Skip to content

Loading…

(#17827) Properly format SMTP HELO when sending tagmail #1351

Closed
wants to merge 3 commits into from

4 participants

@ahpook

Previously, the tagmail report sending code did not initialize
Net::SMTP.start with a 'helo' option, which causes securely-
configured SMTP servers to reject the mail.

This commit adds settings to control the destination SMTP port
and the value for SMTP HELO, which default to 25 and our fqdn,
respectively.

Report and original patch from Jim Pirzyk.

@ahpook ahpook (#17827) Properly format SMTP HELO when sending tagmail
Previously, the tagmail report sending code did not initialize
Net::SMTP.start with a 'helo' option, which causes securely-
configured SMTP servers to reject the mail.

This commit adds settings to control the destination SMTP port
and the value for SMTP HELO, which default to 25 and our fqdn,
respectively.

Report and original patch from Jim Pirzyk.
e4594ec
@daniel-pittman

You mean "incorrectly configured SMTP servers", not securely, and you should probably document why this might be interesting to users in the configuration description. Just having a strictly factual statement of effect, but no meat on why makes this difficult for users to understand.

Part of the reason I emphasise "incorrectly configured" is because some-but-not-all of the SMTP servers that require the HELO / EHLO name to be an FQDN will also reject an unresolvable, or even "no MX exists for", string.

Given that using an internal name, like FQDN on an internal machine, might reject just as much as using the RFC-specified "opaque string for loopback detection" would.

@ahpook

My experience with HELO checking might be different to yours Daniel -- in Postfix at least, there's a range of helo restrictions varying from the are-you-malware low bar to entry ('must exist', 'must look like a fqdn') to the pretty-clearly-insane ('look up the MX record for the provided hostname and perform some action against it'). So I don't think it's true that all helo restrictions are inherently misconfigurations.

Point taken, and commit added, for adding 'why' to the description though.

@daniel-pittman daniel-pittman commented on an outdated diff
lib/puppet/defaults.rb
@@ -1255,7 +1255,17 @@ module Puppet
:smtpserver => {
:default => "none",
:desc => "The server through which to send email reports.",
- }
+ },
+ :smtpport => {
+ :default => 25,
+ :desc => "The TCP port through which to send email reports.",
+ },
+ :smtphelo => {
+ :default => Facter["fqdn"].value,
+ :desc => "The name by which we identify ourselves in SMTP HELO for reports.
+ If you send to a smtpserver which does strict HELO checking (as with Postfix's
+ `smtpd_helo_restrictions` access controls), you may to ensure this resolves.",

I thing you have a tyop in there: "you may to ensure"

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
@daniel-pittman
@puppetcla

CLA Signed by ahpook on 2012-08-16 21:00:00 -0700

@adrienthebo
Puppet Labs member

@ahpook @daniel-pittman I'm dragging this pull request back from the dead to see if we can get a resolution on this. In my uninformed opinion, this seems like a pretty harmless change. Merging this shouldn't break anything, and while it may be working around the deficiencies/configuration of mail servers it's a small change and could make the lives of some users a bit easier. Could we get a definitive yay/nay on this?

Thanks!

@ahpook

i favor taking it obvs. i interpret daniel's last comment "supporting working around [mail server settings] is a win" as support.

@adrienthebo adrienthebo added a commit that closed this pull request
@adrienthebo adrienthebo Merge branch 'pull-1351'
This closes GH-1351
8dbe436
@adrienthebo
Puppet Labs member

summary: merged into master in 8dbe436; this should be released in 3.3.0. There was a syntax incompatibility with ruby 1.8.7, so I rebased this on master and made the syntax amendment. Thanks for the contribution!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Commits on Dec 28, 2012
  1. @ahpook

    (#17827) Properly format SMTP HELO when sending tagmail

    ahpook committed
    Previously, the tagmail report sending code did not initialize
    Net::SMTP.start with a 'helo' option, which causes securely-
    configured SMTP servers to reject the mail.
    
    This commit adds settings to control the destination SMTP port
    and the value for SMTP HELO, which default to 25 and our fqdn,
    respectively.
    
    Report and original patch from Jim Pirzyk.
  2. @ahpook
  3. @ahpook

    Whups, grammar.

    ahpook committed
Showing with 12 additions and 2 deletions.
  1. +11 −1 lib/puppet/defaults.rb
  2. +1 −1 lib/puppet/reports/tagmail.rb
View
12 lib/puppet/defaults.rb
@@ -1255,7 +1255,17 @@ module Puppet
:smtpserver => {
:default => "none",
:desc => "The server through which to send email reports.",
- }
+ },
+ :smtpport => {
+ :default => 25,
+ :desc => "The TCP port through which to send email reports.",
+ },
+ :smtphelo => {
+ :default => Facter["fqdn"].value,
+ :desc => "The name by which we identify ourselves in SMTP HELO for reports.
+ If you send to a smtpserver which does strict HELO checking (as with Postfix's
+ `smtpd_helo_restrictions` access controls), you may need to ensure this resolves.",
+ },
)
define_settings(
View
2 lib/puppet/reports/tagmail.rb
@@ -133,7 +133,7 @@ def send(reports)
pid = Puppet::Util.safe_posix_fork do
if Puppet[:smtpserver] != "none"
begin
- Net::SMTP.start(Puppet[:smtpserver]) do |smtp|
+ Net::SMTP.start(Puppet[:smtpserver], Puppet[:smtpport], Puppet[:smtphelo]) do |smtp|
reports.each do |emails, messages|
smtp.open_message_stream(Puppet[:reportfrom], *emails) do |p|
p.puts "From: #{Puppet[:reportfrom]}"
Something went wrong with that request. Please try again.