Re: configurer sendmail/exim4 pour utiliser smtp tiers

[didier gaumet]

Bonjour,

Il y a un article du wiki Debian sur Exim:
https://wiki.debian.org/Exim
Dans un scénario qui a l'air proche du tien, on y parle de relai 
smarthost, de macro TLS et de réécriture d'adresse e-mail de l'émetteur.
(Je ne sais pas si ça joue mais je suis chez Free aussi et il me semble 
que j'utilise TLS plutôt que STARTTLS)

Re: configurer sendmail/exim4 pour utiliser smtp tiers

[NoSpam]

Le 02/01/2023 à 14:01, roger.tar...@free.fr a écrit :

Bonjour

Cette syntaxe à double ':' avant le n° de port (ex : 
|smtp.example.com::587|) se retrouve à de nombreux endroits :

ex : https://www.pontikis.net/blog/gmail-smarthost-exim4-debian
https://alexander.holbreich.org/exim-mail-google/

Quel outil utiles-tu pour envoyer des e-mails depuis un programme avec 
un service smtp tiers ?
postfix. Comme annoncé par un autre intervenant, ssmtp est une bonne 
alternative

Evnoi programmatique de courriel: Re: configurer sendmail/exim4 pour utiliser smtp tiers

[Basile Starynkevitch]

On 02/01/2023 14:01, roger.tar...@free.fr wrote:

Bonjour

Cette syntaxe à double ':' avant le n° de port (ex : 
|smtp.example.com::587|) se retrouve à de nombreux endroits :

ex : https://www.pontikis.net/blog/gmail-smarthost-exim4-debian
https://alexander.holbreich.org/exim-mail-google/

Quel outil utiles-tu pour envoyer des e-mails depuis un programme avec 
un service smtp tiers ?



Une bibliothèque en C++ pour ce faire existe: https://www.vmime.org/


En plus, je découvre qu'elle est développée en France.


(et on pourrait imaginer que le logiciel RefPerSys 
 en http://refpersys.org/ soit 
étendu pour l'utiliser; si vous êtes intéressés, contactez moi - Basile 
Starynkevitch - par courriel).



Librement.


--
Basile Starynkevitch
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/

Re: configurer sendmail/exim4 pour utiliser smtp tiers

[roger . tarani]

Bonjour 

Cette syntaxe à double ':' avant le n° de port (ex : smtp.example.com::587 ) se 
retrouve à de nombreux endroits : 
ex : [ https://www.pontikis.net/blog/gmail-smarthost-exim4-debian | 
https://www.pontikis.net/blog/gmail-smarthost-exim4-debian ] 
[ https://alexander.holbreich.org/exim-mail-google/ | 
https://alexander.holbreich.org/exim-mail-google/ ] 

Quel outil utiles-tu pour envoyer des e-mails depuis un programme avec un 
service smtp tiers ? 


De: "NoSpam"  
À: "Liste Debian"  
Envoyé: Lundi 2 Janvier 2023 13:33:05 
Objet: Re: configurer sendmail/exim4 pour utiliser smtp tiers 



Bonjour 
Le 02/01/2023 à 02:49, [ mailto:roger.tar...@free.fr | roger.tar...@free.fr ] a 
écrit : 



Bonjour la liste, et bonne année 2023, 

Sur un serveur debian11, j'ai besoin d'activer un service de messagerie. 
J'ai déjà réussi par le passé et un programme utilisait fiablement une commande 
sendmail (comme on peut le faire en CLI : echo "Subject: hello" | sendmail [ 
mailto:t...@example.com |  toto@ ] freefr ). 

Déjà, je souhaite pouvoir exploiter un serveur de messagerie tiers (free.fr 
ici, par exemple). 
On verra ensuite pour configurer un serveur de messagerie envoi/réception sur 
cette machine. 


[...] 

BQ_BEGIN


dc_smarthost='smtp.free.fr::465' 

BQ_END


Je n'utilise pas exim mais cette configuration m'interpelle. Ne seraitce pas 
plutôt 

dc_smarthost='smtp.free.fr:465' 

Re: configurer sendmail/exim4 pour utiliser smtp tiers

[NoSpam]

Bonjour

Le 02/01/2023 à 02:49, roger.tar...@free.fr a écrit :

Bonjour la liste, et bonne année 2023,

Sur un serveur debian11, j'ai besoin d'activer un service de messagerie.
J'ai déjà réussi par le passé et un programme utilisait fiablement une 
commande sendmail (comme on peut le faire en CLI : echo "Subject: 
hello" | sendmail toto@ <mailto:t...@example.com>freefr ).


Déjà, je souhaite pouvoir exploiter un serveur de messagerie tiers 
(free.fr ici, par exemple).
On verra ensuite pour configurer un serveur de messagerie 
envoi/réception sur cette machine.

[...]


dc_smarthost='smtp.free.fr::465'


Je n'utilise pas exim mais cette configuration m'interpelle. Ne seraitce 
pas plutôt


dc_smarthost='smtp.free.fr:465'

Re: configurer sendmail/exim4 pour utiliser smtp tiers

[Belaïd]

Bonjour et bonne année à tous !

Pour tes besoins qui sont simples (utilisation d'un relais) je te conseil
d'utiliser ssmtp, c'est vraiment hyper simple et rapide !

Le lun. 2 janv. 2023 à 02:50,  a écrit :

> Bonjour la liste, et bonne année 2023,
>
> Sur un serveur debian11, j'ai besoin d'activer un service de messagerie.
> J'ai déjà réussi par le passé et un programme utilisait fiablement une
> commande sendmail (comme on peut le faire en CLI : echo "Subject: hello" |
> sendmail toto@ freefr ).
>
> Déjà, je souhaite pouvoir exploiter un serveur de messagerie tiers (
> free.fr ici, par exemple).
> On verra ensuite pour configurer un serveur de messagerie envoi/réception
> sur cette machine.
>
> Après utilisation de dpkg-reconfigure exim4-config :
> $ cat update-exim4.conf.conf
> dc_eximconfig_configtype='smarthost'
> dc_other_hostnames=''
> dc_local_interfaces='127.0.0.1'
> dc_readhost='localhost'
> dc_relay_domains=''
> dc_minimaldns='false'
> dc_relay_nets=''
> dc_smarthost='smtp.free.fr::465'
> CFILEMODE='644'
> dc_use_split_config='false'
> dc_hide_mailname='false'
> dc_mailname_in_oh='true'
> dc_localdelivery='mail_spool'
>
> J'ai trouvé une tonne d'articles sur sendmail/exim4 qui ne m'ont pas
> permis de faire marcher cette simple configuration.
>
> De mémoire, j'avais réussi à faire marcher exim4 avec un serveur SMTP
> tiers en trifouillant dans exim4.conf.template , un peu comme expliqué dans
> ce site devenu injoignable (web archive) :
>
> https://web.archive.org/web/20220611061029/https://manu-j.com/blog/wordpress-exim4-ubuntu-gmail-smtp/75/
>
> J'avais aussi utilisé cette page et me souviens avoir pu faire tourner
> exim avec : https://debian-facile.org/doc:reseau:exim4-pour-les-nulls
>
> Après un :
> $ echo "Subject: hello" | sendmail t...@free.fr
>
> A présent, le service exim4 dit :
>
> $ tail -20 /var/log/exim4/mainlog
> ...
> 2023-01-02 02:39:20 1pC9nM-00D83H-4D <= r...@truc.com U=root P=local S=282
> 2023-01-02 02:39:20 1pC9nM-00D83H-4D ** t...@free.fr: Unrouteable address
> 2023-01-02 02:39:20 1pC9nM-00D83K-7x <= <> R=1pC9nM-00D83H-4D
> U=Debian-exim P=local S=1467
> 2023-01-02 02:39:20 1pC9nM-00D83K-7x ** r...@truc.com: Unrouteable address
> 2023-01-02 02:39:20 1pC9nM-00D83K-7x Frozen (delivery error message)
> 2023-01-02 02:39:20 1pC9nM-00D83H-4D Completed
>
> J'ai commenté les modifications faites dans exim4.conf.template , ce qui
> m'a permis d'éliminer les erreurs d'authentification smtp.
>
> Je suis sec.
> Comment procéder pour simplement faire tourner exim4 afin d'utiliser un
> service smtp tiers :
> à partir de mon serveur ?
> à partir d'un serveur debian tout neuf ?
>
> Merci.
>
>

Re: configurer sendmail/exim4 pour utiliser smtp tiers

[Basile Starynkevitch]

Bonjour et bonne année


On 02/01/2023 02:49, roger.tar...@free.fr wrote:

Bonjour la liste, et bonne année 2023,

Sur un serveur debian11, j'ai besoin d'activer un service de messagerie.


SMTP et EXIM sont complexes. Je conseille la lecture (à tête reposée) 
d'un livre entier sur la question, par exemple (en anglais)


/Exim. The mail transfer agent/. par Philip Hazel.  ed. OReilly ISBN 
9780596000981


Il y a aussi la problématique de la fiabilité d'un serveur de courriel, 
du volume à traiter (traiter cent mille méls par jour, c'est différent 
de traiter cent méls par jour), des stratégies de ré-emission et 
stockage (spool) des méls, etc.


On peut aussi envisager d'utiliser et de configurer https://www.postfix.org/

Ensuite, free a comme mauvaise habitude de parfois restreindre le trafic 
SMTP qui passe chez eux. (Il peut y avoir des raisons légales à ça : 
lutte antispam; articles 323-1 et suivant du code pénal en France, etc..).


On peut enfin envoyer un mél programmatiquement par une librarie telle 
que https://www.vmime.org/


Dans tous les cas, c'est complexe, car le courriel est complexe (voir 
les spécifications de SMTP 
 
et IMAP  pour commencer)



Pour ma part, je cherche des partenaires intéressés par RefPerSys en 
http://refpersys.org/




Librement et bonne année 2023


--
Basile Starynkevitch
(only mine opinions / les opinions sont miennes uniquement)
92340 Bourg-la-Reine, France
web page: starynkevitch.net/Basile/

configurer sendmail/exim4 pour utiliser smtp tiers

[roger . tarani]

Bonjour la liste, et bonne année 2023, 

Sur un serveur debian11, j'ai besoin d'activer un service de messagerie. 
J'ai déjà réussi par le passé et un programme utilisait fiablement une commande 
sendmail (comme on peut le faire en CLI : echo "Subject: hello" | sendmail [ 
mailto:t...@example.com |  toto@ ] freefr ). 

Déjà, je souhaite pouvoir exploiter un serveur de messagerie tiers (free.fr 
ici, par exemple). 
On verra ensuite pour configurer un serveur de messagerie envoi/réception sur 
cette machine. 

Après utilisation de dpkg-reconfigure exim4-config : 
$ cat update-exim4.conf.conf 
dc_eximconfig_configtype='smarthost' 
dc_other_hostnames='' 
dc_local_interfaces='127.0.0.1' 
dc_readhost='localhost' 
dc_relay_domains='' 
dc_minimaldns='false' 
dc_relay_nets='' 
dc_smarthost='smtp.free.fr::465' 
CFILEMODE='644' 
dc_use_split_config='false' 
dc_hide_mailname='false' 
dc_mailname_in_oh='true' 
dc_localdelivery='mail_spool' 

J'ai trouvé une tonne d'articles sur sendmail/exim4 qui ne m'ont pas permis de 
faire marcher cette simple configuration. 

De mémoire, j'avais réussi à faire marcher exim4 avec un serveur SMTP tiers en 
trifouillant dans exim4.conf.template , un peu comme expliqué dans ce site 
devenu injoignable (web archive) : 
[ 
https://web.archive.org/web/20220611061029/https://manu-j.com/blog/wordpress-exim4-ubuntu-gmail-smtp/75/
 | 
https://web.archive.org/web/20220611061029/https://manu-j.com/blog/wordpress-exim4-ubuntu-gmail-smtp/75/
 ] 

J'avais aussi utilisé cette page et me souviens avoir pu faire tourner exim 
avec : [ https://debian-facile.org/doc:reseau:exim4-pour-les-nulls | 
https://debian-facile.org/doc:reseau:exim4-pour-les-nulls ] 

Après un : 
$ echo "Subject: hello" | sendmail t...@free.fr 

A présent, le service exim4 dit : 

$ tail -20 /var/log/exim4/mainlog 
... 
2023-01-02 02:39:20 1pC9nM-00D83H-4D <= r...@truc.com U=root P=local S=282 
2023-01-02 02:39:20 1pC9nM-00D83H-4D ** t...@free.fr: Unrouteable address 
2023-01-02 02:39:20 1pC9nM-00D83K-7x <= <> R=1pC9nM-00D83H-4D U=Debian-exim 
P=local S=1467 
2023-01-02 02:39:20 1pC9nM-00D83K-7x ** r...@truc.com: Unrouteable address 
2023-01-02 02:39:20 1pC9nM-00D83K-7x Frozen (delivery error message) 
2023-01-02 02:39:20 1pC9nM-00D83H-4D Completed 

J'ai commenté les modifications faites dans exim4.conf.template , ce qui m'a 
permis d'éliminer les erreurs d'authentification smtp. 

Je suis sec. 
Comment procéder pour simplement faire tourner exim4 afin d'utiliser un service 
smtp tiers : 
à partir de mon serveur ? 
à partir d'un serveur debian tout neuf ? 

Merci. 

Re: Sendmail SASL Auth on Debian 11

[Dave Parker]

On Tue, Sep 13, 2022 at 6:41 AM Henning Follmann 
wrote:

>
> >
> > So I guess my question is, do I need one now on the Bullseye server, if
> > saslauthd always worked for this before?
> >
>
> OK, that's an option too.
>
> Now I would check if sasl works. There is an little helper program; try:
> testsaslauthd -u  -p 
>
> you might have to specify the location (-f path) of the unix socket if it
> is located
> somewhere uncommon.
>
> If your authentication works then the communication between sendmail and
> saslauthd
> is not working.
>

Hello,

The testsaslauthd utility was also working, so the break was between
Sendmail and SASL.  I finally got it working, though.  A Google search led
me to these three commands, and running them indeed fixed gthe issue:

/usr/share/sendmail/update_tls
/usr/share/sendmail/update_sendmail
sendmailconfig

All of the config and .m4 files involved here still look the same between
the old and new server, with the exception of some updated comments.  So,
I'm not exactly sure what this did to fix the underlying problem, but it's
fixed nonetheless.

Thanks!
Dave

-- 
Dave Parker '11
Database & Systems Administrator
Utica University
Integrated Information Technology Services
315-792-3229
He/Him

Re: Sendmail SASL Auth on Debian 11

[Henning Follmann]

On Mon, Sep 12, 2022 at 12:42:00PM -0400, Dave Parker wrote:
> On Mon, Sep 12, 2022 at 10:37 AM Henning Follmann 
> wrote:
> 
> >
> > First, please do not top post.
> >
> > On Mon, Sep 12, 2022 at 09:00:00AM -0400, Dave Parker wrote:
> > > Thanks for the advice.  Just to clarify, this is an enterprise SMTP
> > server
> > > for a university, and we have used Sendmail for at least 25 years now.  I
> > > have deployed and configured Sendmail on probably hundreds of servers
> > over
> > > the years, but most of them are on internal networks and relay mail
> > > through this SMTP server.  This is a high traffic SMTP server and its
> > > uptime is critical, so I would prefer to stay with Sendmail because it
> > has
> > > always been rock solid in the past.
> >
> > Understood. And I apologize. I assumed because of the old version of your
> > existing installation a less actively maintained situation and made a snap
> > judgement about your experience.
> > I also never said sendmail is not a  solid MTA. I stated it is extremely
> > difficult to maintain.
> > Also other MTA are well suited for high traffic servers. Exim is used
> > by ISPs with extremely high traffic.
> >
> > >
> > > The issue here is that Sendmail with SASL auth doesn't seem to work the
> > > same way in Bullseye as it did in Wheezy, which is probably to be
> > expected,
> > > given the large gap between versions.  I'm just trying to track down
> > > anything I may have missed in my new Bullseye configuration, since the
> > > exact same config works fine in Wheezy.
> > >
> >
> > Well, in my previous post I might hinted at your issue.
> >
> > Please check if courier-authdaemon or dovecot-core is installed.
> > Both provide an sasl authdaemon.
> > I do not know anything about your old installation so you have to
> > figure out, how and where the unix socket of the daemon is located.
> > If you use a chroot environment you must make sure the socket is accessible
> > to sendmail.
> >
> >
> My apologies for the top post.  We use Google for our institutional email,
> and the Gmail interface defaults to that when I reply to a message.
> 
> Looking at the existing Wheezy server which works correctly, I do not see
> anything providing an auth daemon besides saslauthd:
> 
> # dpkg-query -W | egrep 'sendmail|sasl|courier|dovecot'
> libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u1
> libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u1
> sasl2-bin 2.1.25.dfsg1-6+deb7u1
> sendmail 8.14.4-4
> sendmail-base 8.14.4-4
> sendmail-bin 8.14.4-4
> sendmail-cf 8.14.4-4
> 
> So I guess my question is, do I need one now on the Bullseye server, if
> saslauthd always worked for this before?
> 

OK, that's an option too.

Now I would check if sasl works. There is an little helper program; try:
testsaslauthd -u  -p 

you might have to specify the location (-f path) of the unix socket if it is 
located 
somewhere uncommon.

If your authentication works then the communication between sendmail and 
saslauthd
is not working.



-H

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Sendmail SASL Auth on Debian 11

[Dave Parker]

On Mon, Sep 12, 2022 at 10:37 AM Henning Follmann 
wrote:

>
> First, please do not top post.
>
> On Mon, Sep 12, 2022 at 09:00:00AM -0400, Dave Parker wrote:
> > Thanks for the advice.  Just to clarify, this is an enterprise SMTP
> server
> > for a university, and we have used Sendmail for at least 25 years now.  I
> > have deployed and configured Sendmail on probably hundreds of servers
> over
> > the years, but most of them are on internal networks and relay mail
> > through this SMTP server.  This is a high traffic SMTP server and its
> > uptime is critical, so I would prefer to stay with Sendmail because it
> has
> > always been rock solid in the past.
>
> Understood. And I apologize. I assumed because of the old version of your
> existing installation a less actively maintained situation and made a snap
> judgement about your experience.
> I also never said sendmail is not a  solid MTA. I stated it is extremely
> difficult to maintain.
> Also other MTA are well suited for high traffic servers. Exim is used
> by ISPs with extremely high traffic.
>
> >
> > The issue here is that Sendmail with SASL auth doesn't seem to work the
> > same way in Bullseye as it did in Wheezy, which is probably to be
> expected,
> > given the large gap between versions.  I'm just trying to track down
> > anything I may have missed in my new Bullseye configuration, since the
> > exact same config works fine in Wheezy.
> >
>
> Well, in my previous post I might hinted at your issue.
>
> Please check if courier-authdaemon or dovecot-core is installed.
> Both provide an sasl authdaemon.
> I do not know anything about your old installation so you have to
> figure out, how and where the unix socket of the daemon is located.
> If you use a chroot environment you must make sure the socket is accessible
> to sendmail.
>
>
My apologies for the top post.  We use Google for our institutional email,
and the Gmail interface defaults to that when I reply to a message.

Looking at the existing Wheezy server which works correctly, I do not see
anything providing an auth daemon besides saslauthd:

# dpkg-query -W | egrep 'sendmail|sasl|courier|dovecot'
libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u1
libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u1
sasl2-bin 2.1.25.dfsg1-6+deb7u1
sendmail 8.14.4-4
sendmail-base 8.14.4-4
sendmail-bin 8.14.4-4
sendmail-cf 8.14.4-4

So I guess my question is, do I need one now on the Bullseye server, if
saslauthd always worked for this before?

Thanks,
Dave

-- 
Dave Parker '11
Database & Systems Administrator
Utica University
Integrated Information Technology Services
315-792-3229
He/Him

Re: Sendmail SASL Auth on Debian 11

[Henning Follmann]

First, please do not top post.

On Mon, Sep 12, 2022 at 09:00:00AM -0400, Dave Parker wrote:
> Thanks for the advice.  Just to clarify, this is an enterprise SMTP server
> for a university, and we have used Sendmail for at least 25 years now.  I
> have deployed and configured Sendmail on probably hundreds of servers over
> the years, but most of them are on internal networks and relay mail
> through this SMTP server.  This is a high traffic SMTP server and its
> uptime is critical, so I would prefer to stay with Sendmail because it has
> always been rock solid in the past.

Understood. And I apologize. I assumed because of the old version of your
existing installation a less actively maintained situation and made a snap
judgement about your experience.
I also never said sendmail is not a  solid MTA. I stated it is extremely
difficult to maintain.
Also other MTA are well suited for high traffic servers. Exim is used
by ISPs with extremely high traffic.

> 
> The issue here is that Sendmail with SASL auth doesn't seem to work the
> same way in Bullseye as it did in Wheezy, which is probably to be expected,
> given the large gap between versions.  I'm just trying to track down
> anything I may have missed in my new Bullseye configuration, since the
> exact same config works fine in Wheezy.
>

Well, in my previous post I might hinted at your issue.

Please check if courier-authdaemon or dovecot-core is installed.
Both provide an sasl authdaemon.
I do not know anything about your old installation so you have to
figure out, how and where the unix socket of the daemon is located.
If you use a chroot environment you must make sure the socket is accessible
to sendmail.

Cheers,

-H

[...]

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Sendmail SASL Auth on Debian 11

[Dave Parker]

Thanks for the advice.  Just to clarify, this is an enterprise SMTP server
for a university, and we have used Sendmail for at least 25 years now.  I
have deployed and configured Sendmail on probably hundreds of servers over
the years, but most of them are on internal networks and relay mail
through this SMTP server.  This is a high traffic SMTP server and its
uptime is critical, so I would prefer to stay with Sendmail because it has
always been rock solid in the past.

The issue here is that Sendmail with SASL auth doesn't seem to work the
same way in Bullseye as it did in Wheezy, which is probably to be expected,
given the large gap between versions.  I'm just trying to track down
anything I may have missed in my new Bullseye configuration, since the
exact same config works fine in Wheezy.

Thanks!

On Mon, Sep 12, 2022 at 3:17 AM Henning Follmann 
wrote:

> On Fri, Sep 09, 2022 at 11:55:06AM -0400, Dave Parker wrote:
> > Hello,
> >
> > Years ago, I set up an SMTP server on Debian 7.5, running Sendmail
> > configured for SASL authentication using an LDAP directory.  I am now
> > trying to set up a new one on Debian 11.5 in pretty much the same
> > configuration, but SMTP auth does not work.  I have verified that nslcd
> and
>
> You have not "used" sendmail for several years. You should not use it.
> Sendmail is very complex and extremely difficult to maintain, definetely
> not
> suitable for a "casual" user.
> You should either use
> 1) Exim (I do not like it, because it does not use standard logging. But
> that
>  is personal taste) Its debians default.
>
> 2) Postfix
>
> I used sendmail for a decade but I switched over to Postfix  years ago.
> It is too hard to maintain.
>
>
> > saslauthd are running, the sendmail, PAM and NSS configurations all look
> > good, and ldapsearch returns a result using the settings from
> > pam_ldap.conf.  When I open a connection to the old server and issue AUTH
> > PLAIN or AUTH LOGIN, I can authenticate with my base64 LDAP credentials
> as
> > expected.  But when I do the same on the new server, I get a "535 5.7.0
> > authentication failed" response.
> >
> > I ran a tcpdump on this SMTP server during an auth attempt, and there was
> > no traffic to or from the LDAP server.
> >
> > I literally copied all of the configs over from the old server and
> Sendmail
> > starts up fine, but still no auth.  Does anyone know where I might look
> for
> > the breakage?
> >
> > Old server (works):
> > - Sendmail 8.14.4
> > - SASL (libs/modules/bin) 2.1.25
> > - libnss-ldap 264
> > - libpam-ldap 184
> >
> > New server (doesn't work):
> > - Sendmail 8.15.2
> > - SASL (lib/modules/bin) 2.1.27
> > - libnss-ldapd 0.9.11 (because libnss-ldap is deprecated)
> > - libpam-ldap 186
>
> You need an external authentication daemon for sasl to work.
> I guess based on the age of your old system, it was courier in your case.
>
> Today I would prefer dovecot.
>
>
>
> >
> > Thanks!
> > Dave
> >
> > --
> > Dave Parker '11
> > Database & Systems Administrator
> > Utica University
> > Integrated Information Technology Services
> > 315-792-3229
> > He/Him
>
> --
> Henning Follmann   | hfollm...@itcfollmann.com
>
>

-- 
Dave Parker '11
Database & Systems Administrator
Utica University
Integrated Information Technology Services
315-792-3229
He/Him

Re: Sendmail SASL Auth on Debian 11

[Henning Follmann]

On Fri, Sep 09, 2022 at 11:55:06AM -0400, Dave Parker wrote:
> Hello,
> 
> Years ago, I set up an SMTP server on Debian 7.5, running Sendmail
> configured for SASL authentication using an LDAP directory.  I am now
> trying to set up a new one on Debian 11.5 in pretty much the same
> configuration, but SMTP auth does not work.  I have verified that nslcd and

You have not "used" sendmail for several years. You should not use it.
Sendmail is very complex and extremely difficult to maintain, definetely not
suitable for a "casual" user.
You should either use
1) Exim (I do not like it, because it does not use standard logging. But that
 is personal taste) Its debians default.

2) Postfix

I used sendmail for a decade but I switched over to Postfix  years ago.
It is too hard to maintain.


> saslauthd are running, the sendmail, PAM and NSS configurations all look
> good, and ldapsearch returns a result using the settings from
> pam_ldap.conf.  When I open a connection to the old server and issue AUTH
> PLAIN or AUTH LOGIN, I can authenticate with my base64 LDAP credentials as
> expected.  But when I do the same on the new server, I get a "535 5.7.0
> authentication failed" response.
> 
> I ran a tcpdump on this SMTP server during an auth attempt, and there was
> no traffic to or from the LDAP server.
> 
> I literally copied all of the configs over from the old server and Sendmail
> starts up fine, but still no auth.  Does anyone know where I might look for
> the breakage?
> 
> Old server (works):
> - Sendmail 8.14.4
> - SASL (libs/modules/bin) 2.1.25
> - libnss-ldap 264
> - libpam-ldap 184
> 
> New server (doesn't work):
> - Sendmail 8.15.2
> - SASL (lib/modules/bin) 2.1.27
> - libnss-ldapd 0.9.11 (because libnss-ldap is deprecated)
> - libpam-ldap 186

You need an external authentication daemon for sasl to work.
I guess based on the age of your old system, it was courier in your case.

Today I would prefer dovecot.



> 
> Thanks!
> Dave
> 
> -- 
> Dave Parker '11
> Database & Systems Administrator
> Utica University
> Integrated Information Technology Services
> 315-792-3229
> He/Him

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Sendmail SASL Auth on Debian 11

[Dave Parker]

Hello,

Years ago, I set up an SMTP server on Debian 7.5, running Sendmail
configured for SASL authentication using an LDAP directory.  I am now
trying to set up a new one on Debian 11.5 in pretty much the same
configuration, but SMTP auth does not work.  I have verified that nslcd and
saslauthd are running, the sendmail, PAM and NSS configurations all look
good, and ldapsearch returns a result using the settings from
pam_ldap.conf.  When I open a connection to the old server and issue AUTH
PLAIN or AUTH LOGIN, I can authenticate with my base64 LDAP credentials as
expected.  But when I do the same on the new server, I get a "535 5.7.0
authentication failed" response.

I ran a tcpdump on this SMTP server during an auth attempt, and there was
no traffic to or from the LDAP server.

I literally copied all of the configs over from the old server and Sendmail
starts up fine, but still no auth.  Does anyone know where I might look for
the breakage?

Old server (works):
- Sendmail 8.14.4
- SASL (libs/modules/bin) 2.1.25
- libnss-ldap 264
- libpam-ldap 184

New server (doesn't work):
- Sendmail 8.15.2
- SASL (lib/modules/bin) 2.1.27
- libnss-ldapd 0.9.11 (because libnss-ldap is deprecated)
- libpam-ldap 186

Thanks!
Dave

-- 
Dave Parker '11
Database & Systems Administrator
Utica University
Integrated Information Technology Services
315-792-3229
He/Him

Re: Postfix comme MX2 d'un Sendmail

[Roberto C . Sánchez]

On Mon, Jun 20, 2022 at 05:25:39PM +0200, BERTRAND Joël wrote:
>   Je viens de couper le MX1 durant une petite demi-heure. Le MX2 récupère
> tous les mails en synchronisant les listes grises entre MX1 et 2 et
> renvoie le tout au MX1 dès qu'il réapparaît.
> 
>   Je finasserai la configuration plus tard.
> 
>   Une question résiduelle que je viens de me poser. Lorsqu'un utilisateur
> envoie un mail, il utilise le SMTP (sur le MX1) sur le port 587.
> sendmail demande une authentification. Si pas d'authentification, le
> mail est refusé. Mais sur le port 25, quel est le mécanisme qui fait
> qu'un utilisateur ne peut pas envoyer directement un mail (que ce soit
> avec Postfix ou sendmail) ?
> 
Peut-être ajouter "reject_unauth_destination" au paramètre
smtpd_recipient_restrictions ?

https://wiki.auf.org/wikiteki/Postfix/Authentification

Salut,

-Roberto

-- 
Roberto C. Sánchez

Re: Postfix comme MX2 d'un Sendmail

[BERTRAND Joël]

Je viens de couper le MX1 durant une petite demi-heure. Le MX2 récupère
tous les mails en synchronisant les listes grises entre MX1 et 2 et
renvoie le tout au MX1 dès qu'il réapparaît.

Je finasserai la configuration plus tard.

Une question résiduelle que je viens de me poser. Lorsqu'un utilisateur
envoie un mail, il utilise le SMTP (sur le MX1) sur le port 587.
sendmail demande une authentification. Si pas d'authentification, le
mail est refusé. Mais sur le port 25, quel est le mécanisme qui fait
qu'un utilisateur ne peut pas envoyer directement un mail (que ce soit
avec Postfix ou sendmail) ?

Bien cordialement,

JKB

Re: Postfix comme MX2 d'un Sendmail

[BERTRAND Joël]

Roberto C. Sánchez a écrit :
> Bonjour Joël,

Bonjour Roberto.

> On Mon, Jun 20, 2022 at 02:14:11PM +0200, BERTRAND Joël wrote:
>>
>>  Pour l'instant, j'ai écrit dans /etc/mail/main.cf la chose suivante :
>>
>> command_directory = /usr/sbin
>> daemon_directory = /usr/libexec/postfix
>> data_directory = /var/db/postfix
>> debug_peer_level = 2
>> debugger_command =
>> disable_vrfy_command = yes
>> html_directory = /usr/share/doc/html/postfix
>> inet_interfaces = all
>> inet_protocols = all
>> mail_owner = postfix
>> mailq_path = /usr/bin/mailq
>> manpage_directory = /usr/share/man
>> maximal_queue_lifetime = 10d
>> milter_default_action = accept
>> mynetworks = 192.168.10.0/24, 192.168.12.0/24, 192.168.15.14/32, 127.0.0.1/8
>> newaliases_path = /usr/bin/newaliases
>> non_smtpd_milters = unix:/var/clamav/clamav-milter.sock
>> postscreen_access_list = permit_mynetworks
>> proxy_interfaces = 192.168.15.14
>> queue_directory = /var/spool/postfix
>> readme_directory = /usr/share/examples/postfix
>> relay_domains = $mydestination, systella.fr
>> relay_recipient_maps =
>> sample_directory = /usr/share/examples/postfix
>> sendmail_path = /usr/sbin/sendmail
>> setgid_group = maildrop
>> smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock
>> smtpd_recipient_restrictions = permit_sasl_authenticated,
>> permit_mynetworks, check_relay_domains, reject_unauth_destination
>> unknown_local_recipient_reject_code = 550
>>
> J'utilise Postfix comme primaire et comme secondaire, alors je ne sais
> rien concernant Sendmail.  Mais, ma configuration Postfix comprend les
> adresses IP des autres serveurs Postfix dans le paramètre mynetworks et
> le secondaire aussi le paramètre relayhost de cette manière:
> 
> relayhost = [mx1.example.com]
> 
> Je pense que parce que relayhost manque de ta configuration, ton Postfix
> ne sait pas qu'il doive envoyer le message au MX1 sans essayer résoudre
> l'adresse se c'est du domaine @systella.fr en ce cas.

Il y a effectivement du mieux :

Root rayleigh:[/etc/mail] > telnet  62.212.98.88 25
Trying 62.212.98.88...
Connected to 62.212.98.88.
Escape character is '^]'.
220 legendre.systella.fr ESMTP Postfix
EHLO rayleigh
250-legendre.systella.fr
250-PIPELINING
250-SIZE 1024
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:
250 2.1.0 Ok
RCPT TO:
554 5.5.4 SPF test failed

Je ne me prends plus le même coup de pied aux fesses ;-)

Dans les logs de postfix, je trouve :

Jun 20 15:32:21 legendre postfix/smtpd[16414]: warning: support for
restriction "check_relay_domains" will be removed from Postfix; use
"reject_unauth_destination" instead
Jun 20 15:32:21 legendre postfix/smtpd[16414]: warning: restriction
`reject_unauth_destination' after `check_relay_domains' is ignored
Jun 20 15:32:21 legendre milter-greylist: (unknown id): addr
213.41.150.218 flushed, removed 0 grey and autowhite (ACL 90)
Jun 20 15:32:21 legendre milter-greylist: (unknown id): addr
[213.41.150.218][213.41.150.218] from  to
 blacklisted (ACL 90)
Jun 20 15:32:21 legendre postfix/smtpd[16414]: NOQUEUE: milter-reject:
RCPT from unknown[213.41.150.218]: 554 5.5.4 SPF test failed;
from= to= proto=ESMTP
helo=

J'ai donc changé la configuration pour la suivante (avec le même
résultat final, à savoir un échec du test SPF) :

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command =
disable_vrfy_command = yes
html_directory = /usr/share/doc/html/postfix
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 10d
milter_default_action = accept
mynetworks = 192.168.10.0/24, 192.168.12.0/24, 192.168.15.14/32, 127.0.0.0/8
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = unix:/var/clamav/clamav-milter.sock
postscreen_access_list = permit_mynetworks
proxy_interfaces = 192.168.15.14
queue_directory = /var/spool/postfix
readme_directory = /usr/share/examples/postfix
relay_domains = $mydestination, systella.fr
relay_recipient_maps =
relayhost = [rayleigh.systella.fr]
sample_directory = /usr/share/examples/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, reject_unauth_destination
unknown_local_recipient_reject_code = 550

(j'ai trié le fichier de conf en retirant les commentaires, ça
n'apparaît peut-être pas dans un ordre logique).

Et là, j'ai un gros doute concernant le DNS. Le champ SPFv1 est le
suivant (récupéré depuis le serveur faisant tourner PostFix) :

legendre# 

Re: Postfix comme MX2 d'un Sendmail

[Roberto C . Sánchez]

Bonjour Joël,

On Mon, Jun 20, 2022 at 02:14:11PM +0200, BERTRAND Joël wrote:
> 
>   Pour l'instant, j'ai écrit dans /etc/mail/main.cf la chose suivante :
> 
> command_directory = /usr/sbin
> daemon_directory = /usr/libexec/postfix
> data_directory = /var/db/postfix
> debug_peer_level = 2
> debugger_command =
> disable_vrfy_command = yes
> html_directory = /usr/share/doc/html/postfix
> inet_interfaces = all
> inet_protocols = all
> mail_owner = postfix
> mailq_path = /usr/bin/mailq
> manpage_directory = /usr/share/man
> maximal_queue_lifetime = 10d
> milter_default_action = accept
> mynetworks = 192.168.10.0/24, 192.168.12.0/24, 192.168.15.14/32, 127.0.0.1/8
> newaliases_path = /usr/bin/newaliases
> non_smtpd_milters = unix:/var/clamav/clamav-milter.sock
> postscreen_access_list = permit_mynetworks
> proxy_interfaces = 192.168.15.14
> queue_directory = /var/spool/postfix
> readme_directory = /usr/share/examples/postfix
> relay_domains = $mydestination, systella.fr
> relay_recipient_maps =
> sample_directory = /usr/share/examples/postfix
> sendmail_path = /usr/sbin/sendmail
> setgid_group = maildrop
> smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock
> smtpd_recipient_restrictions = permit_sasl_authenticated,
> permit_mynetworks, check_relay_domains, reject_unauth_destination
> unknown_local_recipient_reject_code = 550
> 
J'utilise Postfix comme primaire et comme secondaire, alors je ne sais
rien concernant Sendmail.  Mais, ma configuration Postfix comprend les
adresses IP des autres serveurs Postfix dans le paramètre mynetworks et
le secondaire aussi le paramètre relayhost de cette manière:

relayhost = [mx1.example.com]

Je pense que parce que relayhost manque de ta configuration, ton Postfix
ne sait pas qu'il doive envoyer le message au MX1 sans essayer résoudre
l'adresse se c'est du domaine @systella.fr en ce cas.

>   Mais à chaque fois que je tente un envoi, postfix me renvoie la chose
> suivante :
> 
> Root rayleigh:[/etc/mail] > telnet  62.212.98.88 25
> Trying 62.212.98.88...
> Connected to 62.212.98.88.
> Escape character is '^]'.
> 220 legendre.systella.fr ESMTP Postfix
> EHLO rayleigh
> 250-legendre.systella.fr
> 250-PIPELINING
> 250-SIZE 1024
> 250-ETRN
> 250-ENHANCEDSTATUSCODES
> 250-8BITMIME
> 250 DSN
> MAIL FROM:
> 250 2.1.0 Ok
> RCPT TO:
> 451 4.3.0 : Temporary lookup failure
> quit
> 221 2.0.0 Bye
> Connection closed by foreign host.
> Root rayleigh:[/etc/mail] >
> 
>   Un RCPT TO: renvoie la même erreur alors
> que ce compte existe sur le serveur en question.
> 
>   Et là, je ne comprends plus... Tous les howto que l'on trouve sur
> internet proposent d'autres solutions qui ne donnent pas de meilleurs
> résultats.
> 
>   Une idée ?
> 
Il m'intéressera savoir si c'est le même après avoir ajouté relayhost à
la configuration.

Salut,

-Roberto

-- 
Roberto C. Sánchez

Postfix comme MX2 d'un Sendmail

[BERTRAND Joël]

Bonjour à tous,

Je tente la configuration d'un serveur de mail postfix comme backup
d'un sendmail des familles et le moins qu'on puisse dire, c'est que si
la configuration de sendmail est complexe, on voit assez rapidement ce
qui cloche contrairement à postfix ;-)

Je _sais_ configurer un MX2 avec sendmail. J'ai déjà configuré le DNS :

;; ADDITIONAL SECTION:
rayleigh.systella.fr.   86400   IN  A   213.41.150.218
newton-ipv6.systella.fr. 86400  IN  2001:7a8:a8ed:253::1
newton.systella.fr. 86400   IN  A   213.41.149.211
legendre.systella.fr.   86400   IN  A   62.212.98.88
noemie.nerim.net.   86400   IN  A   178.132.17.109

Le firewall est réglé correctement sur le MX2, je peux l'attaquer avec
un telnet sur le port 25.

J'ai un serveur de mail principal qui récupère avec sendmail tout un
tas de domaines. Ce serveur fait office de ESMTP et de MX1, a accès à
deux WAN et fonctionne en IPv4 et v6. Il fait exactement ce que je lui
demande.

Je dois utiliser un serveur distant qui utilise Postfix. Et là, c'est
un désastre. Je n'arrive pas à avoir la configuration que je désire.

Tous les mails envoyés à localhost ou à legendre.systella.fr (le
serveur en question) sur le port submission doivent être traités par le
MX local, lequel relaye vers le MX1 grâce à /etc/mail.aliases qui
contient des choses comme ça :

MAILER-DAEMON: postmaster
postmaster: root
toor:   root
daemon: root
bin:root
games:  root
postfix:postmaster
named:  root
ntpd:   root
sshd:   root
nobody: root
root: joel.bertr...@systella.fr
operator: joel.bertr...@systella.fr
...

Je ne veux pas que les utilisateurs puissent utiliser ce MX2 comme un
ESMTP (ça casserait DKIM, SPFv1...). Je veux donc que tout ce qui n'est
pas à destination de legendre.systella.fr et qui passe par le ESMTP et
non le MX soit rejeté.

Mais je veux aussi que tout ce qui est à destination de systella.fr
soit relayé vers le MX1.

Pour l'instant, j'ai écrit dans /etc/mail/main.cf la chose suivante :

command_directory = /usr/sbin
daemon_directory = /usr/libexec/postfix
data_directory = /var/db/postfix
debug_peer_level = 2
debugger_command =
disable_vrfy_command = yes
html_directory = /usr/share/doc/html/postfix
inet_interfaces = all
inet_protocols = all
mail_owner = postfix
mailq_path = /usr/bin/mailq
manpage_directory = /usr/share/man
maximal_queue_lifetime = 10d
milter_default_action = accept
mynetworks = 192.168.10.0/24, 192.168.12.0/24, 192.168.15.14/32, 127.0.0.1/8
newaliases_path = /usr/bin/newaliases
non_smtpd_milters = unix:/var/clamav/clamav-milter.sock
postscreen_access_list = permit_mynetworks
proxy_interfaces = 192.168.15.14
queue_directory = /var/spool/postfix
readme_directory = /usr/share/examples/postfix
relay_domains = $mydestination, systella.fr
relay_recipient_maps =
sample_directory = /usr/share/examples/postfix
sendmail_path = /usr/sbin/sendmail
setgid_group = maildrop
smtpd_milters = unix:/var/milter-greylist/milter-greylist.sock
smtpd_recipient_restrictions = permit_sasl_authenticated,
permit_mynetworks, check_relay_domains, reject_unauth_destination
unknown_local_recipient_reject_code = 550

Mais à chaque fois que je tente un envoi, postfix me renvoie la chose
suivante :

Root rayleigh:[/etc/mail] > telnet  62.212.98.88 25
Trying 62.212.98.88...
Connected to 62.212.98.88.
Escape character is '^]'.
220 legendre.systella.fr ESMTP Postfix
EHLO rayleigh
250-legendre.systella.fr
250-PIPELINING
250-SIZE 1024
250-ETRN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
MAIL FROM:
250 2.1.0 Ok
RCPT TO:
451 4.3.0 : Temporary lookup failure
quit
221 2.0.0 Bye
Connection closed by foreign host.
Root rayleigh:[/etc/mail] >

Un RCPT TO: renvoie la même erreur alors
que ce compte existe sur le serveur en question.

Et là, je ne comprends plus... Tous les howto que l'on trouve sur
internet proposent d'autres solutions qui ne donnent pas de meilleurs
résultats.

Une idée ?

Bien cordialement,

JKB

[Trouvé] Re: Sendmail et authentification par saslauthd

[BERTRAND Joël]

Bonjour à tous,

Après bricolage dans le sendmail.cf, j'ai trouvé que sendmail allait
chercher un fichier de conf Sendmail.conf partout sauf dans
/etc/mail/sasl. Normalement, ce fichier s'appelle d'ailleurs
Sendmail.conf.2 vu qu'il s'agit de saslv2.

Un lien de /etc/mail/sals/Sendmail.conf.2 vers
/usr/lib/sasl/Sendmail.conf résout le problème.

Bien cordialement,

JKB

PS: ce n'est pas la première fois que ce genre de problème m'arrive avec
Debian/Devuan, mais il serait vraiment bien que pour des modifications
qui entraînent un fonctionnement étrange sans avoir d'erreur dans les
logs avec la configuration de loglevel par défaut, celles-ci soient un
tantinet documentées. sendmail, sauf à avoir été méchamment twiké, n'a
aucune raison de chercher ce fichier sous ce nom à cet endroit.

Re: Sendmail et authentification par saslauthd

[BERTRAND Joël]

didier gaumet a écrit :
> 
> pataper: j'y connais vraiment rien
> 
> mais peut-être ici auras-tu un début de piste (utilisation de telnet et
> du port 587 pour tester sasl/smtp)
> 
> https://networking.ringofsaturn.com/Protocols/howtotestsendmailauthentication.php

Merci. Mais ça, je connais, je suis un barbu capable d'envoyer des
mails par telnet. Mon problème est surtout que sendmail semble
totalement ignorer sasl. J'en suis à comparer deux sendmail.cf, celui
d'un site fonctionnel et celui du site que je suis en train de monter.
Et même là, je ne vois rien d'aberrant.

Bien cordialement,

JKB

Re: Sendmail et authentification par saslauthd

[didier gaumet]

pataper: j'y connais vraiment rien

mais peut-être ici auras-tu un début de piste (utilisation de telnet et 
du port 587 pour tester sasl/smtp)


https://networking.ringofsaturn.com/Protocols/howtotestsendmailauthentication.php

Sendmail et authentification par saslauthd

[BERTRAND Joël]

Bonsoir à tous,

Je suis en train de monter pour une association un serveur de mail et
je butte sur un problème que je n'arrive par à résoudre.

J'utilise un sendmail des familles (parce que ça fait trente ans que
j'utilise sendmail sur tous mes systèmes allant de VMS à Solaris et que
je maîtrise à peu près l'engin, donc ne me répondez pas de passer à
postfix, exim ou pire qmail...).

Il reçoit sans problème avec tous les milters qui vont bien, mais je
n'arrive pas à envoyer un mail. L'authentification échoue. Et là, je ne
sais plus quoi faire.

J'ai bien configuré sasl2 (avec pam qui va prendre les informations
dans passwd/shadow). saslauthd fonctionne :

root:[/etc/mail] > testsaslauthd -u bertrand -p 
0: OK "Success."
root:[/etc/mail] > testsaslauthd -u bertrand -p 
0: NO "authentication failed"

J'ai naturellement redémarré sendmail après saslauthd (c'est un grand
gag, je me suis fait avoir un certain paquet de fois).

    J'ai tenté de lancer sendmail avec la ligne suivante :

/usr/sbin/sendmail  -d95.99 -bD -X test.log

histoire d'avoir toute la transaction dans le fichier test.log. Le
client de messagerie envoie le mot de passe après STARTLS en plain puis
login et se fait claquer la porte aux nez. Si je lance saslautd dans un
terminal, je ne note aucune tentative vers saslauthd de la part de
sendmail (un testsaslauthd montre bien une requête).

J'ai comparé la configuration d'un serveur fonctionnel (celui à partir
duquel je poste) avec celui que je viens de monter, je ne vois pas les
différences. J'ai même vérifié les droits des différents fichiers.
Sendmail ne semble par renvoyer d'erreur, mais n'appelle pas le
mécanisme d'authentification.

Mon sendmail.mc se termine par :
LOCAL_CONFIG
include(`/etc/mail/sasl/sasl.m4')dnl
include(`/etc/mail/tls/starttls.m4')dnl

Je suis preneur de toute idée raisonnable pour débugguer la chose.

Bien cordialement,

JKB

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[David Wright]

On Thu 26 Nov 2020 at 09:34:25 (+), Joe wrote:
> On Wed, 25 Nov 2020 21:57:10 -0600 David Wright wrote:
> 
> > Perhaps the problem is similar to the one I had with this list
> > (hence the change I made above). What happened was that my posts'
> > Envelope-from (set to the same as my From address above) was being
> > changed by my mail hosting service to an address on their outgoing
> > mail gateway. AIUI Debian immediately tries to establish an email
> > connection to that address on port 25 to verify it exists, but the
> > outgoing gateway apparently is not an incoming mail receiver, and
> > is not listening on port 25. So Debian rejects the post.
> > 
> There should/need be no Envelope-From header in an email as sent, it is
> inserted by the receiving SMTP server as a copy of the sending address
> as used in the SMTP transaction, something which is not a sent header
> and that would not otherwise be available to the end recipient.

When you say "no Envelope-From header", I guess your asking me to make
it clearer in my post that I'm not discussing the email headers at all,
but only the envelope. However, in order to find out what the Envelope-from
of an email was, you have to examine the headers for clues.

Exim uses the term Envelope-from, as seen in your own posts, and
I guess that the number of names "it" has been given reflects the
uses to which it's put. The wiki page lists: return path,
reverse path,  envelope from, envelope sender, MAIL FROM, 5321-FROM,
return address, From_, Errors-to, etc [sic], and the page's own name:
Bounce address. The page continues:
   "It is not uncommon for a single document to use several of these
names. All of these names refer to the email address provided with
the MAIL FROM command during the SMTP session.
Ordinarily, the bounce address is not seen by email users and,
without standardization of the name, it may cause confusion."

> An SMTP sending server does not need to also receive email. Large
> businesses often use separate servers for send and receive, and often
> contract out one or both functions to different companies e.g. mass
> mailers and spam cleaning services. It should not be assumed that the
> MX record for a domain matches its sending address.

Yes, that's the case here. AFAICT there are three hosts involved in
providing my service: an outgoing, an incoming, and the one hosting
my IMAP and SMTP servers. (There may be others involved in, say,
scanning that I don't know about.)

> What Debian's mail server might well do is to look up the sending
> server's HELO/EHLO, sending address and IP address in public DNS, and
> refuse or delay emails with missing or incorrect records. Exim4 by
> default has rules (thought not enabled by default) for checking these
> things with a view to refusing transactions with spammers.

Yes, some of that information may be difficult to control oneself
(I think you also said that), and it's not always clear exactly
how it was used (ie which bits did they look up, and where)
in order to accept or reject it. AFAICT, in my case, Debian
couldn't get a satisfactory response to its RCPT TO command to
what you've termed the "sending address" (which is what I've been
calling the Envelope-from).

I don't have any idea why the Envelope-from that I set should be
changed to something else in the transfer to bendel.debian.org,
so that's something for me to research when I have the time and
inclination. Debian-user is the only address where I have this
problem with submission. Contemporaneous postings to a gnu.org
list show no change in Envelope-from in the equivalent transfer
from my gateway to eggs.gnu.org, the list's incoming host, nor
even next transfer to lists.gnu.org, the list processor itself.

What's really difficult to tell is whether there's something in
the responses from Debian-user that's causing the change at my
gateway. For example, there may be some unseen exchanges between
the two ends in connection with greylisting.

Cheers,
David.

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[David Wright]

On Thu 26 Nov 2020 at 08:52:30 (+), mick crane wrote:
> On 2020-11-26 03:57, David Wright wrote:
> 
> > What sort of rejections and/or bounces have you had?
> 
> It showed up that mails to getmail list that uses Exim were refused as
> unsubscribed whereas before was OK.

I take it that was late last year when your Envelope-from appears to
have changed.

> I "think" I then subscribed with noctiluc...@sky.com which worked for
> a bit but then from list to me bounced.

Is noctiluc...@sky.com an email address that you can/do use, or
is it just an account with Sky?

> "Remote host said: 554 5.7.9 Message not accepted for policy reasons"

Was that response from a List → you-at-Sky message? If so, shouldn't
you ask Sky, particular if you have had success before with sending to
this address (as you wrote "worked for a bit").

> using Sky/Yahoo SMTP it seems to add "Return-Path:" as being
> noctiluc...@sky.com.

That should indicate that you used noctiluc...@sky.com as your
Envelope-from. Was this a concious decision, or did you just
find it to be so? That setting might be obligatory when using
their SMTP server. (For example, it is with my ISP's.)

> Then subscribed to getmail list "from" gmail and other hosted domain
> address
> and welcomed as subscribed as "noctiluc...@sky.com".

I don't know what any of these organisations use to determine the
"subscribed address". Rather than subscribing by sending an email
(which might contain other, confusing addresses) you can usually
find a web page with a subscription box. Typically, the list then
sends an email to the address you typed, as a challenge for you
to respond to, proving that the address is correct and the
subscription desired. If you ignore it, then the subscription
gets cancelled and you can have another go.

> I only know enough about this stuff to get it working and then
> promptly forget.

Yeah—that's not usually a recipe for success.

> Unsure of the etiquette of using other SMTP servers.

Obviously for you to be able to use some random SMTP server, you'd
need some sort of credentials for authorisation/authentication, as
well as being able to connect to the appropriate ports through your
ISP (which is not guaranteed).

If you've logged into some webmail system to read your emails,
it's likely that they use those login credentials to allow you
to send as well (subject to their T).

> This is all using local, not the newest, roundcube for reading/sending.

I've not used roundcube. I take it that "using local" means that
you've got something like apache running on your own machine (rather
than using a web service provided by some website). In which case,
you've probably had to set up some hostnames, ports, and credentials
for your ISP's POP and SMTP servers.

I don't know whether any of this helps with whatever problems you've
been having.

Cheers,
David.

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[Joe]

On Wed, 25 Nov 2020 21:57:10 -0600
David Wright  wrote:


> Perhaps the problem is similar to the one I had with this list
> (hence the change I made above). What happened was that my posts'
> Envelope-from (set to the same as my From address above) was being
> changed by my mail hosting service to an address on their outgoing
> mail gateway. AIUI Debian immediately tries to establish an email
> connection to that address on port 25 to verify it exists, but the
> outgoing gateway apparently is not an incoming mail receiver, and
> is not listening on port 25. So Debian rejects the post.
> 

There should/need be no Envelope-From header in an email as sent, it is
inserted by the receiving SMTP server as a copy of the sending address
as used in the SMTP transaction, something which is not a sent header
and that would not otherwise be available to the end recipient.

An SMTP sending server does not need to also receive email. Large
businesses often use separate servers for send and receive, and often
contract out one or both functions to different companies e.g. mass
mailers and spam cleaning services. It should not be assumed that the
MX record for a domain matches its sending address.

What Debian's mail server might well do is to look up the sending
server's HELO/EHLO, sending address and IP address in public DNS, and
refuse or delay emails with missing or incorrect records. Exim4 by
default has rules (thought not enabled by default) for checking these
things with a view to refusing transactions with spammers.

-- 
Joe

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[mick crane]

On 2020-11-26 03:57, David Wright wrote:


What sort of rejections and/or bounces have you had?


It showed up that mails to getmail list that uses Exim were refused as 
unsubscribed whereas before was OK.
I "think" I then subscribed with noctiluc...@sky.com which worked for a 
bit but then from list to me bounced.

"Remote host said: 554 5.7.9 Message not accepted for policy reasons"
using Sky/Yahoo SMTP it seems to add "Return-Path:" as being 
noctiluc...@sky.com.
Then subscribed to getmail list "from" gmail and other hosted domain 
address

and welcomed as subscribed as "noctiluc...@sky.com".

I only know enough about this stuff to get it working and then promptly 
forget.

Unsure of the etiquette of using other SMTP servers.
This is all using local, not the newest, roundcube for reading/sending.

cheers mick
--
Key ID4BFEBB31

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[David Wright]

On Wed 25 Nov 2020 at 00:08:27 (+), mick crane wrote:
> On 2020-11-23 12:19, Andrei POPESCU wrote:
> > On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote:
> > > I was interested to read that Flo, the OP, uses separate mail
> > > collection, sendmail and thunderbird. Some of the replies sound like
> > > this is a common practice.
> > > 
> > > What are the advantages of this set of processes over letting tbird do
> > > it all? - or any other client for that matter?
> > 
> > It makes it easier to switch between different e-mail clients if the
> > sending and/or receiving is handled externally, e.g. one might use a
> > graphical e-mail client in general and a text mode client occasionally.
> > 
> > Such a setup also typically uses standard locations for the storage (as
> > opposed to e-mail client specific), which makes it easier to add more
> > functionality (e.g. serve local e-mail via IMAP) or replace individual
> > components.
> 
> As I can make out if you try to do the useful stuff on your home network
> like having Dovecot doing your mail it is really a bodge if you are
> not advertising those services on the internet.

Apart from any security considerations, you'd need to be running your
server 24/7 if it's going to receive mail from random MTAs across the
globe. We run our modem and routers 24/7 (and my old modem burnt out
recently after 7 years) but I'm not prepared to run my old computers
like that.

> I am I suppose in the domain of Sky who provide my wired connection so
> I use sky/yahoo SMTP server as part of service but they add to
> outgoing email "Reply-Path" being my Sky user account in the headers
> which seems to be confusing exim email lists and results in rejected
> or bounced emails recently.

We only see the accepted emails, of course, and I can see that you
changed something late last year in the way you submit your posts.
I'm not sure why that change would cause rejection or bounces.

I had to make a similar change more recently. Submitting to my ISP
now necessitates using an ISP account as the Envelope-from in order to
authorise a submission (even though the connection has already been
authenticated with the same ISP account *and* password). That works
fine at home, though it's untested when travelling.

> I'd like to sort it out to avoid that if I knew what they were doing.
> I like things as they are when it is working and really, really don't
> want to go the whole hog of advertising email services. I think it is
> some relatively new thing where they are double authenticating or
> something but ideally I don't know why SMTP server does just pass
> message along and not add items to the header except they received it
> and passed it along to the recipient.

Perhaps the problem is similar to the one I had with this list
(hence the change I made above). What happened was that my posts'
Envelope-from (set to the same as my From address above) was being
changed by my mail hosting service to an address on their outgoing
mail gateway. AIUI Debian immediately tries to establish an email
connection to that address on port 25 to verify it exists, but the
outgoing gateway apparently is not an incoming mail receiver, and
is not listening on port 25. So Debian rejects the post.

Hence my change in mail submission for this list, from using my
email hosting service to my ISP instead.

What sort of rejections and/or bounces have you had?

Cheers,
David.

Re: Why use an email client AND sendmail/popa3d

[Celejar]

On Wed, 25 Nov 2020 20:11:29 +
Joe  wrote:

> On Wed, 25 Nov 2020 09:13:03 -0500
> Celejar  wrote:
> 
> > On Wed, 25 Nov 2020 09:03:21 +
> > Joe  wrote:
> > 
> > ...
> > 
> > > proper email client or webmail. I have to admit I use a netbook
> > > while away from home, as I have both "smart"phone and tablet, but
> > > they are extremely limited toys and they are owned by Google. If I
> > > need a mobile computer, then I want a real computer, and one where
> > > I have root access.   
> > 
> > A smartphone running something like LineageOS is not really owned by
> > Google (although there are still the very real problems of binary
> > blobs and the baseband black box stuff). If you get one with an
> > unlocked bootloader, you can have root as well. They're certainly not
> > quite the same thing as a "real" computer, admittedly.
> >
> 
> I'm not really comfortable about downloading a random rooting tool from

Fair points, certainly. But things like LineageOS, TWRP, and Magisk are
not just "random rooting tools" - they are legitimate, well-established
open source projects (although I would concede that they are probably
somewhat less "adult" and responsible than something like the Debian
project we know and love ;))

> the Net, and I have the impression, rightly or wrongly, that writers of
> software for phones and tablets take the same kind of proprietorial
> view of other peoples' devices as writers of Windows software.

Well, that's probably true of developers in the mainstream smartphone
ecosystems, but I don't think it is generally true of the FLOSS
developers for such devices, and particularly not with regard to the
members of sub-communities like F-Droid.

> That's my main objection to using Windows: not so much the OS itself as
> the tendency for writers of software to believe that they own *my*
> computer, and can do what they like with it and with my data.

Certainly.

Celejar

Re: Why use an email client AND sendmail/popa3d

[Joe]

On Wed, 25 Nov 2020 09:13:03 -0500
Celejar  wrote:

> On Wed, 25 Nov 2020 09:03:21 +
> Joe  wrote:
> 
> ...
> 
> > proper email client or webmail. I have to admit I use a netbook
> > while away from home, as I have both "smart"phone and tablet, but
> > they are extremely limited toys and they are owned by Google. If I
> > need a mobile computer, then I want a real computer, and one where
> > I have root access.   
> 
> A smartphone running something like LineageOS is not really owned by
> Google (although there are still the very real problems of binary
> blobs and the baseband black box stuff). If you get one with an
> unlocked bootloader, you can have root as well. They're certainly not
> quite the same thing as a "real" computer, admittedly.
>

I'm not really comfortable about downloading a random rooting tool from
the Net, and I have the impression, rightly or wrongly, that writers of
software for phones and tablets take the same kind of proprietorial
view of other peoples' devices as writers of Windows software.

That's my main objection to using Windows: not so much the OS itself as
the tendency for writers of software to believe that they own *my*
computer, and can do what they like with it and with my data.

-- 
Joe

Re: Why use an email client AND sendmail/popa3d

[David Wright]

On Wed 25 Nov 2020 at 09:30:41 (+1100), Keith Bainbridge wrote:
> On Sun, 22 Nov 2020 23:34:56 -0600  David Wright wrote:
> >>> On Mon 23 Nov 2020 at 14:27:36 (+1100), Keith Bainbridge wrote:
> >>> > So does htis get a new subject in the list?
> 
> Interesting. I'll try it next time I want to use a comment from one
> thread as a separate topic.  BUT I wrote a totally new subject line.
> Surely that is removing 'Re: '

Oops, sorry, my mistake. I was simultaneously replying to several
emails at too late an hour—your subject line was fine.

> I'd appreciate a good explanation if somebody is up to it.

Of why it starts a new thread? Because there are no References and no
In-reply-to, it doesn't get threaded onto an existing thread.

There's an exception where a client threads a message onto any other
one with a similar subject. I remember this often causing problems
20 years ago when someone would send "Lunch?" expecting an immediate
reply, and the recipient's client would thread it to a months-old
duplicate message.

> >>> It would appear so. [snipped the misleading sentence that was here]
> >>>
> >>> > I was interested to read that Flo, the OP, uses separate mail
> >>> > collection, sendmail and thunderbird. Some of the replies sound
> >>> > like this is a common practice.
> >>> >
> >>> > What are the advantages of this set of processes over letting
> >>> > tbird do it all? - or any other client for that matter?
> >>>
> >>> Disadvantages of using your email client to send might include:
> >>> . sending is relatively instant as the client is dispatching
> >>>   it to the same machine, not the remote smarthost,
> 
> So I wouldn't get the message saying the note is being sent by the
> client - because that bit is 'instantaneous' by being local.

I must have been half-asleep: that's poorly expressed.
Each bullet point is meant to be an advantage of using an MTA,
and a disadvantage of sending direct from client to smarthost.

So bullet point 1 ought to say:
  . sending [via an MTA]  is relatively instant as the client is dispatching
it [the email] to the [MTA, running on the] same machine, not the remote 
smarthost,

What you would observe in the two cases is (using mutt as an example):

  With an MTA, the email is transferred almost immediately to the MTA
  running on the same machine, and the client says "Mail sent".

  With sending direct, some messages will flicker by as communication
  is established with the smarthost; with large emails, there'll be a
  pause while the file is transferred; then a couple more messages and
  finally "Mail sent". On this computer, the mutt debug logs show that
  sending a trivial email takes between 2 and 7 seconds, mostly
  related to starting up the connection.

  My transfer speeds (by cable) are very good nowadays. A decade ago
  in the UK, with several miles to the exchange going over copper,
  speeds were fairly dire (until FTTC arrived). Large attachments
  could take a while to get out.

> >>> . exim will retry sending if your smarthost is busy/unavailable,
> 
> OK. I have had instances of the 'sending' notice being there when I
> come back after lunch.
> 
> >>> . it keeps logs,
> 
> Fair enough
> 
> >>> . it send emails on behalf of other processes, like cron jobs,
> >>>   where your client is not involved.
> 
> Is that why email from cron doesn't happen sometimes, then magically
> happens.

I would hesitate to guess without more information.

> >>> I don't collect emails in Flo's sense, as I use IMAP rather than
> >>> POP. So my INBOX is merely mutt's cache of individual emails,
> >>> rather than a live mailfile. The actual server is somewhere around
> >>> Manchester/Stockport.
> 
> I prefer imap as I check mail on 3 devices, but it's become too slow to
> be workable, recently.   I do check back occasionally to see if the
> connection to Germany is getting better. It is 20,000Km I suppose.

That beats my 7000km (over a very fat pipe).

IMAP is designed to be interactive, and fetch each email when you ask
for it. But you can cheat. One way with mutt is to use "search in
message bodies" for some "impossible" string (like a long random one),
and then go and make the coffee. The client is forced to fetch and
cache all the unread emails while searching for the string. When you
return, you'll be able to read new messages instantaneously because
they're already cached.

> I had this thought as I completed that last sentence: should I use my
> ISP as a collection point for my many addresses?

Personally, I prefer to keep my email hosting separate from my ISP.
It's one less complication when travelling, changing service provider,
or moving home or job.

> Thanks for a thought provoking response.   I'll be contemplating this
> for a bit yet.

I hope I was a bit clearer.

Cheers,
David.

Re: Why use an email client AND sendmail/popa3d

[Celejar]

On Wed, 25 Nov 2020 09:03:21 +
Joe  wrote:

...

> proper email client or webmail. I have to admit I use a netbook while
> away from home, as I have both "smart"phone and tablet, but they are
> extremely limited toys and they are owned by Google. If I need a mobile
> computer, then I want a real computer, and one where I have root
> access. 

A smartphone running something like LineageOS is not really owned by
Google (although there are still the very real problems of binary blobs
and the baseband black box stuff). If you get one with an unlocked
bootloader, you can have root as well. They're certainly not quite the
same thing as a "real" computer, admittedly.

Celejar

Re: Why use an email client AND sendmail/popa3d

[Greg Wooledge]

On Wed, Nov 25, 2020 at 09:30:41AM +1100, Keith Bainbridge wrote:
> On Sun, 22 Nov 2020 23:34:56 -0600  David Wright
>  wrote:
> 
> >>> On Mon 23 Nov 2020 at 14:27:36 (+1100), Keith Bainbridge wrote:
> >>> > So does htis get a new subject in the list?
> 
> Interesting. I'll try it next time I want to use a comment from one
> thread as a separate topic.  BUT I wrote a totally new subject line.
> Surely that is removing 'Re: '

It's not the Subject: header that matters for thread construction.(*)
It's the In-Reply-To: header, which contains the Message-ID:s of your
parent message(s).

A sufficiently advanced email client (MUA) takes all the messages,
with all of their unique Message-ID:s, and all of their In-Reply-To:
headers, and constructs a tree in memory, with all of the parent/child
relationships laid out explicitly.  Then it presents this tree
structure to you, however it was programmed to do.

(*) Unless you're using Microsoft Outlook or other similar crap.

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[Joe]

On Wed, 25 Nov 2020 00:08:27 +
mick crane  wrote:

> On 2020-11-23 12:19, Andrei POPESCU wrote:
> > On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote:  
> >> So does htis get a new subject in the list?
> >> 
> >> Good afternon All
> >> 
> >> I was interested to read that Flo, the OP, uses separate mail
> >> collection, sendmail and thunderbird. Some of the replies sound
> >> like this is a common practice.
> >> 
> >> What are the advantages of this set of processes over letting
> >> tbird do it all? - or any other client for that matter?  
> > 
> > It makes it easier to switch between different e-mail clients if the
> > sending and/or receiving is handled externally, e.g. one might use a
> > graphical e-mail client in general and a text mode client
> > occasionally.
> > 
> > Such a setup also typically uses standard locations for the storage
> > (as opposed to e-mail client specific), which makes it easier to
> > add more functionality (e.g. serve local e-mail via IMAP) or
> > replace individual components.  
> 
> As I can make out if you try to do the useful stuff on your home
> network like having Dovecot doing your mail it is really a bodge if
> you are not advertising those services on the internet.

As I've posted elsewhere, I run my own servers and don't open the email
ports to the world (other than SMTP). I use ssh with port forwarding to
reach email from outside, or occasionally OpenVPN.

> I am I suppose in the domain of Sky who provide my wired connection
> so I use sky/yahoo SMTP server as part of service but they add to
> outgoing email "Reply-Path" being my Sky user account in the headers
> which seems to be confusing exim email lists and results in rejected
> or bounced emails recently.
> I'd like to sort it out to avoid that if I knew what they were doing.
> I like things as they are when it is working and really, really don't
> want to go the whole hog of advertising email services. I think it is
> some relatively new thing where they are double authenticating or
> something but ideally I don't know why SMTP server does just pass
> message along and not add items to the header except they received it
> and passed it along to the recipient.

As it happens outside your control, there's not a lot you can do about
it other than hire an email service that is fairly professional i.e.
not a domestic service whose primary client base is children (of all
ages). A lot of domestic providers insist that you send using one of
their email addresses, which doesn't suit everyone. I lease a few
domains and I expect to use them for my email addresses.

-- 
Joe

Re: Why use an email client AND sendmail/popa3d

[Joe]

On Wed, 25 Nov 2020 09:30:49 +1100
Keith Bainbridge  wrote:


> 
> I like the idea of a local imap server. I have a RPi that will do the
> job, sitting ready and waiting.  How easy is it to get phone/tablet to
> connect while I'm away? though.  A good URI would be an excellent
> answer.
> 

Less so than with an external email provider.

I prefer not to open email collection ports to the Net, so I use ssh
with keys and port forwarding, on a non-standard port to keep the logs
cleaner. I forward both web and the email ports, so I can either use a
proper email client or webmail. I have to admit I use a netbook while
away from home, as I have both "smart"phone and tablet, but they are
extremely limited toys and they are owned by Google. If I need a mobile
computer, then I want a real computer, and one where I have root
access. 

I'm in the process of building a couple of RPi servers to replace my
HP microserver, and the mail server seems to be running OK. I have
exim4 as the MTA, dovecot for IMAP and Roundcube for webmail. Roundcube
requires an SQL database, and I'm running MariaDB for other reasons, and
it's happy with that. It's also running bind9, as I'm sending and
receiving email directly and need a good local DNS service.

-- 
Joe

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[mick crane]

On 2020-11-23 12:19, Andrei POPESCU wrote:

On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote:

So does htis get a new subject in the list?

Good afternon All

I was interested to read that Flo, the OP, uses separate mail
collection, sendmail and thunderbird. Some of the replies sound like
this is a common practice.

What are the advantages of this set of processes over letting tbird do
it all? - or any other client for that matter?


It makes it easier to switch between different e-mail clients if the
sending and/or receiving is handled externally, e.g. one might use a
graphical e-mail client in general and a text mode client occasionally.

Such a setup also typically uses standard locations for the storage (as
opposed to e-mail client specific), which makes it easier to add more
functionality (e.g. serve local e-mail via IMAP) or replace individual
components.


As I can make out if you try to do the useful stuff on your home network
like having Dovecot doing your mail it is really a bodge if you are not 
advertising those services on the internet.
I am I suppose in the domain of Sky who provide my wired connection so I 
use sky/yahoo SMTP server as part of service but they add to outgoing 
email "Reply-Path" being my Sky user account in the headers which seems 
to be confusing exim email lists and results in rejected or bounced 
emails recently.
I'd like to sort it out to avoid that if I knew what they were doing. I 
like things as they are when it is working and really, really don't want 
to go the whole hog of advertising email services. I think it is some 
relatively new thing where they are double authenticating or something 
but ideally I don't know why SMTP server does just pass message along 
and not add items to the header except they received it and passed it 
along to the recipient.


mick
--
Key ID4BFEBB31

Re: Why use an email client AND sendmail/popa3d

[Keith Bainbridge]

On Mon, 23 Nov 2020 09:50:34 -0600  John Hasler 
wrote:

>>  I use Fetchmail to fetch my mail every five minutes from Newsguy.
>> This means that my mail is never on anyone else's server for more
>> than a few minutes.  Fetchmail hands it off to Exim which passes it
>> through Mailagent and Spamassassin and then delivers it to my
>> inbox.  Outgoing mail is delivered to Newsguy by Exim running in
>> smarthost mode (one of the menu choices when installing Exim).  Mail
>> to my domains is forwarded to Newsguy.  I get most of the benefits
>> of running my own email server without having to administer an
>> Internet-facing server.  I have full control of filtering and
>> sorting, can use any MUA, and needn't have a connection up to read
>> or send mail.  Messages I compose while the link is down go out when
>> it comes up.  All my saved mail is right here on my machine where I
>> can look through it at will but no one else can. -- 
>>  John Hasler 
>>  jhas...@newsguy.com
>>  Elmwood, WI USA
>>  

Thanks John. For what it is worth, this has just arrived on my laptop;
I saw it on my phone about 4 hours ago, and have been eagerly awaiting
it.  You might have recognised my reference to it about an hour ago.
But re-reading it, I see I over stated the number of processes you use.

Having used gmail & imap for 15 years, I figure I am way past trying to
prevent prying eyes. I have also 'mislaid' my mail here so often, that
I rely on the server much more than I should. I know that is BAD, and
we lost several weeks of mail off gmail earlier this year, but

I'll give it a go though, as it sounds like reinstating backed up mail
is easier for when I do loose something. Will I get to leaving nothing
out there?   

Can you point me to a simple how-to, please. As I said to another
response, a good URI is an excellent answer.

Next, what is the most efficient way to search 20,000 plus files for a
string of text, especially when the string may omit an adjective?


Thanks again,
From the other side of the Pacific.


Now where has your reply been hiding?


--

Keith Bainbridge

keith.bainbridge.3...@gmx.com
ke1thozgro...@gmx.com

Re: Why use an email client AND sendmail/popa3d

[Keith Bainbridge]

On Mon, 23 Nov 2020 14:19:16 +0200  Andrei POPESCU
 wrote:

>>> On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote:
>>> > So does htis get a new subject in the list?
>>> >
>>> > Good afternon All
>>> >
>>> > I was interested to read that Flo, the OP, uses separate mail
>>> > collection, sendmail and thunderbird. Some of the replies sound
>>> > like this is a common practice.
>>> >
>>> > What are the advantages of this set of processes over letting
>>> > tbird do it all? - or any other client for that matter?
>>>
>>> It makes it easier to switch between different e-mail clients if
>>> the sending and/or receiving is handled externally, e.g. one might
>>> use a graphical e-mail client in general and a text mode client
>>> occasionally.
>>>
>>> Such a setup also typically uses standard locations for the storage
>>> (as opposed to e-mail client specific), which makes it easier to
>>> add more functionality (e.g. serve local e-mail via IMAP) or
>>> replace individual components.
>>>
>>> Kind regards,
>>> Andrei
>>> --
>>> http://wiki.debian.org/FAQsFromDebianUser

Thanks for your reply. I have been contemplating

I have switched email client often in the past, less so lately.

I like the idea of a local imap server. I have a RPi that will do the
job, sitting ready and waiting.  How easy is it to get phone/tablet to
connect while I'm away? though.  A good URI would be an excellent
answer.

Thanks again for replying.

--

Keith Bainbridge

keith.bainbridge.3...@gmx.com
ke1thozgro...@gmx.com

Re: Why use an email client AND sendmail/popa3d

[Keith Bainbridge]

On Sun, 22 Nov 2020 23:34:56 -0600  David Wright
 wrote:

>>> On Mon 23 Nov 2020 at 14:27:36 (+1100), Keith Bainbridge wrote:
>>> > So does htis get a new subject in the list?

Interesting. I'll try it next time I want to use a comment from one
thread as a separate topic.  BUT I wrote a totally new subject line.
Surely that is removing 'Re: '

I'd appreciate a good explanation if somebody is up to it.

>>>
>>> It would appear so. I guess you could also have removed the Re:
>>> from the subject line.
>>>
>>> > I was interested to read that Flo, the OP, uses separate mail
>>> > collection, sendmail and thunderbird. Some of the replies sound
>>> > like this is a common practice.
>>> >
>>> > What are the advantages of this set of processes over letting
>>> > tbird do it all? - or any other client for that matter?
>>>
>>> Disadvantages of using your email client to send might include:
>>> . sending is relatively instant as the client is dispatching
>>>   it to the same machine, not the remote smarthost,

So I wouldn't get the message saying the note is being sent by the
client - because that bit is 'instantaneous' by being local.

>>> . exim will retry sending if your smarthost is busy/unavailable,

OK. I have had instances of the 'sending' notice being there when I
come back after lunch.

>>> . it keeps logs,

Fair enough

>>> . it send emails on behalf of other processes, like cron jobs,
>>>   where your client is not involved.

Is that why email from cron doesn't happen sometimes, then magically
happens.

>>>
>>> I don't collect emails in Flo's sense, as I use IMAP rather than
>>> POP. So my INBOX is merely mutt's cache of individual emails,
>>> rather than a live mailfile. The actual server is somewhere around
>>> Manchester/Stockport.

I prefer imap as I check mail on 3 devices, but it's become too slow to
be workable, recently.   I do check back occasionally to see if the
connection to Germany is getting better. It is 20,000Km I suppose.

I had this thought as I completed that last sentence: should I use my
ISP as a collection point for my many addresses?


Thanks for a thought provoking response.   I'll be contemplating this
for a bit yet.

--

Keith Bainbridge

keith.bainbridge.3...@gmx.com
ke1thozgro...@gmx.com

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[John Hasler]

I use Fetchmail to fetch my mail every five minutes from Newsguy.  This
means that my mail is never on anyone else's server for more than a few
minutes.  Fetchmail hands it off to Exim which passes it through
Mailagent and Spamassassin and then delivers it to my inbox.  Outgoing
mail is delivered to Newsguy by Exim running in smarthost mode (one of
the menu choices when installing Exim).  Mail to my domains is forwarded
to Newsguy.  I get most of the benefits of running my own email server
without having to administer an Internet-facing server.  I have full
control of filtering and sorting, can use any MUA, and needn't have a
connection up to read or send mail.  Messages I compose while the link
is down go out when it comes up.  All my saved mail is right here on my
machine where I can look through it at will but no one else can.
-- 
John Hasler 
jhas...@newsguy.com
Elmwood, WI USA

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[Andrei POPESCU]

On Lu, 23 nov 20, 14:27:36, Keith Bainbridge wrote:
> So does htis get a new subject in the list?
> 
> Good afternon All
> 
> I was interested to read that Flo, the OP, uses separate mail
> collection, sendmail and thunderbird. Some of the replies sound like
> this is a common practice.
> 
> What are the advantages of this set of processes over letting tbird do
> it all? - or any other client for that matter?

It makes it easier to switch between different e-mail clients if the 
sending and/or receiving is handled externally, e.g. one might use a 
graphical e-mail client in general and a text mode client occasionally.

Such a setup also typically uses standard locations for the storage (as 
opposed to e-mail client specific), which makes it easier to add more 
functionality (e.g. serve local e-mail via IMAP) or replace individual 
components.

Kind regards,
Andrei
-- 
http://wiki.debian.org/FAQsFromDebianUser


signature.asc
Description: PGP signature

Re: Why use an email client AND sendmail/popa3d - trying to NOT hijack

[The Wanderer]

On 2020-11-23 at 05:43, Joe wrote:

> On Mon, 23 Nov 2020 13:21:25 +1100 Keith Bainbridge
>  wrote:

>> PS  Am I wrong to avoid 'everyting in 1 file' where possible (mail
>> dir rather than mbox in this case)? OK this is probably a whole
>> separate topic.
> 
> As I've posted elsewhere, I have about 3GB of email. I would not
> consider putting that in one file.

Speaking as a user of Thunderbird, I have ~20GB of E-mail (including
archives which date back well over a decade if not further), split
across a few accounts plus the "Local Folders" non-account.

It's divided into a total of 422 different mail-client-displayed
"folders" (although some of them are parent-folder only, they don't
contain actual messages), each of which is stored as a single file (not
mbox or similar, but the internal "Mork" database format, which as I
understand matters even Thunderbird may now be moving away from).

That averages out to ~47MB per file. After discounting the
otherwise-empty parent folders, the realistic figure is actually
probably somewhere in the 100MB-200MB range. When a given mailing list's
folder gets too large for my taste (or large enough that I start to
notice delays reading or writing that folder), I create a separate
"archive" folders for it by year, and move previous years' mail from
that folder into those per-year archive folders; this tends to happen
when the folder's contents reach somewhere between 10,000 and 20,000
messages.

This isn't necessarily a particularly ideal way of handling things, but
it's worked well for me thus far.

-- 
   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man. -- George Bernard Shaw



signature.asc
Description: OpenPGP digital signature

Re: Why use an email client AND sendmail/popa3d - trying to NOT hijack

[Joe]

On Mon, 23 Nov 2020 13:21:25 +1100
Keith Bainbridge  wrote:

> Good afternon All
> 
> I was interested to read that Flo, the OP, uses separate mail
> collection, sendmail and thunderbird. Some of the replies sound like
> this is a common practice.
> 
> What are the advantages of this set of processes over letting tbird do
> it all? - or any other client for that matter?

As far as I know, TB isn't an MTA, it can send email only as a client
to an MTA somewhere else. So it's not doing it all.

A lot depends how you want to send and receive emails. If you're using
an external email service, you can get away with just an email client,
or even use webmail. If you're sending and receiving yourself, you'll
need an MTA and an email distribution method such as POP3 or IMAP, as
well as clients on any devices you have. If you're also collecting
email from an external service, you'll need an email collector such as
fetchmail or procmail, to keep all email centrally stored. 
> 
> Would it save me from my fairly regular 'can't find profile' errors?
> 
> Thanks

Don't know, I gave up TB for Claws-mail long ago, TB was just too
painfully slow.

> 
> PS  Am I wrong to avoid 'everyting in 1 file' where possible (mail dir
> rather than mbox in this case)? OK this is probably a whole separate
> topic.

As I've posted elsewhere, I have about 3GB of email. I would not
consider putting that in one file.

-- 
Joe

Re: Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[David Wright]

On Mon 23 Nov 2020 at 14:27:36 (+1100), Keith Bainbridge wrote:
> So does htis get a new subject in the list?

It would appear so. I guess you could also have removed the Re:
from the subject line.

> I was interested to read that Flo, the OP, uses separate mail
> collection, sendmail and thunderbird. Some of the replies sound like
> this is a common practice.
> 
> What are the advantages of this set of processes over letting tbird do
> it all? - or any other client for that matter?

Disadvantages of using your email client to send might include:
. sending is relatively instant as the client is dispatching
  it to the same machine, not the remote smarthost,
. exim will retry sending if your smarthost is busy/unavailable,
. it keeps logs,
. it send emails on behalf of other processes, like cron jobs,
  where your client is not involved.

I don't collect emails in Flo's sense, as I use IMAP rather than POP.
So my INBOX is merely mutt's cache of individual emails, rather than a
live mailfile. The actual server is somewhere around Manchester/Stockport.

> Would it save me from my fairly regular 'can't find profile' errors?

I don't use TB, which is where I assume you're getting those from.

Cheers,
David.

Why use an email client AND sendmail/popa3d - Does this avoid the hijack?

[Keith Bainbridge]

So does htis get a new subject in the list?

Good afternon All

I was interested to read that Flo, the OP, uses separate mail
collection, sendmail and thunderbird. Some of the replies sound like
this is a common practice.

What are the advantages of this set of processes over letting tbird do
it all? - or any other client for that matter?

Would it save me from my fairly regular 'can't find profile' errors?


Original post:
 Subject:   Problem with /var/mail file > 2GB with pop3
Resent-Date:Thu, 19 Nov 2020 21:52:35 + (UTC)
Resent-From:debian-user@lists.debian.org
Date:   Thu, 19 Nov 2020 22:42:53 +0100
From:   Flo 
To: debian-user@lists.debian.org


I am using Debian Buster, Thunderbird, Sendmail and popa3d to get emails.

The mail files for each account are stored at /var/mail. No it has come
to that point that such a file exceeded 2GB. And 'Get Messages' doesn't
work anymore.

Does anyone know about this issue? Any hints to solve it? I could try a
different pop3 server?

Any help is appreciated.

Thanks,
Flo


--
Keith Bainbridge

ke1thozgro...@gmx.com

Why use an email client AND sendmail/popa3d - trying to NOT hijack

[Keith Bainbridge]

Good afternon All

I was interested to read that Flo, the OP, uses separate mail
collection, sendmail and thunderbird. Some of the replies sound like
this is a common practice.

What are the advantages of this set of processes over letting tbird do
it all? - or any other client for that matter?

Would it save me from my fairly regular 'can't find profile' errors?

Thanks

PS  Am I wrong to avoid 'everyting in 1 file' where possible (mail dir
rather than mbox in this case)? OK this is probably a whole separate topic.

--
Keith Bainbridge

ke1thozgro...@gmx.com




 Forwarded Message 
Subject:Problem with /var/mail file > 2GB with pop3
Resent-Date:Thu, 19 Nov 2020 21:52:35 + (UTC)
Resent-From:debian-user@lists.debian.org
Date:   Thu, 19 Nov 2020 22:42:53 +0100
From:   Flo 
To: debian-user@lists.debian.org



Hi All,

I am using Debian Buster, Thunderbird, Sendmail and popa3d to get emails.


Any help is appreciated.

Thanks,
Flo

Re: use mailx instead of sendmail in apt-listchanges

[Martin T]

Dan,

> You could do the wrapper, or you could install nullmailer, which
> is an extremely simple MTA that always hands off mail to a
> relayhost (i.e. somebody else's problem).

I ended up with a following wrapper:

$ cat /usr/sbin/sendmail
#!/usr/bin/env bash

# As header fields are at the top of the message, then following substitutions
# should work reliably.
sed '0,/^Subject: =?utf-8?q?apt-listchanges=3A_changelogs_for_vps?=$/
s//Subject: apt-listchanges: changelogs for vps/' | \
sed '0,/^From: root$/ s//From: nore...@example.com (VPS)/' | \
recode -f /qp | \
/usr/bin/mailx -t
$


Andrew,

I guess it works for you because bsd-mailx depends on virtual packet
mail-transport-agent.


regards,
Martin

Re: use mailx instead of sendmail in apt-listchanges

[Andrew McGlashan]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Hi,

On 3/6/19 5:40 am, Martin T wrote:
> What could be the most elegant workaround in this situation? Create
> a /usr/sbin/sendmail wrapper script which processes the 
> "/usr/sbin/sendmail -oi -t" command called by apt_listchanges.py
> and sends the mail using mailx? Modify the apt_listchanges.py?
> Something else?

This is what I use on Devuan (and Debian previously):

# aptitude show bsd-mailx;echo;dpkg -L bsd-mailx;ls -lart
/etc/alternatives/mailx
Tue  4 Jun 04:27:41 AEST 2019 -- show bsd-mailx
Package: bsd-mailx
Version: 8.1.2-0.20160123cvs-4
State: installed
Automatically installed: no
Priority: optional
Section: mail
Maintainer: Robert Luberda 
Architecture: amd64
Uncompressed Size: 169 k
Depends: base-files (>= 2.2.0), default-mta | mail-transport-agent,
libbsd0 (>= 0.2.0), libc6 (>= 2.17), liblockfile1 (>= 1.0)
Provides: mail-reader, mailx
Description: simple mail user agent

Tags: implemented-in::c, interface::commandline, mail::smtp,
mail::user-agent, network::client, protocol::smtp, role::program,
suite::bsd, works-with::mail


/.
/etc
/etc/mail.rc
/usr
/usr/bin
/usr/bin/bsd-mailx
/usr/share
/usr/share/bsd-mailx
/usr/share/bsd-mailx/mail.help
/usr/share/bsd-mailx/mail.tildehelp
/usr/share/doc
/usr/share/doc/bsd-mailx
/usr/share/doc/bsd-mailx/NEWS.Debian.gz
/usr/share/doc/bsd-mailx/README.Debian.gz
/usr/share/doc/bsd-mailx/changelog.Debian.gz
/usr/share/doc/bsd-mailx/changelog.gz
/usr/share/doc/bsd-mailx/copyright
/usr/share/man
/usr/share/man/man1
/usr/share/man/man1/bsd-mailx.1.gz
lrwxrwxrwx 1 root root 18 May 15 10:52 /etc/alternatives/mailx ->
/usr/bin/bsd-mailx


Cheers
AndrewM
-BEGIN PGP SIGNATURE-

iHUEAREIAB0WIQTJAoMHtC6YydLfjUOoFmvLt+/i+wUCXPVnCwAKCRCoFmvLt+/i
+5WiAP95KtncIG+nJcrLpweSq47/iSUsJRBws37hlWXPABcgEQD/QljjehIDKdmj
NNQ1AyTcUX5A6kdWmPMTyuTEwv0kNBQ=
=AVBN
-END PGP SIGNATURE-

Re: use mailx instead of sendmail in apt-listchanges

[Dan Ritter]

Martin T wrote: 
> Hi,
> 
> I have apt-listchanges installed and registered in apt system:
> 
> # apt-config dump | grep apt-listchanges
> DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -lt 10";
> DPkg::Tools::Options::/usr/bin/apt-listchanges "";
> DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
> DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20";
> #
> 
> "frontend" in /etc/apt/listchanges.conf is set to "mail" and valid
> e-mail address is set with "email_address" configuration option. Now
> when I upgrade a package which has NEWS/changelog present, then I get
> the "apt-listchanges: The mail frontend needs an installed 'sendmail',
> using pager" error message. This is because I don't have
> /usr/sbin/sendmail binary installed. I prefer to use mail/mailx and an
> external MTA.
> 
> What could be the most elegant workaround in this situation? Create a
> /usr/sbin/sendmail wrapper script which processes the
> "/usr/sbin/sendmail -oi -t" command called by apt_listchanges.py and
> sends the mail using mailx? Modify the apt_listchanges.py? Something
> else?

You could do the wrapper, or you could install nullmailer, which
is an extremely simple MTA that always hands off mail to a
relayhost (i.e. somebody else's problem).

Modifying apt_listchanges.py would require you to keep
maintaining the changes forever.

-dsr-

use mailx instead of sendmail in apt-listchanges

[Martin T]

Hi,

I have apt-listchanges installed and registered in apt system:

# apt-config dump | grep apt-listchanges
DPkg::Pre-Install-Pkgs:: "/usr/bin/apt-listchanges --apt || test $? -lt 10";
DPkg::Tools::Options::/usr/bin/apt-listchanges "";
DPkg::Tools::Options::/usr/bin/apt-listchanges::Version "2";
DPkg::Tools::Options::/usr/bin/apt-listchanges::InfoFD "20";
#

"frontend" in /etc/apt/listchanges.conf is set to "mail" and valid
e-mail address is set with "email_address" configuration option. Now
when I upgrade a package which has NEWS/changelog present, then I get
the "apt-listchanges: The mail frontend needs an installed 'sendmail',
using pager" error message. This is because I don't have
/usr/sbin/sendmail binary installed. I prefer to use mail/mailx and an
external MTA.

What could be the most elegant workaround in this situation? Create a
/usr/sbin/sendmail wrapper script which processes the
"/usr/sbin/sendmail -oi -t" command called by apt_listchanges.py and
sends the mail using mailx? Modify the apt_listchanges.py? Something
else?


thanks,
Martin

Re: Sendmail et DSN 4.7.0

[BERTRAND Joël]

Ce n'est pas n'importe quoi comme réponses...

Trois "relay=hotmail-com.olc.protection.outlook.com., dsn=4.0.0, 
stat=Deferred" sont toujours suivis par un message DSN complet 
"relay=hotmail-com.olc.protection.outlook.com. [104.47.34.33], 
dsn=4.0.0, stat=Deferred: 403 4.7.0 TLS handshake failed."


Et ça boucle comme ça. Trois incomplets suivis par un complet...

Re: Sendmail et DSN 4.7.0

[BERTRAND Joël]

Bon, bon, bon... C'est plus grave que ça. Le patch semble fonctionner. 
En revanche, les codes d'erreur sont tronqués aléatoirement. Sur le même 
message envoyé à un MX en échec, j'ai aléatoirement dans mes logs :


Nov  5 18:00:13 rayleigh sm-mta[31991]: wA5GxrK0031751: to=<...>, 
delay=00:00:19, xdelay=00:00:02, mailer=esmtp, pri=61468, 
relay=mx3.gmf.fr. [195.101.194.3], dsn=4.0.0, stat=Deferred: 403 4.7.0 
TLS handshake failed.
Nov  5 18:09:25 rayleigh sm-mta[7414]: wA5GxrK0031751: 
to=, delay=00:09:31, xdelay=00:00:00, mailer=esmtp, 
pri=151468, relay=mx3.gmf.fr., dsn=4.0.0, stat=Deferred
Nov  5 18:14:50 rayleigh sm-mta[11345]: wA5GxrK0031751: 
to=, delay=00:14:56, xdelay=00:00:00, mailer=esmtp, 
pri=241468, relay=mx3.gmf.fr., dsn=4.0.0, stat=Deferred
Nov  5 18:24:50 rayleigh sm-mta[18795]: wA5GxrK0031751: 
to=, delay=00:24:56, xdelay=00:00:00, mailer=esmtp, 
pri=331468, relay=mx3.gmf.fr., dsn=4.0.0, stat=Deferred
Nov  5 18:25:29 rayleigh sm-mta[20104]: wA5GxrK0031751: 
to=, delay=00:25:35, xdelay=00:00:00, mailer=esmtp, 
pri=421468, relay=mx3.gmf.fr., dsn=4.0.0, stat=Deferred


	Ainsi, lors de la première tentative, le code de retour est bon. Lors 
des tentatives suivantes, le message est tronqué. Il peut tout de même 
apparaître en entier de temps en temps.


Suis-je le seul à observer ce genre de chose ?

Sendmail et DSN 4.7.0

[BERTRAND Joël]

   Bonjour à tous,

   J'utilise depuis des années un patch à sendmail pour envoyer des 
mails à des serveurs avec une configuration TLS foireuse.


Ce patch est le suivant :

diff -ruN sendmail-8.15.2-/cf/feature/tls_failures.m4 
sendmail-8.15.2/cf/feature
--- sendmail-8.15.2-/cf/feature/tls_failures.m4 1969-12-31 
16:00:00.0 -0
+++ sendmail-8.15.2/cf/feature/tls_failures.m4  2015-07-22 
20:42:56.0 -0

@@ -0,0 +1,17 @@
+divert(-1)
+#
+# Copyright (c) 2015 Proofpoint, Inc. and its suppliers.
+#  All rights reserved.
+#
+# By using this file, you agree to the terms and conditions set
+# forth in the LICENSE file which can be found at the top level of
+# the sendmail distribution.
+#
+#
+
+define(`_TLS_FAILURES_', `1')dnl
+define(`_NEED_MACRO_MAP_', `1')dnl
+define(`_TLS_FAILURES_CNT_', ifelse(len(X`'_ARG_),`1',`5',_ARG_)))dnl
+
+LOCAL_CONFIG
+C{persistentMacros}{saved_verify}
diff -ruN sendmail-8.15.2-/cf/m4/proto.m4 sendmail-8.15.2/cf/m4/proto.m4
--- sendmail-8.15.2-/cf/m4/proto.m4 2015-05-22 06:42:27.0 -0700
+++ sendmail-8.15.2/cf/m4/proto.m4  2015-07-22 20:39:48.0 -0700
@@ -2686,7 +2686,11 @@
 R$*$: $>D <$&{server_name}>   <>
 R$* $: $>A <$&{server_addr}>   <>
 R$* $: <$(access TLS_TRY_TAG`'_TAG_DELIM_ $: ? $)>
-R$* $@ OK
+ifdef(`_TLS_FAILURES_', `dnl
+R$* $:  $&{saved_verify} $| $(arith l $@ 
`'_TLS_F
+R SOFTWARE $| TRUE $| $*$#error $@ 5.7.1 $: "550 do not try TLS 
with " $
+R PROTOCOL $| TRUE $| $*$#error $@ 5.7.1 $: "550 do not try TLS 
with " $

+R$* $@ OK
 ifdef(`_ATMPF_', `dnl tempfail?
 R<$* _ATMPF_>$*$#error $@ 4.3.0 $: "451 Temporary system 
failure. Pleas
 R$*$#error $@ 5.7.1 $: "550 do not try TLS with " 
$&{server

@@ -2769,6 +2773,8 @@
 R$*$: $1 $| $>"Local_tls_server" $1
 R$* $| $#$*$#$2
 R$* $| $*  $: $1', `dnl')
+ifdef(`_TLS_FAILURES_',`dnl
+R$*$: $(macro {saved_verify} $@ $1 $) $1')
 ifdef(`_ACCESS_TABLE_', `dnl
 dnl store name of other side
 R$*$: $(macro {TLS_Name} $@ $&{server_name} $) $1

Jusqu'ici, ça fonctionnait très bien. Rien à dire. J'ai fait 
une mise à jour de mon servuer de mail (debian/testing). Cela m'a mis à

jour sendmail (8.15.2-12). J'ai appliqué à nouveau le patch et... ça
ne fonctionne plus.

J'essaye donc de creuser, mais sans succès. Je n'arrive déjà 
pas à trouver la map macro. Où se trouve-t-elle ? Et comment débugguer la

chose ?

Bien cordialement,

JKB

Re: Cannot Install/Uninstall sendmail

[Erik Christiansen]

On 29.08.18 11:57, Jonathan Dowland wrote:
> However both sendmail and update-inetd are orphaned at the moment (no
> regular maintainers, although Andreas Beckmann has done a lot of work
> via the QA team)

After favouring sendmail for a decade and a half, I thought I was slow
to switch to postfix around 15 years ago when sendmail was already
showing signs of age, such as security issues, IIRC. That anyone would
use it today is quite a surprise.

Postfix has a nice set of sendmail compatibility functions, and the list
is very helpful. From the manpage:

   mailq(1), Sendmail compatibility interface
   newaliases(1), Sendmail compatibility interface
   sendmail(1), Sendmail compatibility interface

Erik

Re: Cannot Install/Uninstall sendmail

[Jonathan Dowland]

On Tue, Aug 28, 2018 at 10:42:01AM -0400, Luis Finotti wrote:

Thanks for the pointer!   sendmail-base.prerm had the line:

update-inetd --group MAIL --disable smtp,smtps,submission;

and I was getting the error

update-inetd: error: --group is only relevant with --add


This would appear to be a bug[1] in the sendmail package, which, if you
have the time, might be worth reporting[2]. However both sendmail and
update-inetd are orphaned at the moment (no regular maintainers,
although Andreas Beckmann has done a lot of work via the QA team)

[1] 
https://salsa.debian.org/debian/sendmail/blob/master/debian/sendmail-base.prerm.in
[2] https://www.debian.org/Bugs/Reporting

--

⢀⣴⠾⠻⢶⣦⠀
⣾⠁⢠⠒⠀⣿⡁ Jonathan Dowland
⢿⡄⠘⠷⠚⠋⠀ https://jmtd.net
⠈⠳⣄ Please do not CC me, I am subscribed to the list.

Re: Cannot Install/Uninstall sendmail

[Cindy-Sue Causey]

On 8/28/18, Luis Finotti  wrote:
> On Tue, Aug 28, 2018 at 9:41 AM David Wright 
> wrote:
>
>> On Tue 28 Aug 2018 at 09:14:36 (-0400), Luis Finotti wrote:
>> > # apt remove sendemail
>>
>> Oops.
>>
>> > Reading package lists... Done
>> > Building dependency tree
>> > Reading state information... Done
>> > Package 'sendemail' is not installed, so not removed
>> > 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
>> > 1 not fully installed or removed.
>> > After this operation, 0 B of additional disk space will be used.
>> > Setting up sendmail-base (8.15.2-11) ...
>>
>> sendmail-base is what you should be trying to remove.
>> And you should be using dpkg directly, not messing around with apt.
>> As you can see, you asked apt to remove something and it tries to
>> configure something instead. If you're going to use sid or a
>> sid lookalike, you're going to have to use the appropriate tools.
>>
>> > dpkg: error processing package sendmail-base (--configure):
>> >  installed sendmail-base package post-installation script subprocess
>> > returned error exit status 255
>> > Errors were encountered while processing:
>> >  sendmail-base
>> > E: Sub-process /usr/bin/dpkg returned an error code (1)
>> > 
>> >
>> > Any help would be greatly appreciated!
>>
>> You see—you want to know what dpkg itself is doing.
>>
>
> Here it is:
>
> # dpkg -P sendmail-base
> (Reading database ... 1562548 files and directories currently installed.)
> Removing sendmail-base (8.15.2-11) ...
> update-inetd: error: --group is only relevant with --add
> dpkg: error processing package sendmail-base (--purge):
>  installed sendmail-base package pre-removal script subprocess returned
> error exit status 255
> Errors were encountered while processing:
>  sendmail-base
>
> Any suggestions?


I've had luck on occasion by following where *my* setup tells me to try:

apt --fix-broken install

Generic just like that with no specific packages named.

Just had to run it a couple times recently. Sometimes I've gotten
lucky, and it fixes things just like that just that fast.

Other times it's like the other day. It will instead first attempt to
purge/remove the offending partially installed package. At one point,
I think I just gave up and let apt do what it thought might work.
Successfully remove a package *is* what it did.

This has just been since the one thread we had here about manually
installing via dpkg and then running into repeated missing
dependencies. I just checked ~/.bash_history and saw my topic was...
*cough* flash versus pepperflash. I was attempting deb package
installs with "dpkg -i" while otherwise only favoring the main
repository in /etc/apt/sources.list.

PS I finally gave up when I realized flash may have NEVER had anything
to do with the particular webpage issues I've had all these years. I
hate ol' timer's disease,.. been afflicted since about 1992. lol.

Cindy :)
-- 
Cindy-Sue Causey
Talking Rock, Pickens County, Georgia, USA

* runs with duct tape *

Re: Cannot Install/Uninstall sendmail

[Luis Finotti]

Thanks once more for the support!  The problem is now solved.

On Tue, Aug 28, 2018 at 10:20 AM David Wright 
wrote:

> On Tue 28 Aug 2018 at 09:48:06 (-0400), Luis Finotti wrote:
>
> > # dpkg -P sendmail-base
> > (Reading database ... 1562548 files and directories currently installed.)
> > Removing sendmail-base (8.15.2-11) ...
> > update-inetd: error: --group is only relevant with --add
> > dpkg: error processing package sendmail-base (--purge):
> >  installed sendmail-base package pre-removal script subprocess returned
> > error exit status 255
> > Errors were encountered while processing:
> >  sendmail-base
> >
> > Any suggestions?
>
> I would take a look at the pre-removal script sendmail-base.prerm to
> see what it's trying to do. If there are parts that aren't sensible,
> you could comment them out, alter things so that they can work, or
> even just make them "succeed" with "|| true" so you get to the end
> of the script. (Check sendmail-base.postinst while you're about it.)
>
> The scripts will contain a record of what modifications they intended
> to make to your system, so ultimately all you need to do is nullify
> those changes, remove the files in sendmail-base.list and convince
> dpkg that the package is purged. Manually if necessary.
>

Thanks for the pointer!   sendmail-base.prerm had the line:

update-inetd --group MAIL --disable smtp,smtps,submission;

and I was getting the error

update-inetd: error: --group is only relevant with --add

So, I changed it to:

update-inetd --disable smtp,smtps,submission;

and was then able to uninstall it.

Thanks again for your help.

Re: Cannot Install/Uninstall sendmail

[David Wright]

On Tue 28 Aug 2018 at 09:48:06 (-0400), Luis Finotti wrote:

> # dpkg -P sendmail-base
> (Reading database ... 1562548 files and directories currently installed.)
> Removing sendmail-base (8.15.2-11) ...
> update-inetd: error: --group is only relevant with --add
> dpkg: error processing package sendmail-base (--purge):
>  installed sendmail-base package pre-removal script subprocess returned
> error exit status 255
> Errors were encountered while processing:
>  sendmail-base
> 
> Any suggestions?

I would take a look at the pre-removal script sendmail-base.prerm to
see what it's trying to do. If there are parts that aren't sensible,
you could comment them out, alter things so that they can work, or
even just make them "succeed" with "|| true" so you get to the end
of the script. (Check sendmail-base.postinst while you're about it.)

The scripts will contain a record of what modifications they intended
to make to your system, so ultimately all you need to do is nullify
those changes, remove the files in sendmail-base.list and convince
dpkg that the package is purged. Manually if necessary.

Cheers,
David.

Re: Cannot Install/Uninstall sendmail

[Luis Finotti]

Thanks for the reply again.

On Tue, Aug 28, 2018 at 9:41 AM David Wright 
wrote:

> On Tue 28 Aug 2018 at 09:14:36 (-0400), Luis Finotti wrote:
>
> > # apt remove sendemail
>
> Oops.
>
> > Reading package lists... Done
> > Building dependency tree
> > Reading state information... Done
> > Package 'sendemail' is not installed, so not removed
> > 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
> > 1 not fully installed or removed.
> > After this operation, 0 B of additional disk space will be used.
> > Setting up sendmail-base (8.15.2-11) ...
>
> sendmail-base is what you should be trying to remove.
> And you should be using dpkg directly, not messing around with apt.
> As you can see, you asked apt to remove something and it tries to
> configure something instead. If you're going to use sid or a
> sid lookalike, you're going to have to use the appropriate tools.
>
> > dpkg: error processing package sendmail-base (--configure):
> >  installed sendmail-base package post-installation script subprocess
> > returned error exit status 255
> > Errors were encountered while processing:
> >  sendmail-base
> > E: Sub-process /usr/bin/dpkg returned an error code (1)
> > ----
> >
> > Any help would be greatly appreciated!
>
> You see—you want to know what dpkg itself is doing.
>

Here it is:

# dpkg -P sendmail-base
(Reading database ... 1562548 files and directories currently installed.)
Removing sendmail-base (8.15.2-11) ...
update-inetd: error: --group is only relevant with --add
dpkg: error processing package sendmail-base (--purge):
 installed sendmail-base package pre-removal script subprocess returned
error exit status 255
Errors were encountered while processing:
 sendmail-base

Any suggestions?

Re: Cannot Install/Uninstall sendmail

[David Wright]

On Tue 28 Aug 2018 at 09:14:36 (-0400), Luis Finotti wrote:

> # apt remove sendemail

Oops.

> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> Package 'sendemail' is not installed, so not removed
> 0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
> 1 not fully installed or removed.
> After this operation, 0 B of additional disk space will be used.
> Setting up sendmail-base (8.15.2-11) ...

sendmail-base is what you should be trying to remove.
And you should be using dpkg directly, not messing around with apt.
As you can see, you asked apt to remove something and it tries to
configure something instead. If you're going to use sid or a
sid lookalike, you're going to have to use the appropriate tools.

> dpkg: error processing package sendmail-base (--configure):
>  installed sendmail-base package post-installation script subprocess
> returned error exit status 255
> Errors were encountered while processing:
>  sendmail-base
> E: Sub-process /usr/bin/dpkg returned an error code (1)
> 
> 
> Any help would be greatly appreciated!

You see—you want to know what dpkg itself is doing.

Cheers,
David.

Re: Cannot Install/Uninstall sendmail

[Luis Finotti]

Firstly, thanks for the reply!

On Tue, Aug 28, 2018 at 9:04 AM David Wright 
wrote:

> On Mon 27 Aug 2018 at 12:38:42 (-0400), Luis Finotti wrote:
> > Hi everyone,
> >
> > I'm having trouble installing/removing sendmail in Debian Sid (well,
> > aptosid -- http://www.aptosid.com -- actually).
>
> Perhaps their forums might help.
>

I tried:
http://www.aptosid.com/index.php?name=PNphpBB2=viewtopic=18661#18661

I've got some of the hints that I mentioned I've tried already from them.


>
> > I tried to install and it failed: https://pastebin.com/Qu2jRqsn
> >
> > 'apt -f install' did not fix it, nor did 'dpkg --configure -a'.
> >
> > Since it was not essential (and did not install correctly), I tried to
> > uninstall it, but it also fails:
>
> […]
>
> > One notices in the failed install attempt (the pastebin link above):
> >
> > --
> > adduser: Warning: The home directory `/var/lib/sendmail' does not belong
> to
> > the user you are currently creating.
> > update-inetd: warning: cannot add service, /etc/inetd.conf does not exist
> > --
> >
> > I had:
> > --
> > # ls -ld /var/lib/sendmail
> > drwx-- 2 smmta smmta 4096 Aug 22 15:06 /var/lib/sendmail/
> > --
> >
> > Changing ownership to root did not allow me to uninstall it.
>
> What's the output from this attempt?
>

Here it is:


# ls -ld /var/lib/sendmail/
drwx-- 2 root root 4096 Aug 22 15:06 /var/lib/sendmail/

# apt remove sendemail
Reading package lists... Done
Building dependency tree
Reading state information... Done
Package 'sendemail' is not installed, so not removed
0 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
1 not fully installed or removed.
After this operation, 0 B of additional disk space will be used.
Setting up sendmail-base (8.15.2-11) ...
Usage: update-inetd [...]  

Commands:
  --add   add 
  --remove   remove 
  --enable [,...]enable  (comma-separated list)
  --disable [,...]   disable  (comma-separated list)

Options:
  --group add entry to section 
  --pattern  use  to select a service
  --comment-chars use  as comment characters
  --multi allow multiple removes/disables
  --fileuse  instead of /etc/inetd.conf
  --verbose   explain what is being done
  --debug enables debugging mode
  --help  display this help and exit
  --version   output version information and exit

In order to prevent the shell from changing your  definition you
have to quote the  using single or double quotes. You can use
tabs
(tab character or \t) and spaces to separate the fields of the .

Note: users must use --comment-chars '#' to disable a service for that
setting
to survive upgrades. Package maintainer scripts should use the default
--comment-chars. See update-inetd(8) for details.

Usage: update-inetd [...]  

Commands:
  --add   add 
  --remove   remove 
  --enable [,...]enable  (comma-separated list)
  --disable [,...]   disable  (comma-separated list)

Options:
  --group add entry to section 
  --pattern  use  to select a service
  --comment-chars use  as comment characters
  --multi allow multiple removes/disables
  --fileuse  instead of /etc/inetd.conf
  --verbose   explain what is being done
  --debug enables debugging mode
  --help  display this help and exit
  --version   output version information and exit

In order to prevent the shell from changing your  definition you
have to quote the  using single or double quotes. You can use
tabs
(tab character or \t) and spaces to separate the fields of the .

Note: users must use --comment-chars '#' to disable a service for that
setting
to survive upgrades. Package maintainer scripts should use the default
--comment-chars. See update-inetd(8) for details.

Usage: update-inetd [...]  

Commands:
  --add   add 
  --remove   remove 
  --enable [,...]enable  (comma-separated list)
  --disable [,...]   disable  (comma-separated list)

Options:
  --group add entry to section 
  --pattern  use  to select a service
  --comment-chars use  as comment characters
  --multi allow multiple removes/disables
  --fileuse  instead of /etc/inetd.conf
  --verbose   explain what is being done
  --debug enables debugging mode
  --help  display this help and exi

Re: Cannot Install/Uninstall sendmail

[David Wright]

On Mon 27 Aug 2018 at 12:38:42 (-0400), Luis Finotti wrote:
> Hi everyone,
> 
> I'm having trouble installing/removing sendmail in Debian Sid (well,
> aptosid -- http://www.aptosid.com -- actually).

Perhaps their forums might help.

> I tried to install and it failed: https://pastebin.com/Qu2jRqsn
> 
> 'apt -f install' did not fix it, nor did 'dpkg --configure -a'.
> 
> Since it was not essential (and did not install correctly), I tried to
> uninstall it, but it also fails:

[…]

> One notices in the failed install attempt (the pastebin link above):
> 
> --
> adduser: Warning: The home directory `/var/lib/sendmail' does not belong to
> the user you are currently creating.
> update-inetd: warning: cannot add service, /etc/inetd.conf does not exist
> --
> 
> I had:
> --
> # ls -ld /var/lib/sendmail
> drwx-- 2 smmta smmta 4096 Aug 22 15:06 /var/lib/sendmail/
> --
> 
> Changing ownership to root did not allow me to uninstall it.

What's the output from this attempt?

Cheers,
David.

Cannot Install/Uninstall sendmail

[Luis Finotti]

Hi everyone,

I'm having trouble installing/removing sendmail in Debian Sid (well,
aptosid -- http://www.aptosid.com -- actually).

I tried to install and it failed: https://pastebin.com/Qu2jRqsn

'apt -f install' did not fix it, nor did 'dpkg --configure -a'.

Since it was not essential (and did not install correctly), I tried to
uninstall it, but it also fails:

-
# apt remove procmail sendmail sendmail-base sendmail-bin sendmail-cf
sensible-mda
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following packages will be REMOVED:
  procmail sendmail sendmail-base sendmail-bin sendmail-cf sensible-mda
0 upgraded, 0 newly installed, 6 to remove and 2 not upgraded.
4 not fully installed or removed.
After this operation, 4,213 kB disk space will be freed.
Do you want to continue? [Y/n]
(Reading database ... 1537409 files and directories currently installed.)
Removing sendmail (8.15.2-11) ...
Removing sensible-mda (8.15.2-11) ...
Removing sendmail-bin (8.15.2-11) ...
Removing sendmail-base (8.15.2-11) ...
update-inetd: error: --group is only relevant with --add
dpkg: error processing package sendmail-base (--remove):
 installed sendmail-base package pre-removal script subprocess returned
error exit status 255
Removing procmail (3.22-26) ...
Removing sendmail-cf (8.15.2-11) ...
Errors were encountered while processing:
 sendmail-base
E: Sub-process /usr/bin/dpkg returned an error code (1)


One notices in the failed install attempt (the pastebin link above):

--
adduser: Warning: The home directory `/var/lib/sendmail' does not belong to
the user you are currently creating.
update-inetd: warning: cannot add service, /etc/inetd.conf does not exist
--

I had:
--
# ls -ld /var/lib/sendmail
drwx-- 2 smmta smmta 4096 Aug 22 15:06 /var/lib/sendmail/
--

Changing ownership to root did not allow me to uninstall it.

Aptosid itself does not come with a mail daemon installed, so I must have
installed at some point some daemon that created the /var/lib/sendmail.
(If I were to try to install again, I'd probably opt for a lighter
alternative, something like ssmtp.  So, right now, I just want to remove
sendmail.)  So, I have sendmail-base stuck as not fully installed.

It was recommended I install 'openbsd-inetd' (it was not installed, neither
was xinetd), but it still fails to install: https://pastebin.com/sStYqMYi
(I also still cannot uninstall it...)

Any help would be greatly appreciated!

Sendmail

[BERTRAND Joël]

Bonjour à tous,

	Pour information, le sendmail de testing est actuellement moisi. Il 
transforme les erreurs 4xx en 5xx et c'est un comportement connu d'une 
des versions de développement. J'ai remonté le bug 807258. En attendant, 
il est urgent d'attendre avec un 8.14-8 des familles à recompiler pour 
testing.


Cordialement,

JKB

Re: Sendmail compiled with tcpwrappers yet ignores /etc/hosts.deny ?

[jon]

On Sun, 2015-11-22 at 23:44 +, jon wrote:
> 
> root@mail:/usr/share/doc# ldd /usr/sbin/sendmail |grep 'libwrap'
> libwrap.so.0 => /lib/i386-linux-gnu/libwrap.so.0 (0xb7525000)
> root@mail:/usr/share/doc# cat /etc/debian_version 
> 8.2
> 
> I want to use sendmail with tcp wrappers but it does not seem to play,
> it looks like it was compiled with support,  can anyone help ?
> 
> 
> Thanks,
> Jon
> 
> 


Anyone ? 

Maybe I was not very clear, this is the default sendmail for Debian
installed via apt. The online docs claims it works with tcpwrappers yet
it seems to ignore /etc/hosts.deny ? 

Thanks,
Jon

Sendmail compiled with tcpwrappers yet ignores /etc/hosts.deny ?

[jon]

root@mail:/usr/share/doc# ldd /usr/sbin/sendmail |grep 'libwrap'
libwrap.so.0 => /lib/i386-linux-gnu/libwrap.so.0 (0xb7525000)
root@mail:/usr/share/doc# cat /etc/debian_version 
8.2

I want to use sendmail with tcp wrappers but it does not seem to play,
it looks like it was compiled with support,  can anyone help ?


Thanks,
Jon

Re: sendmail on debian testing

[Michael Grant]

I finally managed to get sendmail working using systemd.

Here is my /etc/systemd/system/sendmail.service:

[Unit]
Description=Sendmail Mail Transport Agent
Requires=clamav-daemon.service spamassassin.service
After=syslog.target network.target clamav-daemon.service
spamassassin.service
Conflicts=postfix.service exim.service

[Service]
Type=forking
PIDFile=/run/sendmail/mta/sendmail.pid
Environment=SENDMAIL_OPTS=-q1h
EnvironmentFile=-/etc/default/sendmail
ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG

[Install]
WantedBy=multi-user.target

and my /etc/tmpfiles.d/sendmail.conf file:
d /run/sendmail/ 0755 smmta smmsp
d /run/sendmail/mta/ 0755 smmta smmsp

I am using clamav-milter and spamass-milter, hence the Requires= and After=
lines.  If you are not using these, probably you should remove those.

Is it wrong to include these dependencies in sendmail.system?  The thing
is, these milters are not specific to sendmail.  Other mailers that support
the milter interface can use them as well.  And they are not required for
sendmail.  So I wonder which pakage's responsibility it would be to add
these dependencies to sendmail.system or if this is even the correct place
to do that.

With the init.d, clamav-milter and spamass-milter install themselves with a
lower number than sendmail and always start before whatever mailer is
installed.  Once you go to explicit dependencies like this, is it clam's
and spamassassin's job to know all the possible mailers out there that
might use it?  Or is it sendmail's job to know all the possible milters out
there and state them as dependencies?

Another observation, to get this working, the only way I found to properly
test this was to continually reboot.  I could get sendmail to start by hand
quite early on, but it was not starting by on reboot because of the timing
problem in the dependencies.  This makes systemd rather more difficult to
debug things in my opinion.

Re: sendmail on debian testing

[Reco]

 Hi.

On Tue, Feb 03, 2015 at 11:07:37PM +, Michael Grant wrote:
 On Tue, Feb 3, 2015 at 6:16 PM, Reco recovery...@gmail.com wrote:
  I don't know if this has anything to do with that:
 
  # systemctl enable sendmail
  Synchronizing state for sendmail.service with sysvinit using 
 update-rc.d...
  Executing /usr/sbin/update-rc.d sendmail defaults
  Executing /usr/sbin/update-rc.d sendmail enable
 
  # systemctl is-enabled sendmail
  Failed to get unit file state for sendmail.service: No such file or 
 directory
 
 No, it doesn't have anything with it.
 
 Systemd uses it's own way to define a service called a 'service unit'.
 Presumably, systemd has something for the compatibility with old init
 (aka sysvinit), which *should* start those /etc/init.d/ scripts just as
 good as if sysvinit itself would do it. Well, now we see how well it
 works in the reality :)
 
 
 Ok, let's try something different then - based on [1]. Try creating the
 file called /etc/systemd/system/sendmail.service with the following
 contents:
 
 ###cut###
 
 [Unit]
 Description=Sendmail Mail Transport Agent
 After=syslog.target network.target
 Conflicts=postfix.service exim.service
 
 [Service]
 Type=forking
 PIDFile=/run/sendmail.pid
 Environment=SENDMAIL_OPTS=-q1h
 EnvironmentFile=-/etc/default/sendmail
 ExecStartPre=-/etc/mail/make
 ExecStartPre=-/etc/mail/make aliases
 ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG
 
 [Install]
 WantedBy=multi-user.target
 
 ###cut###
 
 
 Revert the _SYSTEMCTL_SKIP_REDIRECT change, see how it goes now.
 This unit file may require tweaking in $SENDMAIL_OPTS $SENDMAIL_OPTARG
 part - I'm unable to check now what kind of variables are sourced by
 /etc/default/sendmail.

 
 Ok, I tried creating that file and removing the line from 
 /etc/default/sendmail.  It still did not come up when the machine booted.

 Oh, but did you run 'systemctl enable sendmail' after creating the
file? Because if you did - I'm out of ideas, sorry.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150204094244.GA10345@x101h

Re: sendmail on debian testing

[Reco]

 Hi.

On Tue, Feb 03, 2015 at 02:03:25PM +, Michael Grant wrote:
 I'm still searching for an answer to this.
 
 After upgrade from wheezy to testing, sendmail no longer starts.
 
 I see that the system is using systemd.  I see that the /etc/init.d/sendmail 
 script now runs /bin/systemctl start sendmail.service.  But sendmail isn't
 started.  Even running '/bin/systemctl start sendmail.service' manually, 
 nothing happens.

A nessesary correction - /etc/init.d/sendmail *tries* to run
'/bin/systemctl start sendmail.service'.

But, since no sendmail* package provide systemd's service file -
nothing happens.

Such behaviour cannot be considered systemd's bug IMO - systemd simply
does what it's intended to do in this case.

But, at the same time, such behaviour can be considered as a sendmail
bug (given that systemd is Jessie's default init, and sendmail is not
starting with this init).

Still, there's a way to workaround this.

Try adding

export _SYSTEMCTL_SKIP_REDIRECT=true

to /etc/init.d/sendmail


Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150203160421.GA21852@x101h

Re: sendmail on debian testing

[Michael Grant]

I'm still searching for an answer to this.

After upgrade from wheezy to testing, sendmail no longer starts.

I see that the system is using systemd.  I see that the
/etc/init.d/sendmail script now runs /bin/systemctl start
sendmail.service.  But sendmail isn't started.  Even running
'/bin/systemctl start sendmail.service' manually, nothing happens.

I don't see any obvious way to get any debug info out of systemctl.

# systemctl is-enabled sendmail
Failed to get unit file state for sendmail.service: No such file or
directory

and

# /bin/systemctl enable sendmail.service
Synchronizing state for sendmail.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d sendmail defaults
Executing /usr/sbin/update-rc.d sendmail enable
# systemctl is-enabled sendmail
Failed to get unit file state for sendmail.service: No such file or
directory


On Sun, Feb 1, 2015 at 12:11 AM, Michael Grant mgr...@grant.org wrote:

 Today I upgraded a test machine from wheezy to testing.

 It seemed to install systemd, I'm not sure if it's using it or not.

 One thing I noticed though was that sendmail no longer starts at boot.
 Even if I run:

 /etc/init.d/sendmail start

 or if I cd to /etc/mail and run:

 make restart

 or if I do this:


 nothing except running 'sendmail -bd' will start sendmail.

 In syslog I see this:

 Jan 31 18:53:43 blah systemd[1]: Started LSB: powerful, efficient, and
 scalable Mail Transport Agent.

 in mail.log I don't see anything when I try to start sendmail via
 /etc/init.d/sendmail.

 I do not have the lsb-invalid-mta package installed.  I have tried
 reinstalling the sendmail package.  I have tried the testing and unstable
 versions of sendmail.

 Any ideas where I should look next to figure out what's going on?

 Michael Grant

Re: sendmail on debian testing

[Ansgar Burchardt]

Hi,

Michael Grant mgr...@grant.org writes:
 On Tue, Feb 3, 2015 at 4:04 PM, Reco recovery...@gmail.com wrote:
 A nessesary correction - /etc/init.d/sendmail *tries* to run
 '/bin/systemctl start sendmail.service'.

 But, since no sendmail* package provide systemd's service file -
 nothing happens.

Not true. Systemd is supposed to handle sysvinit scripts as well,
i.e. when there is no native .service file for systemd it will run the
scripts in /etc/init.d/*. This seems to not work here for some reason.

 Try adding
 export _SYSTEMCTL_SKIP_REDIRECT=true
 to /etc/init.d/sendmail

 Thanks, this is progress, I can now start sendmail by hand by running
 '/etc/init.d/sendmail start', but it's not starting automatically at boot
 time.

 I don't know if this has anything to do with that:

 # systemctl enable sendmail
 Synchronizing state for sendmail.service with sysvinit using update-rc.d...
 Executing /usr/sbin/update-rc.d sendmail defaults
 Executing /usr/sbin/update-rc.d sendmail enable

 # systemctl is-enabled sendmail
 Failed to get unit file state for sendmail.service: No such file or
 directory

That should be fine for services without a systemd .service file.

 also, a better place to add this:

 export _SYSTEMCTL_SKIP_REDIRECT=true

 to is /etc/default/sendmail and not modify /etc/init.d/sendmail.  Adding
 this to /etc/default/sendmail seems to work equally as well in that running
 '/etc/init.d/sendmail start' does manually start sendmail.

That is no surprise: at boot it's still systemd calling
/etc/init.d/sendmail so workarounds to bypass systemd don't work.

Could you try restarting sendmail (systemctl restart sendmail) and show
the output of `systemctl status sendmail'? It also shows the most recent
log entries, but the output of journalctl --unit sendmail --since -5min
might also be useful (if it shows more messages).

I tried installing sendmail on a minimal test installation and systemd
started at least one daemon (sendmail: MTA: accepting connections),
so at least something gets started (though it complained about the test
installation not having a FQDN so other parts might be broken and not
have started).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87egq6kg1b@deep-thought.43-1.org

Re: sendmail on debian testing

[Michael Grant]

On Tue, Feb 3, 2015 at 4:04 PM, Reco recovery...@gmail.com wrote:

  Hi.

 On Tue, Feb 03, 2015 at 02:03:25PM +, Michael Grant wrote:
  I'm still searching for an answer to this.
 
  After upgrade from wheezy to testing, sendmail no longer starts.
 
  I see that the system is using systemd.  I see that the
 /etc/init.d/sendmail script now runs /bin/systemctl start
 sendmail.service.  But sendmail isn't
  started.  Even running '/bin/systemctl start sendmail.service' manually,
 nothing happens.

 A nessesary correction - /etc/init.d/sendmail *tries* to run
 '/bin/systemctl start sendmail.service'.

 But, since no sendmail* package provide systemd's service file -
 nothing happens.

 Such behaviour cannot be considered systemd's bug IMO - systemd simply
 does what it's intended to do in this case.

 But, at the same time, such behaviour can be considered as a sendmail
 bug (given that systemd is Jessie's default init, and sendmail is not
 starting with this init).

 Still, there's a way to workaround this.

 Try adding

 export _SYSTEMCTL_SKIP_REDIRECT=true

 to /etc/init.d/sendmail


Thanks, this is progress, I can now start sendmail by hand by running
'/etc/init.d/sendmail start', but it's not starting automatically at boot
time.

I don't know if this has anything to do with that:

# systemctl enable sendmail
Synchronizing state for sendmail.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d sendmail defaults
Executing /usr/sbin/update-rc.d sendmail enable

# systemctl is-enabled sendmail
Failed to get unit file state for sendmail.service: No such file or
directory

also, a better place to add this:

export _SYSTEMCTL_SKIP_REDIRECT=true

to is /etc/default/sendmail and not modify /etc/init.d/sendmail.  Adding
this to /etc/default/sendmail seems to work equally as well in that running
'/etc/init.d/sendmail start' does manually start sendmail.

Incidentally, the sendmail package even in experimental is significantly
out of date. The package appears orphaned. Several people seem to have
tried to step up to do something about this but nothing has happened. Is
sendmail dead on Debian?

Re: sendmail on debian testing

[Bob Proulx]

Michael Grant wrote:
 I'm still searching for an answer to this.
 After upgrade from wheezy to testing, sendmail no longer starts.
 I see that the system is using systemd.
 ...

Some comments that I think are relevant...

Since it took a while for someone to respond to your question it tells
me that it is a combination of tools that not many people are using.
You are using sendmail in combination with systemd.  That is an
unusual combination.  If it were widely used then many people would
have been responding already.  Frankly you might be one of the few
trailblazing that combination.

Trailblazers are great!  They are the ones who make things happen.
However not everyone wants to be a trailblazer.  There just isn't
enough time for everyone to do everything.  You sound like a busy
person without the time to debug everything.  Perhaps it would be good
to change to a more mainstream combination?  If it were a mainstream
combination then the problem would almost certainly already have been
seen and fixed.  Something with a lot of users and a lot of support.

In this case I would suggest that Sendmail is no longer the mainstream
mail transfer agent.  Instead I suggest migrating to Postfix.  (Or
Exim but I personally really prefer Postfix so will recommend
Postfix.)  Postfix is well tested and very well supported.  There has
been discussion of making Postfix the default mta on Debian.  (But
that will never happen because Exim isn't bad just not as popular.)

Since you are using Sendmail I assume you have been using Sendmail
forever.  You probably have multiple editions of the O'Reilly Sendmail
book on your bookshelf.  You probably hate to take the time to migrate
a working configuration tuned over decades to something different.  I
have been there and glance over at my two remaining editions of the
O'Reilly Sendmail books on my bookshelf.  Let me say that moving to
Postfix was very easy.  I don't even have one copy of the O'Reilly
Postfix book.  It has an easy to understand design and the online
documentation is excellent.  I have been where you are with Sendmail
and migrating to Postfix was a good decision for me.  I suggest that
it would be for you too.  YMMV.

Good luck!

Bob


signature.asc
Description: Digital signature

Re: sendmail on debian testing

[Michael Grant]

On Tue, Feb 3, 2015 at 6:26 PM, Ansgar Burchardt ans...@debian.org wrote:

 ...
 Could you try restarting sendmail (systemctl restart sendmail) and show
 the output of `systemctl status sendmail'? It also shows the most recent
 log entries, but the output of journalctl --unit sendmail --since -5min
 might also be useful (if it shows more messages).


So, this is interesting.   'systemctl restart sendmail' with no other
changes to the system does start sendmail manually.  However, 'systemctl
start sendmail' does not, at least, not without Reco's line in
/etc/default/sendmail.

so after a REstart which succeeds, the status looks like this:

# systemctl status sendmail
● sendmail.service - LSB: powerful, efficient, and scalable Mail Transport
Agent
   Loaded: loaded (/etc/init.d/sendmail)
   Active: active (running) since Tue 2015-02-03 18:12:38 EST; 4min 8s ago
  Process: 3733 ExecStop=/etc/init.d/sendmail stop (code=exited,
status=0/SUCCESS)
  Process: 3757 ExecStart=/etc/init.d/sendmail start (code=exited,
status=0/SUCCESS)
   CGroup: /system.slice/sendmail.service
   └─3785 sendmail: MTA: accepting connections

Feb 03 18:12:36 bottom.networkguild.org systemd[1]: Starting LSB: powerful,
e...
Feb 03 18:12:36 bottom.networkguild.org sm-mta[3785]: starting daemon
(8.14.4...
Feb 03 18:12:36 bottom.networkguild.org sm-mta[3785]: daemon could not open
c...
Feb 03 18:12:36 bottom.networkguild.org sm-mta[3785]: started as:
/usr/sbin/s...
Feb 03 18:12:38 bottom.networkguild.org sendmail[3757]: Starting Mail
Transpo...
Feb 03 18:12:38 bottom.networkguild.org systemd[1]: Started LSB: powerful,
ef...
Hint: Some lines were ellipsized, use -l to show in full.

Now here's something I can't explain.  After I do the systemctl restart,
now I can do systectl stop and systemctl start and they work fine but only
after doing a restart first after boot.

In case this isn't clear:

1) reboot
2) sendmail not running
3) run 'systemctl start sendmail' by hand, exits quickly, sendmail NOT
started
4) run 'systemctl restart sendmail'.  It takes a few seconds, sendmail
starts
5) run 'systemctl stop sendmail'.  again, takes a few seconds, sendmail
stops
6) run 'systemctl start sendmail', it takes a few seconds, sendmail starts.

When I run systemctl status sendmail just after rebooting, this is what it
looks like:

# systemctl status sendmail
● sendmail.service - LSB: powerful, efficient, and scalable Mail Transport
Agent
   Loaded: loaded (/etc/init.d/sendmail)
   Active: active (exited) since Tue 2015-02-03 18:23:25 EST; 1min 27s ago
  Process: 2604 ExecStart=/etc/init.d/sendmail start (code=exited,
status=0/SUCCESS)

Feb 03 18:23:24 bottom.networkguild.org sendmail[2604]: Starting Mail
Transpo...
Feb 03 18:23:24 bottom.networkguild.org sm-mta[2822]: NOQUEUE:
SYSERR(root): ...
Feb 03 18:23:25 bottom.networkguild.org sendmail[2604]: .
Feb 03 18:23:25 bottom.networkguild.org systemd[1]: Started LSB: powerful,
ef...
Hint: Some lines were ellipsized, use -l to show in full.

# ps aux | grep sendmail | grep -v grep

There's no sendmail process.


 I tried installing sendmail on a minimal test installation and systemd
 started at least one daemon (sendmail: MTA: accepting connections),
 so at least something gets started (though it complained about the test
 installation not having a FQDN so other parts might be broken and not
 have started).


So one difference is I upgraded a machine from wheezy to testing.  Yes,
that's the sendmail daemon you see, that's what success looks like.  But at
least you are getting it to start at boot whereas I am not.

Re: sendmail on debian testing

[Michael Grant]

On Tue, Feb 3, 2015 at 6:16 PM, Reco recovery...@gmail.com wrote:

 On Tue, Feb 03, 2015 at 05:31:26PM +, Michael Grant wrote:
  On Tue, Feb 3, 2015 at 4:04 PM, Reco recovery...@gmail.com wrote:
 ...
 
  Try adding
 
  export _SYSTEMCTL_SKIP_REDIRECT=true
 
  to /etc/init.d/sendmail
 
  Thanks, this is progress, I can now start sendmail by hand by running
 '/etc/init.d/sendmail start', but it's not starting automatically at boot
 time.

 An expected result, sadly (see below).


  I don't know if this has anything to do with that:
 
  # systemctl enable sendmail
  Synchronizing state for sendmail.service with sysvinit using
 update-rc.d...
  Executing /usr/sbin/update-rc.d sendmail defaults
  Executing /usr/sbin/update-rc.d sendmail enable
 
  # systemctl is-enabled sendmail
  Failed to get unit file state for sendmail.service: No such file or
 directory

 No, it doesn't have anything with it.

 Systemd uses it's own way to define a service called a 'service unit'.
 Presumably, systemd has something for the compatibility with old init
 (aka sysvinit), which *should* start those /etc/init.d/ scripts just as
 good as if sysvinit itself would do it. Well, now we see how well it
 works in the reality :)


 Ok, let's try something different then - based on [1]. Try creating the
 file called /etc/systemd/system/sendmail.service with the following
 contents:

 ###cut###

 [Unit]
 Description=Sendmail Mail Transport Agent
 After=syslog.target network.target
 Conflicts=postfix.service exim.service

 [Service]
 Type=forking
 PIDFile=/run/sendmail.pid
 Environment=SENDMAIL_OPTS=-q1h
 EnvironmentFile=-/etc/default/sendmail
 ExecStartPre=-/etc/mail/make
 ExecStartPre=-/etc/mail/make aliases
 ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG

 [Install]
 WantedBy=multi-user.target

 ###cut###


 Revert the _SYSTEMCTL_SKIP_REDIRECT change, see how it goes now.
 This unit file may require tweaking in $SENDMAIL_OPTS $SENDMAIL_OPTARG
 part - I'm unable to check now what kind of variables are sourced by
 /etc/default/sendmail.

 Ok, I tried creating that file and removing the line from
/etc/default/sendmail.  It still did not come up when the machine booted.



  Incidentally, the sendmail package even in experimental is significantly
 out of date. The package appears orphaned. Several people seem to have
 tried to step
  up to do something about this but nothing has happened. Is sendmail dead
 on Debian?

 Unknown to me. Truth to be told, personally I try to avoid using
 sendmail whenever possible. Sendmail.cf's syntax is way too arcane to me.
 Still, I can't stand a broken Debian package more than a certain MTA :)


I've used sendmail since the '80s.  It's difficult find a more stable  and
well tested mailer.  Almost impossible to get it to drop a message to
/dev/null unlike some other mailers out there.  I used to write my own cf
files back in the day but you really don't have to mess with that now.  The
m4 syntax is a bit ugly but usable and now it's just a configuration file.

Re: sendmail on debian testing

[Michael Grant]

On Tue, Feb 3, 2015 at 7:03 PM, Bob Proulx b...@proulx.com wrote:

 Michael Grant wrote:
  I'm still searching for an answer to this.
  After upgrade from wheezy to testing, sendmail no longer starts.
  I see that the system is using systemd.
  ...

 Some comments that I think are relevant...

 Since it took a while for someone to respond to your question it tells
 me that it is a combination of tools that not many people are using.
 You are using sendmail in combination with systemd.  That is an
 unusual combination.  If it were widely used then many people would
 have been responding already.  Frankly you might be one of the few
 trailblazing that combination.


I do not mind trailblazing this to get this working for the greater good.
It may be an upgrade issue or some other dependency, it would not surprise
me in the least since this is a copy of an existing vm that I tried to
upgrade.

It is true that fewer and fewer people are using sendmail these days,
especially since it seems to have been orphaned.  Sendmail may be old but
it's incredibly reliable, well tested, and stable.


 Trailblazers are great!  They are the ones who make things happen.
 However not everyone wants to be a trailblazer.  There just isn't
 enough time for everyone to do everything.  You sound like a busy
 person without the time to debug everything.  Perhaps it would be good
 to change to a more mainstream combination?  If it were a mainstream
 combination then the problem would almost certainly already have been
 seen and fixed.  Something with a lot of users and a lot of support.


Maybe I will one day.


 In this case I would suggest that Sendmail is no longer the mainstream
 mail transfer agent.  Instead I suggest migrating to Postfix.  (Or
 Exim but I personally really prefer Postfix so will recommend
 Postfix.)  Postfix is well tested and very well supported.  There has
 been discussion of making Postfix the default mta on Debian.  (But
 that will never happen because Exim isn't bad just not as popular.)


I have tried postfix several times over the years.  I was surprised that I
was able to make seemingly innocent config mistakes in postfix and it would
just drop mail into /dev/null.  This is surprisingly difficult in sendmail
as its failure mode is to reject or not accept the mail in this case.


 Since you are using Sendmail I assume you have been using Sendmail
 forever.  You probably have multiple editions of the O'Reilly Sendmail
 book on your bookshelf.  You probably hate to take the time to migrate
 a working configuration tuned over decades to something different.  I
 have been there and glance over at my two remaining editions of the
 O'Reilly Sendmail books on my bookshelf.  Let me say that moving to
 Postfix was very easy.  I don't even have one copy of the O'Reilly
 Postfix book.  It has an easy to understand design and the online
 documentation is excellent.  I have been where you are with Sendmail
 and migrating to Postfix was a good decision for me.  I suggest that
 it would be for you too.  YMMV.


Well, you know, I never bought that bat book either!  But yes, you are
right, I have been using Sendmail since perhaps it first appeared in BSD, I
first encountered it in 1983 in BSD on the VAX 11/780, well before M4 and I
used to write my own cf files back then too!

Re: sendmail on debian testing

[Ansgar Burchardt]

Hi,

Michael Grant mgr...@grant.org writes:
 On Tue, Feb 3, 2015 at 6:26 PM, Ansgar Burchardt ans...@debian.org wrote:
 Could you try restarting sendmail (systemctl restart sendmail) and show
 the output of `systemctl status sendmail'? It also shows the most recent
 log entries, but the output of journalctl --unit sendmail --since -5min
 might also be useful (if it shows more messages).

 So, this is interesting.   'systemctl restart sendmail' with no other
 changes to the system does start sendmail manually.  However, 'systemctl
 start sendmail' does not, at least, not without Reco's line in
 /etc/default/sendmail.

Okay, this is a limitation in systemd's compatability layer for init
scripts: systemd keeps track of the current state of services. Some
services (daemons) can only be active when the daemon process is
around, but there are also services that only run some commands and then
exit, i.e. a service setting up the keyboard layout.

For native systemd services there is an option RemainAfterExit= which
can be used to specify this (see man:systemd.service(5)). For init
scripts systemd cannot know this and defaults to RemainAfterExit=true.

So systemd considers the sendmail service running as RemainAfterExit is
set for init scripts and /etc/init.d/sendmail start did *not* return
an error, even though it failed to actually start the daemon (see
below).

systemctl start is thus not doing anything as systemd will not start
the same service twice. systemctl restart will mark the service
stopped first and then start it again; this is not a noop for services
already running.

 When I run systemctl status sendmail just after rebooting, this is what it
 looks like:

 # systemctl status sendmail
 ● sendmail.service - LSB: powerful, efficient, and scalable Mail Transport
 Agent
Loaded: loaded (/etc/init.d/sendmail)
Active: active (exited) since Tue 2015-02-03 18:23:25 EST; 1min 27s ago
   Process: 2604 ExecStart=/etc/init.d/sendmail start (code=exited,
 status=0/SUCCESS)

This is a bug in the init script: it should not return success if there
was an error starting the service (though it cannot always find out if
there was an error easily).

 Feb 03 18:23:24 bottom.networkguild.org sendmail[2604]: Starting Mail
 Transpo...
 Feb 03 18:23:24 bottom.networkguild.org sm-mta[2822]: NOQUEUE:
 SYSERR(root): ...

This looks like an error, but the interesting part is cut off. You might
want to run systemctl status -l sendmail as suggested below, or
journalctl -b --unit sendmail to show all log messages for the
sendmail service since the last reboot (or check /var/log if a syslog
daemon is running).

 Feb 03 18:23:25 bottom.networkguild.org sendmail[2604]: .
 Feb 03 18:23:25 bottom.networkguild.org systemd[1]: Started LSB: powerful,
 ef...
 Hint: Some lines were ellipsized, use -l to show in full.

I suspect that sendmail misses some dependency information in its init
script, that is it expects some other parts of the system to be already
brought up when it starts. As systemd starts more parts in parallel,
it's more likely to uncover such issues than booting with sysvinit.

Ansgar


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87y4oefqlh@deep-thought.43-1.org

sendmail on debian testing

[Michael Grant]

Today I upgraded a test machine from wheezy to testing.

It seemed to install systemd, I'm not sure if it's using it or not.

One thing I noticed though was that sendmail no longer starts at boot. Even
if I run:

/etc/init.d/sendmail start

or if I cd to /etc/mail and run:

make restart

or if I do this:


nothing except running 'sendmail -bd' will start sendmail.

In syslog I see this:

Jan 31 18:53:43 blah systemd[1]: Started LSB: powerful, efficient, and
scalable Mail Transport Agent.

in mail.log I don't see anything when I try to start sendmail via
/etc/init.d/sendmail.

I do not have the lsb-invalid-mta package installed.  I have tried
reinstalling the sendmail package.  I have tried the testing and unstable
versions of sendmail.

Any ideas where I should look next to figure out what's going on?

Michael Grant

Sendmail greeting delay

[David Parker]

Hello,

We have an SMTP server running Sendmail 8.14.4-4 on Debian 7 64-bit.  We're
using the file /etc/mail/access for access control and rate limiting, and
this is enabled via the following lines in /etc/mail/sendmail.cf:

Kaccess hash -TTMPF /etc/mail/access
# FEATURE(`access_db', `hash -TTMPF /etc/mail/access', `skip')dnl

For some reason, I just can't get it to not pause when greeting external
(non-localhost) connections.  I was testing SSL/TLS connectivity when I
discovered the delay, using openssl s_client -connect smtp-server:465.
If I run this command from the SMTP server, it connects and then prints all
of the SSL and certificate information immediately.  But if I test from
another PC on our network, it connects, pauses for 5 seconds, and then
prints the SSL information.

My /etc/mail/access file is pasted below.  The PC I'm testing from is on
the 10.x.x.x network, which should be allowed to connect with no delay.  I
have also tried setting the default GreetPause to 0 but it still made no
difference.


Connect:localhost RELAY
GreetPause:localhost 0
ClientRate:localhost 0
ClientConn:localhost 0
Connect:127 RELAY
GreetPause:127 0
ClientRate:127 0
ClientConn:127 0
Connect:IPv6:::1 RELAY
GreetPause:IPv6:::1 0
ClientRate:IPv6:::1 0
ClientConn:IPv6:::1 0
Connect:10 RELAY
GreetPause:10 0
ClientRate:10 0
ClientConn:10 0

# Defaults
Connect: REJECT
GreetPause: 5000
ClientRate: 10
ClientConn: 10

# Whitelisted users
Spam:postmaster@ FRIEND
Spam:abuse@ FRIEND
Spam:spam@ FRIEND

# Blacklisted users
reject@ REJECT

# Block invalid IPs
Connect:169.254 REJECT
Connect:192.0.2 REJECT
Connect:224 REJECT
Connect:255 REJECT


Any help would be greatly appreciated.  Thanks!

-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Re: Sendmail greeting delay

[Burhan Hanoglu]

On Tue, Jan 13, 2015 at 7:38 PM, David Parker dpar...@utica.edu wrote:

 Hello,

 We have an SMTP server running Sendmail 8.14.4-4 on Debian 7 64-bit.
 We're using the file /etc/mail/access for access control and rate limiting,
 and this is enabled via the following lines in /etc/mail/sendmail.cf:

 Kaccess hash -TTMPF /etc/mail/access
 # FEATURE(`access_db', `hash -TTMPF /etc/mail/access', `skip')dnl

 For some reason, I just can't get it to not pause when greeting external
 (non-localhost) connections.  I was testing SSL/TLS connectivity when I
 discovered the delay, using openssl s_client -connect smtp-server:465.
 If I run this command from the SMTP server, it connects and then prints all
 of the SSL and certificate information immediately.  But if I test from
 another PC on our network, it connects, pauses for 5 seconds, and then
 prints the SSL information.

 My /etc/mail/access file is pasted below.  The PC I'm testing from is on
 the 10.x.x.x network, which should be allowed to connect with no delay.  I
 have also tried setting the default GreetPause to 0 but it still made no
 difference.

 
 Connect:localhost RELAY
 GreetPause:localhost 0
 ClientRate:localhost 0
 ClientConn:localhost 0
 Connect:127 RELAY
 GreetPause:127 0
 ClientRate:127 0
 ClientConn:127 0
 Connect:IPv6:::1 RELAY
 GreetPause:IPv6:::1 0
 ClientRate:IPv6:::1 0
 ClientConn:IPv6:::1 0
 Connect:10 RELAY
 GreetPause:10 0
 ClientRate:10 0
 ClientConn:10 0

 # Defaults
 Connect: REJECT
 GreetPause: 5000
 ClientRate: 10
 ClientConn: 10

 # Whitelisted users
 Spam:postmaster@ FRIEND
 Spam:abuse@ FRIEND
 Spam:spam@ FRIEND

 # Blacklisted users
 reject@ REJECT

 # Block invalid IPs
 Connect:169.254 REJECT
 Connect:192.0.2 REJECT
 Connect:224 REJECT
 Connect:255 REJECT
 

 Any help would be greatly appreciated.  Thanks!


Hi Dave,

I'd add the IP address of that PC to /etc/hosts.allow on sendmail machine
to rule out TCP Wrappers...

Also; any chance something is doing reverse dns check?

Burhan

Re: Sendmail greeting delay

[Chris Davies]

David Parker dpar...@utica.edu wrote:
 We have an SMTP server running Sendmail 8.14.4-4 on Debian 7 64-bit.

 Kaccess hash -TTMPF /etc/mail/access
 # FEATURE(`access_db', `hash -TTMPF /etc/mail/access', `skip')dnl

 For some reason, I just can't get it to not pause when greeting external
 (non-localhost) connections. [...]
 if I test from another PC on our network, it connects, pauses for 5
 seconds, and then prints the SSL information.

Does your PC have an rDNS entry, and if not could this delay be a DNS
lookup timeout?

Chris


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/rfqdobx8se@news.roaima.co.uk

Re: Sendmail greeting delay

[Joe]

On Tue, 13 Jan 2015 14:27:42 -0500
David Parker dpar...@utica.edu wrote:

 Thanks for the replies.
 
 The system is not using tcpwrappers, and it's also not a DNS issue.
 The client PC does have a reverse DNS entry.  A tcpdump packet
 capture on the server shows the initial connection from the client
 followed by a bunch of DNS traffic, all within the same second.  Then
 nothing happens for exactly 5 seconds, then the server sends data
 back to the client.
 
 Just to be extra sure, I added an entry for it in /etc/hosts so DNS
 wouldn't even be needed.  Still made no difference.
 

Is it asking for an ident from the connecting server (TCP port 7)? This
is an old-fashioned custom, when computers with MTAs also ran ident
servers, which provided some fairly harmless information.

Exim4 can certainly ask for an ident, and does nothing for a
configurable timeout unless one is received, or the sender address is
whitelisted. It is a simple anti-spam measure, as practically nothing
runs ident servers today, and most malware will give up before a
thirty-second timeout expires, whereas a legitimate MTA will wait
for that long.

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150113201211.68976...@jresid.jretrading.com

Re: Sendmail greeting delay

[David Parker]

Thanks for the replies.

The system is not using tcpwrappers, and it's also not a DNS issue.  The
client PC does have a reverse DNS entry.  A tcpdump packet capture on the
server shows the initial connection from the client followed by a bunch of
DNS traffic, all within the same second.  Then nothing happens for exactly
5 seconds, then the server sends data back to the client.

Just to be extra sure, I added an entry for it in /etc/hosts so DNS
wouldn't even be needed.  Still made no difference.

Thanks,
Dave

On Mon, Jan 12, 2015 at 4:21 PM, Chris Davies chris-use...@roaima.co.uk
wrote:

 David Parker dpar...@utica.edu wrote:
  We have an SMTP server running Sendmail 8.14.4-4 on Debian 7 64-bit.

  Kaccess hash -TTMPF /etc/mail/access
  # FEATURE(`access_db', `hash -TTMPF /etc/mail/access', `skip')dnl

  For some reason, I just can't get it to not pause when greeting external
  (non-localhost) connections. [...]
  if I test from another PC on our network, it connects, pauses for 5
  seconds, and then prints the SSL information.

 Does your PC have an rDNS entry, and if not could this delay be a DNS
 lookup timeout?

 Chris


 --
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact
 listmas...@lists.debian.org
 Archive: https://lists.debian.org/rfqdobx8se@news.roaima.co.uk




-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Re: Sendmail greeting delay

[Joe]

On Tue, 13 Jan 2015 20:12:11 +
Joe j...@jretrading.com wrote:

 On Tue, 13 Jan 2015 14:27:42 -0500
 David Parker dpar...@utica.edu wrote:
 
  Thanks for the replies.
  
  The system is not using tcpwrappers, and it's also not a DNS issue.
  The client PC does have a reverse DNS entry.  A tcpdump packet
  capture on the server shows the initial connection from the client
  followed by a bunch of DNS traffic, all within the same second.
  Then nothing happens for exactly 5 seconds, then the server sends
  data back to the client.
  
  Just to be extra sure, I added an entry for it in /etc/hosts so DNS
  wouldn't even be needed.  Still made no difference.
  
 
 Is it asking for an ident from the connecting server (TCP port 7)?
 This is an old-fashioned custom, when computers with MTAs also ran
 ident servers, which provided some fairly harmless information.
 
 Exim4 can certainly ask for an ident, and does nothing for a
 configurable timeout unless one is received, or the sender address is
 whitelisted. It is a simple anti-spam measure, as practically nothing
 runs ident servers today, and most malware will give up before a
 thirty-second timeout expires, whereas a legitimate MTA will wait
 for that long.
 

OK, where did the 7 come from? Should be port 113. I saw it just as the
mouse button clicked...

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150113201613.0b84c...@jresid.jretrading.com

Re: Sendmail greeting delay

[Jonathan Siegle]

On 2015-01-13 at 12:38, David Parker wrote:


Hello,

My /etc/mail/access file is pasted below.  The PC I'm testing from is on the 
10.x.x.x network, which should be allowed to
connect with no delay.  I have also tried setting the default GreetPause to 0 
but it still made no difference.


Connect:localhost RELAY
GreetPause:localhost 0
ClientRate:localhost 0
ClientConn:localhost 0
Connect:127 RELAY
GreetPause:127 0
ClientRate:127 0
ClientConn:127 0
Connect:IPv6:::1 RELAY
GreetPause:IPv6:::1 0
ClientRate:IPv6:::1 0
ClientConn:IPv6:::1 0
Connect:10 RELAY
GreetPause:10 0
ClientRate:10 0
ClientConn:10 0



Dave,
	I'm struggling with a reference beyond my own work. Please try 
putting a second and maybe a third octet on your GreetPause: 10 line. 
Also, please verify you are issuing a kill -HUP on sendmail. We never got 
sendmail greetpause to work with a single octet. Normally we do 3 octets 
for all the RFC1918 addresses we use.


-Jonathan

Re: Sendmail greeting delay

[David Parker]

Thanks, but it looks like the IDENT setting was the culprit.  I just had to
change this setting in sendmail.cf:

O Timeout.ident=5s

Changing it from 5s to 0s resolved the problem immediately.  Thanks again,
everyone!

On Tue, Jan 13, 2015 at 3:07 PM, Jonathan Siegle jsie...@psu.edu wrote:

 On 2015-01-13 at 12:38, David Parker wrote:

  Hello,

 My /etc/mail/access file is pasted below.  The PC I'm testing from is on
 the 10.x.x.x network, which should be allowed to
 connect with no delay.  I have also tried setting the default GreetPause
 to 0 but it still made no difference.

 
 Connect:localhost RELAY
 GreetPause:localhost 0
 ClientRate:localhost 0
 ClientConn:localhost 0
 Connect:127 RELAY
 GreetPause:127 0
 ClientRate:127 0
 ClientConn:127 0
 Connect:IPv6:::1 RELAY
 GreetPause:IPv6:::1 0
 ClientRate:IPv6:::1 0
 ClientConn:IPv6:::1 0
 Connect:10 RELAY
 GreetPause:10 0
 ClientRate:10 0
 ClientConn:10 0



 Dave,
 I'm struggling with a reference beyond my own work. Please try
 putting a second and maybe a third octet on your GreetPause: 10 line. Also,
 please verify you are issuing a kill -HUP on sendmail. We never got
 sendmail greetpause to work with a single octet. Normally we do 3 octets
 for all the RFC1918 addresses we use.

 -Jonathan




-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Re: Sendmail greeting delay

[David Parker]

Just for the sake of completeness, this wasn't actually an issue with the
GreetPause option or anything else in the access file.  The problem was
that sendmail was attempting an IDENT query to the client, with a 5-second
timeout.  The access file wasn't even checked until after the timeout
expired.  In retrospect, I guess it makes sense because I was testing this
by connecting with openssl, which is just looking for the SSL/TLS info at
the beginning of the connection, and doesn't need to wait for the
greeting.  The GreetPause values work as expected for actual client
connections on port 25, 465, or 587.

Thanks!

On Tue, Jan 13, 2015 at 3:27 PM, David Parker dpar...@utica.edu wrote:

 Thanks, but it looks like the IDENT setting was the culprit.  I just had
 to change this setting in sendmail.cf:

 O Timeout.ident=5s

 Changing it from 5s to 0s resolved the problem immediately.  Thanks again,
 everyone!

 On Tue, Jan 13, 2015 at 3:07 PM, Jonathan Siegle jsie...@psu.edu wrote:

 On 2015-01-13 at 12:38, David Parker wrote:

  Hello,

 My /etc/mail/access file is pasted below.  The PC I'm testing from is on
 the 10.x.x.x network, which should be allowed to
 connect with no delay.  I have also tried setting the default GreetPause
 to 0 but it still made no difference.

 
 Connect:localhost RELAY
 GreetPause:localhost 0
 ClientRate:localhost 0
 ClientConn:localhost 0
 Connect:127 RELAY
 GreetPause:127 0
 ClientRate:127 0
 ClientConn:127 0
 Connect:IPv6:::1 RELAY
 GreetPause:IPv6:::1 0
 ClientRate:IPv6:::1 0
 ClientConn:IPv6:::1 0
 Connect:10 RELAY
 GreetPause:10 0
 ClientRate:10 0
 ClientConn:10 0



 Dave,
 I'm struggling with a reference beyond my own work. Please try
 putting a second and maybe a third octet on your GreetPause: 10 line. Also,
 please verify you are issuing a kill -HUP on sendmail. We never got
 sendmail greetpause to work with a single octet. Normally we do 3 octets
 for all the RFC1918 addresses we use.

 -Jonathan




 --
 Dave Parker
 Systems Administrator
 Utica College
 Integrated Information Technology Services
 (315) 792-3229
 Registered Linux User #408177




-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Re: Sendmail greeting delay

[David Parker]

Yes!  That seems to be the culprit.  I ran an strace on the sendmail
process and that's exactly what happens:

[ ... ]
4007  15:09:08.386921 connect(5, {sa_family=AF_INET, sin_port=htons(113),
sin_addr=inet_addr(10.3.1.40)}, 16 unfinished ...
3792  15:09:13.386272 ... select resumed ) = 0 (Timeout)
[ ... ]

Where 10.3.1.40 is the IP of the client PC.  So now I just need to dig into
the config and figure out how to stop it.  Thanks!


On Tue, Jan 13, 2015 at 3:16 PM, Joe j...@jretrading.com wrote:

 On Tue, 13 Jan 2015 20:12:11 +
 Joe j...@jretrading.com wrote:

  On Tue, 13 Jan 2015 14:27:42 -0500
  David Parker dpar...@utica.edu wrote:
 
   Thanks for the replies.
  
   The system is not using tcpwrappers, and it's also not a DNS issue.
   The client PC does have a reverse DNS entry.  A tcpdump packet
   capture on the server shows the initial connection from the client
   followed by a bunch of DNS traffic, all within the same second.
   Then nothing happens for exactly 5 seconds, then the server sends
   data back to the client.
  
   Just to be extra sure, I added an entry for it in /etc/hosts so DNS
   wouldn't even be needed.  Still made no difference.
  
 
  Is it asking for an ident from the connecting server (TCP port 7)?
  This is an old-fashioned custom, when computers with MTAs also ran
  ident servers, which provided some fairly harmless information.
 
  Exim4 can certainly ask for an ident, and does nothing for a
  configurable timeout unless one is received, or the sender address is
  whitelisted. It is a simple anti-spam measure, as practically nothing
  runs ident servers today, and most malware will give up before a
  thirty-second timeout expires, whereas a legitimate MTA will wait
  for that long.
 

 OK, where did the 7 come from? Should be port 113. I saw it just as the
 mouse button clicked...

 --
 Joe


 --
 To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
 with a subject of unsubscribe. Trouble? Contact
 listmas...@lists.debian.org
 Archive:
 https://lists.debian.org/20150113201613.0b84c...@jresid.jretrading.com




-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Sendmail command

[Roman Gelfand]

Is there a way to specify smart host and credentials with Sendmail
command?  If yes,  could you point me to example.

Thanks in advance

Re: Sendmail command

[Emil Oppeln-Bronikowski]

On Tue, Jan 06, 2015 at 06:34:45AM -0500, Roman Gelfand wrote:
 Is there a way to specify smart host and credentials with Sendmail
 command?  If yes,  could you point me to example.

May I recommend msmtp? It's perfect for relaying e-mail to always-connected, 
real SMTPs. I'm using it on my, mostly offline, laptop, to deliver my e-mails 
via Mutt.

-- 
vag·a·bond adjective \ˈva-gə-ˌbänd\
 a :  of, relating to, or characteristic of a wanderer 
 b :  leading an unsettled, irresponsible, or disreputable life


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150106114546.GA3702@mikrus

Re: Duvidas sobre o POSTFIX RELAY e Sendmail

[Rodrigo Cunha]

Consegui resolver o problema, na verdade era bem simples.
Vou fazer um tutorial e postar aqui :)
Como eu marco o mail como resolvido??

Em 24 de dezembro de 2014 01:08, Rodrigo Cunha rodrigo.root...@gmail.com
escreveu:

 Logs de envio pelo gmail:
 Dec 24 00:30:51 wtest postfix/pickup[1437]: 0FD9465841: uid=0 from=root
 Dec 24 00:30:51 wtest postfix/cleanup[1454]: 0FD9465841:
 message-id=20141224023051.0FD9465841@1RAT1.localdomain
 Dec 24 00:30:51 wtest postfix/qmgr[1438]: 0FD9465841:
 from=root@1RAT1.localdomain, size=355, nrcpt=1 (queue active)
 Dec 24 00:30:53 wtest postfix/smtp[1459]: 0FD9465841: to=
 rodrigo.root...@gmail.com, relay=smtp.gmail.com[74.125.131.109]:587,
 delay=2.3, delays=0.01/0/1.5/0.73, dsn=2.0.0, status=sent (250 2.0.0 OK
 1419388254 ev3sm5581894vdc.13 - gsmtp)
 Dec 24 00:30:53 wtest postfix/qmgr[1438]: 0FD9465841: removed

 Log de envio pelo meu provedor:
 Dec 24 00:35:07 wtest postfix/pickup[1408]: 789E065842: uid=0 from=root
 Dec 24 00:35:07 wtest postfix/cleanup[1418]: 789E065842:
 message-id=20141224023507.789E065842@2RAT2.localdomain
 Dec 24 00:35:07 wtest postfix/qmgr[1409]: 789E065842:
 from=root@2RAT2.localdomain, size=355, nrcpt=1 (queue active)
 Dec 24 00:35:07 wtest postfix/smtp[1439]: CLIENT wrappermode (port
 smtps/465) is unimplemented
 Dec 24 00:35:07 wtest postfix/smtp[1439]: instead, send to (port
 submission/587) with STARTTLS


 Em 23 de dezembro de 2014 14:51, Rodrigo Cunha rodrigo.root...@gmail.com
 escreveu:

 Srs, utilizei o howto abaixo para configurar o meu sendmail com relay do
 gmail:
 http://linuxconfig.org/configuring-gmail-as-sendmail-email-relay
 Funcionou perfeitamente no gmail, no entanto quando tento executar o
 mesmo procedimento para o meu domínio no meu provedor ele da diversas
 falhas.
 Sendo que quando executo o e-mail via thunderbird ele funciona
 normalmente e ao analisar as configurações do mail client, elas são
 idênticas as configurações do gmail no smtp.
 Segue abaixo as evidencias:

 [image: Imagem inline 1][image: Imagem inline 2]

 Alguém ja passou por este problema?
 PS: Em breve postarei os logs de erro.





 --
 Atenciosamente,
 Rodrigo da Silva Cunha




 --
 Atenciosamente,
 Rodrigo da Silva Cunha




-- 
Atenciosamente,
Rodrigo da Silva Cunha

Duvidas sobre o POSTFIX RELAY e Sendmail

[Rodrigo Cunha]

Srs, utilizei o howto abaixo para configurar o meu sendmail com relay do
gmail:
http://linuxconfig.org/configuring-gmail-as-sendmail-email-relay
Funcionou perfeitamente no gmail, no entanto quando tento executar o mesmo
procedimento para o meu domínio no meu provedor ele da diversas falhas.
Sendo que quando executo o e-mail via thunderbird ele funciona normalmente
e ao analisar as configurações do mail client, elas são idênticas as
configurações do gmail no smtp.
Segue abaixo as evidencias:

[image: Imagem inline 1][image: Imagem inline 2]

Alguém ja passou por este problema?
PS: Em breve postarei os logs de erro.





-- 
Atenciosamente,
Rodrigo da Silva Cunha

Re: Duvidas sobre o POSTFIX RELAY e Sendmail

[Rodrigo Cunha]

Logs de envio pelo gmail:
Dec 24 00:30:51 wtest postfix/pickup[1437]: 0FD9465841: uid=0 from=root
Dec 24 00:30:51 wtest postfix/cleanup[1454]: 0FD9465841:
message-id=20141224023051.0FD9465841@1RAT1.localdomain
Dec 24 00:30:51 wtest postfix/qmgr[1438]: 0FD9465841:
from=root@1RAT1.localdomain, size=355, nrcpt=1 (queue active)
Dec 24 00:30:53 wtest postfix/smtp[1459]: 0FD9465841: to=
rodrigo.root...@gmail.com, relay=smtp.gmail.com[74.125.131.109]:587,
delay=2.3, delays=0.01/0/1.5/0.73, dsn=2.0.0, status=sent (250 2.0.0 OK
1419388254 ev3sm5581894vdc.13 - gsmtp)
Dec 24 00:30:53 wtest postfix/qmgr[1438]: 0FD9465841: removed

Log de envio pelo meu provedor:
Dec 24 00:35:07 wtest postfix/pickup[1408]: 789E065842: uid=0 from=root
Dec 24 00:35:07 wtest postfix/cleanup[1418]: 789E065842:
message-id=20141224023507.789E065842@2RAT2.localdomain
Dec 24 00:35:07 wtest postfix/qmgr[1409]: 789E065842:
from=root@2RAT2.localdomain, size=355, nrcpt=1 (queue active)
Dec 24 00:35:07 wtest postfix/smtp[1439]: CLIENT wrappermode (port
smtps/465) is unimplemented
Dec 24 00:35:07 wtest postfix/smtp[1439]: instead, send to (port
submission/587) with STARTTLS


Em 23 de dezembro de 2014 14:51, Rodrigo Cunha rodrigo.root...@gmail.com
escreveu:

 Srs, utilizei o howto abaixo para configurar o meu sendmail com relay do
 gmail:
 http://linuxconfig.org/configuring-gmail-as-sendmail-email-relay
 Funcionou perfeitamente no gmail, no entanto quando tento executar o mesmo
 procedimento para o meu domínio no meu provedor ele da diversas falhas.
 Sendo que quando executo o e-mail via thunderbird ele funciona normalmente
 e ao analisar as configurações do mail client, elas são idênticas as
 configurações do gmail no smtp.
 Segue abaixo as evidencias:

 [image: Imagem inline 1][image: Imagem inline 2]

 Alguém ja passou por este problema?
 PS: Em breve postarei os logs de erro.





 --
 Atenciosamente,
 Rodrigo da Silva Cunha




-- 
Atenciosamente,
Rodrigo da Silva Cunha

Re: [sendmail] outgoing mail leaves dead letter

[Brian]

On Tue 14 Oct 2014 at 19:10:05 -0400, Harry Putnam wrote:

 OK, here we go.
 
 mailx -v -s TEST 141014_184452 2xd1 rea...@jtan.com  /tmp/tstmsg.txt

Two mails are being sent.

 550 5.1.1 2...@2xd1.local.lan... User unknown

This one didn't make it.
 
  Why does it go to a dead letter? 

So it was saved in dead letter.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/15102014105408.ecc6a52e8...@desktop.copernicus.demon.co.uk

[sendmail] outgoing mail leaves dead letter

[Harry Putnam]

I managed to get sendmail sort of working on one of my vbox guest
debian vms.

It was kind of rough sledding and still not really working properly.

I use a smarthost from fastmail.fm where I have accounts. Finally
seems to have gotten the auth working thru access.db.

But an odd thing is happening.  

I've been using mail-x to test things and use a little wrapper script
that does this:

  mailx -v -s Subject recipi...@some.com txt_file

The -v allows me to watch the smtp conversation as the mail gets
processed.

I'm going to post the smtp output shortly but first; a note of what
I'm doing here; sending to mail to another domain where I have a shell
account and am watching for my incoming tests by tailing the
procmail.log.

It's kind of a lot of smtp output but not sure what is pertinent to
understanding why its leaving a dead litter on my end.  I've sprinkled
a few notes thru the output.

---   ---   ---=---   ---   --- 

OK, here we go.

mailx -v -s TEST 141014_184452 2xd1 rea...@jtan.com  /tmp/tstmsg.txt

rea...@jtan.com,2xd1... Connecting to [127.0.0.1] via relay...
220 2xd1.local.lan ESMTP Sendmail 8.14.4/8.14.4/Debian-8; Tue, 14 Oct 2014 
18:44:56 -0400; (No UCE/UBE) logging access from: 
2xd1.local.lan(OK)-2xd1.local.lan [127.0.0.1]
 EHLO 2xd1.local.lan
250-2xd1.local.lan Hello 2xd1.local.lan [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
 VERB
250 2.0.0 Verbose mode
 STARTTLS
220 2.0.0 Ready to start TLS
 EHLO 2xd1.local.lan
250-2xd1.local.lan Hello 2xd1.local.lan [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
 VERB
250 2.0.0 Verbose mode
 MAIL From:ha...@2xd1.local.lan SIZE=428 AUTH=ha...@2xd1.local.lan
250 2.1.0 ha...@2xd1.local.lan... Sender ok
 RCPT To:rea...@jtan.com
 RCPT To:2...@2xd1.local.lan
 DATA
250 2.1.5 rea...@jtan.com... Recipient ok
550 5.1.1 2...@2xd1.local.lan... User unknown
354 Enter mail, end with . on a line by itself

  Here the mail content is piped in
 .


050 rea...@jtan.com... Connecting to mail.messagingengine.com. port 587 via 
relay...
050 220 mail.messagingengine.com ESMTP ready
050  EHLO 2xd1.local.lan
050 250-mail.messagingengine.com
050 250-PIPELINING
050 250-SIZE 7100
050 250-ENHANCEDSTATUSCODES
050 250-8BITMIME
050 250 STARTTLS
050  STARTTLS
050 220 2.0.0 Start TLS
050  EHLO 2xd1.local.lan
050 250-mail.messagingengine.com
050 250-PIPELINING
050 250-SIZE 7100
050 250-ENHANCEDSTATUSCODES
050 250-8BITMIME
050 250-AUTH PLAIN LOGIN
050 250 AUTH=PLAIN LOGIN
050  AUTH LOGIN
050 334 VXNlcm5hbWU6
050  aHB1dDNAZmFzdG1haWwuZm0=
050 334 UGFzc3dvcmQ6
050  aW5qeDAyMTc=
050 235 2.0.0 OK
050  MAIL From:ha...@newsguy.com SIZE=662 AUTH=
050 250 2.1.0 Ok
050  RCPT To:rea...@jtan.com
050  DATA
050 250 2.1.5 Ok
050 354 End data with CRLF.CRLF

050  . below jtan.com accepts
  
050 250 2.0.0 Ok: queued as 72F91C00012
050 rea...@jtan.com... Sent (Ok: queued as 72F91C00012)
250 2.0.0 s9EMiuN0027130 Message accepted for delivery

 Why does it go to a dead letter?   

rea...@jtan.com... Sent (s9EMiuN0027130 Message accepted for delivery)
/home/harry/dead.letter... Saved message in /home/harry/dead.letter
   
the message has showed up on jtan within seconds of mailxing
  
I don't understand what happens here at the end.

Closing connection to [127.0.0.1]
 QUIT
221 2.0.0 2xd1.local.lan closing connection

Another second or two pass and the message shows up at jtan.com in the
procmail.log of incoming mail.
 


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/8738aqb642@reader.local.lan

Re: latest sendmail on testing

[Curt]

On 2014-05-18, Harry Putnam rea...@newsguy.com wrote:

|  rea...@newsguy.com... Deferred: 421 4.3.0 collect: Cannot
|  write ./dfs4IGodqZ004450 (bfcommit, uid=0, gid=122): No such file or
|  directory Closing connection to [127.0.0.1]
 `

 Where is sendmail trying to write?  Why is sendmail trying to write to
 something that does not exist?


Look for QueueDirectory in your sendmail.cf file?


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/slrnlnka2q.21q.cu...@einstein.electron.org

Re: latest sendmail on testing

[Harry Putnam]

Curt cu...@free.fr writes:

 On 2014-05-18, Harry Putnam rea...@newsguy.com wrote:

|  rea...@newsguy.com... Deferred: 421 4.3.0 collect: Cannot
|  write ./dfs4IGodqZ004450 (bfcommit, uid=0, gid=122): No such file or
|  directory Closing connection to [127.0.0.1]
 `

 Where is sendmail trying to write?  Why is sendmail trying to write to
 something that does not exist?


 Look for QueueDirectory in your sendmail.cf file?

Thank you sir... that was a very succinct pointer, and a direct hit.

Since posting that problem... I tried for the second time, a complete
uninstall of all of sendmail... including repeated --purge on conf
files.  Once all directories all pkgs and all conf were removed.

Reinstalled the whole works again.  This time, after moving the
problematic lines in sendmail.mc... and making a number of
customizations there... that is, I stuck in a configuration from
another debian box that has worked for several years and with fingers
crossed ... restarted sendmail.

By god... it worked.  So sendmail is now sending and receiving quietly
as it ought.

Thank you all for huge amounts of patience and a helpful spirit.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87iop18v07@newsguy.com

Re: latest sendmail on testing

[Harry Putnam]

Filip fi...@fbvnet.be writes:

 On Sat, 17 May 2014 17:08:10 -0400
 Harry Putnam rea...@newsguy.com wrote:

 Filip fi...@fbvnet.be writes:
 
 [...]
 
  I would have thought the install of a pkg would also create any
  needed directories for the pkg to operate.
  
  Is it normal for user to create these things?
 
 
  No, it's not normal. The post-install scripts should create a
  working initial configuration where it at least starts up.
 
  Try reinstalling with the --reinstall option.
 
  apt-get install sendmail --reinstall
  apt-get install sendmail-base --reinstall
  apt-get install sendmail-bin --reinstall
 
  Does that give any errors ?

Just those I mentioned that only required moving a few lines in sendmail.mc

However I'm still seeing something in the smtp conversation output about
not being able to write somewhere... The message is too damn cryptic be
very helpful. (see below).

If you are running version 4.14.4-5.. maybe you could post the perms on:

/var/spool/clientmqueue (Its a directory that should be created during
install but is not).  And:
/var/lib/sendmail (There should be another directory here named
/var/lib/sendmail/host_status but it didn't get created during install either)

----   ---=---   -   
Tail of smtp conversation:

250 2.0.0 Verbose mode
 MAIL From:rea...@rdr.local.lan SIZE=289 AUTH=rea...@rdr.local.lan
250 2.1.0 rea...@rdr.local.lan... Sender ok
 RCPT To:rea...@newsguy.com
 DATA
250 2.1.5 rea...@newsguy.com... Recipient ok
354 Enter mail, end with . on a line by itself
 .
421 4.3.0 collect: Cannot write ./dfs4IGodqZ004450 (bfcommit, uid=0, gid=122): 
No such file or directory
 QUIT
rea...@newsguy.com... Deferred: 421 4.3.0 collect: Cannot write 
./dfs4IGodqZ004450 (bfcommit, uid=0, gid=122): No such file or directory
Closing connection to [127.0.0.1]
----   ---=---   -   

I can't figure out where the damn thing is trying to write, perhaps the
root uid should be something else?

----   ---=---   -  

perms on /var/spool stuff:

total 32
drwxr-xr-x 2 rootroot4096 May 16 16:48 anacron

This one I created by hand and took the perms from the similar named
directory mqueue-client which did exist

*** drwxrws--- 2 smmsp   smmsp   4096 May 17 14:41 clientmqueue

drwxr-xr-x 5 rootroot4096 May 16 16:20 cron
drwxr-x--- 5 Debian-exim Debian-exim 4096 May 16 16:35 exim4
drwxr-xr-x 3 rootroot4096 May 16 16:18 libreoffice
lrwxrwxrwx 1 rootroot   7 May 16 15:47 mail - ../mail
drwxrws--- 2 smmta   smmsp   4096 Feb 15 19:32 mqueue
drwxrws--- 2 smmsp   smmsp   4096 May 18 12:50 mqueue-client
drwx-- 2 rootroot4096 Mar 28 08:10 rsyslog

----   ---=---   -  

ls -ld /var/lib/sendmail

I changed this to what you see, from:
  drwxr-s--x

  drwxrws--x 3 smmta smmsp 4096 May 18 12:49 /var/lib/sendmail

ls -l /var/lib/sendmail/
-rw-rw 1 root smmsp0 May 17 21:55 dead.letter
drwxrws--- 2 root smmsp 4096 May 18 12:49 host_status





-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/871tvr3tj5@newsguy.com

Re: latest sendmail on testing

[Filip]

On Sun, 18 May 2014 13:07:10 -0400
Harry Putnam rea...@newsguy.com wrote:

 Filip fi...@fbvnet.be writes:
 
  On Sat, 17 May 2014 17:08:10 -0400
  Harry Putnam rea...@newsguy.com wrote:
 
  Filip fi...@fbvnet.be writes:
  
  [...]
  
   I would have thought the install of a pkg would also create any
   needed directories for the pkg to operate.
   
   Is it normal for user to create these things?
  
  
   No, it's not normal. The post-install scripts should create a
   working initial configuration where it at least starts up.
  
   Try reinstalling with the --reinstall option.
  
   apt-get install sendmail --reinstall
   apt-get install sendmail-base --reinstall
   apt-get install sendmail-bin --reinstall
  
   Does that give any errors ?
 
 Just those I mentioned that only required moving a few lines in
 sendmail.mc
 
 However I'm still seeing something in the smtp conversation output
 about not being able to write somewhere... The message is too damn
 cryptic be very helpful. (see below).
 
 If you are running version 4.14.4-5.. maybe you could post the perms
 on:
 
 /var/spool/clientmqueue (Its a directory that should be created during
 install but is not).  And:
 /var/lib/sendmail (There should be another directory here named
 /var/lib/sendmail/host_status but it didn't get created during
 install either)
 
 ----   ---=---   -   
 Tail of smtp conversation:
 
 250 2.0.0 Verbose mode
  MAIL From:rea...@rdr.local.lan SIZE=289
  AUTH=rea...@rdr.local.lan
 250 2.1.0 rea...@rdr.local.lan... Sender ok
  RCPT To:rea...@newsguy.com
  DATA
 250 2.1.5 rea...@newsguy.com... Recipient ok
 354 Enter mail, end with . on a line by itself
  .
 421 4.3.0 collect: Cannot write ./dfs4IGodqZ004450 (bfcommit, uid=0,
 gid=122): No such file or directory
  QUIT
 rea...@newsguy.com... Deferred: 421 4.3.0 collect: Cannot
 write ./dfs4IGodqZ004450 (bfcommit, uid=0, gid=122): No such file or
 directory Closing connection to [127.0.0.1] ---
 -   ---=---   -   
 
 I can't figure out where the damn thing is trying to write, perhaps
 the root uid should be something else?
 
 ----   ---=---   -  
 
 perms on /var/spool stuff:
 
 total 32
 drwxr-xr-x 2 rootroot4096 May 16 16:48 anacron
 
 This one I created by hand and took the perms from the similar named
 directory mqueue-client which did exist
 
 *** drwxrws--- 2 smmsp   smmsp   4096 May 17 14:41
 clientmqueue
 
 drwxr-xr-x 5 rootroot4096 May 16 16:20 cron
 drwxr-x--- 5 Debian-exim Debian-exim 4096 May 16 16:35 exim4
 drwxr-xr-x 3 rootroot4096 May 16 16:18 libreoffice
 lrwxrwxrwx 1 rootroot   7 May 16 15:47 mail - ../mail
 drwxrws--- 2 smmta   smmsp   4096 Feb 15 19:32 mqueue
 drwxrws--- 2 smmsp   smmsp   4096 May 18 12:50 mqueue-client
 drwx-- 2 rootroot4096 Mar 28 08:10 rsyslog
 
 ----   ---=---   -  
 
 ls -ld /var/lib/sendmail
 
 I changed this to what you see, from:
   drwxr-s--x
 
   drwxrws--x 3 smmta smmsp 4096 May 18 12:49 /var/lib/sendmail
 
 ls -l /var/lib/sendmail/
 -rw-rw 1 root smmsp0 May 17 21:55 dead.letter
 drwxrws--- 2 root smmsp 4096 May 18 12:49 host_status
 
 
 
 
 

I have this:

drwxr-s--- 2 smmta smmsp 4096 May 18 19:46 /var/spool/mqueue
drwxrws--- 2 smmsp smmsp 4096 Feb 16 01:04 /var/spool/mqueue-client
drwxrwsrwt 2 root mail 4096 May 18 19:46 /var/mail
drwxr-s--x 2 smmta smmsp 4096 May 18 19:40 /var/lib/sendmail

mqueue-client instead of clientmqueue.

# dpkg -L sendmail-bin|grep client
/var/spool/mqueue-client

sendmail package version 8.14.4-5



-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20140518200525.5648e...@orac.fil