search

virtualmin / virtualmin-gpl

Virtualmin web hosting control panel for Webmin
https://www.virtualmin.com
GNU General Public License v3.0
315 stars 97 forks source link

sendmail forwarding and aliases are broken with user@domain style users #748

Open matyasmatyas opened 7 months ago

matyasmatyas commented 7 months ago

Hello,

Looks like sendmail forwarding and aliases are broken with user@domain style users. The aliases are not escaped properly because in virtual-server-lib-funcs.pl , escape_alias function has some bugs. The old version of the function works properly and returns: user-domain

sub escapealias { local $escuser = $[0]; $escuser =~ s/\@/-/g; return $escuser; }

The new version areturns user\@domain as alias name which is a big NO for sendmail /etc/aliases file as key.

sub escapealias { my ($escuser) = @; my $origuser = $escuser; $escuser =~ s/\@/-/g; if (!getpwnam($escuser)) { $escuser = &escape_user($origuser); } return $escuser; }

The getpwnam part perhaps is OK for postfix but really breaks sendmail aliases.

A possible fix could be:

if (!getpwnam($escuser) && $config{'mail_system'} != 1) { $escuser = &escape_user($origuser); }

Thank you!

iliajie commented 7 months ago

Hello,

If you added nopostfix_extra_user=1 to /etc/webmin/virtual-server/config file, would it make any difference?

matyasmatyas commented 7 months ago

In my /etc/webmin/virtual-server/config already is nopostfix_extra_user=1 .

So I can confirm the issues manifests itself even with nopostfix_extra_user=1

iliajie commented 7 months ago

So I can confirm the issues manifests itself even with nopostfix_extra_user=1

Actually, we need to create an extra user using nopostfix_extra_user=2. Can you check this option instead? But you would need to create a new user in Edit Users page to give it a proper test.

matyasmatyas commented 7 months ago

I just tested with nopostfix_extra_user=2 but the result was exactly the same.

Created with Edit Users a new user named user@domain.com and added to it a forwarder to user@otherdomain.com

In /etc/mail/virtusertable user@domain.com user\@domain.com

In /etc/aliases user\@domain.com: user@otherdomain.com,\user\@domain.com

This syntax is not working with sendmail. No @ is allowed in left value.

Expected result should be (which works with the the proposed patch on escape_alias() function.) like this:

In /etc/mail/virtusertable user@domain.com user-domain.com

In /etc/aliases user-domain.com: user@otherdomain.com,\user\@domain.com

Test result with a working forwarder:

sendmail -bv user@domain.com \user\@domain.com... deliverable: mailer local, user \user\@domain.com user@otherdomain.com... deliverable: mailer esmtp, host otherdomain.com., user user@otherdomain.com

iliajie commented 7 months ago

In /etc/aliases user-domain.com: user@otherdomain.com,[user@domain.com](mailto:user@domain.com)

But user-domain.com should be an actual user on the system, right? Does Virtualmin create this user-domain.com user in the first place? If so, did it also create user-domain.com before making any changes to nopostfix_extra_user option?

matyasmatyas commented 7 months ago

No, user-domain.com unix user did not get created. That ugly second unix user is not needed for sendmail but only for postfix. That's the way virtualmin worked fine for many-many years with sendmail and user@domain style users until the escape_alias() function got changed with that getpwnam condition.

iliajie commented 7 months ago

This syntax is not working with sendmail. No @ is allowed in left value.

@ should be allowed, as it can be a part of a Unix username? Although, might be we don't really need to escape @ in /etc/aliases even if a user is a local Unix user?

Can you create a test record manually, like caught-user@example.com: user1@example.com,user2@example.com, rebuild aliases by running postalias /etc/aliases, and run some tests and let us know what results do you get?

matyasmatyas commented 7 months ago

You are right @ is allowed and it works if that user is not in virtusertable (so it is an alias not a real unix user)

sendmail -bv caught-user@example.com user2@example.com... deliverable: mailer esmtp, host example.com., user user2@example.com user1@example.com... deliverable: mailer esmtp, host example.com., user user1@example.com

When it is in virtusertable it does not go to aliases:

sendmail -bv caught-user@example.com caught-user@example.com... deliverable: mailer local, user caught-user\@example.com

I think the old way of escaping aliases with hyphen username-domain.com was made with a good reason.

iliajie commented 7 months ago

You are right @ is allowed and it works if that user is not in virtusertable

Could you show me the complete record you added to /etc/aliases file?

matyasmatyas commented 7 months ago

At the moment I'm using the old escape_alias function and it works perfectly with sendmail MTA and user@domain style users.. However a fix in the distribution release would be more than welcome.

sub escapealias { local $escuser = $[0]; $escuser =~ s/\@/-/g; return $escuser; }

iliajie commented 7 months ago

You are right @ is allowed and it works if that user is not in virtusertable

Could you show me the complete record you added to /etc/aliases file?

Could you please show me the exact record you added?

matyasmatyas commented 7 months ago

I tested manually with: /etc/aliases caught-user@example.com: user1@example.com,user2@example.com

It works.

But when it is added by virtualmin it does not work because when virtusertable entry is present it does not expand the alias it stops in virtusertable

/etc/mail/virtusertable caught-user@example.com caught-user\@example.com

Also virtualmin adds it to alias file like this (escaped @ in left value): caught-user\@example.com: user1@example.com,user2@example.com

However escaped or not the alias expansion does not work. The only way it works when @ is replaced by - (hyphen).

iliajie commented 7 months ago

I tested manually with: /etc/aliases caught-user@example.com: user1@example.com,user2@example.com

It works.

Got it! Thanks!

But when it is added by virtualmin it does not work because when virtusertable entry is present it does not expand the alias it stops in virtusertable

What if we didn't add a record to a /etc/mail/virtusertable instead, would Virtualmin added alias, i.e.:

catching-user\@example.com: user1@example.com,user2@example.com,\catching-user\@example.com

.. worked with Sendmail in this case?

Currently we do exactly that with Postfix..

matyasmatyas commented 7 months ago

What if we didn't add a record to a /etc/mail/virtusertable instead, would Virtualmin added alias, i.e.:

catching-user\@example.com: user1@example.com,user2@example.com,\catching-user\@example.com

Without virtuserable entry with sendmail in this case we get user Unknown.

However like this without backslah in left value works: catching-user@example.com: user1@example.com,user2@example.com,\catching-user\@example.com

But if there is no Forwarding rule set (so no alias, only Delivery to mailbox) without the virusertable entry there is User unknown.

May I ask why this fixed version of escape_alias function is not acceptable as a simple solution? It certainly works perfectly for me.

sub escape_alias
{
      my ($escuser) = @_;
      my $origuser = $escuser;
      $escuser =~ s/@/-/g;
      if (!getpwnam($escuser) && ($config{'mail_system'} != 1)) {
          $escuser = &escape_user($origuser);
     }
    return $escuser;
}