From: Marc Chamberlin via openSUSE Users
Date: Tue, 20 Jun 2023 22:55:54 -0700
Hi Bob, Carlos, and all you other kind responders to my query. I guess
I was not clear enough in my original post, so I have change the subject
of this thread slightly in order to be a bit clearer. For many years I
have been using the BSD version of sendmail because it was the recommend
way (from the folks at Apache James) and I suspect it had an easy to
understand way to stop it from listening on port 25. This was done by
not using the -bd parameter, that I mentioned earlier, which forks a
separate process/daemon that listens on port 25 for incoming
connections. I only want the BSD version of it's sendmail binary to send
internally generated emails from other services such as cron, fail2ban,
clamd etc., that rely on a sendmail process to send their messages.
OK, I think that's clear. You need Apache James for incoming emails on
port 25, and are using sendmail only for outgoing email originated on
that system.
I much appreciate your taking the time to describe how to change the
Postfix version of sendmail so that it too will not listen for
incoming connections on port 25. I will keep that as a reserve
option to try if I cannot get to the bottom of the problem I am now
experiencing, as of OpenSuSE 15.4.
Understood; I certainly don't expect you to switch MTAs mid-project.
I've had to do that several times now, and the learning curve can be
steep. On the other hand, I've never tried running two MTAs on the same
system before, which sounds like it could get sticky. But I guess
you've been doing that successfully until this upgrade, so maybe it's
not so bad.
The current version of the BSD version of its sendmail binary/command
now seems to want to make a connection on port 25, expecting a
listening daemon is running and listening for connections. I don't
think the previous versions of BSD sendmail wanted to make a
connection on port 25, but rather when the BSD sendmail binary was
called to compose and send an email, it in turn called directly the
internal routines of BSD sendmail that are responsible for actually
sending or relaying a message to another MTA. This is my only
hypothesis on why the -bd parameter's behavior has changed and is now
required by the sendmail binary.
According to [1], "-bd" causes sendmail to run as a daemon and listen on
port 25 (as you say); without it, it tries to deliver a message from
stdin. I am pretty sure this is long-standing behavior for the sendmail
binary.
Also, as I have discovered, if the current version of BSD sendmail
command is called directly, to compose and send an email, and the -bd
parameter is not specified when the BSD sendmail service is started,
I get a connection refused on port 25. This is true across all of my
firewalld zones.
So the sendmail "server" is trying to *connect to* something on port 25,
presumably to attempt a delivery. My reading of the aforementioned page
is that without "-bd", sendmail (still running in the systemd process
and not as a daemon) should see no addresses on the command line and an
EOF on stdin, and exit with an error. (This may have happened before
your upgrade, but somebody fixed a bug (in sendmail or its systemd
interface) that hid the error. Or not; see below. If you still have
the older installation around, it might be instructive to see what
"systemctl status sendmail" says after startup.) But now, obscurely, it
seems to be trying to deliver something, to somewhere . . .
If I am correct, this is a MAJOR change to BSD sendmail and NOT at
all backwards compatible with the previous versions of the BSD
sendmail binary. My inquiring mind wants to know why this change in
the BSD version of sendmail was made, is there a workaround, and/or
is this a bug. Google is not helping me find an answer, probably
because this appears to be a recent change in behavior.
This is quite odd, but it amounts to a different error behavior; by not
requesting a sendmail daemon in the systemd startup script, you went off
into uncharted territory. That alone should explain why you haven't
found any fellow sufferers.
Now that I'm finally reading your emails in detail (and I confess
that I only skimmed them before because I'm not a sendmail guru), I
believe that what you need to do is:
(a) figure out how to tweak the /etc/mail/sendmail.cf configuration
file to tell sendmail not to start an SMTP server on port 25 (or,
failing that, to start it on some other obscure port on the
loopback interface) so it doesn't clobber Apache James; and
(b) reinstate that "-bd" option in the systemd startup file so that
you get the sendmail daemon back, because you need it it to
manage the outgoing queue.
All of which should be taken with a grain of salt because, again, I'm
not a sendmail guru. Also, I can't entirely explain the symptoms you're
currently seeing, nor can I explain how you were able to send mail
before without a running daemon. Perhaps the default used to be to
start a daemon if there was no message, and that's what they changed in
this release? In any case, the solution outlined above is what I would
try next.
And I'm also going to bet that setting this up would be easier with
either of the other two MTAs I've dealt with (Qmail and Postfix) than it
is with sendmail. Again, not that I'm advocating switching ATM, but you
might want to look into it longer term. I preferred Qmail when sendmail
was the widespread default (it's wicked fast and rock solid) but Postfix
has the advantage of being the openSUSE default.
Thanks again everyone for your help and ideas and please keep em
coming! Marc
No problem.
-- Bob
[1] https://man.freebsd.org/cgi/man.cgi?sendmail (note that this is
current, but dated 2013)