F9: Sendmail Issues...

Daniel B. Thurman dant at cdkkt.com
Sun Dec 21 23:54:09 UTC 2008 

Alexander Dalloz wrote:
> Daniel B. Thurman schrieb:
>   
>> I am having a bit of trouble getting sendmail to work
>> properly.  Strangely, I encountered something that I
>> never saw before (in messages log file when (re)starting
>> sendmail), but found resolution for, was this:
>>
>> in Messages log file:
>> STARTTLS: CRLFile missing
>>     
>
> If you have Sendmail setup to run TLS support it is complaining if a
> revocation list is missing. Although it depends on the log level of
> Sendmail whether you see the complaints in your log. See my last comment.
> The message itself is not harmful and Sendmail works with STARTTLS not
> having a CRL.
>
>   
>> The solution is:
>> 1) cd /etc/pki/tls/certs
>> 2) wget http://www.cacert.org/revoke.crl
>> 3) Edit /etc/mail/sendmail.mc and add line:
>>   define(`confCRL', `/usr/share/ssl/certs/revoke.crl')
>> 4) chcon -u system_u /etc/pki/tls/certs/revoke.crl
>> 5) service sendmail restart
>> ... and the message in messages no longer appears.
>>
>> With that out of the way, I am still unable to figure
>> out why I am not able to get Thunderbird (IMAP) to
>> connect to my local system, sendmail port 25.
>>     
>
> Sound as mixing IMAP and SMTP. Sendmail is an MTA, making use of the
> SMTP protocol, typically listening on port 25. You for sure know that.
> So you mean, using Thunderbird to send a mail talking to your Sendmail
> server fails? Please check your Thunderbird settings. Is it running on
> the same system as Sendmail? It may not and your Sendmail is bound to
> port 25 localhost only (which is the default setup). Please see the
> `DAEMON_OPTIONS' instructions in your sendmail.mc.
>
>   
>> But I do notice, that I can telnet localhost 25, and the sendmail
>> prompt appears, I can, on other machines local to my network
>> `telnet <host-under-test> 25' and sendmail prompts as well.
>>     
>
> `lsof -i :25' will tell you whether the MTA is just on localhost.
>
>   
>> I am still trying to figure this out to no resolution at this point,
>> and do not know what to do...
>>
>> Another issue.  I get the following, also appearing in Messages log file:
>>
>> Dec 21 14:08:01 bronze sendmail[10866]: mBLM81Fn010866: --- 250 2.0.0
>> mBLM81Fn010866 Message accepted for delivery
>> Dec 21 14:08:01 bronze sendmail[10865]: mBLM81eu010865: to=apache,
>> ctladdr=apache (48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay,
>> pri=30449, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent
>> (mBLM81Fn010866 Message accepted for delivery)
>> Dec 21 14:08:01 bronze sendmail[10868]: mBLM81Fn010866: alias
>> <apache at localhost.localdomain> => root
>> Dec 21 14:08:01 bronze sendmail[10868]: mBLM81Fn010866: alias root => dant
>> Dec 21 14:08:01 bronze sendmail[10866]: STARTTLS=read, info: fds=6/4, err=2
>> Dec 21 14:08:01 bronze sendmail[10866]: mBLM81Fo010866: <-- QUIT
>> Dec 21 14:08:01 bronze sendmail[10866]: mBLM81Fo010866: --- 221 2.0.0
>> localhost.localdomain closing connection
>> Dec 21 14:08:01 bronze sendmail[10866]: STARTTLS=server, SSL_shutdown
>> not done
>> Dec 21 14:08:01 bronze sendmail[10866]: mBLM81Fo010866: Milter
>> (clamav-milter): quit filter
>> Dec 21 14:08:20 bronze sendmail[10868]: mBLM81Fn010866: to=dant,
>> ctladdr=<apache at localhost.localdomain> (48/48), delay=00:00:19,
>> xdelay=00:00:19, mailer=local, pri=31141, dsn=2.0.0, stat=Sent
>> Dec 21 14:08:20 bronze sendmail[10868]: mBLM81Fn010866: done;
>> delay=00:00:19, ntries=1
>>
>> Clearly, apache is sending a local message of a problem,
>> but what I do not understand are these lines:
>>
>> 1) Dec 21 14:08:01 bronze sendmail[10866]: STARTTLS=read, info: fds=6/4,
>> err=2
>> 2) Dec 21 14:08:01 bronze sendmail[10866]: STARTTLS=server, SSL_shutdown
>> not done
>>
>> Does anyone have any suggestions what I can do for further
>> investigation as to what is going on, if there is a problem,
>> or if these issues can be fixed?
>>     
>
> I guess you have set your Sendmail log verbosity to a higher level. `9'
> is the default and should not print out so much informations. Do you
> have set LogLevel to 12 or higher? From `12' on you get TLS verification
> messages logged.
>
> You can deactivate STARTTLS for localhost communications of Sendmail by
> adding
>
> Srv_Features:localhost.localdomain S
>
> to your access file an building up a new access.db based on this.
>
> http://www.sendmail.org/m4/starttls.html
>
> You find all the TLS checks and logging messages in the Sendmail source
> code, i.e. in:
>
> http://www.sfr-fresh.com/unix/misc/sendmail.8.14.3.tar.gz:a/sendmail-8.14.3/sendmail/tls.c
>
> I don't know a document explaining the STARTTLS debug log messages in
> detail.
>
> For instance see line 1382 for logging "SSL_shutdown not done". So you
> are seeing a higher debug level here (>15). Following your mail flow
> from the shown maillog there is no problem. The mail was generated by
> user "apache" and successfully sent to "dant".
>   
Ah...  I get it.  I clean forgot that my imap server (dovecot) was not
configured and running, which explains exactly why Thunderbird
as IMAP was not finding a port 143!  Sheesh!  I think the snow and
ice here in Portland froze my brain!

Thanks for pointing out reminders that sendmail is SMTP (MTA) and
IMAP is another protocol! And thanks for the other suggestions
regarding TLS.

.... and yes, I have temporarily set loglevel to 68 - for debugging
purposes and will set it back to 9 when I am done.

Again, thanks for the chock full of information I can use!
Dan

More information about the fedora-list mailing list