From owner-freebsd-questions@FreeBSD.ORG Sun Jan 6 00:05:07 2008 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 41AB916A419 for ; Sun, 6 Jan 2008 00:05:07 +0000 (UTC) (envelope-from af300wsm@gmail.com) Received: from wa-out-1112.google.com (wa-out-1112.google.com [209.85.146.182]) by mx1.freebsd.org (Postfix) with ESMTP id CE4F713C43E for ; Sun, 6 Jan 2008 00:05:06 +0000 (UTC) (envelope-from af300wsm@gmail.com) Received: by wa-out-1112.google.com with SMTP id k17so11961591waf.3 for ; Sat, 05 Jan 2008 16:05:06 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; bh=FqfCXKSIwmwRswBNa7aCT0dUAnlNkzeo1qApwwski10=; b=xCBBSYhbGtDDWJGqAK88b0We6TO9ZbceCLzgINlQh6APsER3+13tSvn/1Xyo9W6NWMMr9/yvY+oV43BMNlyYC6V5Vb1QaGYdCN9a5YKq45JLYO5vSBPyuPJn8QHnNrY1yMSj65Co7tS0N/LzWkpMbLxTfpI7DIJacOapM542yKs= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=from:to:subject:date:user-agent:cc:references:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:message-id; b=hdC9moufOLLm0iAV7ufuw2rxjX8deCTLF6Zv8uQfpg2ek6x7BFZxL3/RcKgmxk1TfUMSmZlvz8DBXdPjIMmeTaqI++/aDrwDeIlJwCAYv4faF6MlOIK1hn+Q3dUbbAl2YYpQYXqIdKMYcR4A0rB1KoCkl/xgFwtUV3UT8ybXBC8= Received: by 10.114.169.2 with SMTP id r2mr19555037wae.76.1199577905735; Sat, 05 Jan 2008 16:05:05 -0800 (PST) Received: from sniper ( [75.167.131.116]) by mx.google.com with ESMTPS id c26sm31961446waa.58.2008.01.05.16.05.04 (version=TLSv1/SSLv3 cipher=OTHER); Sat, 05 Jan 2008 16:05:05 -0800 (PST) From: Andrew Falanga To: Giorgos Keramidas Date: Sat, 5 Jan 2008 17:04:56 -0700 User-Agent: KMail/1.9.6 References: <200801051308.53420.af300wsm@gmail.com> <20080105220659.GE53175@kobe.laptop> In-Reply-To: <20080105220659.GE53175@kobe.laptop> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200801051704.56462.af300wsm@gmail.com> Cc: freebsd-questions@freebsd.org Subject: Re: My sendmail appears to be fixed, advice needed though X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 06 Jan 2008 00:05:07 -0000 On Saturday 05 January 2008 15:06:59 Giorgos Keramidas wrote: > On 2008-01-05 13:08, Andrew Falanga wrote: > > Hi everybody, > > Sorry for this flurry of e-mail from me over the last few days. This > > has been highly frustrating. > > You should post *more* details, not less. One of the things which was > missing from the older posts (or at least, one thing which I didn't see) > was a *FULL* copy of your local *.mc configuration file. > > > Basically, the instructions for setting up SSL and Authentication (from > > http://www.puresimplicity.net/~hemi/freebsd/sendmail.html) instruct to > > have the following lines in the .mc file: > > > > define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl > > TRUST_AUTH_MECH(`PLAIN LOGIN')dnl > > define(`CERT_DIR', `/etc/mail/certs')dnl > > define(`confCACERT_PATH', `CERT_DIR')dnl > > define(`confCACERT', `CERT_DIR/mycert.pem')dnl > > define(`confSERVER_CERT', `CERT_DIR/mycert.pem')dnl > > define(`confSERVER_KEY', `CERT_DIR/mykey.pem')dnl > > define(`confCLIENT_CERT', `CERT_DIR/mycert.pem')dnl > > define(`confCLIENT_KEY', `CERT_DIR/mykey.pem')dnl > > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > > DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl > > > > I deleated this line: > > DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl > > That doesn't sound right. I think it's because you have the options > listed above *after* the MAILER() calls. This means that the options > are not `set' at the time the MAILER() calls generate your > configuration. So you probably end up with several instances of the > `MTA' and `TLSMTA' daemon definitions in the final `sendmail.cf' file. > > This could very well be the explanation of why your Sendmail *is* > listening on port :25 and it *also* tries to listen again, logging the > failures in syslog. > > > Is this a viable fix or will I be missing something? I was able to > > telnet to port 25 and send mail that way. I cannot relay without > > logging in, so I think it's fixed. > > See my previous post about moving MAILER() calls to the end of the file, > and give it another spin. You are *very* close to figuring it all out > and having a fully working setup, AFAICT :) > > Regards, > Giorgos Glad to see that I'm on the right track. I think, after seeing the full contents of my whitbap.mc file, you'll see that the problem is that put these lines *after* the MAILER lines. At any rate, here's the full whitbap.mc file and sorry for not posting it completely before: whitbap# cat whitbap.mc divert(-1) # # Copyright (c) 1983 Eric P. Allman # Copyright (c) 1988, 1993 # The Regents of the University of California. All rights reserved. # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # 3. All advertising materials mentioning features or use of this software # must display the following acknowledgement: # This product includes software developed by the University of # California, Berkeley and its contributors. # 4. Neither the name of the University nor the names of its contributors # may be used to endorse or promote products derived from this software # without specific prior written permission. # # THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # # # This is a generic configuration file for FreeBSD 5.X and later systems. # If you want to customize it, copy it to a name appropriate for your # environment and do the modifications there. # # The best documentation for this .mc file is: # /usr/share/sendmail/cf/README or # /usr/src/contrib/sendmail/cf/README # divert(0) VERSIONID(`$FreeBSD: src/etc/sendmail/freebsd.mc,v 1.30.2.2 2006/08/23 03:31:00 gshapiro Exp $') OSTYPE(freebsd6) DOMAIN(generic) FEATURE(access_db, `hash -o -T /etc/mail/access') FEATURE(blacklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to allow relaying based on your MX records. dnl NOTE: This can allow sites to use your server as a backup MX without dnl your permission. dnl FEATURE(relay_based_on_MX) dnl DNS based black hole lists dnl -------------------------------- dnl DNS based black hole lists come and go on a regular basis dnl so this file will not serve as a database of the available servers. dnl For that, visit dnl http://directory.google.com/Top/Computers/Internet/Abuse/Spam/Blacklists/ dnl Uncomment to activate Realtime Blackhole List dnl information available at http://www.mail-abuse.com/ dnl NOTE: This is a subscription service as of July 31, 2001 dnl FEATURE(dnsbl) dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}') dnl Dialup users should uncomment and define this appropriately dnl define(`SMART_HOST', `your.isp.mail.server') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') FEATURE(`no_default_msa') MAILER(local) MAILER(smtp) MAILER(dovecot) define(`confAUTH_MECHANISMS',`PLAIN LOGIN')dnl TRUST_AUTH_MECH(`PLAIN LOGIN')dnl define(`CERT_DIR', `/etc/mail/certs')dnl define(`confCACERT_PATH', `CERT_DIR')dnl define(`confCACERT', `CERT_DIR/whitbap_cert.pem')dnl define(`confSERVER_CERT', `CERT_DIR/whitbap_cert.pem')dnl define(`confSERVER_KEY', `CERT_DIR/whitbap_key.pem')dnl define(`confCLIENT_CERT', `CERT_DIR/whitbap_cert.pem')dnl define(`confCLIENT_KEY', `CERT_DIR/whitbap_key.pem')dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl Andy