Ubuntu
unattended-upgrades package

unattended-upgrade send spf=neutral mail

Asked by Takabumi Ichikawa

Sorry for the poor English

I installed Ubuntu 20.04.1 LTS.
  apt install unattended-upgrades (2.3ubuntu0.1)
   postfix 3.4.13-0ubuntu1

And configured to mail send.
ex) /etc/apt/apt.conf.d/50unattended-upgrades
  Unattended-Upgrade::Mail "my@address";
  Unattended-Upgrade::Sender "my@address";

Then, I recieved "spf=neutral" (not spf=pass) mails.

It maybe inside /usr/bin/unattended-upgrade
  subprocess.Popen ... /usr/sbin/sendmail -oi -t
send "Authentication-Results: ... smtp.mailfrom=loginID@fqdnhostname" is not my SPF allowd.

but
  echo -e "subject: test\nto: my@address\nfrom: my@address\n\ntest" | /usr/sbin/sendmail -oi -t -r my@address
can send "spf=pass" .
("Authentication-Results: ... smtp.mailfrom=my@address" is SPF allowd.)

how is it?
- [SENDMAIL_BINARY, "-oi", "-t"],
+ [SENDMAIL_BINARY, "-oi", "-t", "-r", from_address],
(is postfix only?)

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu unattended-upgrades Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
actionparsnip (andrew-woodhead666) said : 		#1

The sender address matters if the domain has SPF. DO you understand what SPF is? Happy to explain if you like. If you use a different sender address without SPF then it'll deliver (or just use a domain name that doesn't exist it should be OK).

You may need to tell your email system to ignore SPF from your sender IP and then the email will deliver OK

Revision history for this message
Hargett (hargett) said : 		#2

Unattended-upgrades does not run in your name, so it won't read your ~/.mailrc. If you're running with Debian defaults, you probably have Exim installed (check with apt-cache policy exim4) https://mcdvoice.me/

Revision history for this message
Takabumi Ichikawa (tichikawa) said : 		#3

The story deviates from "unattended-upgrade" once.

"/usr/sbin/sendmail" installed postfix package.

<< Example 1 >>
> # echo -e "subject: test1\nfrom: <email address hidden>\nto: <email address hidden>\n\ntest1\n" | /usr/sbin/sendmail -oi -t -r <email address hidden>
> #
> # tail /var/log/mail.log -n 5
> Sep dd 14:36:31 thisServer postfix/pickup[99999]: XXXXXXXXXX: uid=0 from=<email address hidden>
> Sep dd 14:36:31 thisServer postfix/cleanup[99999]: XXXXXXXXXX: message-id=<email address hidden>
> Sep dd 14:36:31 thisServer postfix/qmgr[99999]: XXXXXXXXXX: from=<email address hidden>, size=323, nrcpt=1 (queue active)
> Sep dd 14:36:34 thisServer postfix/smtp[99999]: XXXXXXXXXX: to=<email address hidden>, relay=aspmx.l.google.com[108.177.125.26]:25, delay=3.5, delays=0.99/0/1.8/0.73, dsn=2.0.0, status=sent (250 2.0.0 OK 9999999999 xxxxxxxxxxxxxxx.999 - gsmtp)
> Sep dd 14:36:34 thisServer postfix/qmgr[99999]: XXXXXXXXXX: removed
> #

Receive "spf=pass".
because I added mydomain's DNS txt(spf) Remote data center GlobalIP.
and send "postfix/qmgr[99999]: XXXXXXXXXX: from=<email address hidden>, ..."

<< Example 2 >>
> # echo -e "subject: test2\nfrom: <email address hidden>\nto: <email address hidden>\n\ntest2\n" | /usr/sbin/sendmail -oi -t
> #
> # tail /var/log/mail.log -n 5
> Sep dd hh:mm:ss thisServer postfix/pickup[99999]: XXXXXXXXXX: uid=0 from=<root>
> Sep dd hh:mm:ss thisServer postfix/cleanup[99999]: XXXXXXXXXX: message-id=<email address hidden>
> Sep dd hh:mm:ss thisServer postfix/qmgr[99999]: XXXXXXXXXX: from=<email address hidden>, size=323, nrcpt=1 (queue active)
> Sep dd hh:mm:ss thisServer postfix/smtp[99999]: XXXXXXXXXX: to=<email address hidden>, relay=aspmx.l.google.com[108.177.97.26]:25, delay=2.3, delays=0.26/0.03/1.1/0.99, dsn=2.0.0, status=sent (250 2.0.0 OK 9999999999 xxxxxxxxxxxxxxx.999 - gsmtp)
> Sep dd hh:mm:ss thisServer postfix/qmgr[99999]: XXXXXXXXXX: removed
> #

Receive "spf=neutral".
because send "postfix/qmgr[99999]: XXXXXXXXXX: from=<email address hidden>, ..."
but I not set subdomain.mydomain's DNS txt(spf).

/usr/bin/unattended-upgrade [2.3ubuntu0.1]
(lineNo)
 1397 sendmail = subprocess.Popen(
 1398 [SENDMAIL_BINARY, "-oi", "-t"],
 1399 stdin=subprocess.PIPE, universal_newlines=True)

Works like the Example 2.

I change
 1398 [SENDMAIL_BINARY, "-oi", "-t", "-r", from_address],
Works like the Example 1.

Is what I have to fix wrong?

Can you help with this problem?

Provide an answer of your own, or ask Takabumi Ichikawa for more information if necessary.

To post a message you must log in.