From: Matthias Andree (madt.e-technik.uni-dortmund.de)
Date: Thu Oct 07 2004 - 11:06:16 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Victor Duchovni <Victor.DuchovniMorganStanley.com> writes:

> On Thu, Oct 07, 2004 at 05:06:04PM +0200, Matthias Andree wrote:
>
>> 1. Postfix behaves inconsistently:
>>
>> a. smtpd looks at NIS to figure "yes, I have that user"
>
> The administrator should have used:
>
> proxy:unix:passwd.byname
>
> instead of proxy:nis:passwd.byname. The inconsistency is in the
> configuration, not in the software.

Right. The choice was deliberate, because the UNIX user data base
contains users that are not to receive mail via SMTP, and that aren't
listed in NIS.

The underlying problem that will remain is that getpwnam() cannot
communicate NIS failure as temporary error on some popular systems.

>> b. local looks at getpwnam() to figure "no such user".
>
> local(8) needs a trusted source of uid/gid/home directory,

Of course it does. Linux nsswitch or the +::::: compat entries in
FreeBSD however aren't such sources because they can falsely report "no
such user" at any time, and I was under the impression that Postfix
would yield to such restrictions of the environment. As Wietse says,
Postfix's job is to deliver mail.

I have reported the issue to the glibc maintainers and will shelve this
particular discussion for now.

The real issue can be set out wider, as a sanity-checking framework that
turns all errors into temporary ones when certain conditions are not
met.

--
Matthias Andree

Encrypted mail welcome: my GnuPG key ID is 0x052E7D95 (PGP/MIME preferred)

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]