[Pymilter] hostname in Authentication-Results
Marco Moock
mm at dorfdsl.de
Mon Mar 10 03:03:46 EDT 2025
Am 09.03.2025 um 17:21:34 Uhr schrieb Stuart D Gathman:
> Pyspf obtains the hostname via socket.gethostname(). An MTA should
> have a FQDN configured (e.g. via hostnamectl), but some people use a
> single word. (Just as they incorrectly use an unqualified name for
> HELO in sendmail config.)
My MTA (sendmail) uses its FQDN, other Milters like opendkim also use
it.
> 1) Emphasize in docs that hostname MUST be a FQDN. How this is
> configured depends on distro. It can be /etc/hostname or use
> hostnamectl (systemd), or some other method.
m at srv1:~$ hostname
srv1
m at srv1:~$ hostname -f
srv1.dorfdsl.de
m at srv1:~$ hostname -d
dorfdsl.de
m at srv1:~$
m at srv1:~$ cat /etc/hosts
127.0.0.1 srv1.dorfdsl.de srv1 localhost
::1 srv1.dorfdsl.de srv1 localhost ip6-localhost
ip6-loopback localhost.localdomain ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
m at srv1:~$
m at srv1:~$ hostnamectl
Static hostname: srv1
Icon name: computer-desktop
Chassis: desktop 🖥️
Machine ID: bef07cf8d70d4c2c975807f95f4e6270
Boot ID: cc4a6baf44ac4719ab6a67ae3377a6ce
Operating System: Debian GNU/Linux 12 (bookworm)
Kernel: Linux 6.12.12+bpo-amd64
Architecture: x86-64
Hardware Vendor: Intel Corporation
Hardware Model: D525MW
Firmware Version: MWPNT10N.86A.0132.2013.0726.1534
Firmware Date: Fri 2013-07-26
Firmware Age: 11y 7month 2w
m at srv1:~$
Looks fine for me.
I've read many docs that say /etc/hostname should only contain the
hostname and not the FQDN. The question is what
> 2) Have pyspf use socket.getfqdn() instead. This looks up hostname
> from local IP and uses the first that contains a period, or
> socket.gethostname(). All kinds of things can go wrong with this.
> I don't recommend it.
https://docs.python.org/3/library/socket.html
|Note: gethostname() doesn’t always return the fully qualified domain
|name; use getfqdn() for that.
Now the question is: In which circumstances does it return the FQDN?
Although, switching to getfqdn sounds reasonable to me. :-)
m at srv1:~$ python3 /tmp/host.py
gethostname: srv1
getfqdn: srv1.dorfdsl.de
m at srv1:~$
> 4) Have pyspf use milter API to obtain the MTA name configured for
> HELO
> - which is *supposed* to be the fully qualified hostname. Again, this
> is misconfigured even more often than hostname.
It isn't wrong on my machine, just checked with sendmail -v
#>>> EHLO srv1.dorfdsl.de
> 5) Have pyspf check that socket.gethostname() is indeed a FQDN, and
> throw a (hopefully informative) exception if that is not that case.
>
> Have listed these, I lean toward #5.
Would it be reasonable to have such a feature in the normal release?
> > Is that an issue of pyspf or at another place?
>
> Depends on your distro. What is in /etc/hostname? Does your system
> use systemd?
It is Debian, it uses systemd, see the output of hostnamectl.
--
Gruß
Marco
Send unsolicited bulk mail to 1741537294muell at cartoonies.org
More information about the Pymilter
mailing list