Re: sendmail without DNS

[Tim Woodall]

On Sun, 21 Jul 2024, Adam Weremczuk wrote:


This is in a way a continuation of my recently "purely local DNS" thread.

To recap: my objective is to send emails to a single domain with both DNS and 
any other email traffic being disabled.


A simple working solution that I've found for Postfix is:

/etc/hosts
1.2.3.4example.com

/etc/postfix/main.cf
smtp_dns_support_level = disabled
smtp_host_lookup = native

Now I'm trying to achieve the same thing for Sendmail to no avail.

So far I've tried:

- the above /etc/hosts entry

- DEAMON_OPTIONS(`Port-smtp,Addr=127.0.0.1, Name=MTA')dnl in sendmail.mc 
followed by m4 sendmail.mc > sendmail.cf


You can just type make in /etc/mail and dbs will be rebuilt and it will
tell you if you need to reload.



- /etc/mail/mailertable
example.com esmtp:[1.2.3.4]



I use this. Are you missing FEATURE(mailertable)

sendmail.mc:FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl

Re: sendmail without DNS

[Adam Weremczuk]

Thanks for pointing that out.

I've noticed that installing sendmail package was removing postfix and 
vice versa.


That made me think these two were mutually exclusive.

After reinstalling postfix, logwatch suddenly started sending emails so 
everything is now working as expected.


---
Adam


On 21/07/2024 14:23, Greg Wooledge wrote:


Blimey.  You are COMPLETELY confused, aren't you.

If postfix (the package named "postfix") is installed, and if sendmail
(the package named "sendmail") is NOT installed, then you are using
Postfix to send mail.

Part of the postfix package is a /usr/sbin/sendmail program which
implements the command line interface for local programs to send mail.

EVERY MTA has to implement the /usr/sbin/sendmail program.

Including Postfix.

If you're running Postfix (*not* Sendmail) as your MTA, and if you've
got it configured how you want it, then you are DONE.  You don't need
to ask us how to configure Sendmail to do the same thing, because you're
not USING Sendmail.

Re: sendmail without DNS

[Joe]

On Sun, 21 Jul 2024 18:36:30 +1000
George at Clug  wrote:

> Adam,
> 
> I dislike people to reply to my questions but do not answer the
> question, instead suggest I do something totally different.

Yes, but sometimes:

a) that's the right answer anyway

b) it may not answer the OP's question. but may answer someone else's
question much later

c) it may inform the OP that there may be a better way of doing it that
the OP was not aware of

d) it may be that the OP is asking the wrong question, but will get
information from your answer as to what the right question should be

> 
> Please forgive me, as that is what I am about to do.


> 
> I have had, what seems to me to be similar issue, my solution was to
> set up an authoritative BIND9 server on the email/web server in
> question, and have the server first use its own BIND9 server's DNS
> service first. 
> 
> Admittedly I did not care if my authoritative BIND9 server went out
> the the Internet for any queries for which it was not authoritative.
> 
> It did allow me to run the server isolated either from the Internet
> and/or connected to the Internet.
> 
Indeed. If you do run a DNS server for general network use, you will
always want to put in local information. If there is also an Internet
DNS server authoritative for the same domain, you need to put in copies
of relevant information that server contains, which will otherwise not
be found.

BIND9 is a bit of a nuisance, especially when you miss a bit of
punctuation in a zone file and it won't start, but as far as I can
tell, it's the only DNS solution that will access root hints. I would
prefer something a bit lighter. I would rather not trust Net DNS servers
since I turned up this company
https://uk.linkedin.com/company/barefruit
(one of many such) in logs. Advertising is easy to ignore, but the idea
of tampering with DNS does not impress me.

-- 
Joe

Re: sendmail without DNS

[Greg Wooledge]

On Sun, Jul 21, 2024 at 08:24:06 +0100, Adam Weremczuk wrote:
> Let me rephrase my question, which should be easier to answer.
> 
> What exactly shall I substitute:
> 
> mailer = "/usr/sbin/sendmail -t"
> 
> with in /usr/share/logwatch/default.conf/logwatch.conf
> 
> to make logwatch use postfix (already working without DNS) instead of
> sendmail?

Blimey.  You are COMPLETELY confused, aren't you.

If postfix (the package named "postfix") is installed, and if sendmail
(the package named "sendmail") is NOT installed, then you are using
Postfix to send mail.

Part of the postfix package is a /usr/sbin/sendmail program which
implements the command line interface for local programs to send mail.

EVERY MTA has to implement the /usr/sbin/sendmail program.

Including Postfix.

If you're running Postfix (*not* Sendmail) as your MTA, and if you've
got it configured how you want it, then you are DONE.  You don't need
to ask us how to configure Sendmail to do the same thing, because you're
not USING Sendmail.

Re: sendmail without DNS

[Anssi Saari]

Adam Weremczuk  writes:

> Let me rephrase my question, which should be easier to answer.
>
> What exactly shall I substitute:
>
> mailer = "/usr/sbin/sendmail -t"
>
> with in /usr/share/logwatch/default.conf/logwatch.conf
>
> to make logwatch use postfix (already working without DNS) instead of
> sendmail?

With a quick look, the postfix package includes /usr/sbin/sendmail. So
if your /usr/sbin/sendmail isn't the one provided by postfix then likely
you have more than one and that situation is probably managed by
update-alternatives?

So, run update-alternatives --list sendmail and maybe also
ls -l /usr/sbin/sendmail to see what the what is.

Re: sendmail without DNS

[George at Clug]

Adam,

I dislike people to reply to my questions but do not answer the question, 
instead suggest I do something totally different.

Please forgive me, as that is what I am about to do.

I have had, what seems to me to be similar issue, my solution was to set up an 
authoritative BIND9 server on the email/web server in question, and have the 
server first use its own BIND9 server's DNS service first. 

Admittedly I did not care if my authoritative BIND9 server went out the the 
Internet for any queries for which it was not authoritative.

It did allow me to run the server isolated either from the Internet and/or 
connected to the Internet.

George.
 

On Sunday, 21-07-2024 at 16:58 Adam Weremczuk wrote:
> This is in a way a continuation of my recently "purely local DNS" thread.
> 
> To recap: my objective is to send emails to a single domain with both 
> DNS and any other email traffic being disabled.
> 
> A simple working solution that I've found for Postfix is:
> 
> /etc/hosts
> 1.2.3.4example.com
> 
> /etc/postfix/main.cf
> smtp_dns_support_level = disabled
> smtp_host_lookup = native
> 
> Now I'm trying to achieve the same thing for Sendmail to no avail.
> 
> So far I've tried:
> 
> - the above /etc/hosts entry
> 
> - DEAMON_OPTIONS(`Port-smtp,Addr=127.0.0.1, Name=MTA')dnl in sendmail.mc 
> followed by m4 sendmail.mc > sendmail.cf
> 
> - /etc/mail/mailertable
> example.com esmtp:[1.2.3.4]
> 
> 1. Has anybody tried and got it working?
> 
> 2. What's the best way to engage with Sendmail forums / mailing list?
> 
> Both comp.mail.sendmail and newscomp.mail.sendmail usenet groups appear 
> to be dead.
> 
> ---
> Adam
> 
> 

Re: sendmail without DNS

[Kamil Jońca]

Adam Weremczuk  writes:

> Let me rephrase my question, which should be easier to answer.
>
> What exactly shall I substitute:
>
> mailer = "/usr/sbin/sendmail -t"
>

Eee. Nothing?
--8<---cut here---start->8---
dpkg -L postfix|grep send 
/usr/sbin/sendmail
/usr/share/man/man1/sendmail.1.gz
/usr/lib/sendmail
--8<---cut here---end--->8---

Man sendmail says that:
--8<---cut here---start->8---
  -t Extract recipients from message headers. These are added to any 
recipients specified on the command line.
--8<---cut here---end--->8---
(I do not that 'original' sendmail has the same meaning, but I supposed
so.)
KJ

-- 
http://wolnelektury.pl/wesprzyj/teraz/
Make me look like LINDA RONSTADT again!!

Re: sendmail without DNS

[Adam Weremczuk]

Let me rephrase my question, which should be easier to answer.

What exactly shall I substitute:

mailer = "/usr/sbin/sendmail -t"

with in /usr/share/logwatch/default.conf/logwatch.conf

to make logwatch use postfix (already working without DNS) instead of 
sendmail?



On 21/07/2024 08:08, Jeff Pang wrote:

Sendmail is too old to be supported.
You may use postfix and exim instead. They are main stream MTA software 
today.

Re: sendmail without DNS

[Jeff Pang]

Sendmail is too old to be supported.
You may use postfix and exim instead. They are main stream MTA software 
today.



On 2024-07-21 14:58, Adam Weremczuk wrote:
This is in a way a continuation of my recently "purely local DNS" 
thread.


To recap: my objective is to send emails to a single domain with both 
DNS and any other email traffic being disabled.


A simple working solution that I've found for Postfix is:

/etc/hosts
1.2.3.4example.com

/etc/postfix/main.cf
smtp_dns_support_level = disabled
smtp_host_lookup = native

Now I'm trying to achieve the same thing for Sendmail to no avail.

So far I've tried:

- the above /etc/hosts entry

- DEAMON_OPTIONS(`Port-smtp,Addr=127.0.0.1, Name=MTA')dnl in 
sendmail.mc followed by m4 sendmail.mc > sendmail.cf


- /etc/mail/mailertable
example.com esmtp:[1.2.3.4]

1. Has anybody tried and got it working?

2. What's the best way to engage with Sendmail forums / mailing list?

Both comp.mail.sendmail and newscomp.mail.sendmail usenet groups appear 
to be dead.


---
Adam


--
Jeff Pang
jeffp...@aol.com

Re: sendmail and starttls failing

[Tim Woodall]

On Mon, 1 Jul 2024, Tim Woodall wrote:


On Sun, 30 Jun 2024, Tim Woodall wrote:


On Sun, 30 Jun 2024, Michael Grant wrote:


Yeah I'm seeing this too!  Identical in fact.  This is what I did to
fix this:  I added this to my /etc/mail/access file for my local
server that sends this messages to me:

   SRV_Features:127.0.0.1  L U G

Specifically, I added the U and G features, (I already had the L
feature disabled for localhost).  Uppercase letter disables the
feature, lowercase enables it.

I found the U and G mentioned here:

https://forums.oracle.com/ords/apexds/post/solaris-11-4-sendmail-issue-after-sendmail-8-18-1-update-7312

I did not try this suggestion to use U2 and G2 that he mentioned.  If
you do let me know.



Thanks!

I've just added u2 g2 and it seems to work. My quick test had bare LF
removed and bare CR replaced by space which isn't what I expected but is
good enough...




Actually, in bookworm this only seems to work with cr. mail wasn't
sending a lf and my email client was not displaying ^f

This works for testing cr and lf.
echo -ne 'Subject: test\n\ncr\rcr/lf\nlf' | /usr/sbin/sendmail -i -- root



This is what I see in sendmail logs:
Jul  1 17:06:55 dirac sm-mta[21391]: 461G6tQr021391: collect: relay=localhost, 
from=, info=Bare carriage return (CR) not 
allowed, where=body, status=replaced

I don't think bare LF are a problem for sendmail which is why I suspect
they're not being replaced.

Re: sendmail and starttls failing

[Greg Wooledge]

On Mon, Jul 01, 2024 at 09:34:39 +0100, Mark Fletcher wrote:
> cron isn’t a mail sending tool — not the right place to police something
> like this. Seems to me that sendmail is.

There are two possible layers here.  First, a cron job (typically a
shell command, or a shell script) might invoke mailx(1) or mail(1)
directly.  In this case, it's the responsibility of mailx or mail to
format and transmit the message correctly when it invokes the
/usr/sbin/sendmail program.

The second case, which is much more common, is that cron(8) itself
invokes /usr/sbin/sendmail to inject a message whenever a job writes
output to either stdout or stderr.  This output is captured by cron,
and then emailed to the job's owner.

hobbit:~$ strings /usr/sbin/cron | grep sendmail
/usr/sbin/sendmail

Looks like cron is doing what I would expect.  In this case, it's cron's
responsibility to make sure the message is correctly formatted.

If cron is injecting mail that /usr/sbin/sendmail is rejecting due to
bare LF or bare CR (for whichever implementation of /usr/sbin/sendmail
is installed), then this is a bug in cron.

If your cron job is calling mailx or mail directly, and one of those
tools is injecting a message that gets rejected due to bare LF or bare CR,
then this is a bug in mailx or mail, and should be reported as such.
The same applies to any CLI MUA -- mutt, nail, s-nail, Mail, etc.  Also,
note that mailx has multiple implementing packages in Debian, at least
two that I know of: bsd-mailx and mailutils.  Make sure you file your
bug reports against the correct packages.

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Tim Woodall wrote:


On Sun, 30 Jun 2024, Michael Grant wrote:


Yeah I'm seeing this too!  Identical in fact.  This is what I did to
fix this:  I added this to my /etc/mail/access file for my local
server that sends this messages to me:

   SRV_Features:127.0.0.1  L U G

Specifically, I added the U and G features, (I already had the L
feature disabled for localhost).  Uppercase letter disables the
feature, lowercase enables it.

I found the U and G mentioned here:

https://forums.oracle.com/ords/apexds/post/solaris-11-4-sendmail-issue-after-sendmail-8-18-1-update-7312

I did not try this suggestion to use U2 and G2 that he mentioned.  If
you do let me know.



Thanks!

I've just added u2 g2 and it seems to work. My quick test had bare LF
removed and bare CR replaced by space which isn't what I expected but is
good enough...




Actually, in bookworm this only seems to work with cr. mail wasn't
sending a lf and my email client was not displaying ^f

This works for testing cr and lf.
echo -ne 'Subject: test\n\ncr\rcr/lf\nlf' | /usr/sbin/sendmail -i -- root

Re: sendmail and starttls failing

[Tim Woodall]

On Mon, 1 Jul 2024, Mark Fletcher wrote:


On Sun, 30 Jun 2024 at 23:21, Tim Woodall  wrote:




The thing I'm seeing is  in the body of the email - I had no idea
this was illegal - and I'm surprised that tools like cron don't do
something to avoid sending "illegal" emails. Indeed, even mail will do
so happily.

cron isn?t a mail sending tool ? not the right place to police something

like this. Seems to me that sendmail is.

Mark



Sendmail now polices it - so cron emails get stuck if they contain a
bare cr. Presumably every mta is now doing something similar.

There may be a cron setting that I'm missing to avoid this, I haven't
looked yet.

It is, of course, possible to run the output of every cron job through a
filter too.

my sendmail is now replacing bare cr with space so cron emails are
delivered.

Re: sendmail and starttls failing

[Mark Fletcher]

On Sun, 30 Jun 2024 at 23:21, Tim Woodall  wrote:

>
>
> The thing I'm seeing is  in the body of the email - I had no idea
> this was illegal - and I'm surprised that tools like cron don't do
> something to avoid sending "illegal" emails. Indeed, even mail will do
> so happily.
>
> cron isn’t a mail sending tool — not the right place to police something
like this. Seems to me that sendmail is.

Mark

Re: sendmail and starttls failing

[Jeffrey Walton]

On Sun, Jun 30, 2024 at 6:13 PM Greg Wooledge  wrote:
>
> On Sun, Jun 30, 2024 at 23:08:01 +0100, Tim Woodall wrote:
> > According to this
> > https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx
> >
> > bare CRs aren't allowed in emails but this has always worked.
> >
> > I'm only likely to have cron generating emails like this.
> >
> > Strange that this would have been changed in a stable release. It
> > doesn't seem to have been a security update.
>
> It looks like it's coming from this change:
>
> https://metadata.ftp-master.debian.org/changelogs//main/s/sendmail/sendmail_8.17.1.9-2+deb12u2_changelog
>
>   * Fix CVE-2023-51765 (Closes: #1059386):
> sendmail allowed SMTP smuggling in certain configurations.
> Remote attackers can use a published exploitation
> technique to inject e-mail messages with a spoofed
> MAIL FROM address, allowing bypass of an SPF protection
> mechanism. This occurs because sendmail supports
> . but some other popular e-mail servers
> do not. This is resolved with 'o' in srv_features.
>
> I don't know the details of how this leads to a security hole.

Take a look at the blog at
.

Jeff

Re: sendmail and starttls failing

[Jeffrey Walton]

On Sun, Jun 30, 2024 at 6:08 PM Tim Woodall  wrote:
>
> On Sun, 30 Jun 2024, Tim Woodall wrote:
>
> > On Sun, 30 Jun 2024, Michael Grant wrote:
> >
> >> After an update today, sendmail is refusing to accept mail.  I'm
> >> seeing this in the logs:
> >>
> >
> > Hmmm, this update seems to have done a lot of odd things.
> >
>
> root@dirac:~# mail root
> Cc:
> Subject: test cr
> this
> is^Ma test
> .
> root@dirac:~# mailq
> MSP Queue status...
>  /var/spool/mqueue-client (1 request)
> -Q-ID- --Size-- -Q-Time- 
> Sender/Recipient---
> 45ULV1xk014043   15 Sun Jun 30 22:31 r...@dirac.home.woodall.me.uk
>   (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
>   root
>  Total requests: 1
> MTA Queue status...
> /var/spool/mqueue is empty
>  Total requests: 0
>
> According to this
> https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx
>
> bare CRs aren't allowed in emails but this has always worked.
>
> I'm only likely to have cron generating emails like this.
>
> Strange that this would have been changed in a stable release. It
> doesn't seem to have been a security update.

New SMTP smuggling attack,
.

The short of it is, non-conforming emails and sloppy parsing have led
to a litany of problems including mail spoofing. It has been going on
for years, but now things are changing.

Jeff

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Michael Grant wrote:


Yeah I'm seeing this too!  Identical in fact.  This is what I did to
fix this:  I added this to my /etc/mail/access file for my local
server that sends this messages to me:

   SRV_Features:127.0.0.1  L U G

Specifically, I added the U and G features, (I already had the L
feature disabled for localhost).  Uppercase letter disables the
feature, lowercase enables it.

I found the U and G mentioned here:

https://forums.oracle.com/ords/apexds/post/solaris-11-4-sendmail-issue-after-sendmail-8-18-1-update-7312

I did not try this suggestion to use U2 and G2 that he mentioned.  If
you do let me know.



Thanks!

I've just added u2 g2 and it seems to work. My quick test had bare LF
removed and bare CR replaced by space which isn't what I expected but is
good enough...

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Greg Wooledge wrote:


On Sun, Jun 30, 2024 at 23:08:01 +0100, Tim Woodall wrote:

According to this
https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx

bare CRs aren't allowed in emails but this has always worked.

I'm only likely to have cron generating emails like this.

Strange that this would have been changed in a stable release. It
doesn't seem to have been a security update.


It looks like it's coming from this change:

https://metadata.ftp-master.debian.org/changelogs//main/s/sendmail/sendmail_8.17.1.9-2+deb12u2_changelog

 * Fix CVE-2023-51765 (Closes: #1059386):
   sendmail allowed SMTP smuggling in certain configurations.
   Remote attackers can use a published exploitation
   technique to inject e-mail messages with a spoofed
   MAIL FROM address, allowing bypass of an SPF protection
   mechanism. This occurs because sendmail supports
   . but some other popular e-mail servers
   do not. This is resolved with 'o' in srv_features.

I don't know the details of how this leads to a security hole.




It might be - but the wording suggested that this is blocking bare 
which isn't my problem - and also I'd assume this is header related.

The thing I'm seeing is  in the body of the email - I had no idea
this was illegal - and I'm surprised that tools like cron don't do
something to avoid sending "illegal" emails. Indeed, even mail will do
so happily.

Re: sendmail and starttls failing

[Greg Wooledge]

On Sun, Jun 30, 2024 at 23:08:01 +0100, Tim Woodall wrote:
> According to this
> https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx
> 
> bare CRs aren't allowed in emails but this has always worked.
> 
> I'm only likely to have cron generating emails like this.
> 
> Strange that this would have been changed in a stable release. It
> doesn't seem to have been a security update.

It looks like it's coming from this change:

https://metadata.ftp-master.debian.org/changelogs//main/s/sendmail/sendmail_8.17.1.9-2+deb12u2_changelog

  * Fix CVE-2023-51765 (Closes: #1059386):
sendmail allowed SMTP smuggling in certain configurations.
Remote attackers can use a published exploitation
technique to inject e-mail messages with a spoofed
MAIL FROM address, allowing bypass of an SPF protection
mechanism. This occurs because sendmail supports
. but some other popular e-mail servers
do not. This is resolved with 'o' in srv_features.

I don't know the details of how this leads to a security hole.

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Tim Woodall wrote:


On Sun, 30 Jun 2024, Michael Grant wrote:


After an update today, sendmail is refusing to accept mail.  I'm
seeing this in the logs:



Hmmm, this update seems to have done a lot of odd things.



root@dirac:~# mail root
Cc: 
Subject: test cr

this
is^Ma test
.
root@dirac:~# mailq
MSP Queue status...
/var/spool/mqueue-client (1 request)
-Q-ID- --Size-- -Q-Time- Sender/Recipient---
45ULV1xk014043   15 Sun Jun 30 22:31 r...@dirac.home.woodall.me.uk
 (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
 root
Total requests: 1
MTA Queue status...
/var/spool/mqueue is empty
Total requests: 0



According to this
https://support.trustwave.com/kb/KnowledgebaseArticle10016.aspx

bare CRs aren't allowed in emails but this has always worked.

I'm only likely to have cron generating emails like this.

Strange that this would have been changed in a stable release. It
doesn't seem to have been a security update.

Re: sendmail and starttls failing

[Michael Grant]

On Sun, Jun 30, 2024 at 10:20:24PM +0100, Tim Woodall wrote:
> On Sun, 30 Jun 2024, Michael Grant wrote:
> 
> > After an update today, sendmail is refusing to accept mail.  I'm
> > seeing this in the logs:
> > 
> 
> Hmmm, this update seems to have done a lot of odd things.
> 
> MSP Queue status...
> /var/spool/mqueue-client (2 requests)
> -Q-ID- --Size-- -Q-Time- 
> Sender/Recipient---
> 45U9e1iI01814530770 Sun Jun 30 10:40 MAILER-DAEMON
>  (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
>  root
> 45U5Qnln00888528799 Sun Jun 30 06:26 root
>   7BIT   (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
>  root
> Total requests: 2
> MTA Queue status...
> /var/spool/mqueue is empty
> Total requests: 0
> 
> 
> 
> That's the cron email telling me about the update.
> 
> It's not at all clear to me what it's complaining about.
> root@dirac:/var/spool/mqueue-client# od -t x1 qf45U* | grep 0d
> root@dirac:/var/spool/mqueue-client#
> 
> Unless it's the bare CR in the body of the email - which should be fine!
> 
> Moving the queue files from mqueue-client to mqueue and fixing up the
> owner and perms and they delivered fine.
> 
> 

Yeah I'm seeing this too!  Identical in fact.  This is what I did to
fix this:  I added this to my /etc/mail/access file for my local
server that sends this messages to me:

SRV_Features:127.0.0.1  L U G

Specifically, I added the U and G features, (I already had the L
feature disabled for localhost).  Uppercase letter disables the
feature, lowercase enables it.

I found the U and G mentioned here:

https://forums.oracle.com/ords/apexds/post/solaris-11-4-sendmail-issue-after-sendmail-8-18-1-update-7312

I did not try this suggestion to use U2 and G2 that he mentioned.  If
you do let me know.



signature.asc
Description: PGP signature

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Michael Grant wrote:


After an update today, sendmail is refusing to accept mail.  I'm
seeing this in the logs:



Hmmm, this update seems to have done a lot of odd things.

MSP Queue status...
/var/spool/mqueue-client (2 requests)
-Q-ID- --Size-- -Q-Time- Sender/Recipient---
45U9e1iI01814530770 Sun Jun 30 10:40 MAILER-DAEMON
 (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
 root
45U5Qnln00888528799 Sun Jun 30 06:26 root
  7BIT   (Deferred: 421 4.5.0 Bare carriage return (CR) not allowed)
 root
Total requests: 2
MTA Queue status...
/var/spool/mqueue is empty
Total requests: 0



That's the cron email telling me about the update.

It's not at all clear to me what it's complaining about.
root@dirac:/var/spool/mqueue-client# od -t x1 qf45U* | grep 0d
root@dirac:/var/spool/mqueue-client#

Unless it's the bare CR in the body of the email - which should be fine!

Moving the queue files from mqueue-client to mqueue and fixing up the
owner and perms and they delivered fine.

Re: sendmail and starttls failing

[Tim Woodall]

On Sun, 30 Jun 2024, Michael Grant wrote:


Jun 30 11:43:00 bottom sm-mta[18852]: AUTH: available mech=DIGEST-MD5 CRAM-MD5 
LOGIN PLAIN, allowed mech=EXTERNAL


Update here, it's not apparently an STARTTLS error, it's an AUTH
error.  Something in the update last night altered my list of
available AUTH mechanisms.

I manually updated sendmail.cf and updated this line:

O AuthMechanisms=EXTERNAL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN

by adding "DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN" and now it accepts
mail from my desktop.

I don't see where this is configured.  /etc/sasl2/Sendmail.conf which
is a link to /etc/mail/sasl/Sendmail.conf.2, but this file looks good,
I don't know where it's getting the AuthMechanisms from (yet).



I think this is configured in sasl.m4

and I suspect it's something to do with the "sm_version_math" stuff but
exactly what has changed to break this for you I don't know

ifelse(eval(sm_version_math >= 526848), `1', `dnl
ifelse(sm_enable_auth, `yes', `dnl
dnl #
dnl # Set a more reasonable timeout on negotiation
dnl #
define(`confTO_AUTH',  `2m')dnl  #   , def=10m
dnl #
dnl # Do not touch anything above this line...
dnl #
dnl # Available Authentication methods
dnl #
define(`confAUTH_MECHANISMS',dnl
`DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')dnl
dnl #
dnl # These, we will trust for relaying
dnl #
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 PLAIN LOGIN')
dnl #
dnl # for 8.12.0+, add EXTERNAL as an available & trusted mech (w/STARTTLS)
dnl # and allow sharing of /etc/sasldb(2) file, allow group read/write
dnl #
ifelse(eval(sm_version_math >= 527360), `1', `dnl
define(`confAUTH_MECHANISMS',dnl
`EXTERNAL 'defn(`confAUTH_MECHANISMS'))dnl
TRUST_AUTH_MECH(`EXTERNAL')
define(`confDONT_BLAME_SENDMAIL',dnl
defn(`confDONT_BLAME_SENDMAIL')`,GroupReadableSASLDBFile,GroupWritableSASLDBFile')dnl
')dnl

Re: sendmail and starttls failing

[Michael Grant]

> Jun 30 11:43:00 bottom sm-mta[18852]: AUTH: available mech=DIGEST-MD5 
> CRAM-MD5 LOGIN PLAIN, allowed mech=EXTERNAL

Update here, it's not apparently an STARTTLS error, it's an AUTH
error.  Something in the update last night altered my list of
available AUTH mechanisms.

I manually updated sendmail.cf and updated this line:

O AuthMechanisms=EXTERNAL DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN

by adding "DIGEST-MD5 CRAM-MD5 NTLM LOGIN PLAIN" and now it accepts
mail from my desktop.

I don't see where this is configured.  /etc/sasl2/Sendmail.conf which
is a link to /etc/mail/sasl/Sendmail.conf.2, but this file looks good,
I don't know where it's getting the AuthMechanisms from (yet).


signature.asc
Description: PGP signature

Re: Sendmail SASL Auth on Debian 11

[Dave Parker]

On Tue, Sep 13, 2022 at 6:41 AM Henning Follmann 
wrote:

>
> >
> > So I guess my question is, do I need one now on the Bullseye server, if
> > saslauthd always worked for this before?
> >
>
> OK, that's an option too.
>
> Now I would check if sasl works. There is an little helper program; try:
> testsaslauthd -u  -p 
>
> you might have to specify the location (-f path) of the unix socket if it
> is located
> somewhere uncommon.
>
> If your authentication works then the communication between sendmail and
> saslauthd
> is not working.
>

Hello,

The testsaslauthd utility was also working, so the break was between
Sendmail and SASL.  I finally got it working, though.  A Google search led
me to these three commands, and running them indeed fixed gthe issue:

/usr/share/sendmail/update_tls
/usr/share/sendmail/update_sendmail
sendmailconfig

All of the config and .m4 files involved here still look the same between
the old and new server, with the exception of some updated comments.  So,
I'm not exactly sure what this did to fix the underlying problem, but it's
fixed nonetheless.

Thanks!
Dave

-- 
Dave Parker '11
Database & Systems Administrator
Utica University
Integrated Information Technology Services
315-792-3229
He/Him

Re: Sendmail SASL Auth on Debian 11

[Henning Follmann]

On Mon, Sep 12, 2022 at 12:42:00PM -0400, Dave Parker wrote:
> On Mon, Sep 12, 2022 at 10:37 AM Henning Follmann 
> wrote:
> 
> >
> > First, please do not top post.
> >
> > On Mon, Sep 12, 2022 at 09:00:00AM -0400, Dave Parker wrote:
> > > Thanks for the advice.  Just to clarify, this is an enterprise SMTP
> > server
> > > for a university, and we have used Sendmail for at least 25 years now.  I
> > > have deployed and configured Sendmail on probably hundreds of servers
> > over
> > > the years, but most of them are on internal networks and relay mail
> > > through this SMTP server.  This is a high traffic SMTP server and its
> > > uptime is critical, so I would prefer to stay with Sendmail because it
> > has
> > > always been rock solid in the past.
> >
> > Understood. And I apologize. I assumed because of the old version of your
> > existing installation a less actively maintained situation and made a snap
> > judgement about your experience.
> > I also never said sendmail is not a  solid MTA. I stated it is extremely
> > difficult to maintain.
> > Also other MTA are well suited for high traffic servers. Exim is used
> > by ISPs with extremely high traffic.
> >
> > >
> > > The issue here is that Sendmail with SASL auth doesn't seem to work the
> > > same way in Bullseye as it did in Wheezy, which is probably to be
> > expected,
> > > given the large gap between versions.  I'm just trying to track down
> > > anything I may have missed in my new Bullseye configuration, since the
> > > exact same config works fine in Wheezy.
> > >
> >
> > Well, in my previous post I might hinted at your issue.
> >
> > Please check if courier-authdaemon or dovecot-core is installed.
> > Both provide an sasl authdaemon.
> > I do not know anything about your old installation so you have to
> > figure out, how and where the unix socket of the daemon is located.
> > If you use a chroot environment you must make sure the socket is accessible
> > to sendmail.
> >
> >
> My apologies for the top post.  We use Google for our institutional email,
> and the Gmail interface defaults to that when I reply to a message.
> 
> Looking at the existing Wheezy server which works correctly, I do not see
> anything providing an auth daemon besides saslauthd:
> 
> # dpkg-query -W | egrep 'sendmail|sasl|courier|dovecot'
> libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u1
> libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u1
> sasl2-bin 2.1.25.dfsg1-6+deb7u1
> sendmail 8.14.4-4
> sendmail-base 8.14.4-4
> sendmail-bin 8.14.4-4
> sendmail-cf 8.14.4-4
> 
> So I guess my question is, do I need one now on the Bullseye server, if
> saslauthd always worked for this before?
> 

OK, that's an option too.

Now I would check if sasl works. There is an little helper program; try:
testsaslauthd -u  -p 

you might have to specify the location (-f path) of the unix socket if it is 
located 
somewhere uncommon.

If your authentication works then the communication between sendmail and 
saslauthd
is not working.



-H

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Sendmail SASL Auth on Debian 11

[Dave Parker]

On Mon, Sep 12, 2022 at 10:37 AM Henning Follmann 
wrote:

>
> First, please do not top post.
>
> On Mon, Sep 12, 2022 at 09:00:00AM -0400, Dave Parker wrote:
> > Thanks for the advice.  Just to clarify, this is an enterprise SMTP
> server
> > for a university, and we have used Sendmail for at least 25 years now.  I
> > have deployed and configured Sendmail on probably hundreds of servers
> over
> > the years, but most of them are on internal networks and relay mail
> > through this SMTP server.  This is a high traffic SMTP server and its
> > uptime is critical, so I would prefer to stay with Sendmail because it
> has
> > always been rock solid in the past.
>
> Understood. And I apologize. I assumed because of the old version of your
> existing installation a less actively maintained situation and made a snap
> judgement about your experience.
> I also never said sendmail is not a  solid MTA. I stated it is extremely
> difficult to maintain.
> Also other MTA are well suited for high traffic servers. Exim is used
> by ISPs with extremely high traffic.
>
> >
> > The issue here is that Sendmail with SASL auth doesn't seem to work the
> > same way in Bullseye as it did in Wheezy, which is probably to be
> expected,
> > given the large gap between versions.  I'm just trying to track down
> > anything I may have missed in my new Bullseye configuration, since the
> > exact same config works fine in Wheezy.
> >
>
> Well, in my previous post I might hinted at your issue.
>
> Please check if courier-authdaemon or dovecot-core is installed.
> Both provide an sasl authdaemon.
> I do not know anything about your old installation so you have to
> figure out, how and where the unix socket of the daemon is located.
> If you use a chroot environment you must make sure the socket is accessible
> to sendmail.
>
>
My apologies for the top post.  We use Google for our institutional email,
and the Gmail interface defaults to that when I reply to a message.

Looking at the existing Wheezy server which works correctly, I do not see
anything providing an auth daemon besides saslauthd:

# dpkg-query -W | egrep 'sendmail|sasl|courier|dovecot'
libsasl2-2:amd64 2.1.25.dfsg1-6+deb7u1
libsasl2-modules:amd64 2.1.25.dfsg1-6+deb7u1
sasl2-bin 2.1.25.dfsg1-6+deb7u1
sendmail 8.14.4-4
sendmail-base 8.14.4-4
sendmail-bin 8.14.4-4
sendmail-cf 8.14.4-4

So I guess my question is, do I need one now on the Bullseye server, if
saslauthd always worked for this before?

Thanks,
Dave

-- 
Dave Parker '11
Database & Systems Administrator
Utica University
Integrated Information Technology Services
315-792-3229
He/Him

Re: Sendmail SASL Auth on Debian 11

[Henning Follmann]

First, please do not top post.

On Mon, Sep 12, 2022 at 09:00:00AM -0400, Dave Parker wrote:
> Thanks for the advice.  Just to clarify, this is an enterprise SMTP server
> for a university, and we have used Sendmail for at least 25 years now.  I
> have deployed and configured Sendmail on probably hundreds of servers over
> the years, but most of them are on internal networks and relay mail
> through this SMTP server.  This is a high traffic SMTP server and its
> uptime is critical, so I would prefer to stay with Sendmail because it has
> always been rock solid in the past.

Understood. And I apologize. I assumed because of the old version of your
existing installation a less actively maintained situation and made a snap
judgement about your experience.
I also never said sendmail is not a  solid MTA. I stated it is extremely
difficult to maintain.
Also other MTA are well suited for high traffic servers. Exim is used
by ISPs with extremely high traffic.

> 
> The issue here is that Sendmail with SASL auth doesn't seem to work the
> same way in Bullseye as it did in Wheezy, which is probably to be expected,
> given the large gap between versions.  I'm just trying to track down
> anything I may have missed in my new Bullseye configuration, since the
> exact same config works fine in Wheezy.
>

Well, in my previous post I might hinted at your issue.

Please check if courier-authdaemon or dovecot-core is installed.
Both provide an sasl authdaemon.
I do not know anything about your old installation so you have to
figure out, how and where the unix socket of the daemon is located.
If you use a chroot environment you must make sure the socket is accessible
to sendmail.

Cheers,

-H

[...]

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Sendmail SASL Auth on Debian 11

[Dave Parker]

Thanks for the advice.  Just to clarify, this is an enterprise SMTP server
for a university, and we have used Sendmail for at least 25 years now.  I
have deployed and configured Sendmail on probably hundreds of servers over
the years, but most of them are on internal networks and relay mail
through this SMTP server.  This is a high traffic SMTP server and its
uptime is critical, so I would prefer to stay with Sendmail because it has
always been rock solid in the past.

The issue here is that Sendmail with SASL auth doesn't seem to work the
same way in Bullseye as it did in Wheezy, which is probably to be expected,
given the large gap between versions.  I'm just trying to track down
anything I may have missed in my new Bullseye configuration, since the
exact same config works fine in Wheezy.

Thanks!

On Mon, Sep 12, 2022 at 3:17 AM Henning Follmann 
wrote:

> On Fri, Sep 09, 2022 at 11:55:06AM -0400, Dave Parker wrote:
> > Hello,
> >
> > Years ago, I set up an SMTP server on Debian 7.5, running Sendmail
> > configured for SASL authentication using an LDAP directory.  I am now
> > trying to set up a new one on Debian 11.5 in pretty much the same
> > configuration, but SMTP auth does not work.  I have verified that nslcd
> and
>
> You have not "used" sendmail for several years. You should not use it.
> Sendmail is very complex and extremely difficult to maintain, definetely
> not
> suitable for a "casual" user.
> You should either use
> 1) Exim (I do not like it, because it does not use standard logging. But
> that
>  is personal taste) Its debians default.
>
> 2) Postfix
>
> I used sendmail for a decade but I switched over to Postfix  years ago.
> It is too hard to maintain.
>
>
> > saslauthd are running, the sendmail, PAM and NSS configurations all look
> > good, and ldapsearch returns a result using the settings from
> > pam_ldap.conf.  When I open a connection to the old server and issue AUTH
> > PLAIN or AUTH LOGIN, I can authenticate with my base64 LDAP credentials
> as
> > expected.  But when I do the same on the new server, I get a "535 5.7.0
> > authentication failed" response.
> >
> > I ran a tcpdump on this SMTP server during an auth attempt, and there was
> > no traffic to or from the LDAP server.
> >
> > I literally copied all of the configs over from the old server and
> Sendmail
> > starts up fine, but still no auth.  Does anyone know where I might look
> for
> > the breakage?
> >
> > Old server (works):
> > - Sendmail 8.14.4
> > - SASL (libs/modules/bin) 2.1.25
> > - libnss-ldap 264
> > - libpam-ldap 184
> >
> > New server (doesn't work):
> > - Sendmail 8.15.2
> > - SASL (lib/modules/bin) 2.1.27
> > - libnss-ldapd 0.9.11 (because libnss-ldap is deprecated)
> > - libpam-ldap 186
>
> You need an external authentication daemon for sasl to work.
> I guess based on the age of your old system, it was courier in your case.
>
> Today I would prefer dovecot.
>
>
>
> >
> > Thanks!
> > Dave
> >
> > --
> > Dave Parker '11
> > Database & Systems Administrator
> > Utica University
> > Integrated Information Technology Services
> > 315-792-3229
> > He/Him
>
> --
> Henning Follmann   | hfollm...@itcfollmann.com
>
>

-- 
Dave Parker '11
Database & Systems Administrator
Utica University
Integrated Information Technology Services
315-792-3229
He/Him

Re: Sendmail SASL Auth on Debian 11

[Henning Follmann]

On Fri, Sep 09, 2022 at 11:55:06AM -0400, Dave Parker wrote:
> Hello,
> 
> Years ago, I set up an SMTP server on Debian 7.5, running Sendmail
> configured for SASL authentication using an LDAP directory.  I am now
> trying to set up a new one on Debian 11.5 in pretty much the same
> configuration, but SMTP auth does not work.  I have verified that nslcd and

You have not "used" sendmail for several years. You should not use it.
Sendmail is very complex and extremely difficult to maintain, definetely not
suitable for a "casual" user.
You should either use
1) Exim (I do not like it, because it does not use standard logging. But that
 is personal taste) Its debians default.

2) Postfix

I used sendmail for a decade but I switched over to Postfix  years ago.
It is too hard to maintain.


> saslauthd are running, the sendmail, PAM and NSS configurations all look
> good, and ldapsearch returns a result using the settings from
> pam_ldap.conf.  When I open a connection to the old server and issue AUTH
> PLAIN or AUTH LOGIN, I can authenticate with my base64 LDAP credentials as
> expected.  But when I do the same on the new server, I get a "535 5.7.0
> authentication failed" response.
> 
> I ran a tcpdump on this SMTP server during an auth attempt, and there was
> no traffic to or from the LDAP server.
> 
> I literally copied all of the configs over from the old server and Sendmail
> starts up fine, but still no auth.  Does anyone know where I might look for
> the breakage?
> 
> Old server (works):
> - Sendmail 8.14.4
> - SASL (libs/modules/bin) 2.1.25
> - libnss-ldap 264
> - libpam-ldap 184
> 
> New server (doesn't work):
> - Sendmail 8.15.2
> - SASL (lib/modules/bin) 2.1.27
> - libnss-ldapd 0.9.11 (because libnss-ldap is deprecated)
> - libpam-ldap 186

You need an external authentication daemon for sasl to work.
I guess based on the age of your old system, it was courier in your case.

Today I would prefer dovecot.



> 
> Thanks!
> Dave
> 
> -- 
> Dave Parker '11
> Database & Systems Administrator
> Utica University
> Integrated Information Technology Services
> 315-792-3229
> He/Him

-- 
Henning Follmann   | hfollm...@itcfollmann.com

Re: Sendmail compiled with tcpwrappers yet ignores /etc/hosts.deny ?

[jon]

On Sun, 2015-11-22 at 23:44 +, jon wrote:
> 
> root@mail:/usr/share/doc# ldd /usr/sbin/sendmail |grep 'libwrap'
> libwrap.so.0 => /lib/i386-linux-gnu/libwrap.so.0 (0xb7525000)
> root@mail:/usr/share/doc# cat /etc/debian_version 
> 8.2
> 
> I want to use sendmail with tcp wrappers but it does not seem to play,
> it looks like it was compiled with support,  can anyone help ?
> 
> 
> Thanks,
> Jon
> 
> 


Anyone ? 

Maybe I was not very clear, this is the default sendmail for Debian
installed via apt. The online docs claims it works with tcpwrappers yet
it seems to ignore /etc/hosts.deny ? 

Thanks,
Jon

Re: sendmail on debian testing

[Michael Grant]

I finally managed to get sendmail working using systemd.

Here is my /etc/systemd/system/sendmail.service:

[Unit]
Description=Sendmail Mail Transport Agent
Requires=clamav-daemon.service spamassassin.service
After=syslog.target network.target clamav-daemon.service
spamassassin.service
Conflicts=postfix.service exim.service

[Service]
Type=forking
PIDFile=/run/sendmail/mta/sendmail.pid
Environment=SENDMAIL_OPTS=-q1h
EnvironmentFile=-/etc/default/sendmail
ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG

[Install]
WantedBy=multi-user.target

and my /etc/tmpfiles.d/sendmail.conf file:
d /run/sendmail/ 0755 smmta smmsp
d /run/sendmail/mta/ 0755 smmta smmsp

I am using clamav-milter and spamass-milter, hence the Requires= and After=
lines.  If you are not using these, probably you should remove those.

Is it wrong to include these dependencies in sendmail.system?  The thing
is, these milters are not specific to sendmail.  Other mailers that support
the milter interface can use them as well.  And they are not required for
sendmail.  So I wonder which pakage's responsibility it would be to add
these dependencies to sendmail.system or if this is even the correct place
to do that.

With the init.d, clamav-milter and spamass-milter install themselves with a
lower number than sendmail and always start before whatever mailer is
installed.  Once you go to explicit dependencies like this, is it clam's
and spamassassin's job to know all the possible mailers out there that
might use it?  Or is it sendmail's job to know all the possible milters out
there and state them as dependencies?

Another observation, to get this working, the only way I found to properly
test this was to continually reboot.  I could get sendmail to start by hand
quite early on, but it was not starting by on reboot because of the timing
problem in the dependencies.  This makes systemd rather more difficult to
debug things in my opinion.

Re: sendmail on debian testing

[Reco]

 Hi.

On Tue, Feb 03, 2015 at 11:07:37PM +, Michael Grant wrote:
> On Tue, Feb 3, 2015 at 6:16 PM, Reco  wrote:
> > I don't know if this has anything to do with that:
> >
> > # systemctl enable sendmail
> > Synchronizing state for sendmail.service with sysvinit using 
> update-rc.d...
> > Executing /usr/sbin/update-rc.d sendmail defaults
> > Executing /usr/sbin/update-rc.d sendmail enable
> >
> > # systemctl is-enabled sendmail
> > Failed to get unit file state for sendmail.service: No such file or 
> directory
> 
> No, it doesn't have anything with it.
> 
> Systemd uses it's own way to define a service called a 'service unit'.
> Presumably, systemd has something for the compatibility with old init
> (aka sysvinit), which *should* start those /etc/init.d/ scripts just as
> good as if sysvinit itself would do it. Well, now we see how well it
> works in the reality :)
> 
> 
> Ok, let's try something different then - based on [1]. Try creating the
> file called /etc/systemd/system/sendmail.service with the following
> contents:
> 
> ###cut###
> 
> [Unit]
> Description=Sendmail Mail Transport Agent
> After=syslog.target network.target
> Conflicts=postfix.service exim.service
> 
> [Service]
> Type=forking
> PIDFile=/run/sendmail.pid
> Environment=SENDMAIL_OPTS=-q1h
> EnvironmentFile=-/etc/default/sendmail
> ExecStartPre=-/etc/mail/make
> ExecStartPre=-/etc/mail/make aliases
> ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG
> 
> [Install]
> WantedBy=multi-user.target
> 
> ###cut###
> 
> 
> Revert the _SYSTEMCTL_SKIP_REDIRECT change, see how it goes now.
> This unit file may require tweaking in $SENDMAIL_OPTS $SENDMAIL_OPTARG
> part - I'm unable to check now what kind of variables are sourced by
> /etc/default/sendmail.
>
> 
> Ok, I tried creating that file and removing the line from 
> /etc/default/sendmail.  It still did not come up when the machine booted.

 Oh, but did you run 'systemctl enable sendmail' after creating the
file? Because if you did - I'm out of ideas, sorry.

Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150204094244.GA10345@x101h

Re: sendmail on debian testing

[Ansgar Burchardt]

Hi,

Michael Grant  writes:
> On Tue, Feb 3, 2015 at 6:26 PM, Ansgar Burchardt  wrote:
>> Could you try restarting sendmail (systemctl restart sendmail) and show
>> the output of `systemctl status sendmail'? It also shows the most recent
>> log entries, but the output of journalctl --unit sendmail --since -5min
>> might also be useful (if it shows more messages).
>
> So, this is interesting.   'systemctl restart sendmail' with no other
> changes to the system does start sendmail manually.  However, 'systemctl
> start sendmail' does not, at least, not without Reco's line in
> /etc/default/sendmail.

Okay, this is a limitation in systemd's compatability layer for init
scripts: systemd keeps track of the current state of services. Some
services (daemons) can only be "active" when the daemon process is
around, but there are also services that only run some commands and then
exit, i.e. a service setting up the keyboard layout.

For native systemd services there is an option RemainAfterExit= which
can be used to specify this (see man:systemd.service(5)). For init
scripts systemd cannot know this and defaults to RemainAfterExit=true.

So systemd considers the sendmail service running as RemainAfterExit is
set for init scripts and "/etc/init.d/sendmail start" did *not* return
an error, even though it failed to actually start the daemon (see
below).

"systemctl start" is thus not doing anything as systemd will not start
the same service twice. "systemctl restart" will mark the service
stopped first and then start it again; this is not a noop for services
already running.

> When I run systemctl status sendmail just after rebooting, this is what it
> looks like:
>
> # systemctl status sendmail
> ● sendmail.service - LSB: powerful, efficient, and scalable Mail Transport
> Agent
>Loaded: loaded (/etc/init.d/sendmail)
>Active: active (exited) since Tue 2015-02-03 18:23:25 EST; 1min 27s ago
>   Process: 2604 ExecStart=/etc/init.d/sendmail start (code=exited,
> status=0/SUCCESS)

This is a bug in the init script: it should not return success if there
was an error starting the service (though it cannot always find out if
there was an error easily).

> Feb 03 18:23:24 bottom.networkguild.org sendmail[2604]: Starting Mail
> Transpo...
> Feb 03 18:23:24 bottom.networkguild.org sm-mta[2822]: NOQUEUE:
> SYSERR(root): ...

This looks like an error, but the interesting part is cut off. You might
want to run "systemctl status -l sendmail" as suggested below, or
"journalctl -b --unit sendmail" to show all log messages for the
"sendmail" service since the last reboot (or check /var/log if a syslog
daemon is running).

> Feb 03 18:23:25 bottom.networkguild.org sendmail[2604]: .
> Feb 03 18:23:25 bottom.networkguild.org systemd[1]: Started LSB: powerful,
> ef...
> Hint: Some lines were ellipsized, use -l to show in full.

I suspect that sendmail misses some dependency information in its init
script, that is it expects some other parts of the system to be already
brought up when it starts. As systemd starts more parts in parallel,
it's more likely to uncover such issues than booting with sysvinit.

Ansgar


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87y4oefqlh@deep-thought.43-1.org

Re: sendmail on debian testing

[Michael Grant]

On Tue, Feb 3, 2015 at 7:03 PM, Bob Proulx  wrote:

> Michael Grant wrote:
> > I'm still searching for an answer to this.
> > After upgrade from wheezy to testing, sendmail no longer starts.
> > I see that the system is using systemd.
> > ...
>
> Some comments that I think are relevant...
>
> Since it took a while for someone to respond to your question it tells
> me that it is a combination of tools that not many people are using.
> You are using sendmail in combination with systemd.  That is an
> unusual combination.  If it were widely used then many people would
> have been responding already.  Frankly you might be one of the few
> trailblazing that combination.
>

I do not mind trailblazing this to get this working for the greater good.
It may be an upgrade issue or some other dependency, it would not surprise
me in the least since this is a copy of an existing vm that I tried to
upgrade.

It is true that fewer and fewer people are using sendmail these days,
especially since it seems to have been orphaned.  Sendmail may be old but
it's incredibly reliable, well tested, and stable.

>
> Trailblazers are great!  They are the ones who make things happen.
> However not everyone wants to be a trailblazer.  There just isn't
> enough time for everyone to do everything.  You sound like a busy
> person without the time to debug everything.  Perhaps it would be good
> to change to a more mainstream combination?  If it were a mainstream
> combination then the problem would almost certainly already have been
> seen and fixed.  Something with a lot of users and a lot of support.
>

Maybe I will one day.

>
> In this case I would suggest that Sendmail is no longer the mainstream
> mail transfer agent.  Instead I suggest migrating to Postfix.  (Or
> Exim but I personally really prefer Postfix so will recommend
> Postfix.)  Postfix is well tested and very well supported.  There has
> been discussion of making Postfix the default mta on Debian.  (But
> that will never happen because Exim isn't bad just not as popular.)
>

I have tried postfix several times over the years.  I was surprised that I
was able to make seemingly innocent config mistakes in postfix and it would
just drop mail into /dev/null.  This is surprisingly difficult in sendmail
as its failure mode is to reject or not accept the mail in this case.

>
> Since you are using Sendmail I assume you have been using Sendmail
> forever.  You probably have multiple editions of the O'Reilly Sendmail
> book on your bookshelf.  You probably hate to take the time to migrate
> a working configuration tuned over decades to something different.  I
> have been there and glance over at my two remaining editions of the
> O'Reilly Sendmail books on my bookshelf.  Let me say that moving to
> Postfix was very easy.  I don't even have one copy of the O'Reilly
> Postfix book.  It has an easy to understand design and the online
> documentation is excellent.  I have been where you are with Sendmail
> and migrating to Postfix was a good decision for me.  I suggest that
> it would be for you too.  YMMV.
>

Well, you know, I never bought that bat book either!  But yes, you are
right, I have been using Sendmail since perhaps it first appeared in BSD, I
first encountered it in 1983 in BSD on the VAX 11/780, well before M4 and I
used to write my own cf files back then too!

Re: sendmail on debian testing

[Michael Grant]

On Tue, Feb 3, 2015 at 6:26 PM, Ansgar Burchardt  wrote:

> ...
> Could you try restarting sendmail (systemctl restart sendmail) and show
> the output of `systemctl status sendmail'? It also shows the most recent
> log entries, but the output of journalctl --unit sendmail --since -5min
> might also be useful (if it shows more messages).
>

So, this is interesting.   'systemctl restart sendmail' with no other
changes to the system does start sendmail manually.  However, 'systemctl
start sendmail' does not, at least, not without Reco's line in
/etc/default/sendmail.

so after a REstart which succeeds, the status looks like this:

# systemctl status sendmail
● sendmail.service - LSB: powerful, efficient, and scalable Mail Transport
Agent
   Loaded: loaded (/etc/init.d/sendmail)
   Active: active (running) since Tue 2015-02-03 18:12:38 EST; 4min 8s ago
  Process: 3733 ExecStop=/etc/init.d/sendmail stop (code=exited,
status=0/SUCCESS)
  Process: 3757 ExecStart=/etc/init.d/sendmail start (code=exited,
status=0/SUCCESS)
   CGroup: /system.slice/sendmail.service
   └─3785 sendmail: MTA: accepting connections

Feb 03 18:12:36 bottom.networkguild.org systemd[1]: Starting LSB: powerful,
e...
Feb 03 18:12:36 bottom.networkguild.org sm-mta[3785]: starting daemon
(8.14.4...
Feb 03 18:12:36 bottom.networkguild.org sm-mta[3785]: daemon could not open
c...
Feb 03 18:12:36 bottom.networkguild.org sm-mta[3785]: started as:
/usr/sbin/s...
Feb 03 18:12:38 bottom.networkguild.org sendmail[3757]: Starting Mail
Transpo...
Feb 03 18:12:38 bottom.networkguild.org systemd[1]: Started LSB: powerful,
ef...
Hint: Some lines were ellipsized, use -l to show in full.

Now here's something I can't explain.  After I do the systemctl restart,
now I can do systectl stop and systemctl start and they work fine but only
after doing a restart first after boot.

In case this isn't clear:

1) reboot
2) sendmail not running
3) run 'systemctl start sendmail' by hand, exits quickly, sendmail NOT
started
4) run 'systemctl restart sendmail'.  It takes a few seconds, sendmail
starts
5) run 'systemctl stop sendmail'.  again, takes a few seconds, sendmail
stops
6) run 'systemctl start sendmail', it takes a few seconds, sendmail starts.

When I run systemctl status sendmail just after rebooting, this is what it
looks like:

# systemctl status sendmail
● sendmail.service - LSB: powerful, efficient, and scalable Mail Transport
Agent
   Loaded: loaded (/etc/init.d/sendmail)
   Active: active (exited) since Tue 2015-02-03 18:23:25 EST; 1min 27s ago
  Process: 2604 ExecStart=/etc/init.d/sendmail start (code=exited,
status=0/SUCCESS)

Feb 03 18:23:24 bottom.networkguild.org sendmail[2604]: Starting Mail
Transpo...
Feb 03 18:23:24 bottom.networkguild.org sm-mta[2822]: NOQUEUE:
SYSERR(root): ...
Feb 03 18:23:25 bottom.networkguild.org sendmail[2604]: .
Feb 03 18:23:25 bottom.networkguild.org systemd[1]: Started LSB: powerful,
ef...
Hint: Some lines were ellipsized, use -l to show in full.

# ps aux | grep sendmail | grep -v grep

There's no sendmail process.


> I tried installing sendmail on a minimal test installation and systemd
> started at least one daemon ("sendmail: MTA: accepting connections"),
> so at least something gets started (though it complained about the test
> installation not having a FQDN so other parts might be broken and not
> have started).


So one difference is I upgraded a machine from wheezy to testing.  Yes,
that's the sendmail daemon you see, that's what success looks like.  But at
least you are getting it to start at boot whereas I am not.

Re: sendmail on debian testing

[Michael Grant]

On Tue, Feb 3, 2015 at 6:16 PM, Reco  wrote:
>
> On Tue, Feb 03, 2015 at 05:31:26PM +, Michael Grant wrote:
> > On Tue, Feb 3, 2015 at 4:04 PM, Reco  wrote:
> ...
> >
> > Try adding
> >
> > export _SYSTEMCTL_SKIP_REDIRECT="true"
> >
> > to /etc/init.d/sendmail
> >
> > Thanks, this is progress, I can now start sendmail by hand by running
> '/etc/init.d/sendmail start', but it's not starting automatically at boot
> time.
>
> An expected result, sadly (see below).
>
>
> > I don't know if this has anything to do with that:
> >
> > # systemctl enable sendmail
> > Synchronizing state for sendmail.service with sysvinit using
> update-rc.d...
> > Executing /usr/sbin/update-rc.d sendmail defaults
> > Executing /usr/sbin/update-rc.d sendmail enable
> >
> > # systemctl is-enabled sendmail
> > Failed to get unit file state for sendmail.service: No such file or
> directory
>
> No, it doesn't have anything with it.
>
> Systemd uses it's own way to define a service called a 'service unit'.
> Presumably, systemd has something for the compatibility with old init
> (aka sysvinit), which *should* start those /etc/init.d/ scripts just as
> good as if sysvinit itself would do it. Well, now we see how well it
> works in the reality :)
>
>
> Ok, let's try something different then - based on [1]. Try creating the
> file called /etc/systemd/system/sendmail.service with the following
> contents:
>
> ###cut###
>
> [Unit]
> Description=Sendmail Mail Transport Agent
> After=syslog.target network.target
> Conflicts=postfix.service exim.service
>
> [Service]
> Type=forking
> PIDFile=/run/sendmail.pid
> Environment=SENDMAIL_OPTS=-q1h
> EnvironmentFile=-/etc/default/sendmail
> ExecStartPre=-/etc/mail/make
> ExecStartPre=-/etc/mail/make aliases
> ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG
>
> [Install]
> WantedBy=multi-user.target
>
> ###cut###
>
>
> Revert the _SYSTEMCTL_SKIP_REDIRECT change, see how it goes now.
> This unit file may require tweaking in $SENDMAIL_OPTS $SENDMAIL_OPTARG
> part - I'm unable to check now what kind of variables are sourced by
> /etc/default/sendmail.
>
> Ok, I tried creating that file and removing the line from
/etc/default/sendmail.  It still did not come up when the machine booted.

>
>
> > Incidentally, the sendmail package even in experimental is significantly
> out of date. The package appears orphaned. Several people seem to have
> tried to step
> > up to do something about this but nothing has happened. Is sendmail dead
> on Debian?
>
> Unknown to me. Truth to be told, personally I try to avoid using
> sendmail whenever possible. Sendmail.cf's syntax is way too arcane to me.
> Still, I can't stand a broken Debian package more than a certain MTA :)


I've used sendmail since the '80s.  It's difficult find a more stable  and
well tested mailer.  Almost impossible to get it to drop a message to
/dev/null unlike some other mailers out there.  I used to write my own cf
files back in the day but you really don't have to mess with that now.  The
m4 syntax is a bit ugly but usable and now it's just a configuration file.

Re: sendmail on debian testing

[Bob Proulx]

Michael Grant wrote:
> I'm still searching for an answer to this.
> After upgrade from wheezy to testing, sendmail no longer starts.
> I see that the system is using systemd.
> ...

Some comments that I think are relevant...

Since it took a while for someone to respond to your question it tells
me that it is a combination of tools that not many people are using.
You are using sendmail in combination with systemd.  That is an
unusual combination.  If it were widely used then many people would
have been responding already.  Frankly you might be one of the few
trailblazing that combination.

Trailblazers are great!  They are the ones who make things happen.
However not everyone wants to be a trailblazer.  There just isn't
enough time for everyone to do everything.  You sound like a busy
person without the time to debug everything.  Perhaps it would be good
to change to a more mainstream combination?  If it were a mainstream
combination then the problem would almost certainly already have been
seen and fixed.  Something with a lot of users and a lot of support.

In this case I would suggest that Sendmail is no longer the mainstream
mail transfer agent.  Instead I suggest migrating to Postfix.  (Or
Exim but I personally really prefer Postfix so will recommend
Postfix.)  Postfix is well tested and very well supported.  There has
been discussion of making Postfix the default mta on Debian.  (But
that will never happen because Exim isn't bad just not as popular.)

Since you are using Sendmail I assume you have been using Sendmail
forever.  You probably have multiple editions of the O'Reilly Sendmail
book on your bookshelf.  You probably hate to take the time to migrate
a working configuration tuned over decades to something different.  I
have been there and glance over at my two remaining editions of the
O'Reilly Sendmail books on my bookshelf.  Let me say that moving to
Postfix was very easy.  I don't even have one copy of the O'Reilly
Postfix book.  It has an easy to understand design and the online
documentation is excellent.  I have been where you are with Sendmail
and migrating to Postfix was a good decision for me.  I suggest that
it would be for you too.  YMMV.

Good luck!

Bob


signature.asc
Description: Digital signature

Re: sendmail on debian testing

[Ansgar Burchardt]

Hi,

Michael Grant  writes:
> On Tue, Feb 3, 2015 at 4:04 PM, Reco  wrote:
>> A nessesary correction - /etc/init.d/sendmail *tries* to run
>> '/bin/systemctl start sendmail.service'.
>>
>> But, since no sendmail* package provide systemd's service file -
>> nothing happens.

Not true. Systemd is supposed to handle sysvinit scripts as well,
i.e. when there is no native .service file for systemd it will run the
scripts in /etc/init.d/*. This seems to not work here for some reason.

>> Try adding
>> export _SYSTEMCTL_SKIP_REDIRECT="true"
>> to /etc/init.d/sendmail
>
> Thanks, this is progress, I can now start sendmail by hand by running
> '/etc/init.d/sendmail start', but it's not starting automatically at boot
> time.
>
> I don't know if this has anything to do with that:
>
> # systemctl enable sendmail
> Synchronizing state for sendmail.service with sysvinit using update-rc.d...
> Executing /usr/sbin/update-rc.d sendmail defaults
> Executing /usr/sbin/update-rc.d sendmail enable
>
> # systemctl is-enabled sendmail
> Failed to get unit file state for sendmail.service: No such file or
> directory

That should be fine for services without a systemd .service file.

> also, a better place to add this:
>
> export _SYSTEMCTL_SKIP_REDIRECT="true"
>
> to is /etc/default/sendmail and not modify /etc/init.d/sendmail.  Adding
> this to /etc/default/sendmail seems to work equally as well in that running
> '/etc/init.d/sendmail start' does manually start sendmail.

That is no surprise: at boot it's still systemd calling
/etc/init.d/sendmail so workarounds to bypass systemd don't work.

Could you try restarting sendmail (systemctl restart sendmail) and show
the output of `systemctl status sendmail'? It also shows the most recent
log entries, but the output of journalctl --unit sendmail --since -5min
might also be useful (if it shows more messages).

I tried installing sendmail on a minimal test installation and systemd
started at least one daemon ("sendmail: MTA: accepting connections"),
so at least something gets started (though it complained about the test
installation not having a FQDN so other parts might be broken and not
have started).

Ansgar


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/87egq6kg1b@deep-thought.43-1.org

Re: sendmail on debian testing

[Michael Grant]

On Tue, Feb 3, 2015 at 4:04 PM, Reco  wrote:

>  Hi.
>
> On Tue, Feb 03, 2015 at 02:03:25PM +, Michael Grant wrote:
> > I'm still searching for an answer to this.
> >
> > After upgrade from wheezy to testing, sendmail no longer starts.
> >
> > I see that the system is using systemd.  I see that the
> /etc/init.d/sendmail script now runs /bin/systemctl start
> sendmail.service.  But sendmail isn't
> > started.  Even running '/bin/systemctl start sendmail.service' manually,
> nothing happens.
>
> A nessesary correction - /etc/init.d/sendmail *tries* to run
> '/bin/systemctl start sendmail.service'.
>
> But, since no sendmail* package provide systemd's service file -
> nothing happens.
>
> Such behaviour cannot be considered systemd's bug IMO - systemd simply
> does what it's intended to do in this case.
>
> But, at the same time, such behaviour can be considered as a sendmail
> bug (given that systemd is Jessie's default init, and sendmail is not
> starting with this init).
>
> Still, there's a way to workaround this.
>
> Try adding
>
> export _SYSTEMCTL_SKIP_REDIRECT="true"
>
> to /etc/init.d/sendmail
>

Thanks, this is progress, I can now start sendmail by hand by running
'/etc/init.d/sendmail start', but it's not starting automatically at boot
time.

I don't know if this has anything to do with that:

# systemctl enable sendmail
Synchronizing state for sendmail.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d sendmail defaults
Executing /usr/sbin/update-rc.d sendmail enable

# systemctl is-enabled sendmail
Failed to get unit file state for sendmail.service: No such file or
directory

also, a better place to add this:

export _SYSTEMCTL_SKIP_REDIRECT="true"

to is /etc/default/sendmail and not modify /etc/init.d/sendmail.  Adding
this to /etc/default/sendmail seems to work equally as well in that running
'/etc/init.d/sendmail start' does manually start sendmail.

Incidentally, the sendmail package even in experimental is significantly
out of date. The package appears orphaned. Several people seem to have
tried to step up to do something about this but nothing has happened. Is
sendmail dead on Debian?

Re: sendmail on debian testing

[Reco]

 Hi.

On Tue, Feb 03, 2015 at 02:03:25PM +, Michael Grant wrote:
> I'm still searching for an answer to this.
> 
> After upgrade from wheezy to testing, sendmail no longer starts.
> 
> I see that the system is using systemd.  I see that the /etc/init.d/sendmail 
> script now runs /bin/systemctl start sendmail.service.  But sendmail isn't
> started.  Even running '/bin/systemctl start sendmail.service' manually, 
> nothing happens.

A nessesary correction - /etc/init.d/sendmail *tries* to run
'/bin/systemctl start sendmail.service'.

But, since no sendmail* package provide systemd's service file -
nothing happens.

Such behaviour cannot be considered systemd's bug IMO - systemd simply
does what it's intended to do in this case.

But, at the same time, such behaviour can be considered as a sendmail
bug (given that systemd is Jessie's default init, and sendmail is not
starting with this init).

Still, there's a way to workaround this.

Try adding

export _SYSTEMCTL_SKIP_REDIRECT="true"

to /etc/init.d/sendmail


Reco


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150203160421.GA21852@x101h

Re: sendmail on debian testing

[Michael Grant]

I'm still searching for an answer to this.

After upgrade from wheezy to testing, sendmail no longer starts.

I see that the system is using systemd.  I see that the
/etc/init.d/sendmail script now runs /bin/systemctl start
sendmail.service.  But sendmail isn't started.  Even running
'/bin/systemctl start sendmail.service' manually, nothing happens.

I don't see any obvious way to get any debug info out of systemctl.

# systemctl is-enabled sendmail
Failed to get unit file state for sendmail.service: No such file or
directory

and

# /bin/systemctl enable sendmail.service
Synchronizing state for sendmail.service with sysvinit using update-rc.d...
Executing /usr/sbin/update-rc.d sendmail defaults
Executing /usr/sbin/update-rc.d sendmail enable
# systemctl is-enabled sendmail
Failed to get unit file state for sendmail.service: No such file or
directory


On Sun, Feb 1, 2015 at 12:11 AM, Michael Grant  wrote:

> Today I upgraded a test machine from wheezy to testing.
>
> It seemed to install systemd, I'm not sure if it's using it or not.
>
> One thing I noticed though was that sendmail no longer starts at boot.
> Even if I run:
>
> /etc/init.d/sendmail start
>
> or if I cd to /etc/mail and run:
>
> make restart
>
> or if I do this:
>
>
> nothing except running 'sendmail -bd' will start sendmail.
>
> In syslog I see this:
>
> Jan 31 18:53:43 blah systemd[1]: Started LSB: powerful, efficient, and
> scalable Mail Transport Agent.
>
> in mail.log I don't see anything when I try to start sendmail via
> /etc/init.d/sendmail.
>
> I do not have the lsb-invalid-mta package installed.  I have tried
> reinstalling the sendmail package.  I have tried the testing and unstable
> versions of sendmail.
>
> Any ideas where I should look next to figure out what's going on?
>
> Michael Grant
>
>

Re: Sendmail greeting delay

[David Parker]

Just for the sake of completeness, this wasn't actually an issue with the
GreetPause option or anything else in the access file.  The problem was
that sendmail was attempting an IDENT query to the client, with a 5-second
timeout.  The access file wasn't even checked until after the timeout
expired.  In retrospect, I guess it makes sense because I was testing this
by connecting with openssl, which is just looking for the SSL/TLS info at
the beginning of the connection, and doesn't need to wait for the
greeting.  The GreetPause values work as expected for actual client
connections on port 25, 465, or 587.

Thanks!

On Tue, Jan 13, 2015 at 3:27 PM, David Parker  wrote:

> Thanks, but it looks like the IDENT setting was the culprit.  I just had
> to change this setting in sendmail.cf:
>
> O Timeout.ident=5s
>
> Changing it from 5s to 0s resolved the problem immediately.  Thanks again,
> everyone!
>
> On Tue, Jan 13, 2015 at 3:07 PM, Jonathan Siegle  wrote:
>
>> On 2015-01-13 at 12:38, David Parker wrote:
>>
>>  Hello,
>>>
>>> My /etc/mail/access file is pasted below.  The PC I'm testing from is on
>>> the 10.x.x.x network, which should be allowed to
>>> connect with no delay.  I have also tried setting the default GreetPause
>>> to "0" but it still made no difference.
>>>
>>> 
>>> Connect:localhost RELAY
>>> GreetPause:localhost 0
>>> ClientRate:localhost 0
>>> ClientConn:localhost 0
>>> Connect:127 RELAY
>>> GreetPause:127 0
>>> ClientRate:127 0
>>> ClientConn:127 0
>>> Connect:IPv6:::1 RELAY
>>> GreetPause:IPv6:::1 0
>>> ClientRate:IPv6:::1 0
>>> ClientConn:IPv6:::1 0
>>> Connect:10 RELAY
>>> GreetPause:10 0
>>> ClientRate:10 0
>>> ClientConn:10 0
>>>
>>
>>
>> Dave,
>> I'm struggling with a reference beyond my own work. Please try
>> putting a second and maybe a third octet on your GreetPause: 10 line. Also,
>> please verify you are issuing a kill -HUP on sendmail. We never got
>> sendmail greetpause to work with a single octet. Normally we do 3 octets
>> for all the RFC1918 addresses we use.
>>
>> -Jonathan
>
>
>
>
> --
> Dave Parker
> Systems Administrator
> Utica College
> Integrated Information Technology Services
> (315) 792-3229
> Registered Linux User #408177
>



-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Re: Sendmail greeting delay

[David Parker]

Thanks, but it looks like the IDENT setting was the culprit.  I just had to
change this setting in sendmail.cf:

O Timeout.ident=5s

Changing it from 5s to 0s resolved the problem immediately.  Thanks again,
everyone!

On Tue, Jan 13, 2015 at 3:07 PM, Jonathan Siegle  wrote:

> On 2015-01-13 at 12:38, David Parker wrote:
>
>  Hello,
>>
>> My /etc/mail/access file is pasted below.  The PC I'm testing from is on
>> the 10.x.x.x network, which should be allowed to
>> connect with no delay.  I have also tried setting the default GreetPause
>> to "0" but it still made no difference.
>>
>> 
>> Connect:localhost RELAY
>> GreetPause:localhost 0
>> ClientRate:localhost 0
>> ClientConn:localhost 0
>> Connect:127 RELAY
>> GreetPause:127 0
>> ClientRate:127 0
>> ClientConn:127 0
>> Connect:IPv6:::1 RELAY
>> GreetPause:IPv6:::1 0
>> ClientRate:IPv6:::1 0
>> ClientConn:IPv6:::1 0
>> Connect:10 RELAY
>> GreetPause:10 0
>> ClientRate:10 0
>> ClientConn:10 0
>>
>
>
> Dave,
> I'm struggling with a reference beyond my own work. Please try
> putting a second and maybe a third octet on your GreetPause: 10 line. Also,
> please verify you are issuing a kill -HUP on sendmail. We never got
> sendmail greetpause to work with a single octet. Normally we do 3 octets
> for all the RFC1918 addresses we use.
>
> -Jonathan




-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Re: Sendmail greeting delay

[Jonathan Siegle]

On 2015-01-13 at 12:38, David Parker wrote:


Hello,

My /etc/mail/access file is pasted below.  The PC I'm testing from is on the 
10.x.x.x network, which should be allowed to
connect with no delay.  I have also tried setting the default GreetPause to "0" 
but it still made no difference.


Connect:localhost RELAY
GreetPause:localhost 0
ClientRate:localhost 0
ClientConn:localhost 0
Connect:127 RELAY
GreetPause:127 0
ClientRate:127 0
ClientConn:127 0
Connect:IPv6:::1 RELAY
GreetPause:IPv6:::1 0
ClientRate:IPv6:::1 0
ClientConn:IPv6:::1 0
Connect:10 RELAY
GreetPause:10 0
ClientRate:10 0
ClientConn:10 0



Dave,
	I'm struggling with a reference beyond my own work. Please try 
putting a second and maybe a third octet on your GreetPause: 10 line. 
Also, please verify you are issuing a kill -HUP on sendmail. We never got 
sendmail greetpause to work with a single octet. Normally we do 3 octets 
for all the RFC1918 addresses we use.


-Jonathan

Re: Sendmail greeting delay

[David Parker]

Yes!  That seems to be the culprit.  I ran an strace on the sendmail
process and that's exactly what happens:

[ ... ]
4007  15:09:08.386921 connect(5, {sa_family=AF_INET, sin_port=htons(113),
sin_addr=inet_addr("10.3.1.40")}, 16 
3792  15:09:13.386272 <... select resumed> ) = 0 (Timeout)
[ ... ]

Where 10.3.1.40 is the IP of the client PC.  So now I just need to dig into
the config and figure out how to stop it.  Thanks!


On Tue, Jan 13, 2015 at 3:16 PM, Joe  wrote:

> On Tue, 13 Jan 2015 20:12:11 +
> Joe  wrote:
>
> > On Tue, 13 Jan 2015 14:27:42 -0500
> > David Parker  wrote:
> >
> > > Thanks for the replies.
> > >
> > > The system is not using tcpwrappers, and it's also not a DNS issue.
> > > The client PC does have a reverse DNS entry.  A tcpdump packet
> > > capture on the server shows the initial connection from the client
> > > followed by a bunch of DNS traffic, all within the same second.
> > > Then nothing happens for exactly 5 seconds, then the server sends
> > > data back to the client.
> > >
> > > Just to be extra sure, I added an entry for it in /etc/hosts so DNS
> > > wouldn't even be needed.  Still made no difference.
> > >
> >
> > Is it asking for an ident from the connecting server (TCP port 7)?
> > This is an old-fashioned custom, when computers with MTAs also ran
> > ident servers, which provided some fairly harmless information.
> >
> > Exim4 can certainly ask for an ident, and does nothing for a
> > configurable timeout unless one is received, or the sender address is
> > whitelisted. It is a simple anti-spam measure, as practically nothing
> > runs ident servers today, and most malware will give up before a
> > thirty-second timeout expires, whereas a legitimate MTA will wait
> > for that long.
> >
>
> OK, where did the 7 come from? Should be port 113. I saw it just as the
> mouse button clicked...
>
> --
> Joe
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive:
> https://lists.debian.org/20150113201613.0b84c...@jresid.jretrading.com
>
>


-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Re: Sendmail greeting delay

[Joe]

On Tue, 13 Jan 2015 20:12:11 +
Joe  wrote:

> On Tue, 13 Jan 2015 14:27:42 -0500
> David Parker  wrote:
> 
> > Thanks for the replies.
> > 
> > The system is not using tcpwrappers, and it's also not a DNS issue.
> > The client PC does have a reverse DNS entry.  A tcpdump packet
> > capture on the server shows the initial connection from the client
> > followed by a bunch of DNS traffic, all within the same second.
> > Then nothing happens for exactly 5 seconds, then the server sends
> > data back to the client.
> > 
> > Just to be extra sure, I added an entry for it in /etc/hosts so DNS
> > wouldn't even be needed.  Still made no difference.
> > 
> 
> Is it asking for an ident from the connecting server (TCP port 7)?
> This is an old-fashioned custom, when computers with MTAs also ran
> ident servers, which provided some fairly harmless information.
> 
> Exim4 can certainly ask for an ident, and does nothing for a
> configurable timeout unless one is received, or the sender address is
> whitelisted. It is a simple anti-spam measure, as practically nothing
> runs ident servers today, and most malware will give up before a
> thirty-second timeout expires, whereas a legitimate MTA will wait
> for that long.
> 

OK, where did the 7 come from? Should be port 113. I saw it just as the
mouse button clicked...

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150113201613.0b84c...@jresid.jretrading.com

Re: Sendmail greeting delay

[Joe]

On Tue, 13 Jan 2015 14:27:42 -0500
David Parker  wrote:

> Thanks for the replies.
> 
> The system is not using tcpwrappers, and it's also not a DNS issue.
> The client PC does have a reverse DNS entry.  A tcpdump packet
> capture on the server shows the initial connection from the client
> followed by a bunch of DNS traffic, all within the same second.  Then
> nothing happens for exactly 5 seconds, then the server sends data
> back to the client.
> 
> Just to be extra sure, I added an entry for it in /etc/hosts so DNS
> wouldn't even be needed.  Still made no difference.
> 

Is it asking for an ident from the connecting server (TCP port 7)? This
is an old-fashioned custom, when computers with MTAs also ran ident
servers, which provided some fairly harmless information.

Exim4 can certainly ask for an ident, and does nothing for a
configurable timeout unless one is received, or the sender address is
whitelisted. It is a simple anti-spam measure, as practically nothing
runs ident servers today, and most malware will give up before a
thirty-second timeout expires, whereas a legitimate MTA will wait
for that long.

-- 
Joe


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150113201211.68976...@jresid.jretrading.com

Re: Sendmail greeting delay

[David Parker]

Thanks for the replies.

The system is not using tcpwrappers, and it's also not a DNS issue.  The
client PC does have a reverse DNS entry.  A tcpdump packet capture on the
server shows the initial connection from the client followed by a bunch of
DNS traffic, all within the same second.  Then nothing happens for exactly
5 seconds, then the server sends data back to the client.

Just to be extra sure, I added an entry for it in /etc/hosts so DNS
wouldn't even be needed.  Still made no difference.

Thanks,
Dave

On Mon, Jan 12, 2015 at 4:21 PM, Chris Davies 
wrote:

> David Parker  wrote:
> > We have an SMTP server running Sendmail 8.14.4-4 on Debian 7 64-bit.
>
> > Kaccess hash -T /etc/mail/access
> > # FEATURE(`access_db', `hash -T /etc/mail/access', `skip')dnl
>
> > For some reason, I just can't get it to not pause when greeting external
> > (non-localhost) connections. [...]
> > if I test from another PC on our network, it connects, pauses for 5
> > seconds, and then prints the SSL information.
>
> Does your PC have an rDNS entry, and if not could this delay be a DNS
> lookup timeout?
>
> Chris
>
>
> --
> To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmas...@lists.debian.org
> Archive: https://lists.debian.org/rfqdobx8se@news.roaima.co.uk
>
>


-- 
Dave Parker
Systems Administrator
Utica College
Integrated Information Technology Services
(315) 792-3229
Registered Linux User #408177

Re: Sendmail greeting delay

[Chris Davies]

David Parker  wrote:
> We have an SMTP server running Sendmail 8.14.4-4 on Debian 7 64-bit.

> Kaccess hash -T /etc/mail/access
> # FEATURE(`access_db', `hash -T /etc/mail/access', `skip')dnl

> For some reason, I just can't get it to not pause when greeting external
> (non-localhost) connections. [...]
> if I test from another PC on our network, it connects, pauses for 5
> seconds, and then prints the SSL information.

Does your PC have an rDNS entry, and if not could this delay be a DNS
lookup timeout?

Chris


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/rfqdobx8se@news.roaima.co.uk

Re: Sendmail greeting delay

[Burhan Hanoglu]

On Tue, Jan 13, 2015 at 7:38 PM, David Parker  wrote:

> Hello,
>
> We have an SMTP server running Sendmail 8.14.4-4 on Debian 7 64-bit.
> We're using the file /etc/mail/access for access control and rate limiting,
> and this is enabled via the following lines in /etc/mail/sendmail.cf:
>
> Kaccess hash -T /etc/mail/access
> # FEATURE(`access_db', `hash -T /etc/mail/access', `skip')dnl
>
> For some reason, I just can't get it to not pause when greeting external
> (non-localhost) connections.  I was testing SSL/TLS connectivity when I
> discovered the delay, using "openssl s_client -connect smtp-server:465".
> If I run this command from the SMTP server, it connects and then prints all
> of the SSL and certificate information immediately.  But if I test from
> another PC on our network, it connects, pauses for 5 seconds, and then
> prints the SSL information.
>
> My /etc/mail/access file is pasted below.  The PC I'm testing from is on
> the 10.x.x.x network, which should be allowed to connect with no delay.  I
> have also tried setting the default GreetPause to "0" but it still made no
> difference.
>
> 
> Connect:localhost RELAY
> GreetPause:localhost 0
> ClientRate:localhost 0
> ClientConn:localhost 0
> Connect:127 RELAY
> GreetPause:127 0
> ClientRate:127 0
> ClientConn:127 0
> Connect:IPv6:::1 RELAY
> GreetPause:IPv6:::1 0
> ClientRate:IPv6:::1 0
> ClientConn:IPv6:::1 0
> Connect:10 RELAY
> GreetPause:10 0
> ClientRate:10 0
> ClientConn:10 0
>
> # Defaults
> Connect: REJECT
> GreetPause: 5000
> ClientRate: 10
> ClientConn: 10
>
> # Whitelisted users
> Spam:postmaster@ FRIEND
> Spam:abuse@ FRIEND
> Spam:spam@ FRIEND
>
> # Blacklisted users
> reject@ REJECT
>
> # Block invalid IPs
> Connect:169.254 REJECT
> Connect:192.0.2 REJECT
> Connect:224 REJECT
> Connect:255 REJECT
> 
>
> Any help would be greatly appreciated.  Thanks!
>
>
Hi Dave,

I'd add the IP address of that PC to /etc/hosts.allow on sendmail machine
to rule out TCP Wrappers...

Also; any chance something is doing reverse dns check?

Burhan

Re: Sendmail command

[Emil Oppeln-Bronikowski]

On Tue, Jan 06, 2015 at 06:34:45AM -0500, Roman Gelfand wrote:
> Is there a way to specify smart host and credentials with Sendmail
> command?  If yes,  could you point me to example.

May I recommend msmtp? It's perfect for relaying e-mail to always-connected, 
real SMTPs. I'm using it on my, mostly offline, laptop, to deliver my e-mails 
via Mutt.

-- 
vag·a·bond adjective \ˈva-gə-ˌbänd\
 a :  of, relating to, or characteristic of a wanderer 
 b :  leading an unsettled, irresponsible, or disreputable life


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150106114546.GA3702@mikrus

Re: [sendmail] outgoing mail leaves dead letter

[Brian]

On Tue 14 Oct 2014 at 19:10:05 -0400, Harry Putnam wrote:

> OK, here we go.
> 
> mailx -v -s "TEST "141014_184452" 2xd1 rea...@jtan.com < /tmp/tstmsg.txt

Two mails are being sent.

> 550 5.1.1 <2...@2xd1.local.lan>... User unknown

This one didn't make it.
 
>  Why does it go to a dead letter? 

So it was saved in dead letter.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: 
https://lists.debian.org/15102014105408.ecc6a52e8...@desktop.copernicus.demon.co.uk

Re: sendmail rejected local connection

[T o n g]

On Wed, 29 Sep 2010 18:19:03 +, T o n g wrote:

> It seems to me that sendmail is not accepting local smtp connections:

because of the sendmail service is not started (this is a new install).

 update-rc.d sendmail defaults
 invoke-rc.d sendmail start

problem solved. 

-- 
Tong (remove underscore(s) to reply)
  http://xpt.sourceforge.net/techdocs/
  http://xpt.sourceforge.net/tools/


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: http://lists.debian.org/i826nr$iv...@dough.gmane.org

Re: Sendmail to send mail only, using MX records

[Richard A Nelson]

On Sun, 21 Jun 2009, Kelly Jones wrote:


I have sendmail installed on etch, but not running as a daemon


Why on earth would you do that ... sendmail, like any other MTA these
days binds only to 127.0.0.1 by default.


When I do:

# echo "Test" | /usr/lib/sendmail f...@bar.com

the logs show this:

Jun 21 11:13:51 debian sendmail[3924]: n5LFDpSS003924: to=...@bar.com,
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay,
pri=30005, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred:
Connection refused by [127.0.0.1]


Right...  Install sendmail-doc and read
/usr/share/doc/sendmail/sendmail/SECURITY.gz

For improved security, sendmail has been split into two pieces - the
Mail Submission Agent/Program  and the Mail Transport Agent.


How can I tell /usr/lib/sendmail to do an MX lookup on bar.com and
connect to that server, instead of connecting to localhost?


You have two basic choices:
1) Allow sendmail daemon to start, things will just work !
2) setup submit.mc in a null-client type setup using a smart host.


I realize my command above has other errors, but if I can solve the
MX-lookup issue, I'm sure I can get everything else working.


There is no MX lookup issue, the issue is not understanding how sendmail
works.


I also realize I'll have to run "sendmail -q -v" regularly (via cron?)
to flush any stuck messages.


Doable, or you can let the default setup just work.

--
Rick Nelson
 Overfiend - BTW, after we've discovered X takes all of 1.4 GIGS
   to build, are you willing admit that X is bloatware?  =>
 KB: there is a 16 1/2 minute gap in my answer
 knghtbrd: evidence exists that X is only the *2nd* worst windowing
  system ;)


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail to send mail only, using MX records

[Tzafrir Cohen]

On Sun, Jun 21, 2009 at 12:55:44PM -0700, Kelly Jones wrote:
> On 6/21/09, Bob Proulx  wrote:
> > Kelly Jones wrote:
> >> I have sendmail installed on etch,
> >
> > Is there a reason not to upgrade to Lenny, the current stable?  This
> > is outside of your current problem but you really should think about
> > keeping current.
> 
> I plan to use a cluster of cheap VPS' for redundancy. Many VPS
> providers now offer etch; very few offer lenny.
> 
> > Using Sendmail is probably okay but IMNHO there are better choices.
> > Would you entertain using a different MTA?  If you want a full
> > internet site mailer then I recommend that you install and use either
> > Postfix or Exim.  I personally prefer Postfix.  But in either case you
> > could simply install and it would solve your problem.
> >
> >   apt-get install postfix
> >
> > Answer the debconf questions for an internet site and then you are
> > set.  No other configuration is needed.
> 
> I'm happy to use any MTA that 1) delivers email to anydomain.com using
> its MX record, 2) queues mail that it can't send, and 3) doesn't run a
> daemon (I don't accept incoming email on these servers).
> 
> I had exim4 installed, but it kept telling me "not configured to send
> mail to remote hosts" or something.
> 
> Postfix will really just work "out of the box"?

Both Exim and Postfix have a simple debconf-based configurator . 

  dpkg-reconfigure exim4-config
  #dpkg-reconfigure postfix

I personally prefer postfix. But Exim is also well-supported here.

> debian:~# dpkg -S /usr/sbin/sendmail
> dpkg: /usr/sbin/sendmail not found.

> debian:~# ls -l /usr/sbin/sendmail /usr/lib/sendmail
> 
> lrwxrwxrwx 1 root root 30 2009-06-19 16:17 /usr/lib/sendmail -> 
> /etc/alternativ\
> es/lib.sendmail*
> lrwxrwxrwx 1 root root 26 2009-06-19 16:17 /usr/sbin/sendmail -> 
> /etc/alternati\
> ves/sendmail*
> 
> Hmmm, what the heck am I running?

/usr/sbin/update-alternatives --display sendmail

-- 
Tzafrir Cohen | tzaf...@jabber.org | VIM is
http://tzafrir.org.il || a Mutt's
tzaf...@cohens.org.il ||  best
ICQ# 16849754 || friend


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail to send mail only, using MX records

[Eduardo M KALINOWSKI]

Kelly Jones wrote:
> On 6/21/09, Bob Proulx  wrote:
>   
>> Kelly Jones wrote:
>> 
>> Is there a reason not to upgrade to Lenny, the current stable?  This
>> is outside of your current problem but you really should think about
>> keeping current.
>> 
>
> I plan to use a cluster of cheap VPS' for redundancy. Many VPS
> providers now offer etch; very few offer lenny.
>   

You can ask for an Etch VM and upgrade it to Lenny. It will probably
still run an older kernel, but this should bring no problems.


-- 
Your education begins where what is called your education is over.

Eduardo M KALINOWSKI
edua...@kalinowski.com.br


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail to send mail only, using MX records

[Kelly Jones]

On 6/21/09, Bob Proulx  wrote:
> Kelly Jones wrote:
>> I have sendmail installed on etch,
>
> Is there a reason not to upgrade to Lenny, the current stable?  This
> is outside of your current problem but you really should think about
> keeping current.

I plan to use a cluster of cheap VPS' for redundancy. Many VPS
providers now offer etch; very few offer lenny.

> Using Sendmail is probably okay but IMNHO there are better choices.
> Would you entertain using a different MTA?  If you want a full
> internet site mailer then I recommend that you install and use either
> Postfix or Exim.  I personally prefer Postfix.  But in either case you
> could simply install and it would solve your problem.
>
>   apt-get install postfix
>
> Answer the debconf questions for an internet site and then you are
> set.  No other configuration is needed.

I'm happy to use any MTA that 1) delivers email to anydomain.com using
its MX record, 2) queues mail that it can't send, and 3) doesn't run a
daemon (I don't accept incoming email on these servers).

I had exim4 installed, but it kept telling me "not configured to send
mail to remote hosts" or something.

Postfix will really just work "out of the box"?

>> How can I tell /usr/lib/sendmail to do an MX lookup on bar.com and
>> connect to that server, instead of connecting to localhost?
>
> That question makes me wonder if you really have sendmail installed.
> This is pedantic but please double check.
>
>   dpkg -S /usr/sbin/sendmail
>
> Because the behavior reads to me like a different mta program.

You're right! But I explicitly removed exim4 and exim4-base and
did "apt-get install sendmail". Here's what various commands return:

debian:~# dpkg -S /usr/sbin/sendmail
dpkg: /usr/sbin/sendmail not found.

debian:~# dpkg -l | fgrep -i sendmail
ii  sendmail  8.13.8-3
powerful, efficient, and scalable Mail Trans
ii  sendmail-base 8.13.8-3
powerful, efficient, and scalable Mail Trans
ii  sendmail-bin  8.13.8-3
powerful, efficient, and scalable Mail Trans
ii  sendmail-cf   8.13.8-3
powerful, efficient, and scalable Mail Trans

debian:~# sendmail -d0.1
Version 8.13.8
 Compiled with: DNSMAP LDAPMAP LDAP_REFERRALS LOG MAP_REGEX MATCHGECOS
MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX
NEWDB NIS NISPLUS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT XDEBUG

 SYSTEM IDENTITY (after readcf) 
  (short domain name) $w = [removed]
  (canonical domain name) $j = [removed]
 (subdomain name) $m = [removed]
  (node name) $k = [removed]


Recipient names must be specified

debian:~# ls -l /usr/sbin/sendmail /usr/lib/sendmail

lrwxrwxrwx 1 root root 30 2009-06-19 16:17 /usr/lib/sendmail -> /etc/alternativ\
es/lib.sendmail*
lrwxrwxrwx 1 root root 26 2009-06-19 16:17 /usr/sbin/sendmail -> /etc/alternati\
ves/sendmail*

Hmmm, what the heck am I running?

-- 
We're just a Bunch Of Regular Guys, a collective group that's trying
to understand and assimilate technology. We feel that resistance to
new ideas and technology is unwise and ultimately futile.


-- 
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail to send mail only, using MX records

[Bob Proulx]

Kelly Jones wrote:
> I have sendmail installed on etch,

Is there a reason not to upgrade to Lenny, the current stable?  This
is outside of your current problem but you really should think about
keeping current.

Using Sendmail is probably okay but IMNHO there are better choices.
Would you entertain using a different MTA?  If you want a full
internet site mailer then I recommend that you install and use either
Postfix or Exim.  I personally prefer Postfix.  But in either case you
could simply install and it would solve your problem.

  apt-get install postfix

Answer the debconf questions for an internet site and then you are
set.  No other configuration is needed.

> How can I tell /usr/lib/sendmail to do an MX lookup on bar.com and
> connect to that server, instead of connecting to localhost?

That question makes me wonder if you really have sendmail installed.
This is pedantic but please double check.

  dpkg -S /usr/sbin/sendmail

Because the behavior reads to me like a different mta program.

If you are simply wanting to forward all of your mail to a mail relay
where it will handle the task then I recommend nullmailer.

  apt-get install nullmailer

If you are not interested in anything but Sendmail then please pardon
the suggestions otherwise.

Bob


signature.asc
Description: Digital signature

Re: Sendmail question

[Richard A Nelson]

On Tue, 16 Jun 2009, kj wrote:

I should know this but I'm drawing a blank, and google is only finding the 
things I'm not looking for.


Man, I know the feeling

How do I get sendmail to forget the MX lookups it's done for mail that are 
already in the queue, and check them again?  I have a client who screwed up 
with their DNS, so there's a host of mail in the queue destined to a 
non-existent MX.


1) /etc/init.d/sendmail purgestat now -- purge sendmail host status
2) restart your caching DNS server (and every smtp server should have
   one) to make sure nothing is cached
3) nscd -i hosts -- though actually, you should disable host caching
   in nscd (or better, just purge the whole package)

with all that out of the way, sendmail will lookup the current MX for
each queue run.

--
Rick Nelson
 it's weird, when you go on a safari to Africa to catch a lion, you
   find it alive and it charges, and then you kill it
 when you go on a safari to South Bay to find a Palm Vx, you find
   it dead and take it home and it charges after it arrives :)


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail wants to auth local mails

[Andics László]

Richard A Nelson írta:

On Sun, 1 Feb 2009, Andics László wrote:


DAEMON_OPTIONS(`Name=MSA,Port=submission,Modifiers=aE')


Check submit.mc for the msp feature line - you'll want to make sure
the port is 25 instead of 587 ... something like:
FEATURE(`msp', `[127.0.0.1]', `25')dnl
That was the problem. There is no ports specified is this line. I change 
it to 25, and now working.

Thank you for the help!


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail wants to auth local mails

[Richard A Nelson]

On Sun, 1 Feb 2009, Andics László wrote:


DAEMON_OPTIONS(`Name=MSA,Port=submission,Modifiers=aE')


Check submit.mc for the msp feature line - you'll want to make sure
the port is 25 instead of 587 ... something like:
FEATURE(`msp', `[127.0.0.1]', `25')dnl
--
Rick Nelson

Ever heard of .cshrc?

That's a city in Bosnia.  Right?
(Discussion in comp.os.linux.misc on the intuitiveness of commands.)

Re: Sendmail wants to auth local mails

[owens]

>
>
>
> Original Message 
>From: cow...@debian.org
>To: laci...@gmail.com
>Subject: Re: Sendmail wants to auth local mails
>Date: Sat, 31 Jan 2009 12:27:50 -0800 (PST)
>
>>On Sat, 31 Jan 2009, Andics László wrote:
>>
>>> I have these two Connect lines:
>>> "
>>> Connect:localhostRELAY
>>> Connect:gophernet.huRELAY
>>> "
>>
>>looks ok
>>
>>> I have really no idea what is wrong with this.
>>> Anyway, thanks for the answer.
>>
>>Any Srv_Features lines ?
>>
>>-- 
>>Rick Nelson
>>>  Where in the US is Linus?
When last seen he was in the Portland Oregon area, still coding.
Larry

>>
>>He was in the "Promise Land".
>>  -- David S. Miller 




--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail wants to auth local mails

[Andics László]

Richard A Nelson írta:

On Sat, 31 Jan 2009, Andics László wrote:


Any Srv_Features lines ?


No, my access file is have only those two Connect lines.


Ok, what does your DAEMON_OPTOINS line look like, M=a will
cause this


DAEMON_OPTIONS(`Name=MTA,Port=smtp')
DAEMON_OPTIONS(`Name=MSA,Port=submission,Modifiers=aE')
DAEMON_OPTIONS(`Name=TLSMTA,Port=smtps') <---this is just for some 
users, who using older mail program,

and can't send mail with TLS on port 25.
The auth for roaming users is required.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail wants to auth local mails

[Richard A Nelson]

On Sat, 31 Jan 2009, Andics László wrote:


Any Srv_Features lines ?


No, my access file is have only those two Connect lines.


Ok, what does your DAEMON_OPTOINS line look like, M=a will
cause this

--
Rick Nelson
The purpose of having mailing lists rather than having newsgroups is to
place a barrier to entry which protects the lists and their users from
invasion by the general uneducated hordes.
-- Ian Jackson

Re: Sendmail wants to auth local mails

[Andics László]

Richard A Nelson írta:

On Sat, 31 Jan 2009, Andics László wrote:


I have these two Connect lines:
"
Connect:localhostRELAY
Connect:gophernet.huRELAY
"


looks ok


I have really no idea what is wrong with this.
Anyway, thanks for the answer.


Any Srv_Features lines ?


No, my access file is have only those two Connect lines.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail wants to auth local mails

[Richard A Nelson]

On Sat, 31 Jan 2009, Andics László wrote:


I have these two Connect lines:
"
Connect:localhostRELAY
Connect:gophernet.huRELAY
"


looks ok


I have really no idea what is wrong with this.
Anyway, thanks for the answer.


Any Srv_Features lines ?

--
Rick Nelson

 Where in the US is Linus?


He was in the "Promise Land".
-- David S. Miller 

Re: Sendmail wants to auth local mails

[Andics László]

Richard A Nelson wrote:

On Fri, 30 Jan 2009, Andics László wrote:


The original message was received at Fri, 30 Jan 2009 06:25:17 +0100
from r...@localhost


Is localhost in /etc/mail/local-host-names ?
and sendmail.mc has
FEATURE(`use_cw_file')dnl  # local-host-names

Yes, it"s OK.



 - The following addresses had permanent fatal errors -
root
  (reason: 530 5.7.0 Authentication required)
  (expanded from: root)

 - Transcript of session follows -
... while talking to [127.0.0.1]:

MAIL From: SIZE=665 auth=r...@gophernet.hu


gophernet.hu should also be in /etc/mail/local-host-names

Also OK. I checked this first.



<<< 530 5.7.0 Authentication required
554 5.0.0 Service unavailable

My domain names is set fine, the sendmail config is the same that we 
used over 3 years with no problem, so I have no idea, what is wrong.

Even the Google don't help, I just find an user with the same error.
Please help me to solve this, if your have any idea.


Do you use /etc/mail/access ? does it have any Connect: lines ?


I have these two Connect lines:
"
Connect:localhostRELAY
Connect:gophernet.huRELAY
"

I have really no idea what is wrong with this.
Anyway, thanks for the answer.


--
To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Re: Sendmail wants to auth local mails

[Richard A Nelson]

On Fri, 30 Jan 2009, Andics László wrote:


The original message was received at Fri, 30 Jan 2009 06:25:17 +0100
from r...@localhost


Is localhost in /etc/mail/local-host-names ?
and sendmail.mc has
FEATURE(`use_cw_file')dnl  # local-host-names


 - The following addresses had permanent fatal errors -
root
  (reason: 530 5.7.0 Authentication required)
  (expanded from: root)

 - Transcript of session follows -
... while talking to [127.0.0.1]:

MAIL From: SIZE=665 auth=r...@gophernet.hu


gophernet.hu should also be in /etc/mail/local-host-names


<<< 530 5.7.0 Authentication required
554 5.0.0 Service unavailable

My domain names is set fine, the sendmail config is the same that we used 
over 3 years with no problem, so I have no idea, what is wrong.

Even the Google don't help, I just find an user with the same error.
Please help me to solve this, if your have any idea.


Do you use /etc/mail/access ? does it have any Connect: lines ?

--
Rick Nelson
Ooh, mommy, mommy, what I have now doesn't work in this extremely
unlikely circumstance, so I'll just throw it away and write something
completely new.
-- Linus Torvalds

Re: Sendmail problem and comcast.net

[Account for Debian group mail]

Mike,

Your right! The reverse DNS file for that IP ranged got toasted by a 
FAT finger. Found the error and reload the named server. Thanks for 
spotting that!


Thanks again,

Ken


On Thu, 7 Aug 2008, Mike Bird wrote:


On Thu August 7 2008 13:14:40 Account for Debian group mail wrote:

We're having a problem sending mail to comcast.net. The message we are
getting is:

Aug  7 12:31:18 smtp sm-mta[22694]: m77JV1iC022684:
to=<[EMAIL PROTECTED]>, delay=00:00:17, xdelay=00:00:01, mailer=esmtp, p
ri=210588, relay=mx2.comcast.net. [76.96.30.116], dsn=4.0.0, stat=Deferred:
421 IMTA12.emeryville.ca.mail.comcast.net comcast Reverse DNS failure : Try
again later





Anyone have any ideas? Does anyone have a phone number to get a hold of
comcast.net administrators?


The problem is at your end, not Comcast's end.  Your 209.102.124.32 server
lacks a reverse DNS entry (PTR record) with value smtp.gssf.org.

Most mail servers block or penalize incoming mail from "servers" with no
reverse DNS or where reverse DNS does not match forward DNS.  99.9% of such
cases are not real servers but rather hacked PCs trying to send spam.  The
other 0.1% are real mail servers which by mistake or oversight have DNS
inconsistences - and they should be fixed promptly.

--Mike Bird


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail problem and comcast.net

[Mike Bird]

On Thu August 7 2008 13:14:40 Account for Debian group mail wrote:
> We're having a problem sending mail to comcast.net. The message we are
> getting is:
>
> Aug  7 12:31:18 smtp sm-mta[22694]: m77JV1iC022684:
> to=<[EMAIL PROTECTED]>, delay=00:00:17, xdelay=00:00:01, mailer=esmtp, p
> ri=210588, relay=mx2.comcast.net. [76.96.30.116], dsn=4.0.0, stat=Deferred:
> 421 IMTA12.emeryville.ca.mail.comcast.net comcast Reverse DNS failure : Try
> again later



> Anyone have any ideas? Does anyone have a phone number to get a hold of
> comcast.net administrators?

The problem is at your end, not Comcast's end.  Your 209.102.124.32 server
lacks a reverse DNS entry (PTR record) with value smtp.gssf.org.

Most mail servers block or penalize incoming mail from "servers" with no
reverse DNS or where reverse DNS does not match forward DNS.  99.9% of such
cases are not real servers but rather hacked PCs trying to send spam.  The
other 0.1% are real mail servers which by mistake or oversight have DNS
inconsistences - and they should be fixed promptly.

--Mike Bird


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail and HostStatus handling

[Richard A Nelson]

On Wed, 14 May 2008, NFN Smith wrote:


If I set  DAEMON_HOSTSTATS="No";  in sendmail.conf, then sendmailconfig
deletes /var/lib/sendmail/host_status, as described in relevant
documentation.  However, somewhere along, sendmail is still trying to
write to that directory on the regular runs of the sendmail queues (in
my case, every 20 minutes), and I get an error

Warning: Cannot use HostStatusDirectory = /var/lib/sendmail/host_status: No 
such file or directory


This was tweaked somewhere after your version to also update sendmail.mc
- I can't recall when... I've had more than a few drinks since then...
--
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl undefine(`confHOST_STATUS_DIRECTORY')dnl#DAEMON_HOSTSTATS
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
--

when DAEMON_HOSTSTATS="No", this undefine is uncommented - and that is
what you need to prevent those error messages.


I don't think there's any compelling reason to enable HostStatus, and I
don't think there's any significant performance difference by having it
enabled.


I use it more for diagnostic purposes - so I know what relay hosts are
giving me fits...  but you are correct, sendmail caches hoststatus 
information in-memory, and does its aging there.   I have disk-based

status information that I manually clear out roughly quarterly.

--
Rick Nelson
 heh thats a lost cause, like the correct pronounciation of
 "jewelry"
 give it up :-)
 and the correct spelling of "colour" :)
 heh
 and aluminium
 or nuclear weapons
 are you threating me yankee ?
 just cause we don't have the bomb...
 back off ya yellow belly


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sendmail - dns lookup problem

[Douglas A. Tutty]

On Wed, May 14, 2008 at 08:11:13AM -0700, Todd A. Jacobs wrote:
> On Wed, May 14, 2008 at 01:16:13PM +0200, Viktor Matys wrote:
 
> Best-practice for a mail server is to run a caching name server to
> minimize DNS timeouts. If you're not already doing so, you might want to
> consider that. You might also want to look into setting the "rotate"
> flag in your /etc/resolv.conf or /etc/resolvconf/resolv.conf.d/base to
> spread the load around to more than one upstream resolver.

I find that the easiest caching dns server to use on debian is dnsmasq.
Its basically install and forget for the dns stuff (it can act as a dhcp
server too), other than having other boxes point to this box for dns
lookup.

Doug.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sendmail - dns lookup problem

[Todd A. Jacobs]

On Wed, May 14, 2008 at 01:16:13PM +0200, Viktor Matys wrote:

> WARNING: local host name (;; connection timed out; no servers could be
> reached) is not qualified; see cf/README: WHO AM I?

I run postfix, not sendmail, but wanted to suggest that you check your
/etc/hosts file to ensure that there is a FQDN for your local host, and
that it matches whatever you're telling sendmail. For example:

127.0.1.1   random.grumpa.net random grumpa

Also, IIRC sendmail.mc gets recompiled automagically at startup, so
manual changes to sendmail.cf might not survive a reboot.

> Dj;; connection timed out; no servers could be reached Cw;; connection
> timed out; no servers could be reached CG;; connection timed out; no
> servers could be reached

Best-practice for a mail server is to run a caching name server to
minimize DNS timeouts. If you're not already doing so, you might want to
consider that. You might also want to look into setting the "rotate"
flag in your /etc/resolv.conf or /etc/resolvconf/resolv.conf.d/base to
spread the load around to more than one upstream resolver.

Hope some of this helps. :)

-- 
"Oh, look: rocks!"
-- Doctor Who, "Destiny of the Daleks"


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sendmail - dns lookup problem

[Kim Christensen]

Viktor Matys wrote:

> Hello,
> 
> I have sendmail installed on several servers of different customers.
> When I run sendmailconfig on some server I get message:
> 
> WARNING: local host name (;; connection timed out; no servers could be
> reached) is not qualified; see cf/README: WHO AM I?
> 
> As we can see there in brackets is an error message instead of true
> local host name. This message is returned from dns lookup procedure. But
> dns lookup has no problem (responses are pretty fast):
> 
> hostname -f
> server.example.com

Double-check that the sendmail user account is allowed to perform DNS
queries. If you have firewall rules that only let through hostname
lookups for the root user, you'll probably experience timeout problems
when using a normal user account.

Regards,
Kim
-- 
|_|O|_|  Kim Christensen
|_|_|O|  Public key: http://rac.nu/kchr.asc
|O|O|O|  Web home:   http://rac.nu

() ascii ribbon campain - against html e-mail
/\ www.asciiribbon.org - against proprietary attachments


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[Andrius]

s. keeling wrote:

Andrius <[EMAIL PROTECTED]>:
  

 T o n g wrote:


On Thu, 20 Mar 2008 16:17:51 -0700, Richard A Nelson wrote:
  
  

On Wednesday 19 March 2008 03:21:17 am Andrius wrote:



how to configure Sendmail to send a messages through ISP SMTP server?
  

Install sendmail-doc and check /usr/share/doc/sendmail/cf.README.gz
for SMART_HOST  ( define(`SMART_HOST', `')dnl )

On Wed, 19 Mar 2008, Paul Johnson wrote:


It's probably best to avoid sendmail if you're new to setting up email and go
with the debian default of exim instead.
  

I'll assume you were trying to be helpful (and simply failed), and not
trying to start another MTA pissing contest.


Quite agree. The OP asked for Sendmail, so let's keep our focus on
Sendmail, instead of launching religious war each time. In fact, when the
ISP SMTP server need encrypted authentication, I just can't get exim to
work, despite googling and asking for help in various channels including
this mlist. When swithed back to Sendmail, I found the answer just by
googling, without a single question asked.

Andrius, if you don't know what to next after Richard's step, here is a
short guide:

http://xpt.sourceforge.net/techdocs/nix/conn/mail/sendmail/sndm06-SendmailSmartHostConfiguration/index.html#Sendmail_Smart_Host
  
 Thank you. The bat book now is on my table. Very interesting thing is 
 Sendmail.



Enjoy the ride.  That book's a great read.  I suggest you supplement
it with a peruse of tldp.org as well.  Rick Moen's linuxmafia.com has
some very interesting and at times detailed (config-ish) reading IME.  



[Well, not like Tolstoy (et al), but you know what I mean.]
  
The stuff is working, that is most important. Perhaps Debian kicked-off 
Sendmail only because difficulties to configure.

--

Regards, .
/¯\ |\| |¯\ |¯| | | | |¯|¯/ | | |¯| |  |¯ |¯  /¯\ 
|¯| | | |_/ |¯\ | |_|  ¯|   |¯/ |_| |¯\ |_ |¯ | | |¯| 
   ¯ ¯  ¯  ¯  



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[s. keeling]

Andrius <[EMAIL PROTECTED]>:
>  T o n g wrote:
> > On Thu, 20 Mar 2008 16:17:51 -0700, Richard A Nelson wrote:
> >   
> >> On Wednesday 19 March 2008 03:21:17 am Andrius wrote:
> >> 
> >>> how to configure Sendmail to send a messages through ISP SMTP server?
> >>
> >> Install sendmail-doc and check /usr/share/doc/sendmail/cf.README.gz
> >> for SMART_HOST  ( define(`SMART_HOST', `')dnl )
> >>
> >> On Wed, 19 Mar 2008, Paul Johnson wrote:
> >>>
> >>> It's probably best to avoid sendmail if you're new to setting up email 
> >>> and go
> >>> with the debian default of exim instead.
> >>
> >> I'll assume you were trying to be helpful (and simply failed), and not
> >> trying to start another MTA pissing contest.
> >
> > Quite agree. The OP asked for Sendmail, so let's keep our focus on
> > Sendmail, instead of launching religious war each time. In fact, when the
> > ISP SMTP server need encrypted authentication, I just can't get exim to
> > work, despite googling and asking for help in various channels including
> > this mlist. When swithed back to Sendmail, I found the answer just by
> > googling, without a single question asked.
> >
> > Andrius, if you don't know what to next after Richard's step, here is a
> > short guide:
> >
> > http://xpt.sourceforge.net/techdocs/nix/conn/mail/sendmail/sndm06-SendmailSmartHostConfiguration/index.html#Sendmail_Smart_Host
> 
>  Thank you. The bat book now is on my table. Very interesting thing is 
>  Sendmail.

Enjoy the ride.  That book's a great read.  I suggest you supplement
it with a peruse of tldp.org as well.  Rick Moen's linuxmafia.com has
some very interesting and at times detailed (config-ish) reading IME.  


[Well, not like Tolstoy (et al), but you know what I mean.]
-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)http://blinkynet.net/comp/uip5.html  Linux Counter #80292
- -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[s. keeling]

T o n g <[EMAIL PROTECTED]>:
>  On Thu, 20 Mar 2008 16:17:51 -0700, Richard A Nelson wrote:
> 
> > On Wednesday 19 March 2008 03:21:17 am Andrius wrote:
> > 
> >> how to configure Sendmail to send a messages through ISP SMTP
> >> server? 
> > 
> > Install sendmail-doc and check /usr/share/doc/sendmail/cf.README.gz
> > for SMART_HOST  ( define(`SMART_HOST', `')dnl )
> > 
> > On Wed, 19 Mar 2008, Paul Johnson wrote:
> > 
> >> It's probably best to avoid sendmail if you're new to setting up email and 
> >> go
..^
> >> with the debian default of exim instead.
> > 
> > I'll assume you were trying to be helpful (and simply failed), and not

I think he said what he meant, and it's valid.

> > trying to start another MTA pissing contest.

Chip on your shoulder?  Frankly, I agree with him and I've Sendmailed
over many years.  Exim is far less "interesting", from a non-wizardly
point of view.  Debian was right to have chosen it.  I hear they've
gone to postfix for the next (lenny)?  I'll stick with exim.


-- 
Any technology distinguishable from magic is insufficiently advanced.
(*)http://blinkynet.net/comp/uip5.html  Linux Counter #80292
- -http://www.faqs.org/rfcs/rfc1855.htmlPlease, don't Cc: me.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[Andrius]

T o n g wrote:

On Thu, 20 Mar 2008 16:17:51 -0700, Richard A Nelson wrote:

  

On Wednesday 19 March 2008 03:21:17 am Andrius wrote:



how to configure Sendmail to send a messages through ISP SMTP server?
  

Install sendmail-doc and check /usr/share/doc/sendmail/cf.README.gz
for SMART_HOST  ( define(`SMART_HOST', `')dnl )

On Wed, 19 Mar 2008, Paul Johnson wrote:



It's probably best to avoid sendmail if you're new to setting up email and go
with the debian default of exim instead.
  

I'll assume you were trying to be helpful (and simply failed), and not
trying to start another MTA pissing contest.



Quite agree. The OP asked for Sendmail, so let's keep our focus on
Sendmail, instead of launching religious war each time. In fact, when the
ISP SMTP server need encrypted authentication, I just can't get exim to
work, despite googling and asking for help in various channels including
this mlist. When swithed back to Sendmail, I found the answer just by
googling, without a single question asked.

Andrius, if you don't know what to next after Richard's step, here is a
short guide:

http://xpt.sourceforge.net/techdocs/nix/conn/mail/sendmail/sndm06-SendmailSmartHostConfiguration/index.html#Sendmail_Smart_Host

  
Thank you. The bat book now is on my table. Very interesting thing is 
Sendmail.


Regards,

Andrius


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[T o n g]

On Thu, 20 Mar 2008 16:17:51 -0700, Richard A Nelson wrote:

> On Wednesday 19 March 2008 03:21:17 am Andrius wrote:
> 
>> how to configure Sendmail to send a messages through ISP SMTP server?
> 
> Install sendmail-doc and check /usr/share/doc/sendmail/cf.README.gz
> for SMART_HOST  ( define(`SMART_HOST', `')dnl )
> 
> On Wed, 19 Mar 2008, Paul Johnson wrote:
> 
>> It's probably best to avoid sendmail if you're new to setting up email and go
>> with the debian default of exim instead.
> 
> I'll assume you were trying to be helpful (and simply failed), and not
> trying to start another MTA pissing contest.

Quite agree. The OP asked for Sendmail, so let's keep our focus on
Sendmail, instead of launching religious war each time. In fact, when the
ISP SMTP server need encrypted authentication, I just can't get exim to
work, despite googling and asking for help in various channels including
this mlist. When swithed back to Sendmail, I found the answer just by
googling, without a single question asked.

Andrius, if you don't know what to next after Richard's step, here is a
short guide:

http://xpt.sourceforge.net/techdocs/nix/conn/mail/sendmail/sndm06-SendmailSmartHostConfiguration/index.html#Sendmail_Smart_Host

-- 
Tong (remove underscore(s) to reply)
  http://xpt.sourceforge.net/techdocs/
  http://xpt.sourceforge.net/tools/


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[Paul Johnson]

> On Wed, 19 Mar 2008, Paul Johnson wrote:
> > It's probably best to avoid sendmail if you're new to setting up email
> > and go with the debian default of exim instead.
>
> I'll assume you were trying to be helpful (and simply failed), and not
> trying to start another MTA pissing contest.

Yeah, I got my threads crossed.  Mybad.

-- 
Paul Johnson
[EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part.

Re: Sendmail configuration

[Richard A Nelson]

On Wednesday 19 March 2008 03:21:17 am Andrius wrote:


how to configure Sendmail to send a messages through ISP SMTP server?


Install sendmail-doc and check /usr/share/doc/sendmail/cf.README.gz
for SMART_HOST  ( define(`SMART_HOST', `')dnl )

On Wed, 19 Mar 2008, Paul Johnson wrote:


It's probably best to avoid sendmail if you're new to setting up email and go
with the debian default of exim instead.


I'll assume you were trying to be helpful (and simply failed), and not
trying to start another MTA pissing contest.

--
Rick Nelson
* Knghtbrd crosses his toes
 (if I crossed my fingers it would be hard to type)


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[Paul Johnson]

On Thursday 20 March 2008 02:12:14 am Andrius wrote:
> On Wed, 2008-03-19 at 20:50 -0700, Paul Johnson wrote:
> > On Wednesday 19 March 2008 03:21:17 am Andrius wrote:
> > > how to configure Sendmail to send a messages through ISP SMTP server?
> >
> > It's probably best to avoid sendmail if you're new to setting up email
> > and go with the debian default of exim instead.
>
> That is not what a question about was.

If you don't like the answer, don't ask the question?

-- 
Paul Johnson
[EMAIL PROTECTED]


signature.asc
Description: This is a digitally signed message part.

Re: Sendmail configuration

[cdr . nil]

On Mar 19, 11:40 am, Andrius <[EMAIL PROTECTED]> wrote:
> Hi,
>
> how to configure Sendmail to send a messages through ISP SMTP server?
> Thank you.
>
> Regards,
> Andrius
>

Andrius,

I'm not familiar with the sendmail installation on Debian, but if it
comes with a .mc file, you should look to edit the SMART_HOST
directive:

define(`SMART_HOST',`smtp.isp.org')

where you define the name of your ISP's smtp server.

-mark

Re: Sendmail configuration

[Andrius]

On Wed, 2008-03-19 at 20:50 -0700, Paul Johnson wrote:
> On Wednesday 19 March 2008 03:21:17 am Andrius wrote:
> 
> > how to configure Sendmail to send a messages through ISP SMTP server?
> 
> It's probably best to avoid sendmail if you're new to setting up email and go 
> with the debian default of exim instead.
> 
> -- 
> Paul Johnson
> [EMAIL PROTECTED]
> 
> 

That is not what a question about was.

Regards,

Andrius


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[Paul Johnson]

On Wednesday 19 March 2008 03:21:17 am Andrius wrote:

> how to configure Sendmail to send a messages through ISP SMTP server?

It's probably best to avoid sendmail if you're new to setting up email and go 
with the debian default of exim instead.

-- 
Paul Johnson
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail configuration

[Hugh Lawson]

Andrius <[EMAIL PROTECTED]> writes:

> Hi,
> 
> how to configure Sendmail to send a messages through ISP SMTP server?
> Thank you.

Try 'dpkg-reconfigure exim4-config'

You can repeat this until you get it right. Also, you can break off
the reconfiguration by typing Control-C.  Then you can start over
again.

For some documentation, see:

/usr/share/doc/exim4-config

and

http://newbiedoc.sourceforge.net/networking/exim.html


and then edit /etc/exim4/email-addresses

-- 
Hugh Lawson
[EMAIL PROTECTED]


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail Problem

[Jeff Grossman]

> I just set up a Debian system using testing as the source.  I moved from a
> Gentoo Linux system.  I installed Sendmail.  I am able to send and receive
> e-mail outside of this box with no problems.  But, cron is not able to
> send any e-mails from within the box.  Here is the error message:
>
>- The following addresses had permanent fatal errors -
> jeff
> (reason: 530 5.7.0 Authentication required)
> (expanded from: jeff)
>
> It wants to authenticate local mail to local users.
>
> Any help would be appreciated.
>
> Thanks,
> Jeff

I have done some digging around with my problem.  Here is some more
information.  I have the two lines in my sendmail.mc files:

DAEMON_OPTIONS(`Family=inet, NAME=MTA-v4, Port=smtp')dnl
DAEMON_OPTIONS(`Family=inet, NAME=MSP-v4, Port=submission, M=Ea')dnl

With those two lines I get the following error when using mailx:

[EMAIL PROTECTED] /etc/mail # mail -v jeff
Subject: Test Message
This is a test
.
Cc:
jeff... Connecting to [127.0.0.1] port 587 via relay...
220 apple.stikman.com ESMTP Sendmail 8.14.1/8.14.1/Debian-9; Thu, 25 Oct
2007 12:35:54 -0700; (No UCE/UBE) logging access from:
localhost(OK)-localhost [127.0.0.1]
>>> EHLO apple.stikman.com
250-apple.stikman.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO apple.stikman.com
250-apple.stikman.com Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-AUTH DIGEST-MD5 CRAM-MD5 LOGIN PLAIN
250-DELIVERBY
250 HELP
>>> VERB
250 2.0.0 Verbose mode
>>> MAIL From:<[EMAIL PROTECTED]> SIZE=47 [EMAIL PROTECTED]
530 5.7.0 Authentication required
root... Using cached ESMTP connection to [127.0.0.1] via relay...
>>> RSET
250 2.0.0 Reset state
>>> MAIL From:<> SIZE=1071
530 5.7.0 Authentication required
postmaster... Using cached ESMTP connection to [127.0.0.1] via relay...
>>> RSET
250 2.0.0 Reset state
>>> MAIL From:<> SIZE=2095
530 5.7.0 Authentication required
MAILER-DAEMON... Saved message in /var/lib/sendmail/dead.letter
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 apple.stikman.com closing connection
Can't send mail: sendmail process failed with error code 69

If I change the two lines in my sendmail.mc file to this:

DAEMON_OPTIONS(`Family=inet, NAME=MTA-v4, Port=smtp')dnl
DAEMON_OPTIONS(`Family=inet, NAME=MSP-v4, Port=submission')dnl

Then the mail works as expected.  I had the following line in my old
sendmail.mc file when I was using Gentoo:

DAEMON_OPTIONS(`Port=587, Name=MSA, M=Ea')

Because I want port 587 to require authentication and cron worked fine. 
But, when I put the M=Ea in the Debian version of Sendmail, I am not able
to send mail using cron.  Is it possible to me to require authentication
on the 587 port, but still allow local mail on the server to work?

Sorry for the lengthy e-mail.  But, thanks for any help that you guys can
offer me.

Jeff


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail +SASL +openldap

[Richard A Nelson]

On Mon, 13 Aug 2007, Sergio Belkin wrote:


Hi community


Hello


I have to authenticate Sendmail using openldap (I can't choose another SMTP is
for my job, also I've already got cyrus-imap using sasl and openldap).


I use sendmail/openldap/dovecot


Should I SASL in order to integrate both sendmail and openldap.
Or does another way exist of performing this task?


To have sendmail recognize a user in ldap as local, the getpw* functions
will need to work.  This means you should make sure libnss-ldap is
installed and working (and `getent passwd ` works)

You will still likely want SASL setup (libsasl2, libsasl2-modules,
sasl2-bin) so you eventually setup SMTP AUTH with other than
PLAIN/LOGIN.

--
Rick Nelson
"[In 'Doctor' mode], I spent a good ten minutes telling Emacs what I
thought of it.  (The response was, 'Perhaps you could try to be less
abusive.')"
(By Matt Welsh)


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sendmail and exim4

[Andrei Popescu]

On Tue, May 08, 2007 at 06:04:42PM -0300, Valdir Marcos wrote:
> init---atd
>  +-bash
>  +-cron---firebird
>  ¦  +-sendmail
>  +-cron---cron---sendmail
>  ¦ +-sh---curl
>  +-dhclient
>  +-exim4
> 
> 
> How can I discover what sendmail and exim4 are doing in my Debian Sarge?
> Tho whom they send messages in a server that, theoricaly, neither have POP 
> nor SMTP working?

AFAIK sendmail is provided by exim4. exim4 (or some other MTA) is needed
also for local mail, for example cron mailing errors to root.

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)


signature.asc
Description: Digital signature

(Solved) Re: sendmail hostname configured as an empty string

[Freddy Freeloader]

Freddy Freeloader wrote:

Jeff D wrote:

On Fri, 23 Mar 2007, Freddy Freeloader wrote:


Roberto C. Sánchez wrote:

On Fri, Mar 23, 2007 at 09:53:57AM -0700, Freddy Freeloader wrote:



Not my choice.  I'm setting this up for someone else who has 
hard-coded sendmail into his apps and is afraid that using exim4 
instead of sendmail will break them.  I tried to get him to use 
exim4 but he wasn't about to change his mind.



Are you aware that because of this (people hard coding to sendmail) 
that

both Exim and Postfix provide a /usr/sbin/sendmail (or was is
/usr/lib/sendmail) binary that is perfectly compatible (at the
command-line option level) with sendmail?

I have used apps that were hard coded to use sendmail with postfix 
over

the past few years and never once encountered a problem.

Regards,

-Roberto


How many times do I have to tell you this is not my decision to 
make?  If it was up to my I'd use Exim4.  I've used it successfully 
in the past with applications that specifically called for sendmail, 
but the person I'm doing the for has required me to use sendmail. 
Think I'd be knocking my head against the wall when there is 
something much easier to use if I had a choice? Anyway, thanks for 
nothing.




it goes in sendmail.mc

---
Human beings were created by water to transport it uphill.


Thank you.  That's what I figured, but was unsure.

Well, the define confDOMAIN_Name addition to sendmail.mc didn't fix the 
problem.  What I finally chased this down to was a problem with 
HOSTSTATUSDIRECTORY=path.  The host_status file was missing from the 
/var/lib/sendmail directory.  I "touched" the file, changed the 
permissions so both root and the smmsp group had rw permissions, ran 
sendmailconfig, and the problem with having an undefined host name was 
gone. 




--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sendmail hostname configured as an empty string

[Freddy Freeloader]

Jeff D wrote:

On Fri, 23 Mar 2007, Freddy Freeloader wrote:


Roberto C. Sánchez wrote:

On Fri, Mar 23, 2007 at 09:53:57AM -0700, Freddy Freeloader wrote:



Not my choice.  I'm setting this up for someone else who has 
hard-coded sendmail into his apps and is afraid that using exim4 
instead of sendmail will break them.  I tried to get him to use 
exim4 but he wasn't about to change his mind.



Are you aware that because of this (people hard coding to sendmail) 
that

both Exim and Postfix provide a /usr/sbin/sendmail (or was is
/usr/lib/sendmail) binary that is perfectly compatible (at the
command-line option level) with sendmail?

I have used apps that were hard coded to use sendmail with postfix over
the past few years and never once encountered a problem.

Regards,

-Roberto


How many times do I have to tell you this is not my decision to 
make?  If it was up to my I'd use Exim4.  I've used it successfully 
in the past with applications that specifically called for sendmail, 
but the person I'm doing the for has required me to use sendmail. 
Think I'd be knocking my head against the wall when there is 
something much easier to use if I had a choice? Anyway, thanks for 
nothing.




it goes in sendmail.mc

---
Human beings were created by water to transport it uphill.

Thank you.  That's what I figured, but was unsure. 



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sendmail hostname configured as an empty string

[Jeff D]

On Fri, 23 Mar 2007, Freddy Freeloader wrote:


Roberto C. Sánchez wrote:

On Fri, Mar 23, 2007 at 09:53:57AM -0700, Freddy Freeloader wrote:



Not my choice.  I'm setting this up for someone else who has hard-coded 
sendmail into his apps and is afraid that using exim4 instead of sendmail 
will break them.  I tried to get him to use exim4 but he wasn't about to 
change his mind.




Are you aware that because of this (people hard coding to sendmail) that
both Exim and Postfix provide a /usr/sbin/sendmail (or was is
/usr/lib/sendmail) binary that is perfectly compatible (at the
command-line option level) with sendmail?

I have used apps that were hard coded to use sendmail with postfix over
the past few years and never once encountered a problem.

Regards,

-Roberto


How many times do I have to tell you this is not my decision to make?  If it 
was up to my I'd use Exim4.  I've used it successfully in the past with 
applications that specifically called for sendmail, but the person I'm doing 
the for has required me to use sendmail. 
Think I'd be knocking my head against the wall when there is something much 
easier to use if I had a choice? 
Anyway, thanks for nothing.




it goes in sendmail.mc

---
Human beings were created by water to transport it uphill.

Re: sendmail hostname configured as an empty string

[Roberto C . Sánchez]

On Fri, Mar 23, 2007 at 11:12:18AM -0700, Freddy Freeloader wrote:
> >  
> How many times do I have to tell you this is not my decision to make?  
> If it was up to my I'd use Exim4.  I've used it successfully in the past 
> with applications that specifically called for sendmail, but the person 
> I'm doing the for has required me to use sendmail. 
> 
> Think I'd be knocking my head against the wall when there is something 
> much easier to use if I had a choice? 
> 
> Anyway, thanks for nothing.
> 
Well, I am not a sendmail guru (heck, I don't even know anything at all
about sendmail).  I just wanted to make sure that you are aware that
there are options even for cases where sendmail is hard-coded.  You are
clearly aware that there are options.  I am sorry that your client is
being so obstinate.

The best thing I can say is to get O'Reilly's Sendmail 3/e.  I have
heard good reviews of it from people who use sendmail in production.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


signature.asc
Description: Digital signature

Re: sendmail hostname configured as an empty string

[Freddy Freeloader]

Roberto C. Sánchez wrote:

On Fri, Mar 23, 2007 at 09:53:57AM -0700, Freddy Freeloader wrote:
  
 
  
Not my choice.  I'm setting this up for someone else who has hard-coded 
sendmail into his apps and is afraid that using exim4 instead of 
sendmail will break them.  I tried to get him to use exim4 but he wasn't 
about to change his mind.




Are you aware that because of this (people hard coding to sendmail) that
both Exim and Postfix provide a /usr/sbin/sendmail (or was is
/usr/lib/sendmail) binary that is perfectly compatible (at the
command-line option level) with sendmail?

I have used apps that were hard coded to use sendmail with postfix over
the past few years and never once encountered a problem.

Regards,

-Roberto

  
How many times do I have to tell you this is not my decision to make?  
If it was up to my I'd use Exim4.  I've used it successfully in the past 
with applications that specifically called for sendmail, but the person 
I'm doing the for has required me to use sendmail. 

Think I'd be knocking my head against the wall when there is something 
much easier to use if I had a choice? 


Anyway, thanks for nothing.


--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sendmail hostname configured as an empty string

[Roberto C . Sánchez]

On Fri, Mar 23, 2007 at 09:53:57AM -0700, Freddy Freeloader wrote:
> >  
> Not my choice.  I'm setting this up for someone else who has hard-coded 
> sendmail into his apps and is afraid that using exim4 instead of 
> sendmail will break them.  I tried to get him to use exim4 but he wasn't 
> about to change his mind.
> 
Are you aware that because of this (people hard coding to sendmail) that
both Exim and Postfix provide a /usr/sbin/sendmail (or was is
/usr/lib/sendmail) binary that is perfectly compatible (at the
command-line option level) with sendmail?

I have used apps that were hard coded to use sendmail with postfix over
the past few years and never once encountered a problem.

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


signature.asc
Description: Digital signature

Re: sendmail hostname configured as an empty string

[Freddy Freeloader]

Roberto C. Sánchez wrote:

On Fri, Mar 23, 2007 at 08:48:19AM -0700, Freddy Freeloader wrote:
  
I see this has been asked before, but being the total sendmail newbie 
that I am, and that Debian uses sendmailconfig to configure sendmail I 
am not quite sure as to how to proceed.




Out of curiousity, if you are a total sendmail newbie, why not just try
something like Exim or Postfix?

Regards,

-Roberto

  
Not my choice.  I'm setting this up for someone else who has hard-coded 
sendmail into his apps and is afraid that using exim4 instead of 
sendmail will break them.  I tried to get him to use exim4 but he wasn't 
about to change his mind.



--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: sendmail hostname configured as an empty string

[Roberto C . Sánchez]

On Fri, Mar 23, 2007 at 08:48:19AM -0700, Freddy Freeloader wrote:
> I see this has been asked before, but being the total sendmail newbie 
> that I am, and that Debian uses sendmailconfig to configure sendmail I 
> am not quite sure as to how to proceed.
> 
Out of curiousity, if you are a total sendmail newbie, why not just try
something like Exim or Postfix?

Regards,

-Roberto

-- 
Roberto C. Sánchez
http://people.connexer.com/~roberto
http://www.connexer.com


signature.asc
Description: Digital signature

Re: Sendmail hostname error

[Paul Johnson]

][ wrote:

> Hi,
> 
> I wasn't able to use sendmail recently. I've now track it down that the
> hostname that my Sendmail uses is wrong. How can I fix it?
> 
>   % /usr/sbin/sendmail -bi
>   WARNING: local host name (;; connection timed out; no servers could be
>   reached) is not qualified; see cf/README: WHO AM I? /etc/mail/aliases:
>   24 aliases, longest 10 bytes, 233 bytes total
> 
>   % grep 'WHO AM I' -r /etc/mail/* || echo no found
>   no found
> 
> Please help.
> 
> 
> FYI, this is the respond that I got explaining why it is happening.
> 
> _
> You seem to be a victim of the same broken "helpfulness" as described in
> the (apparently misthreaded by google) thread at
> 
>
http://groups.google.com/group/comp.mail.sendmail/browse_frm/thread/7095fe4c3569eed1
> 
> - i.e. some install script or whatever has "configured" your sendmail
> with a *host name* of literally ";; connection timed out; no servers
> could be reached"! This is actually an error message from the 'dig'
> command - i.e. the script probably tries to use 'dig' to get the
> fully-qualified host name, and blindly accepts any output from 'dig'.
> The slightly different greeting comes from the fact that sendmail
> inserts the "ESMTP" there as the second word, under the reasonable
> assumption that the host name is a single word...
> _

This might seem obvious, but did you make sure your mail server has a PTR
record for it's IP?  If not, make sure your mail server has a PTR record in
DNS and do a dpkg-reconfigure -plow sendmail.




-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Sendmail in Sarge and Etch

[Andrei Popescu]

"T.J. Duchene" <[EMAIL PROTECTED]> wrote:

> What is the appropriate list for this?  Bugs?
> 
> 
> 
> I'm not sure if you would really consider this a flaw or not.  I do, but 
> then I've had more experience with Sendmail than most.
> 
> The Debian package installers in Sarge and Etch contain a serious flaw 
> in the setup scripts that place FEATURE() after MAILER () in the m4 
> sendmail.mc file.
> 
> This, of course, is not permitted.  While the generated sendmail.cf file 
> appears to work (I haven't inspected it.), this causes an error every 
> time that sendmail is configured.  This has been a long standing problem 
> - over a year.

There are several levels for the severity of a bug.

> I'd also like to suggest enabling some of the more commonly used 
> features, such as virtusertable and blacklisting.

file as bug, category - wishlist

> I'd rather use the Debian stock packages rather than have to replace 
> sendmail every time I update.  I can even donate a preconfigured 
> sendmail.mc file if it will help.
> 
> T.J.

The reportbug package is a great tool. Just run 'reportbug
package-name' and answer the questions. It will also retrieve other
bugreports and lets you add comments if your issue is already reported.

Regards,
Andrei
-- 
If you can't explain it simply, you don't understand it well enough.
(Albert Einstein)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]