wietseporcupine.org (Wietse Venema) writes:

> Matthias Andree:
> > I'm not sure if we're talking about the same problem,
>
> Yes. If an owner-root alias exists, then Postfix writes the recipients
> in the expansion of the root alias to queue file, without attempting
> to recursively expand aliases and .forward files.

There is no recursion in my setup, and the owner-testme alias did not
change anything except the bounce destination. I expect, when expanding
to "terminal symbols", that the original input (the key used for alias
lookup) be discarded. But this does not happen, Postfix keeps the key as
well.

Clear text:

Assume bar1 delivers ok, bar2 fails hard, but is taken as temporary by
soft_obunce.

foo: bar1 bar2
expands to: bar2 foo -> BROKEN, foo must go.

It should expand to bar2.

A reasonable, WORKING approximation of:

owner-foo: somebody
foo: bar1 bar2

is:

foo: "|/usr/sbin/sendmail -fowner-foo bar1 bar2"

When bar2 expands to a command, keeping "bar2" is fine, and will not
cause any problems.

Did you actually try to reproduce the problem with the test setup I
reported in my previous setup? If not so, may I ask you to do so?

> However, |command and /file/name destinations in the expansion of
> an alias or forward file must be delivered immediately, so if those
> fail with a temporary error, then the whole alias will receive the
> mail again later.

Well. I'm not trying:

foo: bar1 "|exit 75"

but

foo: bar1 bar2
bar2: "|exit 75"

Postfix expands bar2 properly, tries immediate delivery, fails, AND
KEEPS foo in the expanded list as well. It looks as if there is
something wrong with the error propagation. It's not foo that failed and
must be retried, but ONLY bar2.

> > a) drop original recipient on the floor, possibly break mail up.
>
> Excuse me? Postfix must not drop mail on the floor. If an alias
> expands into
>
> destination1
> "|command that fails with soft error"
> destination2
>
> then destination2 must receive the mail.

You're not seeing the problem, so you misunderstand what I'm after.

foo: ok fail

here expands to: fail foo, plus the delivered mail in ok's mailbox.

> > b) keep a list of successful deliveries. Postfix needs to eliminate
> > duplicates from the alias expansion anyways.
>
> This list requires persistent storage. Where? Postfix is designed
> on the principle of write once files, so that Postfix can be killed
> at arbitrary moments without causing loss of mail.

Ok, so write it in the queue file, where the recipients are, write ALL
original recipients there and keep it there when deferring, and add a
flag "done".

> Storing |command and /file/name destinations is extremely dangerous.
> This solution does not pass the security test.

The problem is on a higher level. Command expansion, in my case, only
takes part for the final, SINGLE, ISOLATED, recipient, not for the alias
itself.

> If an alias name appears in its own expansion,

...then Postfix can tag it as such, i. e. if it sees:

foo: foo bar

it reads it as

foo: \foo bar

With \ suppressing recursion. What problem with that approach am I not
aware of?

> > d) switch between "broken-compatible" and "sensible" alias treatment
>
> And cleverly he forgot to define what the sendible treatment is.

Yup. Since we haven't yet negotiated a common language to describe the
(non-)problem, I think I'll retry that after I think I communicated the
problem description.

-- 
Matthias Andree

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]