Prevent sendmail from binding to port 25, but still deliver mail
A. Farber
we have here SAP 7.00 running at two RHEL 5.1 servers
and its XI-module (whatever that is) binds to port 25, causing:
[root@ablsap04 mail]# tail /var/log/maillog
Jul 8 22:45:46 ablsap04 sendmail[29827]: daemon MTA: problem creating
SMTP socket
Jul 8 22:45:51 ablsap04 sendmail[29827]: NOQUEUE: SYSERR(root):
opendaemonsocket: daemon MTA: cannot bind: Address already in use
I would like however to configure sendmail,
so that it is still possible to send mail from command
line and also to send the mail sent to root etc.
(we have the line "root: i...@XXX.com" in /etc/aliases).
My understanding is that sendmail is usually configured
to listen to port 25 at localhost, but this is optional,
to make the few programs happy which wish to send
their mails by SMTP instead of calling /usr/sbin/sendmail
For my purposes I could get rid of it, correct?
My problem is that I don't know how to prevent
sendmail from starting and binding to port 25.
I've tried commenting out the line:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
or the:
MAILER(smtp)dnl
- but it doesn't do what I want, sendmail still tries
(and fails) to bind to the (already occupied) port 25.
chkconfig sendmail off
service sendmail stop
- is not an option either because then I won't get
the mails to root forwarded to our i...@XXX.com.
Any hints please?
Regards
Alex
PS: The original sendmail.mc is here:
[root@ablsap04 mail]# grep -v ^dnl sendmail.mc
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`SMART_HOST', `abllns02.internal.XXX.com')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS',
`authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MASQUERADE_AS(`XXX.com')dnl
FEATURE(masquerade_entire_domain)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Grant Taylor
> we have here SAP 7.00 running at two RHEL 5.1 servers and its
> XI-module (whatever that is) binds to port 25, causing:
Is SAP binding to both the external and the loopback interface?
Can you configure SAP to only bind to the external interface and allow
Sendmail to bind to the loopback interface? I think this would provide
what you are wanting.
> I would like however to configure sendmail, so that it is still
> possible to send mail from command line and also to send the mail
> sent to root etc. (we have the line "root: i...@XXX.com" in
> /etc/aliases).
*nod*
> My understanding is that sendmail is usually configured to listen to
> port 25 at localhost, but this is optional, to make the few programs
> happy which wish to send their mails by SMTP instead of calling
> /usr/sbin/sendmail
*nod*
> For my purposes I could get rid of it, correct?
You can probably get away with not having Sendmail bind to port 25 (any
where), but you will need something to be listening for the things that
want to speak SMTP.
> My problem is that I don't know how to prevent sendmail from starting
> and binding to port 25.
You can tell Sendmail to bind to a different port, say 2525.
> I've tried commenting out the line:
> DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
I don't know if there is a default MTA like there is a default MSA.
> or the: MAILER(smtp)dnl
You don't want to do this. the SMTP "Mailer" is one of the mailers that
Sendmail uses to speak SMTP to other systems when sending email.
> - but it doesn't do what I want, sendmail still tries (and fails) to
> bind to the (already occupied) port 25.
Nope, it will only interfere with sending to SMTP servers. (Note:
ESMTP servers may use a different mailer. I don't recall if the
MAILER(smtp) defines the esmtp mailers or not.)
> chkconfig sendmail off & service sendmail stop
>
> - is not an option either because then I won't get the mails to root
> forwarded to our i...@XXX.com.
Right.
> Any hints please?
See if you can get SAP to only listen to one interface.
Another option would be to not have SAP listen on port 25. Rather have
it listen elsewhere. Then configure Sendmail to be your MTA and have it
pass messages in to SAP either by SMTP to a different port or via an LDA
that interfaces with SAP.
Grant. . . .
A. Farber
we have here SAP 7.00 running at two RHEL 5.1 servers
and its XI-module (whatever that is) binds to port 25, causing:
[root@ablsap04 mail]# tail /var/log/maillog
Jul 8 22:45:46 ablsap04 sendmail[29827]: daemon MTA: problem creating
SMTP socket
Jul 8 22:45:51 ablsap04 sendmail[29827]: NOQUEUE: SYSERR(root):
opendaemonsocket: daemon MTA: cannot bind: Address already in use
I would like however to configure sendmail,
so that it is still possible to send mail from command
line and also to send the mail sent to root etc.
(we have the line "root: i...@XXX.com" in /etc/aliases).
My understanding is that sendmail is usually configured
to listen to port 25 at localhost, but this is optional,
to make the few programs happy which wish to send
their mails by SMTP instead of calling /usr/sbin/sendmail
For my purposes I could get rid of it, correct?
My problem is that I don't know how to prevent
sendmail from starting and binding to port 25.
I've tried commenting out the line:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
or the:
MAILER(smtp)dnl
- but it doesn't do what I want, sendmail still tries
(and fails) to bind to the (already occupied) port 25.
chkconfig sendmail off
service sendmail stop
- is not an option either because then I won't get
the mails to root forwarded to our i...@XXX.com.
Any hints please?
Per Hedeland
<kera...@ceid.upatras.gr> writes:
>On Tue, 8 Jul 2008 14:11:17 -0700 (PDT), "A. Farber"
><Alexande...@gmail.com> wrote:
>>
>> I would like however to configure sendmail, so that it is still
>> possible to send mail from command line and also to send the mail sent
>> to root etc. (we have the line "root: i...@XXX.com" in /etc/aliases).
>
>(address: 127.0.0.1, port: 587):
>
> FEATURE(`no_default_msa')
> DAEMON_OPTIONS(`Addr=127.0.0.1, Port=submission, Name=MSA')
That's definitely the way to go - the incantation is a bit "weird" since
you start out by deleting the MSA which is the one you actually want,
but I can't see any "better" way to do it.
>Then local email submission will still work for /usr/sbin/sendmail
>users,
Almost - the MSP uses port 25 by default, so you have to change
submit.mc too:
FEATURE(`msp', `[127.0.0.1]', `MSA')
- see cf/README.
--Per Hedeland
p...@hedeland.org
A. Farber
On 8 Jul., 23:36, Grant Taylor <gtay...@riverviewtech.net> wrote:
> On 07/08/08 16:11, A. Farber wrote:
> Can you configure SAP to only bind to the external interface and allow
> Sendmail to bind to the loopback interface? I think this would provide
> what you are wanting.
yes, currently SAP occupies everything:
[root@ablsap04 mail]# lsof -i|grep smtp
icman 10572 txiadm 27u IPv4 2444801 TCP *:smtp (LISTEN)
[root@ablsap04 mail]# netstat -an |grep -w 25
tcp 0 0 0.0.0.0:25
0.0.0.0:* LISTEN
and it is difficult for me to change it
(the SAP installation is maintained by externals).
> You can tell Sendmail to bind to a different port, say 2525.
I've modified the DAEMON_OPTIONS to:
DAEMON_OPTIONS(`Port=2525,Addr=127.0.0.1, Name=MTA')dnl
and see, that sendmail binds to port 2525 ok now,
but when I send a mail to root from command line I get:
Jul 9 15:26:09 ablsap04 sendmail[6861]:
starting daemon (8.13.8): SMTP+queueing@01:00:00
Jul 9 15:26:09 ablsap04 sm-msp-queue[6869]:
starting daemon (8.13.8): queueing@01:00:00
Jul 9 15:26:22 ablsap04 sendmail[6875]:
m69DQMWj006875: from=root, size=72, class=0, nrcpts=1, msgid=<200807
091326.m69...@ablsap04.internal.XXX.com>, relay=root@localhost
Jul 9 15:26:22 ablsap04 sendmail[6875]: m69DQMWj006875: to=root,
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay,
pri=30072, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service
unavailable
Jul 9 15:26:22 ablsap04 sendmail[6875]:
m69DQMWj006875: m69DQMWk006875: DSN: Service unavailable
Jul 9 15:26:22 ablsap04 sendmail[6875]:
m69DQMWk006875: to=root, delay=00:00:00, xdelay=00:00:00,
mailer=relay,
pri=31096, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0, stat=Service
unavailable
Jul 9 15:26:22 ablsap04 sendmail[6875]:
m69DQMWk006875: m69DQMWl006875: return to sender: Service unavailable
Jul 9 15:26:22 ablsap04 sendmail[6875]:
m69DQMWl006875: to=postmaster, delay=00:00:00, xdelay=00:00:00, mail
er=relay, pri=32120, relay=[127.0.0.1] [127.0.0.1], dsn=5.0.0,
stat=Service unavailable
Jul 9 15:26:22 ablsap04 sendmail[6875]:
m69DQMWk006875: Losing ./qfm69DQMWk006875: savemail panic
Jul 9 15:26:22 ablsap04 sendmail[6875]:
m69DQMWk006875: SYSERR(root): savemail: cannot save rejected email
anywhere
What is happening here please?
Why doesn't "mail root" call /usr/sbin/sendmail which
in turn would contact abllns02.internal.XXX.com at port 25
and just send my mail message?
> > I've tried commenting out the line:
> > DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
>
> I don't know if there is a default MTA like there is a default MSA.
Sorry, I don't understand what you mean here.
I've noticed there is a FEATURE(no_default_msa)
while reading the sendmail doc...
> > or the: MAILER(smtp)dnl
>
> You don't want to do this. the SMTP "Mailer" is one of the mailers that
> Sendmail uses to speak SMTP to other systems when sending email.
Ok, that what I thought as well and of course I need it.
>
> > - but it doesn't do what I want, sendmail still tries (and fails) to
> > bind to the (already occupied) port 25.
>
> Nope, it will only interfere with sending to SMTP servers. (Note:
> ESMTP servers may use a different mailer. I don't recall if the
> MAILER(smtp) defines the esmtp mailers or not.)
Thank you
Alex
PS: Isn't there a FEATURE or some other .mc directive
to prevent sendmail from binding to any port?
Giorgos Keramidas
>
> we have here SAP 7.00 running at two RHEL 5.1 servers
> and its XI-module (whatever that is) binds to port 25, causing:
>
> [root@ablsap04 mail]# tail /var/log/maillog
> Jul 8 22:45:46 ablsap04 sendmail[29827]: daemon MTA: problem creating> SMTP socket
> Jul 8 22:45:51 ablsap04 sendmail[29827]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Address already in use
>
> I would like however to configure sendmail, so that it is still
> possible to send mail from command line and also to send the mail sent
> to root etc. (we have the line "root: i...@XXX.com" in /etc/aliases).
You can configure Sendmail to listen to localhost:submission only
(address: 127.0.0.1, port: 587):
FEATURE(`no_default_msa')
DAEMON_OPTIONS(`Addr=127.0.0.1, Port=submission, Name=MSA')
Then local email submission will still work for /usr/sbin/sendmail
users, and your Sendmail installation will still work as an SMTP
*client* for other, remote hosts. You already have a SMART_HOST
configured:
> define(`SMART_HOST', `abllns02.internal.XXX.com')dnl
so Sendmail will keep forwarding emails to `abllns02.internal.XXX.com'
as an SMTP client, but only listen on localhost:submission for email
messages submitted by local processes.
Grant Taylor
> yes, currently SAP occupies everything:
>
> [root@ablsap04 mail]# lsof -i|grep smtp
> icman 10572 txiadm 27u IPv4 2444801 TCP *:smtp (LISTEN)
>
> [root@ablsap04 mail]# netstat -an |grep -w 25
> tcp 0 0 0.0.0.0:25
> 0.0.0.0:* LISTEN
>
> and it is difficult for me to change it
> (the SAP installation is maintained by externals).
*sigh* That will make things more difficult on you.
Can you request that things be changed?
> I've modified the DAEMON_OPTIONS to:
>
> DAEMON_OPTIONS(`Port=2525,Addr=127.0.0.1, Name=MTA')dnl
>
> and see, that sendmail binds to port 2525 ok now,
> but when I send a mail to root from command line I get:
<snip>
> What is happening here please?
For some reason Sendmail is unable to deliver the message. Do you have
an LDA defined and can Sendmail run it?
> Why doesn't "mail root" call /usr/sbin/sendmail which
> in turn would contact abllns02.internal.XXX.com at port 25
> and just send my mail message?
I don't know. Perhaps someone else can better answer that question.
> Sorry, I don't understand what you mean here.
> I've noticed there is a FEATURE(no_default_msa)
> while reading the sendmail doc...
*nod*
This turns off the default instance of the
"DAEMON_OPTIONS(`Port=25...')", thus allowing you to do what you want
with it.
> Ok, that what I thought as well and of course I need it.
*nod*
> Thank you
You are welcome.
> PS: Isn't there a FEATURE or some other .mc directive
> to prevent sendmail from binding to any port?
Not that I know of. I suppose you could try just using
FEATURE(no_default_msa) and not defining another DAEMON_OPTIONS line.
Though I don't know what would happen.
Grant. . . .
A. Farber
On 9 Jul., 19:31, p...@hedeland.org (Per Hedeland) wrote:
> In article <87lk0bdt1w....@kobe.laptop> Giorgos Keramidas
> >You can configure Sendmail to listen to localhost:submission only
> >(address: 127.0.0.1, port: 587):
>
> > FEATURE(`no_default_msa')
> > DAEMON_OPTIONS(`Addr=127.0.0.1, Port=submission, Name=MSA')
>
> >Then local email submission will still work for /usr/sbin/sendmail users,
>
> Almost - the MSP uses port 25 by default, so you have to change
> submit.mc too:
>
> FEATURE(`msp', `[127.0.0.1]', `MSA')
I've tried adding those 3 lines to sendmail.mc and submit.mc
but get this error when running "mail root" at the CLI:
Jul 10 15:46:55 ablsap03 sendmail[20268]: starting daemon (8.13.8):
SMTP+queueing@01:00:00
Jul 10 15:46:55 ablsap03 sm-msp-queue[20276]: starting daemon
(8.13.8): queueing@01:00:00
Jul 10 15:47:35 ablsap03 sendmail[20286]: m6ADlZDs020286: from=root,
size=64, class=0, nrcpts=1,
msgid=<200807101347....@ablsap03.internal.XXX.com>,
relay=root@localhost
Jul 10 15:47:35 ablsap03 sendmail[20287]: m6ADlZt2020287:
from=<ro...@ablsap03.internal.XXX.com>, size=398, class=0, nrcpts=1,
msgid=<20080710
1347.m6AD...@ablsap03.internal.XXX.com>, proto=ESMTP,
daemon=MSA, relay=localhost.localdomain [127.0.0.1]
Jul 10 15:47:35 ablsap03 sendmail[20286]: m6ADlZDs020286: to=root,
ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay,
pri=30064,
relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m6ADlZt2020287
Message accepted for delivery)
Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020287:
SYSERR(root): buildaddr: unknown mailer unknown: Unknown error
18446744073709520627
Jul 10 15:47:35 ablsap03 last message repeated 2 times
Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020287:
m6ADlZt2020288: postmaster notify: buildaddr: unknown mailer unknown:
Unknown error 18
446744073709520627
Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020288:
SYSERR(root): buildaddr: unknown mailer unknown: Unknown error
18446744073709520627
Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020288:
SYSERR(root): buildaddr: unknown mailer unknown: Unknown error
18446744073709520627
Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020288:
m6ADlZt3020288: return to sender: buildaddr: unknown mailer unknown:
Unknown error 184
46744073709520627
Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt3020288:
SYSERR(root): buildaddr: unknown mailer unknown: Unknown error
18446744073709520627
Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020288: Losing ./
qfm6ADlZt2020288: savemail panic
Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020288:
SYSERR(root): savemail: cannot save rejected email anywhere
Here are my current config files:
[root@ablsap03 mail]# grep -v ^dnl sendmail.mc
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`SMART_HOST', `abllns02.internal.XXX.com')dnl
FEATURE(`no_default_msa')dnl
DAEMON_OPTIONS(`Addr=127.0.0.1, Port=submission, Name=MSA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MASQUERADE_AS(`novero.com')dnl
FEATURE(masquerade_entire_domain)dnl
MAILER(procmail)dnl
[root@ablsap03 mail]# grep -v ^dnl submit.mc
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`linux setup')dnl
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from
complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confPID_FILE', `/var/run/sm-client.pid')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`msp', `[127.0.0.1]', `MSA')dnl
[root@ablsap03 mail]# cat /var/run/sendmail.pid
20268
/usr/sbin/sendmail -bd -q1h
[root@ablsap03 mail]# ps uawwwx|grep sendmail
root 20268 0.0 0.0 66820 2296 ? Ss 15:46 0:00
sendmail: accepting connections
smmsp 20276 0.0 0.0 57576 1736 ? Ss 15:46 0:00
sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
Regards
Alex
PS: Grant, thanks - I've requested the SAP guys
to reduce their port bind from 0.0.0.0:25 to
the_ip_address:25. Still waiting for them....
Giorgos Keramidas
Ah, yes of course. I didn't keep reading my notes until the point where
the submit.mc patch was included:
diff -r 7e88d5f0694f -r 5c20649f3d89 submit.mc
--- a/submit.mc Tue May 15 15:58:14 2007 +0300
+++ b/submit.mc Tue May 15 16:16:46 2007 +0300
@@ -24,4 +24,4 @@ define(`confDONT_INIT_GROUPS', `True')dn
define(`confDONT_INIT_GROUPS', `True')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1]
-FEATURE(`msp', `[127.0.0.1]')dnl
+FEATURE(`msp', `[127.0.0.1]', `MSA')dnl
I should have been more careful. Many thanks for catching this, Per :-)
Per Hedeland
<b1fd5f4f-ee48-4938...@l42g2000hsc.googlegroups.com>
"A. Farber" <Alexande...@gmail.com> writes:
>
>Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020287:
>SYSERR(root): buildaddr: unknown mailer unknown: Unknown error
>18446744073709520627
>Here are my current config files:
>
>[root@ablsap03 mail]# grep -v ^dnl sendmail.mc
>include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
>VERSIONID(`setup for linux')dnl
>OSTYPE(`linux')dnl
>define(`SMART_HOST', `abllns02.internal.XXX.com')dnl
[snip]
>FEATURE(masquerade_entire_domain)dnl
>MAILER(procmail)dnl
You're missing MAILER(local) and MAILER(smtp).
--Per Hedeland
p...@hedeland.org
A. Farber
> "A. Farber" <Alexander.Far...@gmail.com> writes:
>
> >Jul 10 15:47:35 ablsap03 sendmail[20288]: m6ADlZt2020287:
> >SYSERR(root): buildaddr: unknown mailer unknown: Unknown error
> >18446744073709520627
> You're missing MAILER(local) and MAILER(smtp).
Oh sorry - I'll try adding it next week.
In the meantime SAP guys have modified their program
to listen on the NIC address only and now sendmail works:
[root@ablsap03 mail]# netstat -an |grep LISTEN|grep 25
tcp 0 0 127.0.0.1:25
0.0.0.0:* LISTEN
tcp 0 0 10.121.42.44:25
0.0.0.0:* LISTEN
[root@ablsap03 mail]# lsof -i | grep smtp
icman 21017 pxiadm 27u IPv4 5656809 TCP ablsap03:smtp
(LISTEN)
sendmail 21217 root 4u IPv4 5657655 TCP
localhost.localdomain:smtp (LISTEN)
Regards
Alex