Great Circle Associates List-Managers
(August 1999)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Majordomo and Postfix and Approvals, Oh, My!
From: Nick Simicich <njs @ scifi . squawk . com>
Date: Mon, 30 Aug 1999 11:31:30 -0400 (EDT)
To: list-managers @ GreatCircle . COM
Cc: postfix-users @ cloud9 . net

Problem:  Postfix, by default, uses a special mechanism to quickly catch
and thwart mail loops.  It places a "delivered-to" header into the mail
when it delivers it.  If mail is pushed back into postfix, and it is about
to deliver it to a place it has already delivered it to, it bounces it
instead.  This is very effective.  It is so effective that it catches even
mail loops where the Received lines are stripped.  It also catches
attempts to approve messages, because the mail will be inserted into the
mail queue with a target destination that is already named in a
Delivered-To:.  This is the problem.

Solution 1:  Configure postfix to not apply the Delivered-to headers. 
This is bad, as it completely ditches the mechanism. 

Solution 2:  Change all of the approval tools and procedures to delete the
delivered-to headers.  This is bad since I have multiple moderators who
have their own procedures, written in the scripting language of their
choice on different platforms.

Solution 3: Ditch Postfix.  No.  The list users love postfix because they
are getting their messages up to 1/2 hour earlier, even though I was using
bulk-mailer with sendmail.  (They didn't say, "Postfix is great", they
said, "Gosh, everything is working a lot quicker now.  What did you do?") 
Postfix delivered 110,000 messages last week. It rarely uses more than a
few percent of the CPU (An ancient Pentium 100 running Redhat 6 with 32
Meg). I have tried to dump a big load of stuff on it all at once, it sorts
it out real fast, without bouncing messages because of overload.  It
configures more quickly and sanely than sendmail. It is arguably more
secure than sendmail can be, since it is a bunch of small pieces that do
not run with more privs than they need, and was written by a security guru
with security in mind from the start. I have years of experience with
sendmail and I like it.  Postfix is just better, especially for this. 

Solution 4: Have majordomo strip Delivered-to headers in all cases.  Same
problems as solution 1 - you want this mechanism to work, most of the
time, even on majordomo.

Solution 5:  Change resend to remove Delivered-To: headers from any
message that came in as a message body to be Approved after a bounce. 
Here is a patch.  I have a lot of other patches, so expect a bit of offset
if you apply it. 


--- /usr/lib/majordomo/resend	Sun Aug  9 16:33:59 1998
+++ resend	Mon Aug 30 10:49:32 1999
@@ -40,6 +40,16 @@
 
 #$DEBUG = 1;
 
+#postfix uses "delivered-to" to shortcut detection of loops.
+#This is a good thing, unless this is an approved message.
+#postfix will see this and bounce the message.
+#Approval is one of cases that we want to remove 'Delivered-to'
+#We set this later if we see an "approved" header.  Then,
+#when we drop the message back into postfix, it can be redelivered
+#to the same address.
+
+$kill_delivered_to = 0;
+
 # set our path explicitly
 # PATH it is set in the wrapper, so there is no need to set it here.
 #$ENV{'PATH'} = "/bin:/usr/bin:/usr/ucb";
@@ -400,6 +417,10 @@
 	}
 	
 	# Parse the following as a completely new message.
+
+	# This is a postfix hack.  See above.
+	$kill_delivered_to = 1;
+
 	$result .= &parse_header; # The return value won't matter; we're
 	# approved.
 	
@@ -597,6 +648,15 @@
 	    if $DEBUG;
 	# check for taboo_headers or approved header
 	#
+
+	# Kill delivered-to headers in approved messages for
+	# postfix.
+	if ($kill_delivered_to && /^Delivered\-To\:/i) {
+	    $kept_last = 0;
+	    print STDERR "$0:    skipped-delivered-to\n" if $DEBUG;
+	    next;
+	}
+
 	if ($#taboo_headers >= $[ && !$approved &&
 	    eval $is_taboo_header) {
 	    $gonna_bounce .= "taboo header: $taboo ";
------CUT HERE--------

Of course my password is the same as my pet's name.  
My macaw's name was Q47pY!3, but I change it every 90 days.
Nick Simicich mailto:njs @
 scifi .
 squawk .
 com or (last choice) mailto:njs @
 us .
 ibm .
 com
http://scifi.squawk.com/njs.html -- Stop by and Light Up The World!



Follow-Ups:
Indexed By Date Previous: Smart Bounce
From: "Chris McEwen" <socrates @ sprintmail . com>
Next: Commercial List Servers
From: Gilberto Santiago <gsantiag @ staff . ieee . org>
Indexed By Thread Previous: Re: Smart Bounce
From: Vince Sabio <vince-lists @ vjs . org>
Next: Re: Majordomo and Postfix and Approvals, Oh, My!
From: wietse @ porcupine . org (Wietse Venema)

Google
 
Search Internet Search www.greatcircle.com