dorfdsl.de
Mon Mar 10 03:03:46 EDT 2025


Am 09.03.2025 um 17:21:34 Uhr schrieb Stuart D Gathman:

> Pyspf obtains the hostname via socket.gethostname().  An MTA should
> have a FQDN configured (e.g. via hostnamectl), but some people use a
> single word.  (Just as they incorrectly use an unqualified name for
> HELO in sendmail config.)

My MTA (sendmail) uses its FQDN, other Milters like opendkim also use
it.

> 1) Emphasize in docs that hostname MUST be a FQDN.  How this is
> configured depends on distro.  It can be /etc/hostname or use
> hostnamectl (systemd), or some other method.

m at srv1:~$ hostname
srv1
m at srv1:~$ hostname -f
srv1.dorfdsl.de
m at srv1:~$ hostname -d
dorfdsl.de
m at srv1:~$ 

m at srv1:~$ cat /etc/hosts
127.0.0.1       srv1.dorfdsl.de srv1 localhost
::1             srv1.dorfdsl.de srv1 localhost ip6-localhost
ip6-loopback localhost.localdomain ff02::1         ip6-allnodes
ff02::2         ip6-allrouters

m at srv1:~$ 

m at srv1:~$ hostnamectl 
 Static hostname: srv1
       Icon name: computer-desktop
         Chassis: desktop 🖥️
      Machine ID: bef07cf8d70d4c2c975807f95f4e6270
         Boot ID: cc4a6baf44ac4719ab6a67ae3377a6ce
Operating System: Debian GNU/Linux 12 (bookworm)  
          Kernel: Linux 6.12.12+bpo-amd64
    Architecture: x86-64
 Hardware Vendor: Intel Corporation
  Hardware Model: D525MW
Firmware Version: MWPNT10N.86A.0132.2013.0726.1534
   Firmware Date: Fri 2013-07-26
    Firmware Age: 11y 7month 2w                   
m at srv1:~$ 
Looks fine for me.

I've read many docs that say /etc/hostname should only contain the
hostname and not the FQDN. The question is what 

> 2) Have pyspf use socket.getfqdn() instead.  This looks up hostname
> from local IP and uses the first that contains a period, or
> socket.gethostname().  All kinds of things can go wrong with this. 
> I don't recommend it.

https://docs.python.org/3/library/socket.html
|Note: gethostname() doesn’t always return the fully qualified domain
|name; use getfqdn() for that.

Now the question is: In which circumstances does it return the FQDN?

Although, switching to getfqdn sounds reasonable to me. :-)

m at srv1:~$ python3 /tmp/host.py
gethostname: srv1
getfqdn: srv1.dorfdsl.de
m at srv1:~$ 

> 4) Have pyspf use milter API to obtain the MTA name configured for
> HELO
> - which is *supposed* to be the fully qualified hostname.  Again, this
> is misconfigured even more often than hostname.

It isn't wrong on my machine, just checked with sendmail -v

#>>> EHLO srv1.dorfdsl.de

> 5) Have pyspf check that socket.gethostname() is indeed a FQDN, and
> throw a (hopefully informative) exception if that is not that case.
> 
> Have listed these, I lean toward #5.

Would it be reasonable to have such a feature in the normal release?

> > Is that an issue of pyspf or at another place?  
> 
> Depends on your distro.  What is in /etc/hostname?  Does your system
> use systemd?

It is Debian, it uses systemd, see the output of hostnamectl.

-- 
Gruß
Marco

Send unsolicited bulk mail to 1741537294muell at cartoonies.org



More information about the Pymilter mailing list