From owner-freebsd-current@FreeBSD.ORG Mon Feb 24 15:40:41 2014 Return-Path: Delivered-To: current@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id DB403DC8 for ; Mon, 24 Feb 2014 15:40:40 +0000 (UTC) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:1900:2254:206c::16:87]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id B9FE31510 for ; Mon, 24 Feb 2014 15:40:40 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.7/8.14.7) with ESMTP id s1OFeeaT020486 for ; Mon, 24 Feb 2014 15:40:40 GMT (envelope-from bdrewery@freefall.freebsd.org) Received: (from bdrewery@localhost) by freefall.freebsd.org (8.14.8/8.14.8/Submit) id s1OFeekn020485 for current@FreeBSD.org; Mon, 24 Feb 2014 15:40:40 GMT (envelope-from bdrewery) Received: (qmail 94401 invoked from network); 24 Feb 2014 09:40:38 -0600 Received: from unknown (HELO ?10.10.0.24?) (freebsd@shatow.net@10.10.0.24) by sweb.xzibition.com with ESMTPA; 24 Feb 2014 09:40:38 -0600 Message-ID: <530B67EA.1090102@FreeBSD.org> Date: Mon, 24 Feb 2014 09:40:26 -0600 From: Bryan Drewery Organization: FreeBSD User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Baptiste Daroussin , current@FreeBSD.org Subject: Re: Import of DragonFly Mail Agent References: <20140223211155.GS1699@ithaqua.etoilebsd.net> In-Reply-To: <20140223211155.GS1699@ithaqua.etoilebsd.net> X-Enigmail-Version: 1.6 OpenPGP: id=6E4697CF; url=http://www.shatow.net/bryan/bryan2.asc Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 24 Feb 2014 15:40:41 -0000 On 2/23/2014 3:11 PM, Baptiste Daroussin wrote: > Hi, > > As some of you may have noticed, I have imorted a couple of days ago dma > (DragonFly Mail Agent) in base. I have been asked to explain my motivation so > here they are. > > DragonFly Mail Agent is a minimalistic mailer that is able to relay mails to > some smtp servers (with TLS, authentication and so on) > > It supports MASQUERADE and NULLCLIENT, and is able to deliver mails locally > (respecting aliases). > > I imported it because dma is lightweight, BSD license and easy to use. > IMHO base should be the very minimalistic needs to get a server online, and should be secure and simple by default. Being able to connect to the server sending *out* messages to the world is quite important. Receiving and processing messages is not. I.e., there is no httpd, it is not critical for operation of system. There is no desktop environment or scripting language as they are not critical. Anything not meeting the bare-bones criteria can be installed with 'pkg install' or ports. Having an full smtpd in base scares me as I never know if it is configured to prevent relaying or not. I go to extremes and block port 25/587 to be sure. Remembering the time I spent trying to configure sendmail to not accept inbound mail, and trying to get it to behave how I want, I fully support this. Of all the years I've messed with sendmail, I still have little understanding of how to configure it or if I've done it right. My exaggerated view of sendmail as a user: > # grep sendmail /etc/defaults/rc.conf > mta_start_script="/etc/rc.sendmail" > # Settings for /etc/rc.sendmail and /etc/rc.d/sendmail: > sendmail_enable="NO" # Run the sendmail inbound daemon (YES/NO). > sendmail_pidfile="/var/run/sendmail.pid" # sendmail pid file > sendmail_procname="/usr/sbin/sendmail" # sendmail process name > sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server) > sendmail_submit_enable="YES" # Start a localhost-only MTA for mail submission > sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost" > sendmail_outbound_enable="YES" # Dequeue stuck mail (YES/NO). > sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only) > sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO). > sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m" > # Flags for sendmail_msp_queue daemon. > sendmail_rebuild_aliases="NO" # Run newaliases if necessary (YES/NO). > # grep sendmail /etc/rc.conf > sendmail_enable="NO" > sendmail_submit_enable="YES" > sendmail_outbound_enable="NO" > sendmail_msp_queue_enable="YES" This is quite obscure. Sendmail is not enabled? Outbound is not enabled? Sure they are. Submit is enabled? Is that port 587? 0.0.0.0:25? I don't want that. The RC script also leads to much confusion in this configuration: > # service sendmail stop > Stopping sendmail. > Waiting for PIDS: 80956. > sendmail_submit not running? (check /var/run/sendmail.pid). > Stopping sendmail_clientmqueue. > Waiting for PIDS: 81322. It wasn't running? Was it broken? Is that why I couldn't send mail? > # service sendmail start > Cannot 'start' sendmail. Set sendmail_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'. Oh, it didn't start? > # ps uaxw|grep sendmail > root 64518 0.0 0.1 6020 2980 ?? Ss 10:19AM 0:00.00 sendmail: accepting connections (sendmail) > smmsp 64726 0.0 0.1 6020 2924 ?? Ss 10:19AM 0:00.00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) Oh. Can I restart? > # service sendmail restart > Cannot 'restart' sendmail. Set sendmail_enable to YES in /etc/rc.conf or use 'onerestart' instead of 'restart'. > Stopping sendmail_submit. Oh it looks dead again. > # ps uaxw|grep sendmail > smmsp 64726 0.0 0.0 6020 0 ?? IWs - 0:00.00 sendmail: Queue runner@00:30:00 for /var/spool/clientmqueue (sendmail) > root 88210 0.0 0.1 6020 3008 ?? Ss 10:20AM 0:00.00 sendmail: accepting connections (sendmail) > root 93369 0.0 0.1 3464 1296 18 S+ 10:20AM 0:00.00 grep sendmail Nope. RC script bugs aside, how about modifying the actual configuration? > [/etc/mail] # ls > ./ README aliases.db freebsd.submit.cf mailer.conf submit.cf > ../ access.sample freebsd.cf freebsd.submit.mc mailertable.sample virtusertable.sample > Makefile aliases freebsd.mc helpfile sendmail.cf *lost* I just want to relay elsewhere. > # grep -i relay *|wc -l > 232 Having done this before I know it is SMART_HOST: > # grep SMART * > freebsd.mc:dnl define(`SMART_HOST', `your.isp.mail.server') So do I edit this mc file? Then what? run make? Do I need it in the freebsd.submit.mc too? sendmail 1, bryan 0. https://github.com/corecode/dma/blob/master/dma.conf: > # Your smarthost (also called relayhost). Leave blank if you don't want > # smarthost support. > # NOTE: on Debian systems this is handled via debconf! > # Please use dpkg-reconfigure dma to change this value. > #SMARTHOST Oh look right there at the top, SMARTHOST for relay. Done. > # Uncomment if yout want TLS/SSL support > #SECURETRANSFER > > # Uncomment if you want STARTTLS support (only used in combination with > # SECURETRANSFER) > #STARTTLS Yes please. Simple. I'm not sure where to even start with sendmail to enable those options. -- Regards, Bryan Drewery