--- Begin Message ---
Package: sendmail-bin
Version: 8.15.2-18
Severity: important
File: /usr/lib/sm.bin/sendmail
[ same as https://bugs.launchpad.net/ubuntu/+source/sendmail/+bug/1879738 ]
Dear Maintainer,
since USE_INET6 has been removed in glibc-2.30, sendmail fails to verify
IPv6 client addresses (reverse-then-forward-lookup) and refuses to
accept incoming mail:
May 20 16:42:50 mx sm-mta[161617]: ruleset=check_relay, arg1=[IPv6:2a04:6c0:0:0:0:0:bad:0], arg2=IPv6:2a04:6c0:0:0:0:0:bad:0, relay=hektik.14v.de [IPv6:2a04:6c0:0:0:0:0:bad:0] (may be forged), reject=451 4.1.8 Possibly forged hostname for IPv6:2a04:6c0:0:0:0:0:bad:0
It seems the patch "glibc-2.30.patch" only fixed the FTBS problem, but
does not provide any alternative method for IPv6 reverse lookups.
I checked with tcpdump and the forward-part of a
reverse-then-forward-lookup always asks for an "A" record instead of
"AAAA".
There is already some #ifdef in conf.c, function sm_getipnodebyname()
for gethostbyname2().
If I add
#define HAS_GETHOSTBYNAME2 1
before that, reverse-then-forward lookups for IPv6 do work again as
expected.
Please find the attached patch sendmail-ipv6-gethostbyname2.patch. It
modifies configure.ac, so that it checks availability of
gethostbyname2() and adds -DHAS_GETHOSTBYNNAME2=1 to sm_envdef when
found.
Regards
Matthias Ferdinand
-- Package-specific info:
Output of /usr/share/bug/sendmail-bin/script:
ls -alR /etc/mail:
/etc/mail:
total 336
drwxr-sr-x 7 smmta smmsp 4096 May 25 20:06 .
drwxr-xr-x 81 root root 4096 May 25 20:02 ..
-rwxr-xr-- 1 root smmsp 10014 May 25 20:06 Makefile
-rw------- 1 root root 4265 May 25 20:06 access
-rw-r----- 1 smmta smmsp 12288 May 25 20:06 access.db
-rw-r--r-- 1 root root 281 Mar 8 00:39 address.resolve
lrwxrwxrwx 1 root smmsp 10 May 25 19:09 aliases -> ../aliases
-rw-r----- 1 smmta smmsp 12288 May 25 20:06 aliases.db
-rw-r--r-- 1 root root 3215 May 25 20:06 databases
-rw-r--r-- 1 root root 5659 Mar 8 00:39 helpfile
-rw-r--r-- 1 root smmsp 31 May 25 19:09 local-host-names
drwxr-sr-x 2 smmta smmsp 4096 May 25 19:09 m4
drwxr-xr-x 2 root root 4096 May 25 19:09 peers
drwxr-xr-x 2 root smmsp 4096 Mar 8 00:39 sasl
-rw-r--r-- 1 root smmsp 64135 May 25 20:06 sendmail.cf
-rw-r--r-- 1 root root 64135 May 25 20:06 sendmail.cf.old
-rw-r--r-- 1 root root 12235 May 25 20:06 sendmail.conf
-rw-r--r-- 1 root smmsp 4048 May 25 20:06 sendmail.mc
-rw-r--r-- 1 root root 148 Mar 8 00:39 service.switch
-rw-r--r-- 1 root root 179 Mar 8 00:39 service.switch-nodns
drwxr-sr-x 2 smmta smmsp 4096 May 25 19:09 smrsh
-rw-r--r-- 1 root smmsp 44601 May 25 20:06 submit.cf
-rw-r--r-- 1 root root 44601 May 25 20:06 submit.cf.old
-rw-r--r-- 1 root smmsp 2375 May 25 20:06 submit.mc
drwxr-xr-x 2 smmta smmsp 4096 May 25 19:09 tls
-rw-r--r-- 1 root smmsp 0 May 25 19:09 trusted-users
/etc/mail/m4:
total 8
drwxr-sr-x 2 smmta smmsp 4096 May 25 19:09 .
drwxr-sr-x 7 smmta smmsp 4096 May 25 20:06 ..
-rw-r----- 1 root smmsp 0 May 25 19:09 dialup.m4
-rw-r----- 1 root smmsp 0 May 25 19:09 provider.m4
/etc/mail/peers:
total 12
drwxr-xr-x 2 root root 4096 May 25 19:09 .
drwxr-sr-x 7 smmta smmsp 4096 May 25 20:06 ..
-rw-r--r-- 1 root root 328 Mar 8 00:39 provider
/etc/mail/sasl:
total 8
drwxr-xr-x 2 root smmsp 4096 Mar 8 00:39 .
drwxr-sr-x 7 smmta smmsp 4096 May 25 20:06 ..
/etc/mail/smrsh:
total 8
drwxr-sr-x 2 smmta smmsp 4096 May 25 19:09 .
drwxr-sr-x 7 smmta smmsp 4096 May 25 20:06 ..
lrwxrwxrwx 1 root smmsp 26 May 25 19:09 mail.local -> /usr/lib/sm.bin/mail.local
lrwxrwxrwx 1 root smmsp 17 May 25 19:09 procmail -> /usr/bin/procmail
/etc/mail/tls:
total 48
drwxr-xr-x 2 smmta smmsp 4096 May 25 19:09 .
drwxr-sr-x 7 smmta smmsp 4096 May 25 20:06 ..
-rw-r--r-- 1 root root 7 May 25 19:09 no_prompt
-rw------- 1 root root 1188 May 25 19:09 sendmail-client.cfg
-rw-r--r-- 1 root smmsp 1265 May 25 19:09 sendmail-client.crt
-rw------- 1 root root 1025 May 25 19:09 sendmail-client.csr
-rw-r----- 1 root smmsp 1675 May 25 19:09 sendmail-common.key
-rw-r----- 1 root smmsp 1650 May 25 19:09 sendmail-common.prm
-rw------- 1 root root 1188 May 25 19:09 sendmail-server.cfg
-rw-r--r-- 1 root smmsp 1265 May 25 19:09 sendmail-server.crt
-rw------- 1 root root 1025 May 25 19:09 sendmail-server.csr
-rwxr--r-- 1 root root 3243 May 25 20:06 starttls.m4
sendmail.conf:
DAEMON_NETMODE="Static";
DAEMON_NETIF="eth0";
DAEMON_MODE="Daemon";
DAEMON_PARMS="";
DAEMON_HOSTSTATS="No";
DAEMON_MAILSTATS="No";
QUEUE_MODE="${DAEMON_MODE}";
QUEUE_INTERVAL="10m";
QUEUE_PARMS="";
MSP_MODE="Cron";
MSP_INTERVAL="20m";
MSP_PARMS="";
MSP_MAILSTATS="${DAEMON_MAILSTATS}";
MISC_PARMS="";
CRON_MAILTO="root";
CRON_PARMS="";
LOG_CMDS="No";
HANDS_OFF="No";
AGE_DATA="";
DAEMON_RUNASUSER="No";
DAEMON_STATS="${DAEMON_MAILSTATS}";
MSP_STATS="${MSP_MAILSTATS}";
sendmail.mc:
divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.15.2-18 2020-03-08 00:39:49 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp')dnl
DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
define(`confPRIVACY_FLAGS',dnl
`needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`access_db', , `skip')dnl
FEATURE(`greet_pause', `1000')dnl 1 seconds
FEATURE(`delay_checks', `friend', `n')dnl
define(`confBAD_RCPT_THROTTLE',`3')dnl
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
include(`/etc/mail/m4/dialup.m4')dnl
include(`/etc/mail/m4/provider.m4')dnl
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl
submit.mc...
divert(-1)dnl
divert(0)dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: submit.mc, v 8.15.2-18 2020-03-08 00:39:49 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-msp')dnl
FEATURE(`msp', `[127.0.0.1]', `25')dnl
-- System Information:
Debian Release: bullseye/sid
APT prefers testing
APT policy: (500, 'testing'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 5.6.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages sendmail-bin depends on:
ii debconf 1.5.74
ii init-system-helpers 1.57
ii libc6 2.30-8
ii libdb5.3 5.3.28+dfsg1-0.6
ii libldap-2.4-2 2.4.50+dfsg-1
ii liblockfile1 1.16-1.1
ii libsasl2-2 2.1.27+dfsg-2
ii libssl1.1 1.1.1g-1
ii libwrap0 7.6.q-30
ii lsb-base 11.1.0
ii procps 2:3.3.16-5
ii sendmail-base 8.15.2-18
ii sendmail-cf 8.15.2-18
sendmail-bin recommends no packages.
Versions of packages sendmail-bin suggests:
ii libsasl2-modules 2.1.27+dfsg-2
ii openssl 1.1.1g-1
pn sasl2-bin <none>
pn sendmail-doc <none>
Versions of packages sensible-mda depends on:
ii libc6 2.30-8
ii procmail 3.22-26
Versions of packages sendmail depends on:
ii sendmail-base 8.15.2-18
ii sendmail-cf 8.15.2-18
ii sensible-mda 8.15.2-18
Versions of packages sendmail suggests:
pn rmail <none>
pn sendmail-doc <none>
-- no debconf information
--- a/debian/configure.ac.orig 2020-03-08 00:39:49.000000000 +0100
+++ b/debian/configure.ac 2020-05-25 17:44:34.527721758 +0200
@@ -1398,14 +1398,27 @@
fi;
fi;
+# sendmail does not use getaddrinfo()
+# if test $sm_have_ipv6 = yes; then
+# AC_CHECK_FUNCS(getaddrinfo,
+# [sm_have_ipv6=yes]
+# ,[sm_have_ipv6=no])
+# if test $sm_have_ipv6 = no; then
+# AC_MSG_ERROR([IPv6 support requires getaddrinfo])
+# fi;
+# fi;
+
+# sendmail supports gethostbyname2()
if test $sm_have_ipv6 = yes; then
- AC_CHECK_FUNCS(getaddrinfo,
+ AC_CHECK_FUNCS(gethostbyname2,
[sm_have_ipv6=yes]
,[sm_have_ipv6=no])
if test $sm_have_ipv6 = no; then
- AC_MSG_ERROR([IPv6 support requires getaddrinfo])
- fi;
+ AC_MSG_ERROR([IPv6 support requires gethostbyname2])
+ else
+ sm_envdef="$sm_envdef -DHAS_GETHOSTBYNAME2=1"
fi;
+ fi;
if test $sm_have_ipv6 = yes; then
v2i 8.10.0;
--- End Message ---
--- Begin Message ---
Source: sendmail
Source-Version: 8.15.2-19
Done: Andreas Beckmann <anbe@debian.org>
We believe that the bug you reported is fixed in the latest version of
sendmail, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 961538@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andreas Beckmann <anbe@debian.org> (supplier of updated sendmail package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 26 May 2020 01:48:43 +0200
Source: sendmail
Architecture: source
Version: 8.15.2-19
Distribution: unstable
Urgency: medium
Maintainer: Debian QA Group <packages@qa.debian.org>
Changed-By: Andreas Beckmann <anbe@debian.org>
Closes: 961538
Changes:
sendmail (8.15.2-19) unstable; urgency=medium
.
* QA upload.
* Fix IPv6 reverse lookups with glibc 2.30, thanks to Matthias Ferdinand.
(Closes: #961538) (LP: #1879738)
* Do not ship files generated by autoreconf.
* Run autoreconf on debian/ at build time.
* Switch to debhelper-compat (= 13).
* Move /usr/lib/sm.bin/ to /usr/libexec/sendmail/.
* Update Lintian overrides.
Checksums-Sha1:
afaef68c95eeb7e2d97c0b03c0f841028038a1aa 2820 sendmail_8.15.2-19.dsc
a3df024b35a044e282c208a0f85ce13033f7dfe1 228296 sendmail_8.15.2-19.debian.tar.xz
5f957f984692514ced77c37876fbef8f7cf90371 5926 sendmail_8.15.2-19_source.buildinfo
Checksums-Sha256:
d44984279c5dc42827578740d12c739fd037c10938f619fafe521d9182cf6a3b 2820 sendmail_8.15.2-19.dsc
8f91173d4f71f322825944e445fede1567b135b9e2a8761f139ac0e573139f43 228296 sendmail_8.15.2-19.debian.tar.xz
04c63b6c3e8e287cf2336f4b2ba7c8d62bb3591f9636310cc54722d69226cd9d 5926 sendmail_8.15.2-19_source.buildinfo
Files:
f9633df01e26c081147e1794e0581c6a 2820 mail optional sendmail_8.15.2-19.dsc
289fbbd1985ae24a0bf9bd9d2aade616 228296 mail optional sendmail_8.15.2-19.debian.tar.xz
07a744c404243b6411c8080a18d4b58a 5926 mail optional sendmail_8.15.2-19_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJEBAEBCAAuFiEE6/MKMKjZxjvaRMaUX7M/k1np7QgFAl7MW0EQHGFuYmVAZGVi
aWFuLm9yZwAKCRBfsz+TWentCCgcD/9vuBxFFmYfkRj01Pvhl9e6mXtiN63KEgDy
mVxYO7HWKRjyGe2a+qg+hUA3x3oje8/hCO3LNpasx8LJ6K71wmSH5Z7TBdwZ8PhX
7EULbD3x+gpQK6lFgsuHoVqi+mCfCciGwXGiN7M9fg/Fri/9u/4JIFL7j453Ka87
tWXhUMS5GNJf+dr6jPD+3zZ2037fxSoneVgJD2QXsXCwrGlJaj1FgCxxJ9zaQvRI
dEEiELwHEbCjUtjpJ/okXWL5vlJhf2KD3BfatgqQuuAt8bSGfSnMiJZF7FRG7RFl
jJYriy2zR+2QljjdkY3oeFtJL1+v5eagjWbGkpNpBe3AqhzmZDJbY7gpSamlBsgF
CtGe6bvZvYEP1xcjnRd2UPdASBbDm+71zg6O90ATm4dAn8/1i120JJrab7F8Nim3
UoHHHOJkRZy3lR1tYvEafOxMc3K2MrXaI/Ts6p3so87gXksfbni4snE6KPQVY7BQ
6Kgx+xD47LyikzbH9aIIisMQfm+gMQsxS6z05E3IXIIzbeMUbPH0LycoEW+gHOJb
fyDqgWkUSEzcDjlu6k8Z2Yg5CjPowdW1zVYhZ9jo40pyVVXjLjRyDATMNa9fzE9H
ULOcNw3ltqNxq9OM8eItfkLujpuKqDqvDwCIO0cP5lz4cmZ39za7AUYOHZ5VgKfr
mf8PwVDxNQ==
=Ldix
-----END PGP SIGNATURE-----
--- End Message ---