Ubuntu
eucalyptus package

Relay denied from eucalyptus registration emails - source address is wrong.

Bug #459101 reported by Neil Wilson
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
Release Notes for Ubuntu
Fix Released
Undecided
Mathias Gug
eucalyptus (Ubuntu)
Fix Released
Medium
Unassigned
Karmic
Fix Released
Medium
Mathias Gug
Ubuntu karmic-updates

Bug Description

Eucalyptus sends registration emails via SMTP to localhost. Unfortunately it doesn't set the source IP address to one of the localhost addresses. Instead it uses the IP address of an ethernet interface.

That falls foul of the default relay control ACL in postfix, when postfix is in Smarthost configuration.

Oct 23 14:47:42 gaffer postfix/smtpd[31553]: connect from gaffer.lab.man.cpwn.lan[10.99.67.10]
Oct 23 14:47:42 gaffer postfix/smtpd[31553]: NOQUEUE: reject: RCPT from gaffer.lab.man.cpwn.lan[10.99.67.10]: 554 5.7.1 <email address hidden>: Relay access denied; from=<email address hidden> to=<email address hidden> proto=ESMTP helo=<gaffer.lab.man.cpwn.lan>
Oct 23 14:47:42 gaffer postfix/smtpd[31553]: disconnect from gaffer.lab.man.cpwn.lan[10.99.67.10]

ProblemType: Bug
.etc.eucalyptus.eucalyptus.cc.conf: CC_NAME="isp-lab"
Architecture: amd64
Date: Fri Oct 23 14:48:27 2009
DistroRelease: Ubuntu 9.10
Package: eucalyptus-cloud 1.6~bzr931-0ubuntu7
ProcEnviron:
 PATH=(custom, no user)
 LANG=en_GB.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: Ubuntu 2.6.31-14.48-server
SourcePackage: eucalyptus
Uname: Linux 2.6.31-14-server x86_64

==================
Karmic release notes:

Confirmation email for new UEC users not sent

When a new user is created in the UEC admin interface an email is sent to the user to confirm the registration. A bug in the smtp configuration of UEC prevents the Cloud controller from accepting and forwarding the confirmation email to the end user. The workaround is to edit the postfix configuration file (/etc/postfix/main.cf) to comment the mynetworks option and add a mynetworks_style option set to host instead and reload postfix (459101):

  #mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
  mynetworks_style=host

==================
Eucalyptus SRU

Impact:
When a new user is created an confirmation email is send. However the default configuration of postfix refuses to accept the smtp connection opened by the eucalyptus-cloud process.

How the bug has been addressed:
The local configuration of postfix is modified by eucalyptus-cloud postinst script via the postconf command to accept messages send from the host (mynetwork_style=host).

To reproduce the bug:
1. Create a new user via the web admin interface with a valid email. Check that the email hasn't been accepted in /var/log/mail.log.
2. After the update, /etc/postfix/main.cf should have two of its options modified (mynetwork_style set to host and mynetwork commented).
3. Create a new user via the web admin interface with a valid email. The confirmation email should be accepted (in /var/log/mail.log) and be successfully delivered.

Regression potential:
If the CC has been configured to accept mail from the network for another reason, the configuration will be broken after the upgrade.

See original description

Related branches

lp:~mathiaz/eucalyptus/k-fix-email-config
Dustin Kirkland : Needs Fixing
Diff: 36 lines
2 files modified
debian/changelog (+2/-0)
debian/eucalyptus-cloud.postinst (+13/-0)
lp:~ubuntu-core-dev/eucalyptus/ubuntu-karmic
lp:ubuntu/karmic-proposed/eucalyptus
Revision history for this message
Neil Wilson (neil-aldur) wrote :
Revision history for this message
Neil Wilson (neil-aldur) wrote :

Workaround is to hash out mynetworks and add in mynetworks_style instead.

#mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mynetworks_style=host

Revision history for this message
Mathias Gug (mathiaz) wrote :

Confirmed. Should be documented in the release notes.

Changed in eucalyptus (Ubuntu):
importance: Undecided → Medium
status: New → Triaged
milestone: none → ubuntu-9.10
Revision history for this message
Mathias Gug (mathiaz) wrote :

If a user has already been created and UEC failed to send the confirmation email (which has the confirmation link in it), the user can still be confirmed by an admin by editing the user and checking the "Skip email confirmation" box.

Thierry Carrez (ttx)
Changed in eucalyptus (Ubuntu Karmic):
status: Triaged → Won't Fix
milestone: ubuntu-9.10 → none
Changed in eucalyptus (Ubuntu):
milestone: ubuntu-9.10 → none
Mathias Gug (mathiaz)
Changed in ubuntu-release-notes:
assignee: nobody → Mathias Gug (mathiaz)
status: New → In Progress
Mathias Gug (mathiaz)
description: updated
Changed in ubuntu-release-notes:
status: In Progress → Fix Committed
Revision history for this message
Steve Langasek (vorlon) wrote :

Documented at <https://wiki.ubuntu.com/KarmicKoala/ReleaseNotes#Confirmation%20emails%20for%20new%20UEC%20users%20not%20sent>:

When a new user is created in the UEC admin interface, an email is sent to the user to confirm the registration. A bug in the smtp configuration of UEC prevents the Cloud Controller from accepting and forwarding the confirmation email to the end user. As a workaround, edit the postfix configuration file {{{/etc/postfix/main.cf}}} on the Cloud Controller to comment out the {{{mynetworks}}} option and add a {{{mynetworks_style}}} option set to {{{host}}} instead:

{{{
  #mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
  mynetworks_style = host
}}}

Then reload postfix with {{{sudo service postfix reload}}}. (Bug:459101)

Changed in ubuntu-release-notes:
status: Fix Committed → Fix Released
Thierry Carrez (ttx)
Changed in eucalyptus (Ubuntu Karmic):
status: Won't Fix → Triaged
milestone: none → karmic-updates
Mathias Gug (mathiaz)
Changed in eucalyptus (Ubuntu):
milestone: karmic-updates → none
Changed in eucalyptus (Ubuntu Karmic):
assignee: nobody → Mathias Gug (mathiaz)
Mathias Gug (mathiaz)
Changed in eucalyptus (Ubuntu Karmic):
status: Triaged → In Progress
Mathias Gug (mathiaz)
description: updated
Mathias Gug (mathiaz)
Changed in eucalyptus (Ubuntu Karmic):
status: In Progress → Fix Committed
Steve Langasek (vorlon)
Changed in eucalyptus (Ubuntu Karmic):
status: Fix Committed → In Progress
Mathias Gug (mathiaz)
tags: added: uec
Revision history for this message
Martin Pitt (pitti) wrote : Please test proposed package

Accepted eucalyptus into karmic-proposed, the package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in eucalyptus (Ubuntu Karmic):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
John Koskie (jkoskie) wrote :

I can confirm the existence of the bug, and the proposed fix works on my system.

Martin Pitt (pitti)
tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eucalyptus - 1.6~bzr931-0ubuntu7.3

---------------
eucalyptus (1.6~bzr931-0ubuntu7.3) karmic-proposed; urgency=low

  * debian/eucalyptus-cc.postinst: restart avahi daemon so that it uses
    eucalyptus specific configuration file (LP: #458904).
  * debian/eucalyptus-cc.eucalyptus-cc-publication{,-ip}.upstart: Respawn
    avahi publication jobs if they die (LP: #480885).

eucalyptus (1.6~bzr931-0ubuntu7.2) karmic-proposed; urgency=low

  [ Dustin Kirkland ]
  * cluster/handlers.c: euca_rootwrap rework did not whitelist powerwake;
    however, powerwake does *not* need root privs, drop euca_rootwrap wrapper
    (LP: #458163)
  * debian/rules, debian/euclayptus-cc.install: install the avahi-daemon.conf
    in /etc/eucalyptus, (LP: #458904).

  [ Thierry Carrez ]
  * clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/public/EucalyptusWebInterface.html:
    Fix HTML title in the web UI for more consistency in naming (LP: #455293)
  * debian/eucalyptus-common.eucalyptus.upstart: Add -l to eucalyptus-cloud
    options so that cloud-output.log is affected by LOGLEVEL (LP: #458001)

  [ Mathias Gug ]
  * cluster/handlers.c: Fix the networkIndex returned by describeInstances.
    (LP: #454405 - upstream revno 933).
  * debian/eucalyptus-cc.eucalyptus-cc-publication{,-ip}.upstart: add an
    upstart job to explicitly publish the IP/CC hostname mapping via avahi
    instead of publishing the CC IP address via the service name (LP: #458904).
  * debian/avahi-daemon.conf: ship a specific avahi-daemon configuration file
    that doesn't publish IP addresses by default. (LP: #458904).
  * debian/eucalyptus-cloud.postinst: Fix postfix configuration to accept
    confirmation emails sent by eucalyptus (LP: #459101)
  * debian/eucalyptus-cc.upstart: Don't clean the CC network state when the CC is
    stopped by default (LP: #460089).
 -- Mathias Gug <email address hidden> Wed, 11 Nov 2009 15:15:48 -0500

Changed in eucalyptus (Ubuntu Karmic):
status: Fix Committed → Fix Released
Revision history for this message
Martin Pitt (pitti) wrote :

I copied the karmic-proposed package to lucid. Ffor karmic-updates it is still missing two verifications.

Changed in eucalyptus (Ubuntu):
status: Triaged → Fix Released
Changed in eucalyptus (Ubuntu Karmic):
status: Fix Released → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package eucalyptus - 1.6~bzr931-0ubuntu7.3

---------------
eucalyptus (1.6~bzr931-0ubuntu7.3) karmic-proposed; urgency=low

  * debian/eucalyptus-cc.postinst: restart avahi daemon so that it uses
    eucalyptus specific configuration file (LP: #458904).
  * debian/eucalyptus-cc.eucalyptus-cc-publication{,-ip}.upstart: Respawn
    avahi publication jobs if they die (LP: #480885).

eucalyptus (1.6~bzr931-0ubuntu7.2) karmic-proposed; urgency=low

  [ Dustin Kirkland ]
  * cluster/handlers.c: euca_rootwrap rework did not whitelist powerwake;
    however, powerwake does *not* need root privs, drop euca_rootwrap wrapper
    (LP: #458163)
  * debian/rules, debian/euclayptus-cc.install: install the avahi-daemon.conf
    in /etc/eucalyptus, (LP: #458904).

  [ Thierry Carrez ]
  * clc/modules/www/src/main/java/edu/ucsb/eucalyptus/admin/public/EucalyptusWebInterface.html:
    Fix HTML title in the web UI for more consistency in naming (LP: #455293)
  * debian/eucalyptus-common.eucalyptus.upstart: Add -l to eucalyptus-cloud
    options so that cloud-output.log is affected by LOGLEVEL (LP: #458001)

  [ Mathias Gug ]
  * cluster/handlers.c: Fix the networkIndex returned by describeInstances.
    (LP: #454405 - upstream revno 933).
  * debian/eucalyptus-cc.eucalyptus-cc-publication{,-ip}.upstart: add an
    upstart job to explicitly publish the IP/CC hostname mapping via avahi
    instead of publishing the CC IP address via the service name (LP: #458904).
  * debian/avahi-daemon.conf: ship a specific avahi-daemon configuration file
    that doesn't publish IP addresses by default. (LP: #458904).
  * debian/eucalyptus-cloud.postinst: Fix postfix configuration to accept
    confirmation emails sent by eucalyptus (LP: #459101)
  * debian/eucalyptus-cc.upstart: Don't clean the CC network state when the CC is
    stopped by default (LP: #460089).
 -- Mathias Gug <email address hidden> Wed, 11 Nov 2009 15:15:48 -0500

Changed in eucalyptus (Ubuntu Karmic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.