Re: Import of DragonFly Mail Agent

From: Bryan Drewery <bdrewery_at_FreeBSD.org>
Date: Mon, 24 Feb 2014 09:40:26 -0600
On 2/23/2014 3:11 PM, Baptiste Daroussin wrote:
> Hi,
> 
> As some of you may have noticed, I have imorted a couple of days ago dma
> (DragonFly Mail Agent) in base. I have been asked to explain my motivation so
> here they are.
> 
> DragonFly Mail Agent is a minimalistic mailer that is able to relay mails to
> some smtp servers (with TLS, authentication and so on)
> 
> It supports MASQUERADE and NULLCLIENT, and is able to deliver mails locally
> (respecting aliases).
> 
> I imported it because dma is lightweight, BSD license and easy to use.
> 

IMHO base should be the very minimalistic needs to get a server online,
and should be secure and simple by default. Being able to connect to the
server sending *out* messages to the world is quite important. Receiving
and processing messages is not. I.e., there is no httpd, it is not
critical for operation of system. There is no desktop environment or
scripting language as they are not critical.

Anything not meeting the bare-bones criteria can be installed with 'pkg
install' or ports.

Having an full smtpd in base scares me as I never know if it is
configured to prevent relaying or not. I go to extremes and block port
25/587 to be sure.

Remembering the time I spent trying to configure sendmail to not accept
inbound mail, and trying to get it to behave how I want, I fully support
this. Of all the years I've messed with sendmail, I still have little
understanding of how to configure it or if I've done it right.

My exaggerated view of sendmail as a user:

> # grep sendmail /etc/defaults/rc.conf
> mta_start_script="/etc/rc.sendmail"
> # Settings for /etc/rc.sendmail and /etc/rc.d/sendmail:
> sendmail_enable="NO"    # Run the sendmail inbound daemon (YES/NO).
> sendmail_pidfile="/var/run/sendmail.pid"        # sendmail pid file
> sendmail_procname="/usr/sbin/sendmail"          # sendmail process name
> sendmail_flags="-L sm-mta -bd -q30m" # Flags to sendmail (as a server)
> sendmail_submit_enable="YES"    # Start a localhost-only MTA for mail submission
> sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
> sendmail_outbound_enable="YES"  # Dequeue stuck mail (YES/NO).
> sendmail_outbound_flags="-L sm-queue -q30m" # Flags to sendmail (outbound only)
> sendmail_msp_queue_enable="YES" # Dequeue stuck clientmqueue mail (YES/NO).
> sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
>                                 # Flags for sendmail_msp_queue daemon.
> sendmail_rebuild_aliases="NO"   # Run newaliases if necessary (YES/NO).

>  # grep sendmail /etc/rc.conf
> sendmail_enable="NO"
> sendmail_submit_enable="YES"
> sendmail_outbound_enable="NO"
> sendmail_msp_queue_enable="YES"

This is quite obscure. Sendmail is not enabled? Outbound is not enabled?
Sure they are. Submit is enabled? Is that port 587? 0.0.0.0:25? I don't
want that.

The RC script also leads to much confusion in this configuration:

> # service sendmail stop
> Stopping sendmail.
> Waiting for PIDS: 80956.
> sendmail_submit not running? (check /var/run/sendmail.pid).
> Stopping sendmail_clientmqueue.
> Waiting for PIDS: 81322.

It wasn't running? Was it broken? Is that why I couldn't send mail?

> # service sendmail start
> Cannot 'start' sendmail. Set sendmail_enable to YES in /etc/rc.conf or use 'onestart' instead of 'start'.

Oh, it didn't start?

>  # ps uaxw|grep sendmail
> root       64518  0.0  0.1  6020  2980  ??  Ss   10:19AM   0:00.00 sendmail: accepting connections (sendmail)
> smmsp      64726  0.0  0.1  6020  2924  ??  Ss   10:19AM   0:00.00 sendmail: Queue runner_at_00:30:00 for /var/spool/clientmqueue (sendmail)

Oh.

Can I restart?

> # service sendmail restart
> Cannot 'restart' sendmail. Set sendmail_enable to YES in /etc/rc.conf or use 'onerestart' instead of 'restart'.
> Stopping sendmail_submit.

Oh it looks dead again.

>  # ps uaxw|grep sendmail
> smmsp      64726  0.0  0.0  6020     0  ??  IWs  -         0:00.00 sendmail: Queue runner_at_00:30:00 for /var/spool/clientmqueue (sendmail)
> root       88210  0.0  0.1  6020  3008  ??  Ss   10:20AM   0:00.00 sendmail: accepting connections (sendmail)
> root       93369  0.0  0.1  3464  1296  18  S+   10:20AM   0:00.00 grep sendmail

Nope.

RC script bugs aside, how about modifying the actual configuration?

> [/etc/mail] # ls
> ./                    README                aliases.db            freebsd.submit.cf     mailer.conf           submit.cf
> ../                   access.sample         freebsd.cf            freebsd.submit.mc     mailertable.sample    virtusertable.sample
> Makefile              aliases               freebsd.mc            helpfile              sendmail.cf

*lost*

I just want to relay elsewhere.

> # grep -i relay *|wc -l
>      232

Having done this before I know it is SMART_HOST:

> # grep SMART *
> freebsd.mc:dnl define(`SMART_HOST', `your.isp.mail.server')

So do I edit this mc file? Then what? run make? Do I need it in the
freebsd.submit.mc too?

sendmail 1, bryan 0.

https://github.com/corecode/dma/blob/master/dma.conf:

> # Your smarthost (also called relayhost).  Leave blank if you don't want
> # smarthost support.
> # NOTE: on Debian systems this is handled via debconf!
> # Please use dpkg-reconfigure dma to change this value.
> #SMARTHOST

Oh look right there at the top, SMARTHOST for relay. Done.

> # Uncomment if yout want TLS/SSL support
> #SECURETRANSFER
> 
> # Uncomment if you want STARTTLS support (only used in combination with
> # SECURETRANSFER)
> #STARTTLS

Yes please. Simple.

I'm not sure where to even start with sendmail to enable those options.

-- 
Regards,
Bryan Drewery
Received on Mon Feb 24 2014 - 14:40:41 UTC

This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:40:47 UTC