Date: Mon, 30 May 2016 21:23:11 -0600 From: Kelly Martin <kellymartin@gmail.com> To: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: sendmail from a jail - intermittent problems Message-ID: <CAJunRnKR_joQ7p5veWEe9BSVqpWQxqRKzY8e5nPRAPLfrPHKbA@mail.gmail.com> In-Reply-To: <CAFuo_fxrKDtmQDtiHHQL2oK%2BjjA356GFkYjNZEp=GgJmCUFYgg@mail.gmail.com> References: <CAJunRn%2B_tndeA7kwZ0FTB_vSfb-DLcbcvt11gfy-J=NCdx7Z-w@mail.gmail.com> <CAFuo_fxrKDtmQDtiHHQL2oK%2BjjA356GFkYjNZEp=GgJmCUFYgg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I double-checked and there's no SPF record for the domain. I should probably add one to prevent spam in the future. :) Also double-checked that the mail isn't getting filtered into spam on my recipient email - it's not. Also I telnet into sendmail today from within the jail and was able to successfully send mail & receive it on the other end. So I'm still at a loss as to why most of the mail from the server is vanishing... and finally, I took a look at the headers from the last good email received from the server and there's nothing obvious to me. I'll go through them again just in case. On Mon, May 30, 2016 at 7:41 PM, Waitman Gobble <gobble.wa@gmail.com> wrote: > On Mon, May 30, 2016 at 6:32 PM, Kelly Martin <kellymartin@gmail.com> > wrote: > > > > I have a web server running in a jail that needs to send mail. The web > > server script is configured properly and I get mail from it > > intermittently... meaning, every once and a while but not reliably at > all. > > Here's the kicker: all the sendmail requests show up properly in > > /var/log/maillog but most are just never received. They seem to vanish. > I'm > > confused how this could happen. I can reliably send mail from the command > > line inside the jail. > > > > Here is a recent snipped from the log entries trying to send mail from > the > > script. I've anonymized the email and domains to protect the innocent: > > > > May 30 16:15:03 webjail sendmail[54383]: u4UMF24X054383: from=www, > > size=1911, class=0, nrcpts=1, msgid=< > > 54bd126df09223d3801a199e5d72f22a@my.securesite.com>, relay=www@localhost > > May 30 16:15:03 webjail sm-mta[54384]: STARTTLS=server, relay=[10.0.0.1], > > version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, > bits=256/256 > > May 30 16:15:03 webjail sendmail[54383]: STARTTLS=client, > > relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, > > cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 > > May 30 16:15:03 webjail sm-mta[54384]: u4UMF38c054384: from=<www@webjail > >, > > size=2021, class=0, nrcpts=1, msgid=< > > 54bd126df09223d3801a199e5d72f22a@my.securesite.com>, proto=ESMTPS, > > daemon=Daemon0, relay=[10.0.0.1] > > May 30 16:15:03 webjail sendmail[54383]: u4UMF24X054383: to=Noreen > Somebody > > <noreensomebody@gmail.com>, ctladdr=www (80/80), delay=00:00:00, > > xdelay=00:00:00, mailer=relay, pri=31911, relay=[127.0.0.1] [127.0.0.1], > > dsn=2.0.0, stat=Sent (u4UMF38c054384 Message accepted for delivery) > > May 30 16:15:03 webjail sendmail[54387]: u4UMF31m054387: from=www, > > size=1128, class=0, nrcpts=1, msgid=< > > 7ecf1131971053c7881ba0295d547c7e@my.securesite.com>, relay=www@localhost > > May 30 16:15:03 webjail sm-mta[54388]: STARTTLS=server, relay=[10.0.0.1], > > version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, > bits=256/256 > > May 30 16:15:03 webjail sendmail[54387]: STARTTLS=client, > > relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, > > cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 > > May 30 16:15:03 webjail sm-mta[54386]: STARTTLS=client, relay= > > gmail-smtp-in.l.google.com., version=TLSv1.2, verify=FAIL, > > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 > > May 30 16:15:03 webjail sm-mta[54388]: u4UMF3lu054388: from=<www@webjail > >, > > size=1238, class=0, nrcpts=1, msgid=< > > 7ecf1131971053c7881ba0295d547c7e@my.securesite.com>, proto=ESMTPS, > > daemon=Daemon0, relay=[10.0.0.1] > > May 30 16:15:03 webjail sendmail[54387]: u4UMF31m054387: to=Noreen > Somebody > > <noreensomebody@gmail.com>, ctladdr=www (80/80), delay=00:00:00, > > xdelay=00:00:00, mailer=relay, pri=31128, relay=[127.0.0.1] [127.0.0.1], > > dsn=2.0.0, stat=Sent (u4UMF3lu054388 Message accepted for delivery) > > May 30 16:15:04 webjail sendmail[54391]: u4UMF3W9054391: from=www, > > size=987, class=0, nrcpts=2, msgid=< > > 9b64a1b5489988ac34a99a92bb95d501@my.securesite.com>, relay=www@localhost > > May 30 16:15:04 webjail sendmail[54391]: STARTTLS=client, > > relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, > > cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 > > May 30 16:15:04 webjail sm-mta[54392]: STARTTLS=server, relay=[10.0.0.1], > > version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, > bits=256/256 > > May 30 16:15:04 webjail sm-mta[54390]: STARTTLS=client, relay= > > gmail-smtp-in.l.google.com., version=TLSv1.2, verify=FAIL, > > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 > > May 30 16:15:04 webjail sm-mta[54386]: u4UMF38c054384: to=< > > noreensomebody@gmail.com>, ctladdr=<www@webjail> (80/80), > delay=00:00:01, > > xdelay=00:00:01, mailer=esmtp, pri=32021, relay= > gmail-smtp-in.l.google.com. > > [74.125.126.26], dsn=2.0.0, stat=Sent (OK 1464646504 127si27813404itv.11 > - > > gsmtp) > > May 30 16:15:04 webjail sm-mta[54392]: u4UMF4Dq054392: from=<www@webjail > >, > > size=1070, class=0, nrcpts=2, msgid=< > > 9b64a1b5489988ac34a99a92bb95d501@my.securesite.com>, proto=ESMTPS, > > daemon=Daemon0, relay=[10.0.0.1] > > May 30 16:15:04 webjail sendmail[54391]: u4UMF3W9054391: to= > > info@securesite.com,"SecureSite Admin" <admin@securesite.com>, > ctladdr=www > > (80/80), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=60987, > > relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u4UMF4Dq054392 > Message > > accepted for delivery) > > May 30 16:15:04 webjail sm-mta[54390]: u4UMF3lu054388: to=< > > noreensomebody@gmail.com>, ctladdr=<www@webjail> (80/80), > delay=00:00:01, > > xdelay=00:00:01, mailer=esmtp, pri=31238, relay= > gmail-smtp-in.l.google.com. > > [173.194.198.26], dsn=2.0.0, stat=Sent (OK 1464646505 69si3936877ioe.191 > - > > gsmtp) > > May 30 16:15:04 webjail sm-mta[54394]: STARTTLS=client, relay= > > aspmx.l.google.com., version=TLSv1.2, verify=FAIL, > > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 > > May 30 16:15:04 webjail sm-mta[54394]: u4UMF4Dq054392: to=< > > admin@securesite.com>,<info@securesite.com>, ctladdr=<www@webjail> > (80/80), > > delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=61070, relay= > > aspmx.l.google.com. [74.125.70.27], dsn=2.0.0, stat=Sent (OK 1464646505 > > f3si40822457ioa.19 - gsmtp) > > > > From what I can see the mail is going out fine but I never receive it. In > > this case it's To: noreensomebody@gmail.com, who is a customer, and > BCC: or > > CC: admin@securesite.com which is my email. > > > > Some details: > > - FreeBSD 10.x with latest patches > > - jail only runs Apache/PHP, sendmail, cron and syslog > > - jail bound to lo1 as 10.0.0.1, no external interfaces > > - Internal Sendmail running as a daemon > > - no sendmail entry in the jail's /etc/rc.conf or /etc/rc.local > > - mail is not being blocked by the firewall on the host > > - host is running on DigitalOcean's public cloud. I don't know if they do > > any outbound mail filtering to hosted customer services (doubtful) > > > > Any thoughts on how to better diagnose this issue? Should I try to use an > > external SMTP server? Ultimately I need to get the built-in Sendmail > > working reliably however. > > > > If I send mail to one of my own email addresses from the command line, I > do > > get the email. Here's what that log looks like. Maybe I'm missing > something > > obvious in the previous log. > > > > [CODE]May 30 18:12:33 webjail sendmail[54911]: u4V0CWsL054911: from=root, > > size=95, class=0, nrcpts=1, msgid=<201605310012.u4V0CWsL054911@webjail>, > > relay=root@localhost > > May 30 18:12:33 webjail sendmail[54911]: STARTTLS=client, > > relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, > > cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256 > > May 30 18:12:33 webjail sm-mta[54912]: STARTTLS=server, relay=[10.0.0.1], > > version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, > bits=256/256 > > May 30 18:12:33 webjail sm-mta[54912]: u4V0CXLL054912: from=<root@webjail > >, > > size=395, class=0, nrcpts=1, msgid=<201605310012.u4V0CWsL054911@webjail > >, > > proto=ESMTPS, daemon=Daemon0, relay=[10.0.0.1] > > May 30 18:12:33 webjail sendmail[54911]: u4V0CWsL054911: to= > > me@mytestsite.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, > > mailer=relay, pri=30095, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, > > stat=Sent (u4V0CXLL054912 Message accepted for delivery) > > May 30 18:12:33 webjail sm-mta[54914]: STARTTLS=client, relay= > > aspmx.l.google.com., version=TLSv1.2, verify=FAIL, > > cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128 > > May 30 18:12:34 webjail sm-mta[54914]: u4V0CXLL054912: to=< > me@mytestsite.com>, > > ctladdr=<root@webjail> (0/0), delay=00:00:01, xdelay=00:00:01, > > mailer=esmtp, pri=30395, relay=aspmx.l.google.com. [74.125.193.26], > > dsn=2.0.0, stat=Sent (OK 1464653554 i78si28053286ita.45 - gsmtp) > > > > Thanks, > > Kelly > > _______________________________________________ > > freebsd-questions@freebsd.org mailing list > > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" > > > > Could be SPF or spam filtering type of issue? Take a look at the > headers on the mail you do receive. Did you try using telnet / > openssl s_client to send email from the jail? > > An SMTP service might be a good idea, there are many which offer > free/gratis accounts for low/small volumes. > > -- > Waitman Gobble > Los Altos California USA > 510-830-7975 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to " > freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAJunRnKR_joQ7p5veWEe9BSVqpWQxqRKzY8e5nPRAPLfrPHKbA>