netbsd-bugs: Re: install/21998: /etc/daily security mail broken, need to install

Subject: Re: install/21998: /etc/daily security mail broken, need to install
To: None <gnats-bugs@gnats.netbsd.org>
From: William Allen Simpson <wsimpson@greendragon.com>
List: netbsd-bugs
Date: 06/28/2003 20:16:09
To checkpoint and summarize the discussion, taking place on various 
lists, and giving credit where due....

=*=*=

Christian Limpach <chris@pin.lu> found a root cause:

The special handling you see is not involved in finding the host to which to 
submit mail.  Our netbsd-msp.mc uses the default MTAHost value which is 
`localhost'.  The sample submit.mc explicitly sets the MTAHost to 127.0.0.1, 
our netbsd-msp.mc should do the same.

Index: gnu/usr.sbin/sendmail/cf/cf/netbsd-msp.mc
===================================================================
RCS file: /cvs/netbsd/src/gnu/usr.sbin/sendmail/cf/cf/netbsd-msp.mc,v
retrieving revision 1.2
diff -u -r1.2 netbsd-msp.mc
--- gnu/usr.sbin/sendmail/cf/cf/netbsd-msp.mc   1 Apr 2003 03:19:19 -
0000       1.2
+++ gnu/usr.sbin/sendmail/cf/cf/netbsd-msp.mc   28 Jun 2003 15:34:07 -0000
@@ -2,4 +2,4 @@
 include(`../m4/cf.m4')
 VERSIONID(`@(#)netbsd-msp.mc   $Revision: 1.2 $')
 OSTYPE(bsd4.4)dnl
-FEATURE(`msp')dnl
+FEATURE(`msp', `[127.0.0.1]')dnl

=*=*=

Alan Barrett <apb@cequrux.com> confirmed:

Thank you!  The above change to netbsd-msp.mc causes the following change to
netbsd-msp.cf (which is also installed as /etc/mail/submit.cf):

  -D{MTAHost}[localhost]
  +D{MTAHost}[127.0.0.1]

and, with that change, sendmail on my test system no longer connects to
10.2.3.4 (which is the IP address of localhost.example.net in my test
environment).

=*=*=

Alan Barrett <apb@cequrux.com> and Andrew Brown <atatat@atatdot.net>
both suggested appending various lines to /etc/rc.conf:

    # Local mail delivery seems to require sendmail and smmsp.
    # For smmsp, the $smmsp_flags from /etc/defaults/rc.conf are OK.
    # For sendmail, append extra flags to make it bind only to localhost.
    smmsp=YES
    sendmail=YES ; sendmail_flags="${sendmail_flags}
            -ODaemonPortOptions=Family=inet,Addr=127.0.0.1,Name=MTA
            -ODaemonPortOptions=Family=inet6,Addr=::1,Name=MTA6"

=*=*=

This may solve the symptoms (I have not tried it yet), but not the 
underlying dilemma, eloquently expressed by 
"Wolfgang S. Rupprecht" <wolfgang+gnus20030628T082449@wsrcc.com>:

3) run sendmail in non-daemon mode out of cron every so often.  This
   is what I had in /etc/daily.local before I moved to postfix*:

    # cd to a safe directory in case something drops core.
    cd /tmp

    # Send all accumulated mail (mostly needed on the slave machines).
    # This is only a fall-back if the mail failed to go out at the
    # time it was sent.  (This can block on wlan portables, added
    # ampersand. -wsr) send stuff from main queue (should be empty on
    # all but capscium.wsrcc.com)
    /usr/sbin/sendmail -q0 &

    # send stuff from submit queue too.
    /usr/sbin/sendmail -Ac -q0 &

-wolfgang

* ironically I moved because sendmail had the highly annoying habit of
fully qualifying remote addresses, by appending my domain name.
Appending crap to "localhost" is the least of its problems.
-- 
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32