On 2023-06-21 22:41, Bob Rogers wrote:
From: Marc Chamberlin via openSUSE Users
Date: Tue, 20 Jun 2023 22:55:54 -0700 Hi Bob, Carlos, and all you other kind responders to my query. I guess I was not clear enough in my original post, so I have change the subject of this thread slightly in order to be a bit clearer. For many years I have been using the BSD version of sendmail because it was the recommend way (from the folks at Apache James) and I suspect it had an easy to understand way to stop it from listening on port 25. This was done by not using the -bd parameter, that I mentioned earlier, which forks a separate process/daemon that listens on port 25 for incoming connections. I only want the BSD version of it's sendmail binary to send internally generated emails from other services such as cron, fail2ban, clamd etc., that rely on a sendmail process to send their messages.
OK, I think that's clear. You need Apache James for incoming emails on port 25, and are using sendmail only for outgoing email originated on that system.
I much appreciate your taking the time to describe how to change the Postfix version of sendmail so that it too will not listen for incoming connections on port 25. I will keep that as a reserve option to try if I cannot get to the bottom of the problem I am now experiencing, as of OpenSuSE 15.4.
Understood; I certainly don't expect you to switch MTAs mid-project. I've had to do that several times now, and the learning curve can be steep. On the other hand, I've never tried running two MTAs on the same system before, which sounds like it could get sticky. But I guess you've been doing that successfully until this upgrade, so maybe it's not so bad.
The current version of the BSD version of its sendmail binary/command now seems to want to make a connection on port 25, expecting a listening daemon is running and listening for connections. I don't think the previous versions of BSD sendmail wanted to make a connection on port 25, but rather when the BSD sendmail binary was called to compose and send an email, it in turn called directly the internal routines of BSD sendmail that are responsible for actually sending or relaying a message to another MTA. This is my only hypothesis on why the -bd parameter's behavior has changed and is now required by the sendmail binary.
According to [1], "-bd" causes sendmail to run as a daemon and listen on port 25 (as you say); without it, it tries to deliver a message from stdin. I am pretty sure this is long-standing behavior for the sendmail binary.
Also, as I have discovered, if the current version of BSD sendmail command is called directly, to compose and send an email, and the -bd parameter is not specified when the BSD sendmail service is started, I get a connection refused on port 25. This is true across all of my firewalld zones.
So the sendmail "server" is trying to *connect to* something on port 25, presumably to attempt a delivery. My reading of the aforementioned page is that without "-bd", sendmail (still running in the systemd process and not as a daemon) should see no addresses on the command line and an EOF on stdin, and exit with an error.
Why is not "Apache James", which you said listens "for incoming emails on port 25", accepting the connection from the sendmail on port 25? Postfix provides a sendmail binary with limited functionality to fool local applications into calling sendmail to send mail, but that binary instead passes it to postfix "somehow". Question: doesn't Apache James provide another sendmail binary for this purpose? -- Cheers / Saludos, Carlos E. R. (from 15.4 x86_64 at Telcontar)