Where does 10.0.0.0/8 come from?

[hboetes2]

I've got a mystery on my hand; in postfix.mynetworks there is 10.0.0.0/8 added, and I have no idea where it comes from:

root@pinkdemon /etc #  pmgconfig dump|grep 10.0.0.0/8
postfix.mynetworks = 10.0.0.0/8 10.10.110.32/32 127.0.0.0/8 [::1]/128

If I search for the string in /etc nothing relevant matches.

root@pinkdemon /etc #  rg 10.0.0.0/8                 
network/interfaces
7:    post-up  route add -net 10.0.0.0/8 gw 10.10.110.254; route add -net 172.16.0.0/12 gw 10.10.110.254;
8:    pre-down route del -net 10.0.0.0/8 gw 10.10.110.254; route del -net 172.16.0.0/12 gw 10.10.110.254;

postfix/main.cf
30:mynetworks = 10.0.0.0/8 10.10.110.32/32 127.0.0.0/8 [::1]/128

root@pinkdemon /etc #  cat pmg/mynetworks            
10.10.110.32/32 #brennis

So all I can come up with is this is generated and since I have an internal route to 10.0.0.0/8 it's added automatically. I don't understand why though. No normal application would send mail to port 26, unless specifically configured. I've set up an internal mail server, 10.10.110.32, which handles who can send outgoing emails, and the only one who should directly have access to the outgoing gateway is that server. That's how pmg is advertised to work.

Now I can edit the template and hard code mynetworks, but I don't think that's very elegant. I've set up nftables as a workaround.

Your thoughts?

 

[Gilou]

What does grep pinkdemon /etc/hosts say? or getent hosts pinkdemon ? (or even rg 10.0.0 in /etc, I guess you see where I'm going )

 

[hboetes2]

root@pinkdemon ~ #  rg pinkdemon /etc/hosts
5:10.10.110.31 pinkdemon.example.com pinkdemon
root@pinkdemon ~ #  getent hosts pinkdemon
10.10.110.31    pinkdemon.example.com pinkdemon

And rg '10\.0\.0' /etc reveals nothing new.

So, please enlighten me.

 

[Gilou]

I need to check.. and it may be a "bug" in the way it determines it's own net.. not totally wrong because 10/8 certainly includes 10.10/16 or what not, but not exactly clever. I don't remember how this is computed, but I think that is the issue..

 

[Gilou]

How is your interface configured still?
EDIT:
I'm guessing, properly, as in, as a /16 or /24, I can reproduce it instantly whatever the size of the network configured, pmg guesses "class A! What else could it be!" when using 10.x subnets. I'd say lack of CIDR support here.. and I'd say that it's a bug, so maybe declare it as such.. I'll try to read the source for that, but I think that is the issue.

 

[Gilou]

Yeah, it's not that bad, it's indeed the route that drives it to think it has a /8 network. Code is not wrong, but it fails to select the correct (more precise) route, but that may be by design. In src/PMG/Utils.pm it does a proper route check using sub find_local_network_for_ip but if the IP overlaps, it assumes it has found the proper mask size. I'd say this is a bug, as it's probably not what you want generally, but this may break stuff..
There is already a bug listed for it there: https://bugzilla.proxmox.com/show_bug.cgi?id=6760
It hasn't much love there..

 

[hboetes2]

I agree adding the route of the listening interface to the mynetworks is a sane default. But I think there should be an option to disable this default, since it is completely reasonable to want to configure something else, which is currently impossible.