Hi Bob, Carlos, and all you other kind responders to my query. I guess I was not clear enough in my original post, so I have change the subject of this thread slightly in order to be a bit clearer. For many years I have been using the BSD version of sendmail because it was the recommend way (from the folks at Apache James) and I suspect it had an easy to understand way to stop it from listening on port 25. This was done by not using the -bd parameter, that I mentioned earlier, which forks a separate process/daemon that listens on port 25 for incoming connections. I only want the BSD version of it's sendmail binary to send internally generated emails from other services such as cron, fail2ban, clamd etc., that rely on a sendmail process to send their messages. I much appreciate your taking the time to describe how to change the Postfix version of sendmail so that it too will not listen for incoming connections on port 25. I will keep that as a reserve option to try if I cannot get to the bottom of the problem I am now experiencing, as of OpenSuSE 15.4. The current version of the BSD version of its sendmail binary/command now seems to want to make a connection on port 25, expecting a listening daemon is running and listening for connections. I don't think the previous versions of BSD sendmail wanted to make a connection on port 25, but rather when the BSD sendmail binary was called to compose and send an email, it in turn called directly the internal routines of BSD sendmail that are responsible for actually sending or relaying a message to another MTA. This is my only hypothesis on why the -bd parameter's behavior has changed and is now required by the sendmail binary. Also, as I have discovered, if the current version of BSD sendmail command is called directly, to compose and send an email, and the -bd parameter is not specified when the BSD sendmail service is started, I get a connection refused on port 25. This is true across all of my firewalld zones. If I am correct, this is a MAJOR change to BSD sendmail and NOT at all backwards compatible with the previous versions of the BSD sendmail binary. My inquiring mind wants to know why this change in the BSD version of sendmail was made, is there a workaround, and/or is this a bug. Google is not helping me find an answer, probably because this appears to be a recent change in behavior. I have another issue that appears to be a show stopper regarding port forwarding on localhost which doesn't appear to be working either. I will start another thread tomorrow, it is too late and I am too tired to continue, but I will say these two issues are connected in terms of what I am trying to accomplish with these MTAs.... Thanks again everyone for your help and ideas and please keep em coming! Marc On 6/20/23 11:29, Bob Rogers wrote:
From: "Carlos E. R."
Date: Tue, 20 Jun 2023 10:00:52 +0200 On 2023-06-20 03:08, Marc Chamberlin via openSUSE Users wrote: > On 6/19/23 17:40, Carlos E. R. wrote: >> On 2023-06-20 01:58, Marc Chamberlin via openSUSE Users wrote:
>>> As always, thoughts and comments are much appreciated! Marc.... >> >> >> I'm confused. >> >> I run the default postfix, which listens to port 25, and includes a >> sendmail binary, which can be called with no tricks to send mail. >> >> No tricks at all. >> > Hi Carlos > >> "which listens to port 25" > That's the problem with most MTA's, they listen on port 25 and I can't > allow that.
Block it in the firewall.
That won't help; he wants another app to be able to listen on the port.
And probably listening on 25 can be disabled in postfix, but not something I have investigated.
-- Cheers / Saludos,
Carlos E. R. (from 15.4 x86_64 at Telcontar)
Yes; FTR, Postfix has a line in /etc/postfix/master.cf that looks like this:
smtp inet n - n - - smtpd
Comment that out, restart the postfix daemon, and Postfix will no longer monopolize port 25 (signified here by "smtp"). Alternatively, replacing "smtp" by "localhost:10025" moves it out of the way by using a different port on localhost.
================ From: "Dr. Werner Fink"
Date: Tue, 20 Jun 2023 10:55:27 +0200 On 2023/06/20 10:00:52 +0200, Carlos E. R. wrote: > > Block it in the firewall. > > And probably listening on 25 can be disabled in postfix, but not something I > have investigated.
If no sendmail daemon is running (aka stopped and disabled via systemctl) or if running but configured not to listen on port 25 aka smtp on 127.0.0.1 as well as on ::1 (change /etc/mail/linux.mc based on the README below /usr/share/sendmail/ and use the m4 command below /etc/mail/ to generate the /etc/sendmail.cf ) ...
So far so good . . .
but be aware that if no other daemon is listen on 127.0.0.1 as well as on ::1 at port 25 you'll get a connection refused . . .
Werner
In more detail, if sendmail is told to bind port 25 on localhost, Apache James will have to be told to bind port 25 on all interfaces *other than* localhost. Otherwise, it will try binding port 25 on 0.0.0.0, and this will fail, usually resulting in a complete failure of the MTA to start up. The error messages I've seen for this (and I've shot myself in this particular foot multiple times, not just with MTAs) are usually confusing, which I why I think this deserves special mention.
-- Bob Rogers http://www.rgrjr.com/
-- --... ...-- .----. ... -.. . .-- .- --... .--. -..- .-- -- .- .-. -.-. <b>Computers: the final frontier. These are the voyages of the user Marc.<br> His mission: to explore strange new hardware. To seek out new software and new applications.<br> To boldly go where no Marc has gone before!<br></b>