Bug 680919

Summary: warnquota sending mails from a valid Domain Name
Product: Red Hat Enterprise Linux 6 Reporter: Petr Pisar <ppisar>
Component: quotaAssignee: Petr Pisar <ppisar>
Status: CLOSED ERRATA QA Contact: Branislav Blaškovič <bblaskov>
Severity: low Docs Contact:
Priority: low    
Version: 6.1CC: atolani, azelinka, bblaskov, psklenar
Target Milestone: rcKeywords: Patch
Target Release: ---   
Hardware: All   
OS: All   
URL: https://sourceforge.net/tracker/?func=detail&aid=3195046&group_id=18136&atid=318136
Whiteboard:
Fixed In Version: quota-3.17-18.el6 Doc Type: Bug Fix
Doc Text:
Cause If quota limit has been exceeded on machine where warnquota tool enabled to send warning e-mails and superused did not change the default warnquota configuration. Consequence E-mails from <root@myhost.com> address are being sent. This can trick recipient to replay to invalid address or e-mail bounces can be delivered to <root@myhost.com> mailbox. Fix Default warnquota configuration has been changed to use reserved example.com. domain. Result Warnings about exceeded quota limits are being sent from reserved domain that should encourage superuser to change it to proper value and even though it should not abuse anybody.
Story Points: ---
Clone Of: 680429 Environment:
Last Closed: 2012-11-19 13:31:41 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Fix none

Description Petr Pisar 2011-02-28 14:01:41 UTC
+++ This bug was initially created as a clone of Bug #680429 +++

warnquota sending mails from a valid Domain Name

Additional info:
A user gets mail from root
We can change it in /etc/warnquota.conf but myhost.com is a Valid Domain & Ideally it should not send mails from anyone's other domain, It is better to use root@localhost or root.

--- Additional comment from ppisar on 2011-02-28 13:03:07 GMT ---

Properly configured warnquota should set sender address to valid domain to be able to route SMTP bounces if original message cannot be delivered.

I see the problem with example configuration file kidnapping regular domain names. The same can be said about the phone numbers.

I will change them into RFC compliant example values.

--- Additional comment from ppisar on 2011-02-28 13:50:10 GMT ---

Unfortunately, ITU has no reserved prefix for example PSTN numbers. Keeping original ones.
-----

RHEL-6 quota utilizes the myhost.com too.

Comment 2 Petr Pisar 2011-02-28 14:03:32 UTC
Created attachment 481382 [details]
Fix

Patch changing all example domain to `example.com'.

Comment 3 RHEL Program Management 2011-07-05 23:41:55 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.

Comment 5 Suzanne Logcher 2012-02-14 23:07:16 UTC
This request was evaluated by Red Hat Product Management for
inclusion in the current release of Red Hat Enterprise Linux.
Because the affected component is not scheduled to be updated
in the current release, Red Hat is unfortunately unable to
address this request at this time. Red Hat invites you to
ask your support representative to propose this request, if
appropriate and relevant, in the next release of Red Hat
Enterprise Linux. If you would like it considered as an
exception in the current release, please ask your support
representative.

Comment 14 errata-xmlrpc 2012-11-19 13:31:41 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2012-1472.html