tickets #122596
openpostfix config on pagure01.i.o.o
0%
Description
"pagure01.infra.opensuse.org" attempts to send mails from "root@localhost" to "pagure@opensuse.org" which is of course rejected by anna, "need fully-qualified address":
2022-12-19T06:42:06.806250+00:00 anna postfix/smtpd[8248]: NOQUEUE: reject: RCPT from pagure01.infra.opensuse.org[192.168.47.84]: 504 5.5.2 <root@localhost>: Recipient address rejected: need fully-qualified address; from=<pagure@opensuse.org> to=<root@localhost> proto=ESMTP helo=<code.opensuse.org>
2022-12-19T06:42:06.827154+00:00 anna postfix/smtpd[8248]: disconnect from pagure01.infra.opensuse.org[192.168.47.84] ehlo=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=4/6
2022-12-19T06:42:06.843429+00:00 anna postfix/smtpd[8248]: connect from pagure01.infra.opensuse.org[192.168.47.84]
2022-12-19T06:42:06.858248+00:00 anna postfix/smtpd[8248]: D157120723: client=pagure01.infra.opensuse.org[192.168.47.84]
2022-12-19T06:42:06.863007+00:00 anna postfix/cleanup[8250]: D157120723: message-id=<20221219064206.CB82C68E8@code.opensuse.org>
2022-12-19T06:42:06.865381+00:00 anna postfix/smtpd[8248]: disconnect from pagure01.infra.opensuse.org[192.168.47.84] ehlo=1 mail=1 rcpt=1 data=1 quit=1
commands=5
Next, pagure01.i.o.o attempts to deliver an NDR to "pagure@opensuse.org" which is not a known address:
2022-12-19T06:42:06.867066+00:00 anna postfix/qmgr[4637]: D157120723: from=<>, size=8560, nrcpt=1 (queue active)
2022-12-19T06:42:06.912581+00:00 anna postfix/smtp[7979]: Untrusted TLS connection established to mx1.opensuse.org[195.135.221.175]:25: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature ECDSA (P-384) server-digest SHA384
2022-12-19T06:42:06.925815+00:00 anna postfix/smtp[7979]: D157120723: to=<pagure@opensuse.org>, relay=mx1.opensuse.org[195.135.221.175]:25, delay=0.08, delays=0.02/0/0.05/0.01, dsn=5.1.1, status=bounced (host mx1.opensuse.org[195.135.221.175] said: 550 5.1.1 <pagure@opensuse.org>: Recipient address rejected: User unknown in virtual alias table (in reply to RCPT TO command))
2022-12-19T06:42:06.927844+00:00 anna postfix/qmgr[4637]: D157120723: removed
It looks like the postfix config on pagure01.i.o.o could do with a bit of TLC ?
Updated by pjessen over 1 year ago
- Private changed from Yes to No
- I presume the postfix config has hostname = localhost.
- sender address "pagure@opensuse.org" is kind of okay, but unless replies are expected / anticipated, it ought to be just "<>".
I don't know what pagure is sending to root, of course, but probably root ought to be aliased to "admin-auto@o.o".
Updated by pjessen over 1 year ago
- Related to tickets #108215: Reply-to by mail fails for code.opensuse.org added
Updated by crameleon 11 months ago
I presume the postfix config has hostname = localhost.
myhostname = code.opensuse.org
I don't know what pagure is sending to root, of course, but probably root ought to be aliased to "admin-auto@o.o".
Wouldn't it make sense to set an alias for root -> admin-auto@o.o on all machines?
Updated by pjessen 11 months ago
crameleon wrote:
I presume the postfix config has hostname = localhost.
myhostname = code.opensuse.orgI don't know what pagure is sending to root, of course, but probably root ought to be aliased to "admin-auto@o.o".
Wouldn't it make sense to set an alias for root -> admin-auto@o.o on all machines?
Yes, that would make a lot of sense.
Updated by crameleon 11 months ago
Just when I was about to add the couple lines to Salt, I noticed we already have this:
~/W/g/salt (root-alias)> ack -B2 -A1 aliases pillar/common/init.sls
profile:
postfix:
aliases:
root: admin-auto@opensuse.org
Such an alias should hence already exist in /etc/aliases on all machines. A short test with
minnie # salt --out yaml \* cmd.run 'grep -q admin-auto /etc/aliases && echo ok'
suggets that this is indeed the case for most, if not all, machines.
Updated by cboltz 11 months ago
Better test with || echo failed and then grep -B1 for it ;-)
minnie (saltmaster):/home/cboltz # salt \* cmd.run 'grep -q admin-auto /etc/aliases || echo missing' | grep -B1 missing | grep infra.opensuse.org: | sort
gcc-stats.infra.opensuse.org:
ipx-galera1.infra.opensuse.org:
ipx-galera2.infra.opensuse.org:
ipx-galera3.infra.opensuse.org:
ipx-narwal1.infra.opensuse.org:
mirrorcache-backstage.infra.opensuse.org:
mirrorcache-stats.infra.opensuse.org:
mirrorcache-us-db.infra.opensuse.org:
mirrorcache-us.infra.opensuse.org:
mirrorcache.infra.opensuse.org:
mx3.infra.opensuse.org:
nala.infra.opensuse.org:
nala2.infra.opensuse.org:
progressoo.infra.opensuse.org:
provo-galera1.infra.opensuse.org:
provo-galera2.infra.opensuse.org:
provo-proxy1.infra.opensuse.org:
status1.infra.opensuse.org:
status2.infra.opensuse.org:
status3.infra.opensuse.org:
Running a highstate should add the alias, but please do a testhighstate first to avoid unintentional changes. (Also, status*.i.o.o are not in salt. I wonder if we should change that, even if the original idea was to keep them as independent as possible.)