how to tell which process call sendmail
So, some idiot is using a cgi or php or something to send mail out of his website that he shouldn't be sending. With a bunch of sites on the server, can't tell who. System accounting can tell me that sendmail was executed 32,976 times, but is there a way to tell what process /file name called it each time? Since it's always called by the www user that doesn't help -- I need to distinguish between legit processes that call 5 or 10 in a day and the idiot who calls the other 31,000 times. Thanks! Glenn. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to tell which process call sendmail
Hi Glenn, I once wrote some (quick-and-dirty) perl script that monitors network traffic and logs (for matching outgoing connections) the process command line and (if apache) the respective vhost and request. But this would not help if they are calling the sendmail program directly to inject the message into mail queue. (Unverified guess: if you temporarily remove execute permissions on it, the execution error should probably be logged somewhere?). BTW most probably that is not your user as such, but rather some abused comment form or forum script or something like that. Best wishes Eugene -Original Message- From: Glenn McCalley Sent: Thursday, September 19, 2013 10:30 PM To: freebsd-questions@freebsd.org Subject: how to tell which process call sendmail So, some idiot is using a cgi or php or something to send mail out of his website that he shouldn't be sending. With a bunch of sites on the server, can't tell who. System accounting can tell me that sendmail was executed 32,976 times, but is there a way to tell what process /file name called it each time? Since it's always called by the www user that doesn't help -- I need to distinguish between legit processes that call 5 or 10 in a day and the idiot who calls the other 31,000 times. Thanks! Glenn. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: how to tell which process call sendmail
On 19/09/2013 19:30, Glenn McCalley wrote: So, some idiot is using a cgi or php or something to send mail out of his website that he shouldn't be sending. With a bunch of sites on the server, can't tell who. I had a similar problem, but some time back and I can't remember *exactly* what I did. It was something like pointing mailer.conf to my own program which did some logging and then called the real sendmail. Actually, I might just have hacked mailwrapper directly. I think there was some way I managed to cross-reference to the httpd logs, or that might be what I tried to do and failed. Sorry - this may not be helping much. Another approach might be to find some likely text in the outgoing message and do a recursive grep on /home. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Can sasl/sendmail Report IP Of Failed Access?
I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can sasl/sendmail Report IP Of Failed Access?
On Jun 4, 2013 9:00 AM, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org On Jun 4, 2013 9:00 AM, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- --- Tim Daneliuk ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org one idea is to run auth on a different service / machine on a non-standard port, that at least cuts down the noise from non-targetted scans. Waitman Gobble San Jose California USA ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can sasl/sendmail Report IP Of Failed Access?
On Tue, 04 Jun 2013 10:47:16 -0500, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. I don't use sendmail, but aren't the login attempts at least logged in maillog as well? If so, you could use fail2ban to ban them. We do this with postfix/exim/dovecot/etc. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can sasl/sendmail Report IP Of Failed Access?
On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can sasl/sendmail Report IP Of Failed Access?
On 06/04/2013 04:51 PM, Doug Hardie wrote: On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. Yes, I'd love a look at that, thanks. -- Tim Daneliuk tun...@tundraware.com PGP Key: http://www.tundraware.com/PGP/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can sasl/sendmail Report IP Of Failed Access?
On Tue, 4 Jun 2013, Doug Hardie wrote: On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. That sounds incredibly useful. Can you post it somewhere? -- Chris Hill ch...@monochrome.org ** [ Busy Expunging / ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Can sasl/sendmail Report IP Of Failed Access?
On Tue, 4 Jun 2013, Tim Daneliuk wrote: On 06/04/2013 04:51 PM, Doug Hardie wrote: On 4 June 2013, at 08:47, Tim Daneliuk tun...@tundraware.com wrote: I am seeing login dictionary attacks on a FreeBSD mail server being reported. Is there a way to determine the IPs that are doing this so they can be blocked at the firewall? auth.log only notes the attempted user name, not the IP of origin. -- I wrote some code to find the appropriate maillog entries which do include the IP addresses. It automagically adds the IP addresses to the pf blackhole table if certain criteria is met. The criteria is changeable. If you would like a copy, let me know. Yes, I'd love a look at that, thanks. sshguard is supposed to be capable of analyzing log files beyond just ssh. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Case sensitive usernames and sendmail - mystic voodoo
List, Step1: Make a new user:: root@localhost# pw useradd foo -m -s /bin/tcsh -h 0 password for user foo: (secret) Step 2: Does sendmail know them:: root@modunix# sendmail -bv foo@localhost foo@localhost... deliverable: mailer local, user foo # Good... Step 3: Make a new user with uppercase 'B':: root@localhost# pw useradd Bar -m -s /bin/tcsh -h 0 password for user Bar: (secret) Step 4: Does sendmail know them:: root@modunix# sendmail -bv Bar@localhost Bar@localhost... User unknown Curious, why? I know usernames are case-sensitive, I thought emails were too. Without fighting an epic battle with with the sendmail configs, is there a simple way to make this work? The obvious answer is probably, usernames should be lowercase! and for new users I'll enforce that policy. For existing users however, who may already have lots of case-sensitive usernames in various config files, etc this isn't a real option. By just altering their usernames I'm afraid I'd break the whole damn universe. How can I enable mail for them? Cheers! -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Case sensitive usernames and sendmail - mystic voodoo
Hi, On Sun, 26 May 2013 18:44:41 -0600 Modulok modu...@gmail.com wrote: List, Step1: Make a new user:: root@localhost# pw useradd foo -m -s /bin/tcsh -h 0 password for user foo: (secret) Step 2: Does sendmail know them:: root@modunix# sendmail -bv foo@localhost foo@localhost... deliverable: mailer local, user foo # Good... Step 3: Make a new user with uppercase 'B':: root@localhost# pw useradd Bar -m -s /bin/tcsh -h 0 password for user Bar: (secret) Step 4: Does sendmail know them:: root@modunix# sendmail -bv Bar@localhost Bar@localhost... User unknown Curious, why? I know usernames are case-sensitive, I thought emails were too. Without fighting an epic battle with with the sendmail configs, is there a simple way to make this work? The obvious answer is probably, usernames should be lowercase! and for new users I'll enforce that policy. For existing users however, who may already have lots of case-sensitive usernames in various config files, etc this isn't a real option. By just altering their usernames I'm afraid I'd break the whole damn universe. How can I enable mail for them? have you read this? http://www.linuxquestions.org/questions/linux-software-2/sendmail-unable-to-find-users-22290/ Erich ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Case sensitive usernames and sendmail - mystic voodoo
On Sun, 26 May 2013 18:44:41 -0600, Modulok wrote: I know usernames are case-sensitive, I thought emails were too. If I remember e-mail basics correctly: No. They're not. For example, f...@example.com, f...@example.com and f...@example.com and all upper/lowercase variations are the same as f...@example.com. For sending mail within a system and across systems, names in the passwd file have to be in conjunction with the respective mail queues for the users. Even foo and Foo can coexist (as soon as they have a different UID, reflecting the fact that two distinguishable users are intended), but regarding mail... that sounds problematic. Without fighting an epic battle with with the sendmail configs, is there a simple way to make this work? Use lowercase usernames only. Make it a convention. Verify it. The obvious answer is probably, usernames should be lowercase! and for new users I'll enforce that policy. For existing users however, who may already have lots of case-sensitive usernames in various config files, etc this isn't a real option. That's true, but didn't this approach get you in trouble earlier? By just altering their usernames I'm afraid I'd break the whole damn universe. This is quite possible. As you mentioned correctly, usernames with uppercase letters may already appear in config files. You _could_ check for each user below his $HOME for any appearing in a file and replace this, but that could cause trouble if something is stored in a Registry-like binary file. Regarding /etc/passwd, the home directory _may_ be a different name than the username, so those _pathnames_ in files should not require a change. But files mentioning _usernames_ will probably cause problems. How can I enable mail for them? Maybe it's possible to use /etc/mail/aliases? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Case sensitive usernames and sendmail - mystic voodoo
On Sun, May 26, 2013 at 6:17 PM, Polytropon free...@edvax.de wrote: On Sun, 26 May 2013 18:44:41 -0600, Modulok wrote: I know usernames are case-sensitive, I thought emails were too. If I remember e-mail basics correctly: No. They're not. For example, f...@example.com, f...@example.com and f...@example.com and all upper/lowercase variations are the same as f...@example.com. You remember incorrectly ;-) The local part of an address (before the @ sign) is case-sensitive (with the exception of postmas...@example.com) Everything to the right of the @ is indeed case insensitive, but everything to the left might be case sensitive, depending on local policy. This means you must preserve the case of everything to the left of the @ sign. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Case sensitive usernames and sendmail - mystic voodoo
On Sun, 26 May 2013 18:36:41 -0700, Michael Sierchio wrote: On Sun, May 26, 2013 at 6:17 PM, Polytropon free...@edvax.de wrote: On Sun, 26 May 2013 18:44:41 -0600, Modulok wrote: I know usernames are case-sensitive, I thought emails were too. If I remember e-mail basics correctly: No. They're not. For example, f...@example.com, f...@example.com and f...@example.com and all upper/lowercase variations are the same as f...@example.com. You remember incorrectly ;-) I checked again - and yes, it seems that my memory about the valid definition has changed to what is reality today, i. e. sendmail rewriting uppercase to lowercase prior to further processing. The local part of an address (before the @ sign) is case-sensitive (with the exception of postmas...@example.com) So it depends on how sendmail is configured that it does not matter today. Everything to the right of the @ is indeed case insensitive, but everything to the left might be case sensitive, depending on local policy. This means you must preserve the case of everything to the left of the @ sign. According to the link provided by Erich Dollansky, FreeBSD's default sendmail.cf setting of Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5 needs to be added the u option to the F= parameter to preserve the uppercase letters in the the left side (username) of the address. Maybe this additiion is required in other cf files containing Mlocal settings too? Of course it would be nice if there was a corresponding setting for the mc files which the cf files are usually generated from... -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Case sensitive usernames and sendmail - mystic voodoo
Everything to the right of the @ is indeed case insensitive, but everything to the left might be case sensitive, depending on local policy. This means you must preserve the case of everything to the left of the @ sign. According to the link provided by Erich Dollansky, FreeBSD's default sendmail.cf setting of Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5 needs to be added the u option to the F= parameter to preserve the uppercase letters in the the left side (username) of the address. Maybe this additiion is required in other cf files containing Mlocal settings too? Of course it would be nice if there was a corresponding setting for the mc files which the cf files are usually generated from... So, best practices aside, this would be a bug in the default config? (i.e. can I celebrate my bug-finding yet?) Cheers! -Modulok- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Case sensitive usernames and sendmail - mystic voodoo
On Sun, 26 May 2013 21:31:09 -0600, Modulok wrote: Everything to the right of the @ is indeed case insensitive, but everything to the left might be case sensitive, depending on local policy. This means you must preserve the case of everything to the left of the @ sign. According to the link provided by Erich Dollansky, FreeBSD's default sendmail.cf setting of Mlocal, P=/usr/libexec/mail.local, F=lsDFMAw5 needs to be added the u option to the F= parameter to preserve the uppercase letters in the the left side (username) of the address. Maybe this additiion is required in other cf files containing Mlocal settings too? Of course it would be nice if there was a corresponding setting for the mc files which the cf files are usually generated from... So, best practices aside, this would be a bug in the default config? No. A convention. :-) (i.e. can I celebrate my bug-finding yet?) Depends. If it's a _desired_ convention (because people regularly have problems with e-mail addresses and just don't care for upper and lower case), it's a good default setting. In _your_ case, it does not apply, because it introduces problems. So if you intend to make a local modification, that's no problem because you _can_ configure such things. This is the power that comes by the freedom of choice. You can celebrate this. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)
On 26/04/2013 16:51, jflowers wrote: All I want to do is have the MTA listen on 127.0.0.1 port 1025 and have no sendmail process listen on the server interface. That's being done by assp which proxies messages to 127.0.0.1:1025. Unfortunately, I haven't been able to figure out how to turn off the default. Sockstat shows: root sendmail 1672 4 tcp4 *:25 *:* root sendmail 1672 5 tcp6 *:25 *:* root sendmail 1672 6 tcp4 127.0.0.1:1025*:* root sendmail 1672 7 tcp4 111.222.333.444:587 *:* The relevant mc entries are: DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA') VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains') FEATURE(`no_default_msa') DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E') The MSA isn't strictly necessary now but I thought might have a future use. So, what am I missing? How do I turn *:25 off so that when assp goes down (as it frequently does) I'm not running an open relay (all user/domain validation is done in assp). Any pointers in the right direction appreciated. You pretty much already have the answer already. Add 'Addr=127.0.0.1' or 'Addr=::1' clauses to your first two DAEMON_OPTIONS lines. That will limit sendmail to listening on port 25 only on the loopback interface. Or indeed, remove those two lines entirely to leave sendmail only listening on port 587. This should not prevent sendmail from sending outgoing messages, but will prevent any incoming. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey JID: matt...@infracaninophile.co.uk signature.asc Description: OpenPGP digital signature
Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)
DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA') VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains') FEATURE(`no_default_msa') DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E') Thanks Matthew. Your second suggestion solved it for me. No default and I still have sendmail listening on port 1025 so it's just what I wanted. 'Wish I understood everything I know about that.' -- Jim Flowers jflow...@ezo.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)
On Sat, 27 Apr 2013, Matthew Seaman wrote: On 26/04/2013 16:51, jflowers wrote: All I want to do is have the MTA listen on 127.0.0.1 port 1025 and have no sendmail process listen on the server interface. That's being done by assp which proxies messages to 127.0.0.1:1025. Unfortunately, I haven't been able to figure out how to turn off the default. Sockstat shows: root sendmail 1672 4 tcp4 *:25 *:* root sendmail 1672 5 tcp6 *:25 *:* root sendmail 1672 6 tcp4 127.0.0.1:1025*:* root sendmail 1672 7 tcp4 111.222.333.444:587 *:* The relevant mc entries are: DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA') VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains') FEATURE(`no_default_msa') DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E') The MSA isn't strictly necessary now but I thought might have a future use. So, what am I missing? How do I turn *:25 off so that when assp goes down (as it frequently does) I'm not running an open relay (all user/domain validation is done in assp). Any pointers in the right direction appreciated. You pretty much already have the answer already. Add 'Addr=127.0.0.1' or 'Addr=::1' clauses to your first two DAEMON_OPTIONS lines. That will limit sendmail to listening on port 25 only on the loopback interface. Or indeed, remove those two lines entirely to leave sendmail only listening on port 587. This should not prevent sendmail from sending outgoing messages, but will prevent any incoming. If sendmail is listening on port 587, it will relay for any valid sender who can reach that port. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)
On 27/04/2013 17:43, doug wrote: DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E') If sendmail is listening on port 587, it will relay for any valid sender who can reach that port. You see where it says 'M=E' in that DAEMON_OPTIONS line? That should probably be changed to 'M=Ea' meaning 'require authentication'. That's usually the right thing to do for a message submission agent, and the use of authentication will allow senders to relay through the daemon without the usual anti-relaying checks. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)
2013-04-27 18:43, doug skrev: If sendmail is listening on port 587, it will relay for any valid sender who can reach that port. Only if it is listed in /etc/mail/access file. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sendmail 8.14.5/8.14.5 on fbsd-9.1R (EC2)
All I want to do is have the MTA listen on 127.0.0.1 port 1025 and have no sendmail process listen on the server interface. That's being done by assp which proxies messages to 127.0.0.1:1025. Unfortunately, I haven't been able to figure out how to turn off the default. Sockstat shows: root sendmail 1672 4 tcp4 *:25 *:* root sendmail 1672 5 tcp6 *:25 *:* root sendmail 1672 6 tcp4 127.0.0.1:1025*:* root sendmail 1672 7 tcp4 111.222.333.444:587 *:* The relevant mc entries are: DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') DAEMON_OPTIONS(`Port=1025, Addr=127.0.0.1, Name=MTA') VIRTUSER_DOMAIN_FILE(`/etc/mail/virtual-domains') FEATURE(`no_default_msa') DAEMON_OPTIONS(`Port=587, Addr= 111.222.333.444, Name=MSA, M=E') The MSA isn't strictly necessary now but I thought might have a future use. So, what am I missing? How do I turn *:25 off so that when assp goes down (as it frequently does) I'm not running an open relay (all user/domain validation is done in assp). Any pointers in the right direction appreciated. Thanks -- Jim Flowers jflow...@ezo.net ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fetchmail/sendmail: Domain of sender address does not exist
Anton Shterenlikht me...@bristol.ac.uk wrote: I sometimes see fetchmail complain: fetchmail: SMTP error: 553 5.1.8 ad...@system.mail... Domain of sender address ad...@system.mail does not exist Add FEATURE(accept_unresolvable_domains) to your sendmail configuration. -- Christian naddy Weisgerber na...@mips.inka.de ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fetchmail/sendmail: Domain of sender address does not exist
From free...@edvax.de Fri Mar 8 07:50:06 2013 On Thu, 7 Mar 2013 21:55:57 GMT, Anton Shterenlikht wrote: And Matthias already helped me sort it out. Could you write to the list how you solved the problem? http://lists.freebsd.org/pipermail/freebsd-ports/2013-March/081919.html Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
fetchmail/sendmail: Domain of sender address does not exist
I'm running sendmail, and using fetchmail to fetch my mail from the university IMAP server. I sometimes see fetchmail complain: fetchmail: SMTP error: 553 5.1.8 ad...@system.mail... Domain of sender address ad...@system.mail does not exist And this is doubled in /var/log/maillog: sm-mta[14642]: r270BO3L014642: ruleset=check_mail, arg1=ad...@system.mail, relay=localhost [127.0. 0.1], reject=553 5.1.8 ad...@system.mail... Domain of sender address ad...@system.mail does not exist How do I set fetchmail and sendmail to fetch such emails? Thanks Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fetchmail/sendmail: Domain of sender address does not exist
On Thu, 7 Mar 2013 09:40:47 GMT, Anton Shterenlikht wrote: How do I set fetchmail and sendmail to fetch such emails? Maybe it helps if you add the options fetchall flush to your .fetchmailrc configuration file? I've had a similar problem some years ago and I think this was the solution. See man fetchmail for the corresponding command line options (and you could probably add -v to see what's actually going on). -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fetchmail/sendmail: Domain of sender address does not exist
On Thu, Mar 07, 2013 at 09:40:47AM +, Anton Shterenlikht wrote: I'm running sendmail, and using fetchmail to fetch my mail from the university IMAP server. I sometimes see fetchmail complain: fetchmail: SMTP error: 553 5.1.8 ad...@system.mail... Domain of sender address ad...@system.mail does not exist And this is doubled in /var/log/maillog: sm-mta[14642]: r270BO3L014642: ruleset=check_mail, arg1=ad...@system.mail, relay=localhost [127.0. 0.1], reject=553 5.1.8 ad...@system.mail... Domain of sender address ad...@system.mail does not exist How do I set fetchmail and sendmail to fetch such emails? You might want to try out the mail/fdm port instead of fetchmail. I have found fetchmail to be obtuse and cantankerous; I stopped using it a long time ago. -- Chad Perrin [ original content licensed OWL: http://owl.apotheon.org ] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fetchmail/sendmail: Domain of sender address does not exist
Date: Thu, 7 Mar 2013 13:48:45 -0700 From: Chad Perrin per...@apotheon.com To: freebsd-questions@freebsd.org Subject: Re: fetchmail/sendmail: Domain of sender address does not exist On Thu, Mar 07, 2013 at 09:40:47AM +, Anton Shterenlikht wrote: I'm running sendmail, and using fetchmail to fetch my mail from the university IMAP server. I sometimes see fetchmail complain: fetchmail: SMTP error: 553 5.1.8 ad...@system.mail... Domain of sender address ad...@system.mail does not exist And this is doubled in /var/log/maillog: sm-mta[14642]: r270BO3L014642: ruleset=check_mail, arg1=ad...@system.mail, relay=localhost [127.0. 0.1], reject=553 5.1.8 ad...@system.mail... Domain of sender address ad...@system.mail does not exist How do I set fetchmail and sendmail to fetch such emails? You might want to try out the mail/fdm port instead of fetchmail. I have found fetchmail to be obtuse and cantankerous; I stopped using it a long time ago. No, I think fetchmail's great! And Matthias already helped me sort it out. Thanks for the advice anyway. Anton ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: fetchmail/sendmail: Domain of sender address does not exist
On Thu, 7 Mar 2013 21:55:57 GMT, Anton Shterenlikht wrote: And Matthias already helped me sort it out. Could you write to the list how you solved the problem? I think it would be interesting to those running into similar problems. I remember that in the end, my clever solution involved logging into the ugly webmailer of my ISP and deleting the few offending messages manually. It should be easier than that. :-) Thanks in advance. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
buildowrld fails in sendmail
On a system running: FreeBSD 10.0-CURRENT #0: Sun Dec 30 12:52:09 EST 2012 amd64 make buildworld fails with this: cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sysexits.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/timers.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/tls.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/trace.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/udb.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/usersmtp.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/usersmtp.c:1797:50: error: incompatible pointer types passing 'void ()' to parameter of type 'void (*)(char *, bool, MAILER *, struct mailer_con_info *, ENVELOPE *)' [-Werror,-Wincompatible-pointer-types] smtpresult = reply(m, mci, e, TimeOuts.to_auth, getsasldata, NULL, ^~~ /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:2519:67: note: passing argument to parameter here extern int reply __P((MAILER *, MCI *, ENVELOPE *, time_t, void (*)__P((char *, bool, MAILER *, MCI *, ENVELOPE *)), char **, int)); ^ /usr/obj/usr/src/tmp/usr/include/sys/cdefs.h:136:21: note: expanded from macro '__P' #define __P(protos) protos /* full-blown ANSI C */ ^ /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/usersmtp.c:1842:9: error: incompatible pointer types passing 'void ()' to parameter of type
Re: buildowrld fails in sendmail
Em Sex, 2013-03-01 às 16:46 -0500, Robert Huff escreveu: On a system running: FreeBSD 10.0-CURRENT #0: Sun Dec 30 12:52:09 EST 2012 amd64 make buildworld fails with this: My solution is to edit /etc/src.conf like this: MALLOC_PRODUCTION=yes WITH_BSDCONFIG=yes WITH_BSD_PATCH=yes WITH_ICONV=yes WITH_IDEA=yes WITHOUT_PKGTOOLS=yes WARNS=2 NO_WERROR=yes and make buildworld again... You can use all the options, but for sendmail only the last 2 are significant... It works for me ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: buildowrld fails in sendmail
Hi, Reference: From: Robert Huff roberth...@rcn.com Date: Fri, 1 Mar 2013 16:46:17 -0500 Message-id: 20785.8617.401737.814...@jerusalem.litteratus.org Robert Huff wrote: On a system running: FreeBSD 10.0-CURRENT #0: Sun Dec 30 12:52:09 EST 2012 amd64 make buildworld fails with this: cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sysexits.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/timers.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/tls.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/trace.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/udb.c cc -O -pipe -g -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/src -I/usr/src/usr.sbin/sendmail/../../contrib/sendmail/include -I. -DNEWDB -DNIS -DTCPWRAPPERS -DMAP_REGEX -DDNSMAP -DNETINET6 -DSTARTTLS -D_FFR_TLS_1 -I/usr/local/include/ -DSASL=2 -std=gnu99 -Qunused-arguments -fstack-protector -Wsystem-headers -Werror -Wno-pointer-sign -Wno-empty-body -Wno-string-plus-int -Wno-tautological-compare -Wno-unused-value -Wno-parentheses-equality -Wno-unused-function -Wno-conversion -Wno-switch -Wno-switch-enum -Wno-knr-promoted-parameter -Wno-parentheses -c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/usersmtp.c /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/usersmtp.c:1797:50: error: incompatible pointer types passing 'void ()' to parameter of type 'void (*)(char *, bool, MAILER *, struct mailer_con_info *, ENVELOPE *)' [-Werror,-Wincompatible-pointer-types] smtpresult = reply(m, mci, e, TimeOuts.to_auth, getsasldata, NULL, ^~~ /usr/src/usr.sbin/sendmail/../../contrib/sendmail/src/sendmail.h:2519:67: note: passing argument to parameter here extern int reply __P((MAILER *, MCI *, ENVELOPE *, time_t, void (*)__P((char *, bool, MAILER *, MCI *, ENVELOPE *)), char **, int)); ^ /usr/obj/usr/src/tmp/usr/include/sys/cdefs.h:136:21: note
Re: Sendmail relaying for Intranet?
On 13/02/2013 09:50, Bernt Hansson wrote: dnl define(`SMART_HOST', `your.isp.mail.server') on your intranet machine and put in your inet machine name. Switching to postfix and editing mynetworks in main.cf might be simplest solution. Peter ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail relaying for Intranet?
On Wed, Feb 13, 2013 at 12:47 AM, Zyumbilev, Peter pe...@aboutsupport.com wrote: On 13/02/2013 09:50, Bernt Hansson wrote: dnl define(`SMART_HOST', `your.isp.mail.server') on your intranet machine and put in your inet machine name. Switching to postfix and editing mynetworks in main.cf might be simplest solution. Peter ___ That looks like would only take care of outbound mail, but what about incoming mail? Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail relaying for Intranet?
2013-02-14 03:07, Chris Maness skrev: On Wed, Feb 13, 2013 at 12:47 AM, Zyumbilev, Peter pe...@aboutsupport.com wrote: On 13/02/2013 09:50, Bernt Hansson wrote: dnl define(`SMART_HOST', `your.isp.mail.server') on your intranet machine and put in your inet machine name. That looks like would only take care of outbound mail, but what about incoming mail? You mean incoming to the relay or your other machine? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sendmail relaying for Intranet?
I have a FreeBSD box running sendmail that can see the whole internet. I have another mail server that hosts mail for an intranet. It does not have access to the i-net. I think I remember reading that it is possible for the i-net attached sendmail to relay mail for a domain to another host. Is there an easy answer and configuration for this? If not, no biggy since this exercise is more academic than a necessity. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail relaying for Intranet?
On 02/12/2013 12:54, Chris Maness wrote: I have a FreeBSD box running sendmail that can see the whole internet. I have another mail server that hosts mail for an intranet. It does not have access to the i-net. I think I remember reading that it is possible for the i-net attached sendmail to relay mail for a domain to another host. Is there an easy answer and configuration for this? If not, no biggy since this exercise is more academic than a necessity. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org in sendmail.cf on the host to be your relay, check for DS and use it like this: DS relayhost.domain.com in sendmail.cf on the hosts which will be relaying, use the DS command but point them to your new relay host. hope this helps. Dave -- Dave Robison Sales Solution Architect II FIS Banking Solutions 510/621-2089 (w) 530/518-5194 (c) 510/621-2020 (f) da...@vicor.com david.robi...@fisglobal.com _ The information contained in this message is proprietary and/or confidential. If you are not the intended recipient, please: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. In addition, please be aware that any message addressed to our domain is subject to archiving and review by persons other than the intended recipient. Thank you. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail relaying for Intranet?
On Tue, Feb 12, 2013 at 3:05 PM, Robison, Dave david.robi...@fisglobal.com wrote: On 02/12/2013 12:54, Chris Maness wrote: I have a FreeBSD box running sendmail that can see the whole internet. I have another mail server that hosts mail for an intranet. It does not have access to the i-net. I think I remember reading that it is possible for the i-net attached sendmail to relay mail for a domain to another host. Is there an easy answer and configuration for this? If not, no biggy since this exercise is more academic than a necessity. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org in sendmail.cf on the host to be your relay, check for DS and use it like this: DS relayhost.domain.com in sendmail.cf on the hosts which will be relaying, use the DS command but point them to your new relay host. hope this helps. Dave Dave, how would I add this to the MC file instead of the CF file? I usually rebuild these after an upgrade or a configuration change, and I would rather do it in the MC file for that reason. Thanks, Chris Maness ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail relaying for Intranet?
2013-02-13 06:30, Chris Maness skrev: On Tue, Feb 12, 2013 at 3:05 PM, Robison, Dave david.robi...@fisglobal.com wrote: On 02/12/2013 12:54, Chris Maness wrote: I have a FreeBSD box running sendmail that can see the whole internet. I have another mail server that hosts mail for an intranet. It does not have access to the i-net. I think I remember reading that it is possible for the i-net attached sendmail to relay mail for a domain to another host. Is there an easy answer and configuration for this? If not, no biggy since this exercise is more academic than a necessity. Thanks, Chris Maness in sendmail.cf on the host to be your relay, check for DS and use it like this: DS relayhost.domain.com in sendmail.cf on the hosts which will be relaying, use the DS command but point them to your new relay host. hope this helps. Dave Dave, how would I add this to the MC file instead of the CF file? I usually rebuild these after an upgrade or a configuration change, and I would rather do it in the MC file for that reason. Thanks, Chris Maness Look in /etc/mail/your-hosts-name.mc for this line dnl define(`SMART_HOST', `your.isp.mail.server') on your intranet machine and put in your inet machine name. You also need to edit /etc/mail/access on your relay to allow to relay for your itranet machine. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
Progress has been made. After looking into several things, I can now send mail successfully. However, delivery to local mailboxes is still blocked. sm-mta reports accepting connections, but maillog is still full of: jerusalem sm-mta[28896]: r05KsfdB048780: smtpquit: mailer local exited with exit value 1 jerusalem sm-mta[28896]: r05KsfdB048780: to=huff@localhost, delay=2+18:16:27, xdelay=00:00:00, \ mailer=local, pri=56791038, relay=local, dsn=4.4.2, stat=Deferred: Connection reset by local So close, and yet so far. What next? Is there a -d setting which will get to the heart of this? Respectfully, ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
On 1/8/2013 2:04 PM, Robert Bonomi wrote: WHAT HAPPENS when you 'telnet' to your mailserver port(s) and try doing smtp transaction(s) manually? I don't get the SMTP prompt. Insufficient data a) does telnet say connected? Yes. b) if yes, how long did you wait for the banner? (if there's a DNS problem, it can be 90 seconds befre the banner line) Good catch - yes sendmail does seem to be hooked to port 25. Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward /home/huff/.forward.jerusalem+: Group writable directory Supposedly you fixed the above problem. But sendmail disagrees. wry grin check permissions on / /home and /home/huff Exactly. I fixed the file permissions, but not those on /home/huff. Permissions are now 755. Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward /home/huff/.forward+: Group writable directory Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward /home/huff/.forward.jerusalem: Group writable directory Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward /home/huff/.forward: Group writable directory Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: smtpquit: mailer local exited with exit value 1 Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: to=huff@localhost, delay=2+18:16:27, xdelay=00:00:00, mailer=local, pri=56791038, relay=local, dsn=4.4.2, stat=Deferred: Connection reset by local ok, it's been trying to deliver for nearly three days. with local delivery (program mail.local) failing. mail.local can fail for a number of reasons that shouldn't happen. check permissions on the mailbox directory also owner/permissions on the mailbox, for starters. /var/mail is owned by root:mail with permissions 775 /var/spool/mqueue is owned by root:daemon with permissions 755 maildir quota set?? No. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
On Thu, 10 Jan 2013 11:30:01 -0500,
Robert Huff roberth...@rcn.com said:
R After looking into several things, I can now send mail successfully.
R However, delivery to local mailboxes is still blocked. sm-mta reports
R accepting connections, but maillog is still full of:
R jerusalem sm-mta[28896]: r05KsfdB048780: smtpquit: mailer local exited
R with exit value 1
Can you temporarily replace your local mailer?
you% cd /where/ever
you% mv localmailer localmailer.bin
Then use something like this in its place:
#!/bin/sh
/usr/bin/truss -f -o /tmp/local$$ /where/ever/localmailer.bin ${1+$@}
exit 0
--
Karl Vogel I don't speak for the USAF or my company
He fell for her like his heart was a mob informant, and she was the
East River. --bizarre expressions found in English papers
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
Karl Vogel writes: R After looking into several things, I can now send mail successfully. R However, delivery to local mailboxes is still blocked. sm-mta reports R accepting connections, but maillog is still full of: R jerusalem sm-mta[28896]: r05KsfdB048780: smtpquit: mailer local exited R with exit value 1 Can you temporarily replace your local mailer? I found the problem - mail.local exiting because it couldn't load libsasl2.so.2 - and worked around by adding an entry in libmap pointing to .3. This is (obviously) not the final solution, and I am trying to figure out how to recompile mail.local to fix this. Recompiling all of sendmail didn't seem to catch it Thanks, Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
From owner-freebsd-questi...@freebsd.org Thu Jan 10 17:04:06 2013 From: Robert Huff roberth...@rcn.com Date: Thu, 10 Jan 2013 18:00:42 -0500 To: freebsd-questions@freebsd.org Subject: Re: sendmail not working Karl Vogel writes: R After looking into several things, I can now send mail successfully. R However, delivery to local mailboxes is still blocked. sm-mta reports R accepting connections, but maillog is still full of: R jerusalem sm-mta[28896]: r05KsfdB048780: smtpquit: mailer local exited R with exit value 1 Can you temporarily replace your local mailer? I found the problem - mail.local exiting because it couldn't load libsasl2.so.2 - and worked around by adding an entry in libmap pointing to .3. This is (obviously) not the final solution, and I am trying to figure out how to recompile mail.local to fix this. Recompiling all of sendmail didn't seem to catch it Go to the dir where the sendmail sources live. there will be subdirs named (among others) doc, sendmail, and mail.local. cd to mail.local, then run: make clean make ldd mail.local #to confirm the libs used then make install Thanks, Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
On 1/7/2013 11:48 PM, Gary Aitken wrote: On 01/07/13 19:45, Robert Huff wrote: I have compiled sendmail following the instructions in the cyrus-sasl port. Sendmail starts, but no mail is processed either way. /var/log/maillog has this: Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: forward /home/huff/.forward: Group writable directory Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: smtpquit: mailer local exited with exit value 1 Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: to=huff@localhost, delay=2+05:11:25, xdelay=00:00:00, mailer=local, pri=52831038, relay=local, dsn=4.4.2, stat=Deferred: Connection reset by local The sendmail.cf and submit.cf are attached. Any idea what I've screwed up, or my next step in finding out? No clue, except the first message might be saying it's not going to honor anything from .forward because it's in a group writable directory which would be considered a security issue. Try making /home/huff group read only? Done. Restarted sendmail (all parts). Still no mail processed. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
On 08.01.2013 07:39, Robert Huff wrote: On 1/7/2013 11:48 PM, Gary Aitken wrote: On 01/07/13 19:45, Robert Huff wrote: I have compiled sendmail following the instructions in the cyrus-sasl port. Sendmail starts, but no mail is processed either way. /var/log/maillog has this: Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: forward /home/huff/.forward: Group writable directory Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: smtpquit: mailer local exited with exit value 1 Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: to=huff@localhost, delay=2+05:11:25, xdelay=00:00:00, mailer=local, pri=52831038, relay=local, dsn=4.4.2, stat=Deferred: Connection reset by local The sendmail.cf and submit.cf are attached. Any idea what I've screwed up, or my next step in finding out? No clue, except the first message might be saying it's not going to honor anything from .forward because it's in a group writable directory which would be considered a security issue. Try making /home/huff group read only? Done. Restarted sendmail (all parts). Still no mail processed. Are you forwarding to an email address (full address with @ sign or just a local account)? If to a local account, is this account new (no email ever)? If so, what is the mode of the directory in which local mbox's are stored? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
From owner-freebsd-questi...@freebsd.org Tue Jan 8 07:43:00 2013 Date: Tue, 08 Jan 2013 08:39:39 -0500 From: Robert Huff roberth...@rcn.com To: freebsd-questions@freebsd.org, free...@dreamchaser.org, Robert Huff roberth...@rcn.com Subject: Re: sendmail not working On 1/7/2013 11:48 PM, Gary Aitken wrote: On 01/07/13 19:45, Robert Huff wrote: I have compiled sendmail following the instructions in the cyrus-sasl port. Sendmail starts, but no mail is processed either way. /var/log/maillog has this: No clue, except the first message might be saying it's not going to honor anything from .forward because it's in a group writable directory which would be considered a security issue. Try making /home/huff group read only? Done. Restarted sendmail (all parts). Still no mail processed. It is a well-known fact that one horse can run faster than another. But _which_ horse? Details are IMPORTANT! WHAT HAPPENS when you -try- to send an email _out_? Do you get an error email? Does it show in the outbound mail queue? (if it's in the queue, look at the qf* file, to see why it is deferred.) What do the sendmail log messages say? WHAT HAPPENS when somebody -tries- to send an email _in_ from somewhere else? Do they get an error email? Does it show in their outbound mail queue? What do your sendmail log messages say? WHAT HAPPENS when you 'telnet' to your mailserver port(s) and try doing smtp transaction(s) manually? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
On 1/8/2013 9:18 AM, Robert Bonomi wrote:
I have compiled sendmail following the instructions in the
cyrus-sasl port. Sendmail starts, but no mail is processed either
way. /var/log/maillog has this:
No clue, except the first message might be saying it's not going to
honor anything from .forward because it's in a group writable directory
which would be considered a security issue. Try making /home/huff
group read only?
Done. Restarted sendmail (all parts). Still no mail processed.
WHAT HAPPENS when you 'telnet' to your mailserver port(s) and try
doing smtp transaction(s) manually?
I don't get the SMTP prompt.
WHAT HAPPENS when you -try- to send an email _out_?
Do you get an error email?
No.
Does it show in the outbound mail queue?
(if it's in the queue, look at the qf* file, to see why it is deferred.)
In /var/spool/mqueue:
V8
T1357573913
K1357659459
N175
P15690892
I0/111/1420867
Mreply: read error from local
Fws
$_localhost [127.0.0.1]
$rESMTP
$sjerusalem.litteratus.org
${daemon_flags}
${if_addr}127.0.0.1
Sh...@jerusalem.litteratus.org
A
MDeferred: Connection reset by local
rRFC822; h...@jerusalem.litteratus.org
RPFD:h...@jerusalem.litteratus.org
H?P?Return-Path: g
H??Received: from jerusalem.litteratus.org (localhost [127.0.0.1])
by jerusalem.litteratus.org (8.14.6/8.14.6) with ESMTP id r07FoGPd052948
for h...@jerusalem.litteratus.org; Mon, 7 Jan 2013 10:51:53 -0500
(EST)
(envelope-from h...@jerusalem.litteratus.org)
H?x?Full-Name: Robert Huff
H??Received: (from root@localhost)
by jerusalem.litteratus.org (8.14.6/8.14.6/Submit) id r07FoGrl052947
for huff; Mon, 7 Jan 2013 10:50:16 -0500 (EST)
(envelope-from huff)
H??Date: Mon, 7 Jan 2013 10:50:16 -0500 (EST)
H??From: Robert Huff h...@jerusalem.litteratus.org
H??Message-Id: 201301071550.r07fogrl052...@jerusalem.litteratus.org
H??To: undisclosed-recipients:;
H??X-Spam-Status: No, score=4.3 required=5.0
tests=ALL_TRUSTED,EMPTY_MESSAGE,
MISSING_HEADERS,MISSING_SUBJECT autolearn=no version=3.3.2
H??X-Spam-Level:
H??X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
jerusalem.litteratus.org
What do the sendmail log messages say?
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward
/home/huff/.forward.jerusalem+: Group writable directory
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward
/home/huff/.forward+: Group writable directory
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward
/home/huff/.forward.jerusalem: Group writable directory
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward
/home/huff/.forward: Group writable directory
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: smtpquit:
mailer local exited with exit value 1
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780:
to=huff@localhost, delay=2+18:16:27, xdelay=00:00:00, mailer=local,
pri=56791038, relay=local, dsn=4.4.2, stat=Deferred: Connection reset by
local
Robert Huff
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
On Jan 8, 2013, at 9:09 AM, Robert Huff wrote: WHAT HAPPENS when you 'telnet' to your mailserver port(s) and try doing smtp transaction(s) manually? I don't get the SMTP prompt. OK, so sendmail either isn't starting, isn't binding to port 25, or some sort of network/firewall issue is blocking the connection. You should see a log entry like: sendmail[]: starting daemon (8.14.6): SMTP+queueing@01:00:00 ...and netstat -an | grep 25 (or similar with lsof) should find a LISTENing process on the port. What do the sendmail log messages say? Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward /home/huff/.forward.jerusalem+: Group writable directory Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward /home/huff/.forward+: Group writable directory Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward /home/huff/.forward.jerusalem: Group writable directory Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward /home/huff/.forward: Group writable directory Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: smtpquit: mailer local exited with exit value 1 Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: to=huff@localhost, delay=2+18:16:27, xdelay=00:00:00, mailer=local, pri=56791038, relay=local, dsn=4.4.2, stat=Deferred: Connection reset by local You either need to fix the permissions by running something like: chmod go-w / /home /home/huff /etc /etc/mail ...or you can add something like the following to your sendmail.cf: O DontBlameSendmail=ForwardFileInGroupWritableDirPath Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
From owner-freebsd-questi...@freebsd.org Tue Jan 8 11:12:57 2013
Date: Tue, 08 Jan 2013 12:09:36 -0500
From: Robert Huff roberth...@rcn.com
To: Robert Bonomi bon...@mail.r-bonomi.com
Subject: Re: sendmail not working
Cc: freebsd-questions@freebsd.org
On 1/8/2013 9:18 AM, Robert Bonomi wrote:
I have compiled sendmail following the instructions in the
cyrus-sasl port. Sendmail starts, but no mail is processed
either way. /var/log/maillog has this:
No clue, except the first message might be saying it's not going to
honor anything from .forward because it's in a group writable
directory which would be considered a security issue. Try making
/home/huff group read only?
Done. Restarted sendmail (all parts). Still no mail processed.
WHAT HAPPENS when you 'telnet' to your mailserver port(s) and try
doing smtp transaction(s) manually?
I don't get the SMTP prompt.
Insufficient data
a) does telnet say connected?
b) if yes, how long did you wait for the banner?
(if there's a DNS problem, it can be 90 seconds befre the banner line)
For testing, consider running sendmail in -foreground (not as a daemon) with
the debug level turned up.
WHAT HAPPENS when you -try- to send an email _out_?
Do you get an error email?
No.
Does it show in the outbound mail queue?
(if it's in the queue, look at the qf* file, to see why it is
deferred.)
In /var/spool/mqueue:
V8 T1357573913 K1357659459 N175 P15690892 I0/111/1420867 Mreply: read
error from local Fws
$_localhost [127.0.0.1]
$rESMTP
$sjerusalem.litteratus.org
${daemon_flags}
${if_addr}127.0.0.1
Sh...@jerusalem.litteratus.org A MDeferred: Connection reset by local
rRFC822; h...@jerusalem.litteratus.org
RPFD:h...@jerusalem.litteratus.org H?P?Return-Path: A g H??Received:
from jerusalem.litteratus.org (localhost [127.0.0.1])
by jerusalem.litteratus.org (8.14.6/8.14.6) with ESMTP id r07FoGPd052948
for h...@jerusalem.litteratus.org; Mon, 7 Jan 2013 10:51:53 -0500
(EST)
(envelope-from h...@jerusalem.litteratus.org)
H?x?Full-Name: Robert Huff H??Received: (from root@localhost) by
jerusalem.litteratus.org (8.14.6/8.14.6/Submit) id r07FoGrl052947 for
huff; Mon, 7 Jan 2013 10:50:16 -0500 (EST)
(envelope-from huff)
H??Date: Mon, 7 Jan 2013 10:50:16 -0500 (EST) H??From: Robert Huff
h...@jerusalem.litteratus.org H??Message-Id:
201301071550.r07fogrl052...@jerusalem.litteratus.org H??To:
undisclosed-recipients:; H??X-Spam-Status: No, score=4.3 required=5.0
tests=ALL_TRUSTED,EMPTY_MESSAGE, MISSING_HEADERS,MISSING_SUBJECT
autolearn=no version=3.3.2 H??X-Spam-Level:
H??X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on
jerusalem.litteratus.org
What do the sendmail log messages say?
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward
/home/huff/.forward.jerusalem+: Group writable directory
Supposedly you fixed the above problem. But sendmail disagrees. wry grin
check permissions on / /home and /home/huff if any are symlinks,
check the 'pointed-to' directory as well.
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward
/home/huff/.forward+: Group writable directory
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward
/home/huff/.forward.jerusalem: Group writable directory
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: forward
/home/huff/.forward: Group writable directory
Jan 8 10:12:44 jerusalem sm-mta[28896]: r05KsfdB048780: smtpquit: mailer
local exited with exit value 1 Jan 8 10:12:44 jerusalem sm-mta[28896]:
r05KsfdB048780: to=huff@localhost, delay=2+18:16:27, xdelay=00:00:00,
mailer=local, pri=56791038, relay=local, dsn=4.4.2, stat=Deferred:
Connection reset by local
ok, it's been trying to deliver for nearly three days. with local delivery
(program mail.local) failing.
mail.local can fail for a number of reasons that shouldn't happen.
check permissions on the mailbox directory also owner/permissions on the
mailbox, for starters. maildir quota set??
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail not working
On 01/07/13 19:45, Robert Huff wrote: On a system running: FreeBSD 10.0-CURRENT #0: Sun Dec 30 12:52:09 EST 2012 amd64 I have compiled sendmail following the instructions in the cyrus-sasl port. Sendmail starts, but no mail is processed either way. /var/log/maillog has this: Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: forward /home/huff/.forward: Group writable directory Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: smtpquit: mailer local exited with exit value 1 Jan 7 21:07:42 jerusalem sm-mta[69792]: r05KsfdB048780: to=huff@localhost, delay=2+05:11:25, xdelay=00:00:00, mailer=local, pri=52831038, relay=local, dsn=4.4.2, stat=Deferred: Connection reset by local The sendmail.cf and submit.cf are attached. Any idea what I've screwed up, or my next step in finding out? No clue, except the first message might be saying it's not going to honor anything from .forward because it's in a group writable directory which would be considered a security issue. Try making /home/huff group read only? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
update to SASL breaks sendmail
I have followed the canonical procedure to get Sendmail to use SASL. Yesterday this worked. This morning I updated cyrus-sasl to the latest version, which bumps the library version from .2 to ,3. This appears to break sendmail in at least two places. I have added a mapping in libmap.conf ... which seems to work ... but I'm pretty sure that's Not The Right Thing. What is? Respectfully, Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: update to SASL breaks sendmail
In the last episode (Jan 05), Robert Huff said: I have followed the canonical procedure to get Sendmail to use SASL. Yesterday this worked. This morning I updated cyrus-sasl to the latest version, which bumps the library version from .2 to ,3. This appears to break sendmail in at least two places. I have added a mapping in libmap.conf ... which seems to work ... but I'm pretty sure that's Not The Right Thing. What is? Rebuild sendmail so that it links against the updated sasl libraries, or make sure to preserve old shared libraries when upgrading packages. This isn't sendmail or sasl-specific; it's standard procedure when you upgrade any port that installs shlibs that other ports depend on. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: update to SASL breaks sendmail
On 1/5/2013 8:30 PM, Dan Nelson wrote: In the last episode (Jan 05), Robert Huff said: This morning I updated cyrus-sasl to the latest version, which bumps the library version from .2 to ,3. This appears to break sendmail in at least two places. I have added a mapping in libmap.conf ... which seems to work ... but I'm pretty sure that's Not The Right Thing. What is? Rebuild sendmail so that it links against the updated sasl libraries, or make sure to preserve old shared libraries when upgrading packages. I know how to build world; what is the correct way of building/installing just sendmail and making sure I get the right libraries? (The information in /usr/ports/security/cyrus-sasl/files/Sendmail.readme doesn't appear to apply.) Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: update to SASL breaks sendmail
In the last episode (Jan 05), Robert Huff said: On 1/5/2013 8:30 PM, Dan Nelson wrote: In the last episode (Jan 05), Robert Huff said: This morning I updated cyrus-sasl to the latest version, which bumps the library version from .2 to ,3. This appears to break sendmail in at least two places. I have added a mapping in libmap.conf ... which seems to work ... but I'm pretty sure that's Not The Right Thing. What is? Rebuild sendmail so that it links against the updated sasl libraries, or make sure to preserve old shared libraries when upgrading packages. I know how to build world; what is the correct way of building/installing just sendmail and making sure I get the right libraries? (The information in /usr/ports/security/cyrus-sasl/files/Sendmail.readme doesn't appear to apply.) Base sendmail doesn't link with sasl by default. If you had edited Makefiles or make.conf to enable that, running make clean all install clean in /usr/src/usr.sbin/sendmail/ should build and install just the new sendmail. Or, if you had installed the mail/sendmail port with sasl enabled, force-upgrade that port using your favorite method. -- Dan Nelson dnel...@allantgroup.com ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: update to SASL breaks sendmail
On 1/5/2013 8:55 PM, Dan Nelson wrote: Base sendmail doesn't link with sasl by default. If you had edited Makefiles or make.conf to enable that, running make clean all install clean in /usr/src/usr.sbin/sendmail/ should build and install just the new sendmail. Or, if you had installed the mail/sendmail port with sasl enabled, force-upgrade that port using your favorite method. Good news: Rebuilt sendmail per above, and it starts without complaining. Bad news: Mail is not flowing in or out. Looking at /var/log/maillog, I'm guessing this has to do with the line: sm-mta: smtpquit: mailer local exited with exit value 1 It also complains about my .forward being group-writable, when it is 750. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sendmail local-host-names questions
Sorry if this is a bit off topic; couldn't find an answer on the net anywhere and sendmail.org seems to be non-functional unless you're a commercial customer; or at least that's the way it looks to me, as it's redirected to sendmail.com and their Ask the Experts page has no way to ask anybody anything :-) Anyhoo... I was setting up a virtual domain and mistakenly set my local-host-names file to have trailing dots after the domain and host names. This caused mail sent to the domain(s) to be bounced with the message: 554 5.0.0 MX list for dreamchaser.org. points back to nightmare.dreamchase r.org 554 5.3.5 Local configuration error Which caused me to tear my hair out (what little I have left) trying to fix a non-existent DNS configuration error. The maillog shows a similar message: Aug 28 23:10:05 nightmare sm-mta[50394]: q7T59w8M050394: to=a...@dreamchaser.org, delay=00:00:07, xdelay=00:00:00, mailer=esmtp, pri=62332, relay=dreamchaser.org., dsn=5.3.5, stat=Local configuration error Aug 28 23:10:05 nightmare sm-mta[50394]: q7T59w8M050394: q7T59w8N050394: return to sender: Local configuration error Aug 28 23:10:05 nightmare sm-mta[50394]: q7T59w8N050394: to=a...@dreamchaser.org, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=33356, relay=dreamchaser.org., dsn=5.3.5, stat=Local configuration error Aug 28 23:10:05 nightmare sm-mta[50394]: q7T59w8M050394: Losing ./qfq7T59w8M050394: savemail panic Aug 28 23:10:05 nightmare sm-mta[50394]: q7T59w8M050394: SYSERR(root): savemail: cannot save rejected email anywhere Can anyone explain what's going on or point me to a better place to ask? It's now fixed but I'd like to understand why sendmail doesn't like a domain specified with a trailing dot, since I thought that was how one specified a fully qualified domain name. Also... I can't find anything about how to put a comment in the local-host-names file. I took a guess and used # as in the .mc file, and it doesn't seem to cause errors; but neither does ';' or '%' so I'm guessing the lines are just being skipped because they don't parse properly. I'd like to know whether comments are allowed or not; and if so, what the proper syntax is. Thanks for any hints, Gary ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail local-host-names questions
[ Gary Aitken wrote on Wed 29.Aug'12 at 1:45:19 -0600 ] Also... I can't find anything about how to put a comment in the local-host-names file. I took a guess and used # as in the .mc file, and it doesn't seem to cause errors; but neither does ';' or '%' so I'm guessing the lines are just being skipped because they don't parse properly. I'd like to know whether comments are allowed or not; and if so, what the proper syntax is. Thanks for any hints, Gary Hi Gary, you don't put dots at the end of the domain names in that file. In mine, i've just got: kontrol.kode5.net # the hostname of the machine; and kode5.net # my domain I haven't put those comments in it either, just the host and domain information. The Sendmail site does have quite a bit of information actually about configuration. I was setting up Sendmail on my machine just a week ago in fact and got most of the info from that site. Also the FreeBSD handbook. I also run a local DNS server (BIND/named) which I recommend you look into with a view to setting it up. It does make a difference, especially if you have several machines on your LAN. It's not as hard as it first appears. In fact the default installation is already configured for a local caching nameserver. I have added my own zone files as well which is all explained on the Handbook. Jamie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail local-host-names questions
Date: Wed, 29 Aug 2012 01:45:19 -0600 From: Gary Aitken free...@dreamchaser.org Subject: sendmail local-host-names questions Also... I can't find anything about how to put a comment in the local-host-names file. I took a guess and used # as in the .mc file, and it doesn't seem to cause errors; but neither does ';' or '%' so I'm guessing the lines are just being skipped because they don't parse properly. I'd like to know whether comments are allowed or not; and if so, what the proper syntax is. I don't know, off-hand, where it's documented, but '#' is what you want to use. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail local-host-names questions
On Wed, 29 Aug 2012, Gary Aitken wrote: Can anyone explain what's going on or point me to a better place to ask? It's now fixed but I'd like to understand why sendmail doesn't like a domain specified with a trailing dot, since I thought that was how one specified a fully qualified domain name. The definitive source is /usr/src/contrib/sendmail/cf/README Also... I can't find anything about how to put a comment in the local-host-names file. I took a guess and used # as in the .mc file, and it doesn't seem to cause errors; but neither does ';' or '%' so I'm guessing the lines are just being skipped because they don't parse properly. I'd like to know whether comments are allowed or not; and if so, what the proper syntax is. I am not sure which table you are commenting but I think some of the tables like virtusertable do not allow comments at the end of the line. Lines starting with a '#' are fine in any table. Again the README is you source ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail + clamav + spamassasin config help
On 08/14/12 08:51, AN wrote: FreeBSD mail.neu.net 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #2 r239243: Mon Aug 13 19:20:19 EDT 2012 r...@mail.neu.net:/usr/obj/usr/src/sys/GENERIC amd64 I am trying to configure sendmail + clamav + spamassasin. The problem I have is that neither clamav or spamassasin runs when I send or receive email. I would like the server to do the following: 1. check dns blacklists, which is working (see below) Not really able to help you here... However, you may consider MIMEDefang (which in turn will run all of the above). At least, that's how I do it. HTH. bye av. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail + clamav + spamassasin config help
[ Andrea Venturoli wrote on Tue 14.Aug'12 at 10:22:14 +0200 ] On 08/14/12 08:51, AN wrote: FreeBSD mail.neu.net 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #2 r239243: Mon Aug 13 19:20:19 EDT 2012 r...@mail.neu.net:/usr/obj/usr/src/sys/GENERIC amd64 I am trying to configure sendmail + clamav + spamassasin. The problem I have is that neither clamav or spamassasin runs when I send or receive email. I would like the server to do the following: 1. check dns blacklists, which is working (see below) Not really able to help you here... However, you may consider MIMEDefang (which in turn will run all of the above). At least, that's how I do it. or, you could consider using Postfix. It's much easier to configure and implement content filters. Jamie ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail + clamav + spamassasin config help
the above). At least, that's how I do it. or, you could consider using Postfix. It's much easier to configure and implement content filters. depends of who is talking and how easiness is defined. Postfix is different. That's all. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
sendmail + clamav + spamassasin config help
AN writes: I am trying to configure sendmail + clamav + spamassasin. The problem I have is that neither clamav or spamassasin runs when I send or receive email. I would like the server to do the following: This has been running fine for years on one of my machines. Do you have spamassassin and clamd (and the milters) enabled in /etc/rc.conf? Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail + clamav + spamassasin config help
From owner-freebsd-questi...@freebsd.org Mon Aug 13 21:55:24 2012
Date: Tue, 14 Aug 2012 02:51:17 -0400 (EDT)
From: AN a...@neu.net
To: freebsd-questions@freebsd.org
Subject: sendmail + clamav + spamassasin config help
FreeBSD mail.neu.net 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #2 r239243:
Mon Aug 13 19:20:19 EDT 2012
r...@mail.neu.net:/usr/obj/usr/src/sys/GENERIC amd64
I am trying to configure sendmail + clamav + spamassasin. The problem I
have is that neither clamav or spamassasin runs when I send or receive
email. I would like the server to do the following:
1. check dns blacklists, which is working (see below)
Aug 14 02:00:54 mail sm-mta[38461]: ruleset=check_relay,
arg1=[37.121.149.208], arg2=127.0.0.4, relay=[37.121.149.208], reject=550
5.7.1 Rejected: 37.121.149.208 listed at sbl-xbl.spamhaus.org
Confirm. FEATURE dsnsbl is functioning.
2. run spamd
3. run clamav
Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter,
action=rcpt, continue
Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter,
action=header, continue
Aug 14 02:04:41 mail lastmessage repeated 12 times
Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter,
action=body, continue
Aug 14 02:04:42 mail sm-mta[38464]: q7E64eCv038464: Milter accept: message
Aug 14 02:04:42 mail sm-mta[38464]: q7E64eCv038464: --- 250 2.0.0
q7E64eCv038464 Message accepted for delivery
spamd and clamav never execute.
The above logfile entries appear to show that the milter interfae for clamav
_is_ being invoked. Although nothing shows for 'spamassassin'.
NOTE: your copy/paste of the .mc file, etc. *LOST* critical line-break
formatting. I've had to _guess_ where breaks occured in ressurecting
the files. There are 'dnl' verbs below that appear to have nothing after
them. *IF* what appears below as a separate line following such a 'dnl' is
actually on the same line with the dnl, then _that_ directive will *NOT*
be acted on. YOU will have to double-check for that.
# cat mail.neu.net.mc
divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
#
#
#
# This is a generic configuration file for FreeBSD 6.X and later systems.
# If you want to customize it, copy it to a name appropriate for your
# environment and do the modifications there.
#
# The best documentation for this .mc file is:
# /usr/share/sendmail/cf/README or
# /usr/src/contrib/sendmail/cf/README
#
divert(0)
VERSIONID(`$FreeBSD: release/9.0.0/etc/sendmail/freebsd.mc 223068 2011-06-14
04:33:43Z gshapiro $')
OSTYPE(freebsd6)
DOMAIN(generic)
FEATURE(access_db, `hash -o -TTMPF /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable,`hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
dnl Uncomment to activate your chosen DNS based blacklist
dnl FEATURE(dnsbl,`dnsbl.example.com')
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl,`dnsbl.example.com',``550 Mail from ${client_addr}
rejected'')
FEATURE(dnsbl,`sbl-xbl.spamhaus.org')
FEATURE(dnsbl,`bl.spamcop.net')
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST',`your.isp.mail.server')
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE',`-o /etc/mail/sendmail.cw')
define(`confCW_FILE',`-o /etc/mail/local-host-names')
INPUT_MAIL_FILTER(`clmilter',`S=local:/var/run/clamav/clmilter.sock,F=,T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass-milter.sock,F=,T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confINPUT_MAIL_FILTERS',`clmilter,spamassassin')dnl
The 'dnl' at the end of the above lines is superfluous, and should be removed.
dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4,Family=inet')
DAEMON_OPTIONS(`Name=IPv6,Family=inet6,Modifiers=O')
define(`confBIND_OPTS',`WorkAroundBroken')
define(`confNO_RCPT_ACTION',`add-to-undisclosed')
define(`confPRIVACY_FLAGS',`authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
[root@mail /etc/mail]#ps -aux
root1268 0.0 0.3 41200 2668 ?? Is 11:47PM 0:00.07
/usr/local/sbin/spamass-milter -f -p /var/run/spamass-milter.sock
root1276 0.0
sendmail + clamav + spamassasin config help
FreeBSD mail.neu.net 9.1-PRERELEASE FreeBSD 9.1-PRERELEASE #2 r239243: Mon
Aug 13 19:20:19 EDT 2012 r...@mail.neu.net:/usr/obj/usr/src/sys/GENERIC amd64
I am trying to configure sendmail + clamav + spamassasin. The problem I
have is that neither clamav or spamassasin runs when I send or receive
email. I would like the server to do the following:
1. check dns blacklists, which is working (see below)
ug 14 02:00:49 mail sm-mta[38460]: NOQUEUE: connect from [37.121.149.208]
Aug 14 02:00:49 mail sm-mta[38460]: NOQUEUE: dns
208.149.121.37.sbl-xbl.spamhaus.org. = 127.0.0.4
Aug 14 02:00:49 mail sm-mta[38460]: NOQUEUE: --- 550 5.7.1 Rejected:
37.121.149.208 listed at sbl-xbl.spamhaus.org (hold)
Aug 14 02:00:49 mail sm-mta[38460]: ruleset=check_relay,
arg1=[37.121.149.208], arg2=127.0.0.4, relay=[37.121.149.208], reject=550
5.7.1 Rejected: 37.121.149.208 listed at sbl-xbl.spamhaus.org
Aug 14 02:00:49 mail sm-mta[38460]: q7E60nxW038460: --- 220 mail.neu.net
ESMTP Sendmail 8.14.5/8.14.5; Tue, 14 Aug 2012 02:00:49 -0400 (EDT)
Aug 14 02:00:49 mail sm-mta[38460]: q7E60nxW038460: --- 421 4.4.1
mail.neu.net Lost input channel from [37.121.149.208]
Aug 14 02:00:53 mail sm-mta[38461]: NOQUEUE: connect from [37.121.149.208]
Aug 14 02:00:54 mail sm-mta[38461]: NOQUEUE: dns
208.149.121.37.sbl-xbl.spamhaus.org. = 127.0.0.4
Aug 14 02:00:54 mail sm-mta[38461]: NOQUEUE: --- 550 5.7.1 Rejected:
37.121.149.208 listed at sbl-xbl.spamhaus.org (hold)
Aug 14 02:00:54 mail sm-mta[38461]: ruleset=check_relay,
arg1=[37.121.149.208], arg2=127.0.0.4, relay=[37.121.149.208], reject=550
5.7.1 Rejected: 37.121.149.208 listed at sbl-xbl.spamhaus.org
2. run spamd
3. run clamav
Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter,
action=rcpt, continue
Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter,
action=header, continue
Aug 14 02:04:41 mail last message repeated 12 times
Aug 14 02:04:41 mail sm-mta[38464]: q7E64eCv038464: milter=clmilter,
action=body, continue
Aug 14 02:04:42 mail sm-mta[38464]: q7E64eCv038464: Milter accept: message
Aug 14 02:04:42 mail sm-mta[38464]: q7E64eCv038464: --- 250 2.0.0
q7E64eCv038464 Message accepted for delivery
spamd and clamav never execute.
# cat mail.neu.net.mc
divert(-1)
#
# Copyright (c) 1983 Eric P. Allman
# Copyright (c) 1988, 1993
# The Regents of the University of California. All rights reserved.
#
#
#
#
# This is a generic configuration file for FreeBSD 6.X and later systems.
# If you want to customize it, copy it to a name appropriate for your
# environment and do the modifications there.
#
# The best documentation for this .mc file is:
# /usr/share/sendmail/cf/README or
# /usr/src/contrib/sendmail/cf/README
#
divert(0)
VERSIONID(`$FreeBSD: release/9.0.0/etc/sendmail/freebsd.mc 223068
2011-06-14 04:33:43Z gshapiro $')
OSTYPE(freebsd6)
DOMAIN(generic)
FEATURE(access_db, `hash -o -TTMPF /etc/mail/access')
FEATURE(blacklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')
dnl Uncomment to allow relaying based on your MX records.
dnl NOTE: This can allow sites to use your server as a backup MX without
dnl your permission.
dnl FEATURE(relay_based_on_MX)
dnl DNS based black hole lists
dnl
dnl DNS based black hole lists come and go on a regular basis
dnl so this file will not serve as a database of the available servers.
dnl For that, visit
dnl http://www.google.com/Top/Computers/Internet/E-mail/Spam/Blacklists/
dnl Uncomment to activate your chosen DNS based blacklist
dnl FEATURE(dnsbl, `dnsbl.example.com')
dnl Alternatively, you can provide your own server and rejection message:
dnl FEATURE(dnsbl, `dnsbl.example.com', ``550 Mail from ${client_addr}
rejected'')
FEATURE(dnsbl,`sbl-xbl.spamhaus.org')dnl
FEATURE(dnsbl,`bl.spamcop.net')dnl
dnl Dialup users should uncomment and define this appropriately
dnl define(`SMART_HOST', `your.isp.mail.server')
dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')
INPUT_MAIL_FILTER(`clmilter', `S=local:/var/run/clamav/clmilter.sock, F=,
T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`spamassassin',`S=local:/var/run/spamass-milter.sock, F=,
T=C:15m;S:4m;R:4m;E:10m')dnl
define(`confINPUT_MAIL_FILTERS', `clmilter,spamassassin')dnl
dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')
define(`confBIND_OPTS', `WorkAroundBroken')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
[root@mail /etc/mail]#ps -aux
root1268 0.0 0.3 41200 2668 ?? Is 11:47PM 0:00.07
/usr/local/sbin/spamass
partial sendmail breakage
I have a machine (call it ADAM) running: FreeBSD 10.0-CURRENT #0: Tue Jul 24 08:55:46 EDT 2012 amd64 which has had no change to the mail components since that time. Approximately 12 hours ago, something in sendmail broke. Symptoms: 1) It works as a relay. I can send mail to ADAM from ADAM and from other machines for forwarding, and the forwarding happens correctly. 2) Fetchmail on ADAM no longer fetches. 3) Mail sent between users on ADAM never shows up. I have restarted sendmail and get this in /var/log/messages: Aug 10 08:26:56 jerusalem sm-mta[87853]: sql_select option missing Aug 10 08:26:56 jerusalem sm-mta[87853]: auxpropfunc error no mechanism available I'm (obviously) not a sendmail expert; what other information should I provide to help figure out what went wrong? Respectfully, Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: partial sendmail breakage
On 10/08/2012 14:32, Robert Huff wrote: I have restarted sendmail and get this in /var/log/messages: Aug 10 08:26:56 jerusalem sm-mta[87853]: sql_select option missing Aug 10 08:26:56 jerusalem sm-mta[87853]: auxpropfunc error no mechanism available I'm (obviously) not a sendmail expert; what other information should I provide to help figure out what went wrong? You've implemented saslauth in this sendmail instance against some sort of SQL database. However something has caused sendmail to lose the ability to look up user accounts in that DB. Could be all sorts of things: is the DB running? Can you login to it manually using the same credentials as sendmail? Has there been any changes to DB schemas or user grants recently? How about changes to /usr/local/lib/sasl2/Sendmail.conf ? One thing you can try is turning up the log level in Sendmail.conf to get a better idea of what SASL is trying to do. Add a line log_level: N where N is an integer, bigger meaning more verbose logging. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
FIXED: sendmail breakage
Perhaps that should be WORKING AGAIN because I'm not sure I did anything to actually fix the problem. In any event: thanks. Robert Huff ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Problem with sendmail update
On 02/08/2012 16:07, Mervyn Passmore wrote: We've made installed 8.14.5 and both the new and old versions seem to be installed and running according to PS. Whatever is starting sendmail is initiating the old version. If you're replacing the system sendmail with the version from ports, then you need to update /etc/mail/mailer.conf -- something like this: # $FreeBSD: stable/9/etc/mail/mailer.conf 93858 2002-04-05 04:25:14Z gshapiro $ # # Execute the real sendmail program, named /usr/local/sbin/sendmail # sendmail/usr/local/sbin/sendmail send-mail /usr/local/sbin/sendmail mailq /usr/local/sbin/sendmail newaliases /usr/local/sbin/sendmail hoststat/usr/local/sbin/sendmail purgestat /usr/local/sbin/sendmail Also, don't confuse the version of the sendmail from the config file with the version in the binary -- both of them show up in the SMTP banner: % telnet localhost smtp Trying ::1... Connected to localhost. Escape character is '^]'. 220 smtp.infracaninophile.co.uk ESMTP Sendmail 8.14.5/8.14.5; Fri, 3 Aug 2012 09:34:40 +0100 (BST) ^ The first one is the version of the binaries, the second is the configuration version, which you can easily change by modifying the DZ8.14.5 line in sendmail.cf Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Problem with sendmail update
Hi, Hope someone can help. we're stuck trying to update Sendmail from 8.14.3 to 8.14.5 We've made installed 8.14.5 and both the new and old versions seem to be installed and running according to PS. Whatever is starting sendmail is initiating the old version. How can we remove the 8.14.3 version or get the 8.14.5 version to run? Our PCI compliance is failing due to issues with the old version. Help much appreciated, Thanks Mervyn ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Removing sendmail from an installed system
Lowell Gilbert wrote: Darren Pilgrim list_free...@bluerosetech.com writes: I'm removing sendmail entirely from an installed system. I had WITHOUT_SENDMAIL in /etc/src.conf when I updated to RELENG_8_3, but that left an old version of sendmail rotting away on disk. This is the list I have so far: /etc/mail/* (excluding mailer.conf) /etc/rc.d/sendmail /usr/bin/vacation /usr/libexec/mail.local /usr/libexec/sendmail /usr/libexec/smrsh /usr/sbin/editmap /usr/sbin/mailstats /usr/sbin/makemap /usr/sbin/praliases /usr/share/sendmail /var/spool/clientmqueue /var/spool/mqueue Is this list complete? I'm intentionally leaving the stuff for mailwrapper. I'm ok with leaving /etc/rc.d/sendmail behind as well, but it looks like it's not needed by anything (i.e., nothing requires mail). make delete-old; see the section Deleting obsolete files, directories and libraries in the handbook. Even though I have WITHOUT_SENDMAIL specified and the world was built with that, mergemaster still installs /etc/mail/aliases and /etc/rc.d/sendmail. Is there a way to prevent this other than adding them to IGNORE_FILES in mergemasterrc? There are other ways, but that's the first one I would think of. Note that neither of these files can be harmful, and might (especially aliases) be used by other MTA. I have same question but from different view point. In my situation I find it easier to install from scratch to empty disk using .iso file when moving to an newer version of freebsd. Sendmail is included as part of the base system. What is best method to totally remove sendmail including the /var/log/sendmail.st file from rotating? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Removing sendmail from an installed system
Darren Pilgrim list_free...@bluerosetech.com writes: I'm removing sendmail entirely from an installed system. I had WITHOUT_SENDMAIL in /etc/src.conf when I updated to RELENG_8_3, but that left an old version of sendmail rotting away on disk. This is the list I have so far: /etc/mail/* (excluding mailer.conf) /etc/rc.d/sendmail /usr/bin/vacation /usr/libexec/mail.local /usr/libexec/sendmail /usr/libexec/smrsh /usr/sbin/editmap /usr/sbin/mailstats /usr/sbin/makemap /usr/sbin/praliases /usr/share/sendmail /var/spool/clientmqueue /var/spool/mqueue Is this list complete? I'm intentionally leaving the stuff for mailwrapper. I'm ok with leaving /etc/rc.d/sendmail behind as well, but it looks like it's not needed by anything (i.e., nothing requires mail). make delete-old; see the section Deleting obsolete files, directories and libraries in the handbook. Even though I have WITHOUT_SENDMAIL specified and the world was built with that, mergemaster still installs /etc/mail/aliases and /etc/rc.d/sendmail. Is there a way to prevent this other than adding them to IGNORE_FILES in mergemasterrc? There are other ways, but that's the first one I would think of. Note that neither of these files can be harmful, and might (especially aliases) be used by other MTA. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Removing sendmail from an installed system
I'm removing sendmail entirely from an installed system. I had WITHOUT_SENDMAIL in /etc/src.conf when I updated to RELENG_8_3, but that left an old version of sendmail rotting away on disk. This is the list I have so far: /etc/mail/* (excluding mailer.conf) /etc/rc.d/sendmail /usr/bin/vacation /usr/libexec/mail.local /usr/libexec/sendmail /usr/libexec/smrsh /usr/sbin/editmap /usr/sbin/mailstats /usr/sbin/makemap /usr/sbin/praliases /usr/share/sendmail /var/spool/clientmqueue /var/spool/mqueue Is this list complete? I'm intentionally leaving the stuff for mailwrapper. I'm ok with leaving /etc/rc.d/sendmail behind as well, but it looks like it's not needed by anything (i.e., nothing requires mail). Even though I have WITHOUT_SENDMAIL specified and the world was built with that, mergemaster still installs /etc/mail/aliases and /etc/rc.d/sendmail. Is there a way to prevent this other than adding them to IGNORE_FILES in mergemasterrc? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Removing sendmail from an installed system
On Mon, 23 Jul 2012 17:16:33 -0700, Darren Pilgrim wrote: Even though I have WITHOUT_SENDMAIL specified and the world was built with that, mergemaster still installs /etc/mail/aliases and /etc/rc.d/sendmail. Is there a way to prevent this other than adding them to IGNORE_FILES in mergemasterrc? I've never tried to actually _remove_ sendmail (because simply ignoring it seems so much easier when needed), but did you try the make delete-old and make delete-old-libs as explained in /usr/src/Makefile's comment header for the updating process? -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail and Postfix
On Fri, Jun 22, 2012 at 8:15 PM, Robert Bonomi bon...@mail.r-bonomi.com wrote: From owner-freebsd-questi...@freebsd.org Fri Jun 22 13:47:20 2012 To: freebsd-questions@freebsd.org Date: Fri, 22 Jun 2012 13:41:46 -0500 From: Mark Felder f...@feld.me Subject: Re: Sendmail and Postfix When you installed Postfix did you allow it to update the entries in /etc/mail/mailer.conf ? If so, I wouldn't worry about the mailq binary that came with the system; it's ignored. For SendMail, mailq is just a symlink to the SendMail executable. the mail.conf stuff (to use a polite word) installs it's own executable(s) under all the 'common' names that SendMail is invoked as. These executables look at /etc/mailer.conf, and invoke the appropiate executable for the mailer that you have seleccted in mailer.conf. mailer.conf is usually modified my the Postfix port and I am not sure but I think the option is checked by default. The lines to add to rc.conf to de-activate Sendmail and usu Postfix on the base system are: sendmail_enable=NO sendmail_submit_enable=NO sendmail_outbound_enable=NO sendmail_msp_queue_enable=NO postfix_enable=YES -- Alejandro Imass ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Sendmail and Postfix
A little digging around has revealed that there are two 'mailq' executables on my system: /usr/local/bin/mailq and /usr/bin/mailq. The first is part of the mail/postfix-current port which I have installed and use, and the second is presumably part of Sendmail, which I have not installed and do not use. It seems that Sendmail is embedded somehow in the base system. What is the 'approved' way to get rid of /usr/bin/mailq? Or better, remove Sendmail? Sorry if this is a newbie question; I am as yet relatively unfamiliar with FreeBSD, being a refugee from GNU/Linux. This is FreeBSD 9.0-RELEASE, by the way. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail and Postfix
On 22/06/2012 19:19, Walter Hurry wrote: It seems that Sendmail is embedded somehow in the base system. What is the 'approved' way to get rid of /usr/bin/mailq? Or better, remove Sendmail? You don't need to remove the base system sendmail. All you need to do is set up /etc/mail/mailer.conf properly -- and installing the postfix port should do that for you -- and then any reference to /usr/sbin/sendmail, /usr/bin/mailq, usr/bin/hoststat etc. will run postfix instead. It's really very nicely done. See mailer.conf(5) Cheers, Matthew PS. Alright, yes. You can prevent sendmail from being built as part of the base system by defining 'WITHOUT_SENDMAIL=yes' in /etc/src.conf, but this supposes that you want to build the system yourself, rather than using, say, freebsd-update(8). See src.conf(5) and read in /usr/src/UPDATING and the Handbook about the procedure for building the system from source. -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Sendmail and Postfix
When you installed Postfix did you allow it to update the entries in /etc/mail/mailer.conf ? If so, I wouldn't worry about the mailq binary that came with the system; it's ignored. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail and Postfix
During subsequent system upgrades, of you build from source, you should watch out for thus during the mergemaster piece. Brian On Jun 22, 2012 11:44 AM, Matthew Seaman matt...@freebsd.org wrote: On 22/06/2012 19:19, Walter Hurry wrote: It seems that Sendmail is embedded somehow in the base system. What is the 'approved' way to get rid of /usr/bin/mailq? Or better, remove Sendmail? You don't need to remove the base system sendmail. All you need to do is set up /etc/mail/mailer.conf properly -- and installing the postfix port should do that for you -- and then any reference to /usr/sbin/sendmail, /usr/bin/mailq, usr/bin/hoststat etc. will run postfix instead. It's really very nicely done. See mailer.conf(5) Cheers, Matthew PS. Alright, yes. You can prevent sendmail from being built as part of the base system by defining 'WITHOUT_SENDMAIL=yes' in /etc/src.conf, but this supposes that you want to build the system yourself, rather than using, say, freebsd-update(8). See src.conf(5) and read in /usr/src/UPDATING and the Handbook about the procedure for building the system from source. -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail and Postfix
Hi-- On Jun 22, 2012, at 11:19 AM, Walter Hurry wrote: A little digging around has revealed that there are two 'mailq' executables on my system: /usr/local/bin/mailq and /usr/bin/mailq. The first is part of the mail/postfix-current port which I have installed and use, and the second is presumably part of Sendmail, which I have not installed and do not use. It seems that Sendmail is embedded somehow in the base system. What is the 'approved' way to get rid of /usr/bin/mailq? Or better, remove Sendmail? BSD Unixes have shipped with Sendmail for decades, much as BIND is also included-- so yes, Sendmail is included with the base system by default. The approved way is to simply leave things be. Properly written software will honor the links setup by mailwrapper(8) and use the Postfix MTA which you installed instead: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/mail-changingmta.html If you really want to remove sendmail entirely, you can rebuild FreeBSD with NO_SENDMAIL=TRUE ...set in /etc/make.conf, which will avoid building sendmail at all. Regards, -- -Chuck ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail and Postfix
On Fri, 22 Jun 2012 13:41:46 -0500, Mark Felder wrote: When you installed Postfix did you allow it to update the entries in /etc/mail/mailer.conf ? If so, I wouldn't worry about the mailq binary that came with the system; it's ignored. Thanks! (Thanks too to the other responders.) Looks like that's the step I missed. Fixed now. Cheers. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail and Postfix
From owner-freebsd-questi...@freebsd.org Fri Jun 22 13:47:20 2012 To: freebsd-questions@freebsd.org Date: Fri, 22 Jun 2012 13:41:46 -0500 From: Mark Felder f...@feld.me Subject: Re: Sendmail and Postfix When you installed Postfix did you allow it to update the entries in /etc/mail/mailer.conf ? If so, I wouldn't worry about the mailq binary that came with the system; it's ignored. For SendMail, mailq is just a symlink to the SendMail executable. the mail.conf stuff (to use a polite word) installs it's own executable(s) under all the 'common' names that SendMail is invoked as. These executables look at /etc/mailer.conf, and invoke the appropiate executable for the mailer that you have seleccted in mailer.conf. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: milter wants erase sendmail
_ Have you added this to /etc/make.cnf? WITH_SENDMAIL_PORT= yes Yes, I have So if you go into /usr/ports/mail/sendmail and: # make config You will be able to enable tls and sasl2 (amongst a whole bunch of other stuff) giving you the correct functionality. No, this is not give me possibility to enable tls or sasl2: [root@myComp /usr/ports/mail/sendmail]# make config === No options to configure [root@myComp /usr/ports/mail/sendmail]# make rmconfig === No user-specified options configured for sendmail-8.14.5 I have latest version of ports... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
milter wants erase sendmail
hello! i use bundle sendmail and milter greylist on my e-mail freebsd server. every time I want upgrade milter-greylist it wants install sendmail port. But I use sendmail+tls+sasl2 port. There is conflict. I should deinstall sendmail+tls+sasl, install milter-greylist, deinstall sendmail and then install sendmail+tls+sasl2. Every time doing so I think something going not elegant. Is there more simple path to upgrade milter-greylist? ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: milter wants erase sendmail
Andrey S. Rybak wrote: hello! i use bundle sendmail and milter greylist on my e-mail freebsd server. every time I want upgrade milter-greylist it wants install sendmail port. But I use sendmail+tls+sasl2 port. There is conflict. I should deinstall sendmail+tls+sasl, install milter-greylist, deinstall sendmail and then install sendmail+tls+sasl2. Every time doing so I think something going not elegant. Is there more simple path to upgrade milter-greylist? IMHO creating multiple ports is horrible way for managing different configurations... You can build mail/sendmail with SENDMAIL_WITH_TLS and SENDMAIL_WITH_SASL2. This way you will get exactly the same package originating from mail/sendmail. You can simply alter package +CONTENTS to originate it from mail/sendmail. -- Sphinx of black quartz judge my vow. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: milter wants erase sendmail
On 15/06/2012 13:17, Andrey S. Rybak wrote: i use bundle sendmail and milter greylist on my e-mail freebsd server. every time I want upgrade milter-greylist it wants install sendmail port. But I use sendmail+tls+sasl2 port. There is conflict. I should deinstall sendmail+tls+sasl, install milter-greylist, deinstall sendmail and then install sendmail+tls+sasl2. Every time doing so I think something going not elegant. Is there more simple path to upgrade milter-greylist? Have you added this to /etc/make.cnf? WITH_SENDMAIL_PORT= yes That makes milter-greylist depend on the sendmail port, rather than the base version of sendmail: % cd /usr/ports/mail/milter-greylist % make -V BUILD_DEPENDS /usr/local/lib/libmilter.so.4:/usr/ports/mail/sendmail The mail/sendmail port is odd in that it changes package name depending on what configuration options you select. So if you go into /usr/ports/mail/sendmail and: # make config You will be able to enable tls and sasl2 (amongst a whole bunch of other stuff) giving you the correct functionality. This should not result in the ports trying to reinstall sendmail constantly, but it may confuse some tools that rely on the data in /usr/ports/INDEX-N. If that's a problem for you, then you will need to build your own INDEX. But it probably isn't. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
sendmail, masquerading, exposed root?
I've a problem with sendmail setup, for which I have no satisfactory solution. I've several hosts, all on the university network. I'd like to forward all root's mail from all these hosts to my personal email. The problem seems to be with the From field. If I leave the root exposed, the From field looks e.g. r...@mech-anton240.men.bris.ac.uk, which is rejected by the university mailer, because it has no knowledge of this address. The only solution I've found is not to expose root, and then masquerade all From to @bris.ac.uk, which is acceptable, but then I get root mail from all my hosts always originating at r...@bris.ac.uk, so I have trouble distinguishing between individual hosts. I solve this by setting the hostname in the subject like. But I'm mostly worried about not exposing root. Plus the network people hate to see r...@bris.ac.uk anywhere on the network. Can anybody suggest a better solution? Thanks -- Anton Shterenlikht Room 2.6, Queen's Building Mech Eng Dept Bristol University University Walk, Bristol BS8 1TR, UK Tel: +44 (0)117 331 5944 Fax: +44 (0)117 929 4423 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: sendmail, masquerading, exposed root?
On Mon, 28 May 2012 12:49:43 +0100, Anton Shterenlikht wrote: If I leave the root exposed, the From field looks e.g. r...@mech-anton240.men.bris.ac.uk, which is rejected by the university mailer, because it has no knowledge of this address. You should be able to use sendmail's masquerading features. For example to be configured in the correct .mc file: FEATURE(always_add_domain) FEATURE(`masquerade_entire_domain') FEATURE(`masquerade_envelope') FEATURE(`allmasquerade') MASQUERADE_AS(`bris.ac.uk') MASQUERADE_DOMAIN(`bris.ac.uk.') MASQUERADE_DOMAIN(localhost) MASQUERADE_DOMAIN(localhost.localdomain) That should turn r...@mech-anton240.men.bris.ac.uk into r...@bris.ac.uk if that's okay for you. If you change root's name field in the passwd database (use chsh), you could add a specific machine name so you'll easily see from which root account you're receiving messages, e. g. From: mech-anton240.men root r...@bris.ac.uk To: You where.you.wanna@your.root.mail.to Subject: mech-anton240.men.bris.ac.uk security run output ... and so on ... That's no big problem as you're not going to reply to that address. (If you had to, setting Reply-To: would surely help.) Or you could use /etc/mail/aliases to redirect root to a different mail address. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail recommended permissions for apache/php server
On 12/04/2012 02:49, Polytropon wrote: On Wed, 11 Apr 2012 23:57:51 +, Ian Lord wrote: I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. No, not change to, but you can _add_ apache (or whatever is originating the error) to the smmsp group. Add it to smmsp:*:25: in /etc/group. You should not be changing the ownership and permissions on any of the directories used by sendmail(8), or the group membership of any of the groups used by sendmail. Not even if you think you know what you are doing. This is extremely security sensitive, and getting it wrong means at minimum unprivileged users can forge e-mails untraceably[*]. There is no reason for apache to have any sort of write permissions to /var/spool/clientmqueue -- that should only be accessible to sendmail, and sendmail is the only program that should ever use it. To the OP -- can you execute sendmail outside PHP? If you can use mail(1) to send a test e-mail, then sendmail should be fine. Note: test this as an unprivileged user. What are the permissions on /usr/libexec/sendmail/sendmail ? They should look like this: % ls -la /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root smmsp 662136 Apr 1 08:38 /usr/libexec/sendmail/sendmail If that all checks out, then the problem is with PHP rather than your sendmail installation. There are several different ways PHP might be programmed to send e-mail; perhaps you could describe how your particular application tries to do it? Cheers, Matthew [*] So what? you might think. Until you get an e-mail request from your boss to provide sensitive information to some contractor you don't really know. -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Re: Sendmail recommended permissions for apache/php server
On Thu, 12 Apr 2012 08:17:33 +0100, Matthew Seaman wrote: On 12/04/2012 02:49, Polytropon wrote: On Wed, 11 Apr 2012 23:57:51 +, Ian Lord wrote: I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. No, not change to, but you can _add_ apache (or whatever is originating the error) to the smmsp group. Add it to smmsp:*:25: in /etc/group. You should not be changing the ownership and permissions on any of the directories used by sendmail(8), or the group membership of any of the groups used by sendmail. Not even if you think you know what you are doing. This is extremely security sensitive, and getting it wrong means at minimum unprivileged users can forge e-mails untraceably[*]. You're right - as long as sendmail works properly (and is invoked by whatever means sends e-mail out of apache / PHP), the present group settings and permissions should be okay. Sendmail will then properly run as the smmsp group member which will enable it to properly access the queue directory. There is no reason for apache to have any sort of write permissions to /var/spool/clientmqueue -- that should only be accessible to sendmail, and sendmail is the only program that should ever use it. I'm not aware of why a program should directly access the mail queues, but maybe that's a special PHP feature. :-) -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
RE: Sendmail recommended permissions for apache/php server
You should not be changing the ownership and permissions on any of the directories used by sendmail(8), or the group membership of any of the groups used by sendmail. Not even if you think you know what you are doing. This is extremely security sensitive, and getting it wrong means at minimum unprivileged users can forge e-mails untraceably[*]. That's what I thought, I found it to work but preferred to ask on the list since it didn't make sense to me :) To the OP -- can you execute sendmail outside PHP? If you can use mail(1) to send a test e-mail, then sendmail should be fine. Note: test this as an unprivileged user. No it doesn't work, just tried it: %mail -s Hello lo...@msdi.ca Hello ! . EOT %WARNING: RunAsUser for MSP ignored, check group ids (egid=0, want=25) can not chdir(/var/spool/clientmqueue/): Permission denied Program mode requires special privileges, e.g., root or TrustedUser. Apr 12 08:47:08 dev sendmail[94980]: NOQUEUE: SYSERR(msdi): can not chdir(/var/spool/clientmqueue/): Permission denied What are the permissions on /usr/libexec/sendmail/sendmail ? They should look like this: % ls -la /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root smmsp 662136 Apr 1 08:38 /usr/libexec/sendmail/sendmail # ls -al /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root wheel 707160 Jan 3 02:57 /usr/libexec/sendmail/sendmail So the group is wrong... I changed it from wheel to smmsp and everything works fine now ! Thanks a lot for the fix, but this server is a clean install of 9.0-RELEASE that I installed about 2-3 months ago. I never changed the permission myself on that file so I guess there is something wrong that would need to be fixed (unless it's already fixed in newer versions). Thanks again ~~ Ian Lord MSD Informatique 143 Rue des Fauvettes St-Colomban (Québec) J5K 0E2 Tél: (514) 776-MSDI - (514) 776-6734 Sans Frais: 1(877) 776-MSDI - 1(877) 776-6734 http://www.msdi.ca ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail recommended permissions for apache/php server
On 12/04/2012 14:40, Ian Lord wrote: What are the permissions on /usr/libexec/sendmail/sendmail ? They should look like this: % ls -la /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root smmsp 662136 Apr 1 08:38 /usr/libexec/sendmail/sendmail # ls -al /usr/libexec/sendmail/sendmail -r-xr-sr-x 1 root wheel 707160 Jan 3 02:57 /usr/libexec/sendmail/sendmail So the group is wrong... I changed it from wheel to smmsp and everything works fine now ! Thanks a lot for the fix, but this server is a clean install of 9.0-RELEASE that I installed about 2-3 months ago. I never changed the permission myself on that file so I guess there is something wrong that would need to be fixed (unless it's already fixed in newer versions). I haven't had any similar problems on 9.0 systems I've installed so I don't think it is an obvious and universal bug in the system installer. It might be the case that you did something differently -- if you can reproduce the effect, and if it's not by doing something daft like 'oh, and here is where we recursively chgrp the whole filesystem for no apparent reason' then please do send a PR with the details. If you want to ensure that almost everything has the correct ownership and permissions, then you can use mtree(8). eg. # cd / # mtree -Ue -f /etc/mtree/BSD.root.dist # mtree -Ue -f /etc/mtree/BSD.sendmail.dist # cd /usr # mtree -Ue -f /etc/mtree/BSD.usr.dist # cd /usr/include # mtree -Ue -f /etc/mtree/BSD.include.dist # cd /var # mtree -Ue -f /etc/mtree/BSD.var.dist ... although now I come to look at it, this won't actually fix the group ownership on /usr/libexec/sendmail/sendmail for example. For that, you'ld probably have to use the system sources or the installation media. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. PGP: http://www.infracaninophile.co.uk/pgpkey signature.asc Description: OpenPGP digital signature
Sendmail recommended permissions for apache/php server
Hi, I am trying to use sendmail to send emails from a php script (I tried phpmailer and mail function with the same result). I always got messages like Could not execute: /usr/sbin/sendmail Sendmail is World executable: # ls -l /usr/sbin/sendmail lrwxr-xr-x 1 root wheel 21 Jan 3 02:57 /usr/sbin/sendmail - /usr/sbin/mailwrapper So I've checked into /var/log/messages and found this: Apr 11 18:09:44 dev sendmail[38340]: NOQUEUE: SYSERR(www): can not chdir(/var/spool/clientmqueue/): Permission denied I've checked permissions on the /var/spool/clientmqueue/ directory # ls -al /var/spool/clientmqueue/ drwxrwx--- 2 smmsp smmsp 3 Apr 11 19:01 . So I saw that only the user and group smmsp could write to this directory. I presumed the apache user should have access to it so I added www to the smmsp directory. I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. Chmodding 777 the /var/spool/clientmqueue/ fixed the problem, I can now send emails, but I wonder if this is the way to fix the issue correctly. Is that the official fix or did I missed some configuration somewhere ? Sending emails from php using mail or sendmail should be something working out of the box I guess, I doubt we're supposed to change permissions to make it work Any help would be appreciated. Regards ~~ Ian Lord MSD Informatique 143 Rue des Fauvettes St-Colomban (Québec) J5K 0E2 Tél: (514) 776-MSDI - (514) 776-6734 Sans Frais: 1(877) 776-MSDI - 1(877) 776-6734 http://www.msdi.cahttp://www.msdi.ca/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Sendmail recommended permissions for apache/php server
On Wed, 11 Apr 2012 23:57:51 +, Ian Lord wrote: I then got a different error in /var/log/messages Apr 11 19:38:40 dev sendmail[41170]: NOQUEUE: SYSERR(www): can not write to queue directory /var/spool/clientmqueue/ (RunAsGid=0, required=25): Permission denied I found very old threads saying to change the group of apache to smmsp but I doubt it's a good idea. No, not change to, but you can _add_ apache (or whatever is originating the error) to the smmsp group. Add it to smmsp:*:25: in /etc/group. See the error message above: can not write to queue directory /var/spool/clientmqueue/ Check: % ls -ld /var/spool/clientmqueue drwxrwx--- 2 smmsp smmsp 512 Apr 12 03:12 /var/spool/clientmqueue/ ^^^ This directory can be read, written and entered/searched by _members_ of the smmsp group. Back to the error message: (RunAsGid=0, required=25) It is indicated that group #25 (smmsp) is the required GID, not 0. And: Permission denied which is the logical conclusion. Conclusion: You must make sure that whatever needs to access this directory is in the smmsp group (25). Chmodding 777 the /var/spool/clientmqueue/ fixed the problem, I can now send emails, but I wonder if this is the way to fix the issue correctly. You souldn't need to do that. Now this directory can be modified by anyone, that's not good. Is that the official fix or did I missed some configuration somewhere ? Sending emails from php using mail or sendmail should be something working out of the box I guess, I doubt we're supposed to change permissions to make it work Correct. In regards of _security_, it's required to _allow_ the corresponding program / functionality / part of apache / mailer or whatever the access to the mail queue. This is something that is _not_ possible out of the box because there are many possi- bilities and security considerations. Any help would be appreciated. Try to add apache (or whatever part of it, or PHP subsystem called by it that needs to access the mail queue) to the required group to give it the proper permission to do so. -- Polytropon Magdeburg, Germany Happy FreeBSD user since 4.0 Andra moi ennepe, Mousa, ... ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using sendmail as a client with auth
On 14/02/2012 05:12, Bernt Hansson wrote: Is that rebuild as in cd /usr/src make buildworld or cd /usr/src/usr.sbin/sendmail make Either of those should do it. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Using sendmail as a client with auth
On 14/02/2012 08:05, Bernt Hansson wrote: I have rebuilt and installed world, but no cigar. Feb 14 08:50:40 reader sendmail[1147]: q1E7oe7l001147: to=b...@bananmonarki.se, ctladdr=bernt (1001/1001), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30064, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (q1E7oevk001148 Message accepted for delivery) Feb 14 08:50:41 reader sm-mta[1150]: STARTTLS=client, relay=my.isp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 Feb 14 08:50:47 reader sm-mta[1150]: q1E7oevk001148: to=b...@bananmonarki.se, ctladdr=bernt@fqdn (1001/1001), delay=00:00:07, xdelay=00:00:07, mailer=relay, pri=30391, relay=my.isp.com. [x.x.x.x], dsn=5.7.1, stat=Service unavailable Feb 14 08:50:47 reader sm-mta[1150]: q1E7oevk001148: q1E7olvk001150: DSN: Service unavailable Look at the output of ldd /usr/libexec/sendmail/sendmail If there's no mention of sasl2 there, then your modifications to the build process would seem to have failed. Otherwise, it's a configuration problem and you need to double check /etc/mail/$(hostname).mc and your client auth data. Cheers, Matthew -- Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard Flat 3 PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate JID: matt...@infracaninophile.co.uk Kent, CT11 9PW signature.asc Description: OpenPGP digital signature
Re: Using sendmail as a client with auth
On Tue, 14 Feb 2012 10:04+0100, Bernt Hansson wrote: On 2012-02-14 08:02, Josh Tolbert wrote: On 2/13/2012 11:12 PM, Bernt Hansson wrote: Thank you for your answer. I wrote this ages ago and it's still valid. You can ignore the IMAP stuff if you like. :) Well, no cigar for me. I'm leaning at this line. And I think it is somehow involed in all this mess sm-mta[37453]: STARTTLS=client, relay=smtp.isp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 I'm sorry for jumping into this thread, but verify=FAIL is expected unless you have your ISP's certificate chain stored in the appropriate directory with the appropriate file names. /etc/ssl/certs would be a good place to store the certificates. A command like this one can be used to generate the hashed file names: ln -s certfile `openssl x509 -noout -hash certfile`.0 Any idea about that? The isp does support STARTTLS. telnet smtp.isp.com 25 Trying x.x.x.x... Connected to smtp.bredband2.com. Escape character is '^]'. 220 smtp.isp.com ESMTP Postfix (Ubuntu) ehlo localhost 250-smtp.isp.com 250-PIPELINING 250-SIZE 10240 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN starttls 220 2.0.0 Ready to start TLS http://www.puresimplicity.net/~hemi/freebsd/sendmail.html That is a good site. Learnt me how to build sendmail at least. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. dir. 61 14 54 39, | Office.: +47 61 14 54 39, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: Using sendmail as a client with auth
On Tue, 14 Feb 2012 11:11+0100, Bernt Hansson wrote: On 2012-02-14 10:43, Trond Endrestøl wrote: On Tue, 14 Feb 2012 10:04+0100, Bernt Hansson wrote: On 2012-02-14 08:02, Josh Tolbert wrote: On 2/13/2012 11:12 PM, Bernt Hansson wrote: Thank you for your answer. I wrote this ages ago and it's still valid. You can ignore the IMAP stuff if you like. :) Well, no cigar for me. I'm leaning at this line. And I think it is somehow involed in all this mess sm-mta[37453]: STARTTLS=client, relay=smtp.isp.com., version=TLSv1/SSLv3, verify=FAIL, cipher=DHE-RSA-AES256-SHA, bits=256/256 I'm sorry for jumping into this thread, Don't be sorry for that. but verify=FAIL is expected unless you have your ISP's certificate chain stored in the appropriate directory with the appropriate file names. I do not have a certificate from the isp. My tought was more in line of MY sendmail is sending starttls first thing before auth login. Actually, this makes sense. It seems appropriate to establish an encrypted connection before sending the username and password. A parallel would be SSH. At the same time the use of SSL/TLS makes it harder to debug what's going on. Then postfix gets confused. It sounds strange, but there's a slight chance something is odd at the ISP's end. Possible scenario? I don't have any more input at the moment. The next step would be to establish a dialog with your ISP and persua^Wask them to investigate the matter further. /etc/ssl/certs would be a good place to store the certificates. A command like this one can be used to generate the hashed file names: ln -s certfile `openssl x509 -noout -hash certfile`.0 Any idea about that? The isp does support STARTTLS. telnet smtp.isp.com 25 Trying x.x.x.x... Connected to smtp.isp.com. Escape character is '^]'. 220 smtp.isp.com ESMTP Postfix (Ubuntu) ehlo localhost 250-smtp.isp.com 250-PIPELINING 250-SIZE 10240 250-VRFY 250-ETRN 250-STARTTLS 250-AUTH PLAIN LOGIN 250-AUTH=PLAIN LOGIN 250-ENHANCEDSTATUSCODES 250-8BITMIME 250 DSN starttls 220 2.0.0 Ready to start TLS http://www.puresimplicity.net/~hemi/freebsd/sendmail.html That is a good site. Learnt me how to build sendmail at least. -- +---++ | Vennlig hilsen, | Best regards, | | Trond Endrestøl, | Trond Endrestøl, | | IT-ansvarlig, | System administrator, | | Fagskolen Innlandet, | Gjøvik Technical College, Norway, | | tlf. dir. 61 14 54 39, | Office.: +47 61 14 54 39, | | tlf. mob. 952 62 567, | Cellular...: +47 952 62 567, | | sentralbord 61 14 54 00. | Switchboard: +47 61 14 54 00. | +---++___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
