From owner-freebsd-questions@freebsd.org Tue May 31 03:23:13 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34293B55211 for ; Tue, 31 May 2016 03:23:13 +0000 (UTC) (envelope-from kellymartin@gmail.com) Received: from mail-vk0-x231.google.com (mail-vk0-x231.google.com [IPv6:2607:f8b0:400c:c05::231]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D56F71BB0 for ; Tue, 31 May 2016 03:23:12 +0000 (UTC) (envelope-from kellymartin@gmail.com) Received: by mail-vk0-x231.google.com with SMTP id r140so242616712vkf.0 for ; Mon, 30 May 2016 20:23:12 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to; bh=RU29i5uNcYMa45USk4T+XqS7mv22quCZzB4DHWOzW9M=; b=Yjq2PEDbI4d4VKNtDhEyXj7DFnk29Z68MqsDc5We8KRbue5a5RSdB6kbOEPGcnWIG7 ABAwJHW/JbGUaEUp7KpMgn2tBoNZXRTZae7Gv9whQ59GkVcNWNtJrHkwY4wVu8ewqCHk wuE7/MtStJDcBnDHrlXZXGMZYa/DBbIl0naK7fYvu/8wgUmyP4yxygDw7gYAEIcujGtj rdcSF1XArdtZH8dT1lPcKHWFb8Ti46YohjNvtWG7eGBWZjgxX7hG5MRuaxOxOYwnteZi Vkte3FYsLT9HfgdnrNS8/4UqwYnkss0IOD5XQvo2b3ZPSKD3WYYowpAUdgcAiCDwc66H lJZg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to; bh=RU29i5uNcYMa45USk4T+XqS7mv22quCZzB4DHWOzW9M=; b=apVNaiBlVJu4t5c0ej+B1gSasLn6GJmpIWxwYM3k6PQ6PkfO9CMQs/C98M6Z5Ptruh xYWTfk3ePoSgTdSH3y25LJMKswR4TcpY4PtRLmv1TncK8/fb8IED6fTS4wk9xZAFZ5N9 /N/O99OU+9lWAULFICnqnAOaIrPyZ5/Id6Gr3K1xRwnKiCmoYqeKiBsLNnn4vWd4dLNu STtEfRd+kmsjS+ndx0G44qE6kxTq9bxIo5i2WfY822iSXFrQ6M6bHG34oFlh3MQzzkvQ +46Ubzi2ELW3lWdeh6XICpksFpVe1iQgXFm0c+LdLM9zJFmRLx/UCirixZs+u+XZG7YD 8BpQ== X-Gm-Message-State: ALyK8tJ5PI/ubuMkW1aBrschy0s/EGeNY2lrfUVhfXDOAq8Sgh5grfUV+U3uXxV9H5/1y/6hxSbxQA6bEdH4tg== MIME-Version: 1.0 X-Received: by 10.176.64.73 with SMTP id h67mr16146780uad.40.1464664991697; Mon, 30 May 2016 20:23:11 -0700 (PDT) Received: by 10.103.75.153 with HTTP; Mon, 30 May 2016 20:23:11 -0700 (PDT) In-Reply-To: References: Date: Mon, 30 May 2016 21:23:11 -0600 Message-ID: Subject: Re: sendmail from a jail - intermittent problems From: Kelly Martin To: FreeBSD Questions Content-Type: text/plain; charset=UTF-8 X-Content-Filtered-By: Mailman/MimeDel 2.1.22 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 31 May 2016 03:23:13 -0000 I double-checked and there's no SPF record for the domain. I should probably add one to prevent spam in the future. :) Also double-checked that the mail isn't getting filtered into spam on my recipient email - it's not. Also I telnet into sendmail today from within the jail and was able to successfully send mail & receive it on the other end. So I'm still at a loss as to why most of the mail from the server is vanishing... and finally, I took a look at the headers from the last good email received from the server and there's nothing obvious to me. I'll go through them again just in case. On Mon, May 30, 2016 at 7:41 PM, Waitman Gobble wrote: > On Mon, May 30, 2016 at 6:32 PM, Kelly Martin > wrote: > > > > I have a web server running in a jail that needs to send mail. The web > > server script is configured properly and I get mail from it > > intermittently... meaning, every once and a while but not reliably at > all. > > Here's the kicker: all the sendmail requests show up properly in > > /var/log/maillog but most are just never received. They seem to vanish. > I'm > > confused how this could happen. I can reliably send mail from the command > > line inside the jail. > > > > Here is a recent snipped from the log entries trying to send mail from > the > > script. I've anonymized the email and domains to protect the innocent: > > > > May 30 16:15:03 webjail sendmail[54383]: u4UMF24X054383: from=www, > > size=1911, class=0, nrcpts=1, msgid=< > > 54bd126df09223d3801a199e5d72f22a@my.securesite.com>, relay=www@localhost > > May 30 16:15:03 webjail sm-mta[54384]: STARTTLS=server, relay=[10.0.0.1], > > version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, > bits=256/256 > > May 30 16:15:03 webjail sendmail[54383]: STARTTLS=client, > > relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, > > cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 > > May 30 16:15:03 webjail sm-mta[54384]: u4UMF38c054384: from= >, > > size=2021, class=0, nrcpts=1, msgid=< > > 54bd126df09223d3801a199e5d72f22a@my.securesite.com>, proto=ESMTPS, > > daemon=Daemon0, relay=[10.0.0.1] > > May 30 16:15:03 webjail sendmail[54383]: u4UMF24X054383: to=Noreen > Somebody > > , ctladdr=www (80/80), delay=00:00:00, > > xdelay=00:00:00, mailer=relay, pri=31911, relay=[127.0.0.1] [127.0.0.1], > > dsn=2.0.0, stat=Sent (u4UMF38c054384 Message accepted for delivery) > > May 30 16:15:03 webjail sendmail[54387]: u4UMF31m054387: from=www, > > size=1128, class=0, nrcpts=1, msgid=< > > 7ecf1131971053c7881ba0295d547c7e@my.securesite.com>, relay=www@localhost > > May 30 16:15:03 webjail sm-mta[54388]: STARTTLS=server, relay=[10.0.0.1], > > version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, > bits=256/256 > > May 30 16:15:03 webjail sendmail[54387]: STARTTLS=client, > > relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, > > cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 > > May 30 16:15:03 webjail sm-mta[54386]: STARTTLS=client, relay= > > gmail-smtp-in.l.google.com., version=TLSv1.2, verify=FAIL, > > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 > > May 30 16:15:03 webjail sm-mta[54388]: u4UMF3lu054388: from= >, > > size=1238, class=0, nrcpts=1, msgid=< > > 7ecf1131971053c7881ba0295d547c7e@my.securesite.com>, proto=ESMTPS, > > daemon=Daemon0, relay=[10.0.0.1] > > May 30 16:15:03 webjail sendmail[54387]: u4UMF31m054387: to=Noreen > Somebody > > , ctladdr=www (80/80), delay=00:00:00, > > xdelay=00:00:00, mailer=relay, pri=31128, relay=[127.0.0.1] [127.0.0.1], > > dsn=2.0.0, stat=Sent (u4UMF3lu054388 Message accepted for delivery) > > May 30 16:15:04 webjail sendmail[54391]: u4UMF3W9054391: from=www, > > size=987, class=0, nrcpts=2, msgid=< > > 9b64a1b5489988ac34a99a92bb95d501@my.securesite.com>, relay=www@localhost > > May 30 16:15:04 webjail sendmail[54391]: STARTTLS=client, > > relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, > > cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 > > May 30 16:15:04 webjail sm-mta[54392]: STARTTLS=server, relay=[10.0.0.1], > > version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, > bits=256/256 > > May 30 16:15:04 webjail sm-mta[54390]: STARTTLS=client, relay= > > gmail-smtp-in.l.google.com., version=TLSv1.2, verify=FAIL, > > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 > > May 30 16:15:04 webjail sm-mta[54386]: u4UMF38c054384: to=< > > noreensomebody@gmail.com>, ctladdr= (80/80), > delay=00:00:01, > > xdelay=00:00:01, mailer=esmtp, pri=32021, relay= > gmail-smtp-in.l.google.com. > > [74.125.126.26], dsn=2.0.0, stat=Sent (OK 1464646504 127si27813404itv.11 > - > > gsmtp) > > May 30 16:15:04 webjail sm-mta[54392]: u4UMF4Dq054392: from= >, > > size=1070, class=0, nrcpts=2, msgid=< > > 9b64a1b5489988ac34a99a92bb95d501@my.securesite.com>, proto=ESMTPS, > > daemon=Daemon0, relay=[10.0.0.1] > > May 30 16:15:04 webjail sendmail[54391]: u4UMF3W9054391: to= > > info@securesite.com,"SecureSite Admin" , > ctladdr=www > > (80/80), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=60987, > > relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u4UMF4Dq054392 > Message > > accepted for delivery) > > May 30 16:15:04 webjail sm-mta[54390]: u4UMF3lu054388: to=< > > noreensomebody@gmail.com>, ctladdr= (80/80), > delay=00:00:01, > > xdelay=00:00:01, mailer=esmtp, pri=31238, relay= > gmail-smtp-in.l.google.com. > > [173.194.198.26], dsn=2.0.0, stat=Sent (OK 1464646505 69si3936877ioe.191 > - > > gsmtp) > > May 30 16:15:04 webjail sm-mta[54394]: STARTTLS=client, relay= > > aspmx.l.google.com., version=TLSv1.2, verify=FAIL, > > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 > > May 30 16:15:04 webjail sm-mta[54394]: u4UMF4Dq054392: to=< > > admin@securesite.com>,, ctladdr= > (80/80), > > delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=61070, relay= > > aspmx.l.google.com. [74.125.70.27], dsn=2.0.0, stat=Sent (OK 1464646505 > > f3si40822457ioa.19 - gsmtp) > > > > From what I can see the mail is going out fine but I never receive it. In > > this case it's To: noreensomebody@gmail.com, who is a customer, and > BCC: or > > CC: admin@securesite.com which is my email. > > > > Some details: > > - FreeBSD 10.x with latest patches > > - jail only runs Apache/PHP, sendmail, cron and syslog > > - jail bound to lo1 as 10.0.0.1, no external interfaces > > - Internal Sendmail running as a daemon > > - no sendmail entry in the jail's /etc/rc.conf or /etc/rc.local > > - mail is not being blocked by the firewall on the host > > - host is running on DigitalOcean's public cloud. I don't know if they do > > any outbound mail filtering to hosted customer services (doubtful) > > > > Any thoughts on how to better diagnose this issue? Should I try to use an > > external SMTP server? Ultimately I need to get the built-in Sendmail > > working reliably however. > > > > If I send mail to one of my own email addresses from the command line, I > do > > get the email. Here's what that log looks like. Maybe I'm missing > something > > obvious in the previous log. > > > > [CODE]May 30 18:12:33 webjail sendmail[54911]: u4V0CWsL054911: from=root, > > size=95, class=0, nrcpts=1, msgid=<201605310012.u4V0CWsL054911@webjail>, > > relay=root@localhost > > May 30 18:12:33 webjail sendmail[54911]: STARTTLS=client, > > relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, > > cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 > > May 30 18:12:33 webjail sm-mta[54912]: STARTTLS=server, relay=[10.0.0.1], > > version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, > bits=256/256 > > May 30 18:12:33 webjail sm-mta[54912]: u4V0CXLL054912: from= >, > > size=395, class=0, nrcpts=1, msgid=<201605310012.u4V0CWsL054911@webjail > >, > > proto=ESMTPS, daemon=Daemon0, relay=[10.0.0.1] > > May 30 18:12:33 webjail sendmail[54911]: u4V0CWsL054911: to= > > me@mytestsite.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, > > mailer=relay, pri=30095, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, > > stat=Sent (u4V0CXLL054912 Message accepted for delivery) > > May 30 18:12:33 webjail sm-mta[54914]: STARTTLS=client, relay= > > aspmx.l.google.com., version=TLSv1.2, verify=FAIL, > > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 > > May 30 18:12:34 webjail sm-mta[54914]: u4V0CXLL054912: to=< > me@mytestsite.com>, > > ctladdr= (0/0), delay=00:00:01, xdelay=00:00:01, > > mailer=esmtp, pri=30395, relay=aspmx.l.google.com. [74.125.193.26], > > dsn=2.0.0, stat=Sent (OK 1464653554 i78si28053286ita.45 - gsmtp) > > > > Thanks, > > Kelly > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > > > > Could be SPF or spam filtering type of issue? Take a look at the > headers on the mail you do receive. Did you try using telnet / > openssl s_client to send email from the jail? > > An SMTP service might be a good idea, there are many which offer > free/gratis accounts for low/small volumes. > > -- > Waitman Gobble > Los Altos California USA > 510-830-7975 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >