HELP Sendmail is rewriting my FROM/TO/REPLY-TO headers (Debian)

Hey all,

Disclaimer: I am using debian's sendmail package. It most likely is
the cause of more than a bit of this nonsense. I have been trying
(ALL NIGHT) to get an issue with the mailman list manager resolved --
and have started sending mails from the command line to rule out that
the wierdness is a Mailman thing. I've confirmed, it's pure sendmail.

It's not a "trusted users" issue, I'm doing my tests as root. It's
not an access.db issue, or a relaying issue, this is being submitted
directly to /usr/sbin/sendmail.

I apologize for mangling the domain, but it's work I'm doing with a
local non-profit and I wouldn't want it reflected in usenet history
forever :)

My hostname: secure.domain.com (it's what my primary IP resolves to).
My alias (with an A record): lists.domain.com (defined in the local-
host-names file, also listed as an alias in /etc/hosts).

When I take the following file:

From: "Dan Mahoney, System Admin"
Reply-To: mailman@lists.domain.com
To: danm@prime.gushi.org
Subject: [Mailman] test

test

And run it through sendmail -i
It gets delivered to me with the REPLY-TO line rewritten to be from
mailman@FQDN

(If I change the reply-to line to be something off-the-wall like my
address on another box, it's left alone).

I'm not using ANY of the masquerading features. I've seen references
to how doing this with a CNAME can be bad, but I'm using an A record
-- it's perfectly reasonable to assume I want to host more than one
mail subdomain. (lists.domain.com, staff.domain.com)

I've finally figured out, through changing various things, what can
fix it...If I reset my primary IP address to be lists.domain.com in /
etc/hosts (which I thought sendmail didn't even USE) -- under BSD it
does not, but under the linux nsswitch library it does? After
restarting sendmail, then my mail starts getting delivered as such,
headers intact.

Except that now my machine will be using an incorrect hostname in its
HELO greeting, which is not correct either.

Any help is appreciated.

My sendmail.mc is at http://www.gushi.org/sendmail.mc

Re: HELP Sendmail is rewriting my FROM/TO/REPLY-TO headers (Debian)

Okay, I discovered the solution, and it's a bit obscure, so I'm going
to document it here (if it helps you, drop me a line!).

The issue was that my hosts file (which sendmail normally ignores)
looked like this:

ip.add.re.ss secure.domain.com secure server lists.domain.com

That last line was added while debugging the mailing list interface --
to view it via lynx to test it while DNS was propagating, and would
have been harmless on any system that doesn't use nss-switch.

However, sendmail sees that "alias" line, and treats it as though it
were a CNAME, and therefore feels the need to "canonify" it as though
it were unqualified as per RFC821.

(Do a google search on 'sendmail cname' to check this out.)

Re: HELP Sendmail is rewriting my FROM/TO/REPLY-TO headers (Debian)

In article <1192712678.394879.97860@e9g2000prf.googlegroups.com>,
Gushi wrote:

> Okay, I discovered the solution, and it's a bit obscure, so I'm going
> to document it here (if it helps you, drop me a line!).
>
> The issue was that my hosts file (which sendmail normally ignores)
> looked like this:
>
> ip.add.re.ss secure.domain.com secure server lists.domain.com
>
> That last line was added while debugging the mailing list interface --
> to view it via lynx to test it while DNS was propagating, and would
> have been harmless on any system that doesn't use nss-switch.
>
> However, sendmail sees that "alias" line, and treats it as though it
> were a CNAME, and therefore feels the need to "canonify" it as though
> it were unqualified as per RFC821.
>
> (Do a google search on 'sendmail cname' to check this out.)

Technically, all of the names after the first one in a hosts file line
are considered aliases in the classical naming model that was based only
on a hosts file, and the CNAME record type in DNS was defined to
replicate the semantics of that model. Those additional names are
logically less canonical, and Sendmail uses that naming model to
normalize address domain-parts that it sees as 'local' to the One True
Canonical Name. That naming model is not well-suited to some things many
people like to do today, but it survives because some people like the
structure it provides and the safety net it can sometimes provide.

--
Now where did I hide that website...

Re: HELP Sendmail is rewriting my FROM/TO/REPLY-TO headers (Debian)

In news:1192710820.399348.295060@k35g2000prh.googlegroups.com,
Gushi wrote:

> I apologize for mangling the domain, but it's work I'm doing with a
> local non-profit and I wouldn't want it reflected in usenet history
> forever :)
>
> My hostname: secure.domain.com ...

Don't use an actual domain that belongs to someone else.

$ nslookup domain.com
....
Non-authoritative answer:
Name: domain.com
Address: 216.34.94.177