I have an OpenBSD 3.5 machine ("membrane") running sendmail 8.12.11. I want all mail originating on that machine to be delivered to my mail host ("nucleus"), instead of being delivered locally. I can't figure out any way to make this happen; no matter what I try, mail to root still gets delivered into the local /var/mail/ without ever making an attempt to contact the mail host.
<LJ-CUT text=" --More--(11%) ">
Setting SMART_HOST has worked on every Linux machine I've used in the last decade, so I don't see why it won't work here.
(This machine sends almost no mail -- just the occasional cron job -- so I don't want to hear any crap about how great something-other-than-sendmail is. Don't make me ban you.)
So, in /etc/mail/aliases, I have:
root: jwz
jwz: jwz@nucleus.dnalounge.com
/etc/rc.conf says:
- sendmail_flags="-L sm-mta -C/etc/mail/localhost.cf -bd -q30m"
In /usr/share/sendmail/cf/openbsd-localhost.mc I have:
- define(`SMART_HOST',`nucleus.dnalounge.com')
which means that /usr/share/sendmail/cf/openbsd-localhost.cf, /etc/mail/localhost.cf, and /etc/mail/sendmail.cf all say:
- DSnucleus.dnalounge.com
I also tried adding "DHnucleus" to the .cf files. No luck.
There is nothing in /etc/mail/local-host-names.
(Yes, I have newaliased, HUPped, and even rebooted.)
Oddly, doing "Mail jwz@dnalounge.com" produces a bounce from localhost that says
- MX list for dnalounge.com. points back to membrane.dnalounge.com
which is just not true!
% dig dnalounge.com mx | grep MX
;dnalounge.com. IN MX
dnalounge.com. 3600 IN MX 5 nucleus.dnalounge.com.
(Note, that's "internal" DNS, you will see different results if you run that from where you are sitting right now.)
When I do this:
% date | Mail -vs test jwz
jwz... Connecting to [127.0.0.1] via relay...
220 membrane.dnalounge.com ESMTP Sendmail 8.12.11/8.12.11;
Sat, 22 Jan 2005 01:01:59 -0800 (PST)
>>> EHLO membrane.dnalounge.com
250-membrane.dnalounge.com Hello smmsp@localhost [127.0.0.1],
pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-EXPN
250-VERB
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> MAIL From:<jwz@membrane.dnalounge.com> SIZE=52
250 2.1.0 <jwz@membrane.dnalounge.com>... Sender ok
>>> RCPT To:<jwz@membrane.dnalounge.com>
>>> DATA
250 2.1.5 <jwz@membrane.dnalounge.com>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 j0M91xEd006943 Message accepted for delivery
jwz... Sent (j0M91xEd006943 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 membrane.dnalounge.com closing connection
This gets logged:
Jan 22 01:01:59 membrane sendmail[6497]: j0M91xPN006497:
from=jwz, size=52, class=0, nrcpts=1,
msgid=<200501220901.j0M91xPN006497@membrane.dnalounge.com>,
relay=root@localhost
Jan 22 01:01:59 membrane sm-mta[6943]: j0M91xEd006943:
from=<jwz@membrane.dnalounge.com>, size=384, class=0, nrcpts=1,
msgid=<200501220901.j0M91xPN006497@membrane.dnalounge.com>,
proto=ESMTP, daemon=MTA, relay=smmsp@localhost [127.0.0.1]
Jan 22 01:01:59 membrane sendmail[6497]: j0M91xPN006497:
to=jwz, ctladdr=jwz (500/500), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=30052,
relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0,
stat=Sent (j0M91xEd006943 Message accepted for delivery)
Jan 22 01:01:59 membrane sm-mta[11426]: j0M91xEd006943:
to=<jwz@membrane.dnalounge.com>,
ctladdr=<jwz@membrane.dnalounge.com> (500/500),
delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30635,
dsn=2.0.0, stat=Sent
And this shows up in /var/mail/jwz on membrane:
From jwz@membrane.dnalounge.com Sat Jan 22 01:01:59 2005
Received: from membrane.dnalounge.com (smmsp@localhost [127.0.0.1])
by membrane.dnalounge.com (8.12.11/8.12.11)
with ESMTP id j0M91xEd006943
for <jwz@membrane.dnalounge.com>;
Sat, 22 Jan 2005 01:01:59 -0800 (PST)
Received: (from root@localhost)
by membrane.dnalounge.com (8.12.11/8.12.11/Submit)
id j0M91xPN006497
for jwz; Sat, 22 Jan 2005 01:01:59 -0800 (PST)
Date: Sat, 22 Jan 2005 01:01:59 -0800 (PST)
From: Jamie Zawinski <jwz@membrane.dnalounge.com>
Message-Id: <200501220901.j0M91xPN006497@membrane.dnalounge.com>
To: jwz@membrane.dnalounge.com
Subject: test
Sat Jan 22 01:01:59 PST 2005
Note complete lack of any mention of nucleus. (I get the same result if I mail to "jwz@nucleus.dnalounge.com" instead of just "jwz".)
According to "host", membrane does realize that membrane and nucleus have different IP addresses.
Any ideas?
Update: Fixed! The answer is, put FEATURE(`msp', `nucleus.dnalounge.com') in submit.mc, and don't screw around with "smart_host" or "nullclient" at all. Thanks a lot to all those who helped.
Is there a DNS server running on membrane? Does it have its own zone file for dnalounge.com? Or maybe a caching server that has stale data?
That is the only thing I could think that would cause this.
What does `$host -t mx dnalounge.com` show on membrane?
No DNS on membrane; nucleus is the DNS server too.
% host -t mx dnalounge.com
dnalounge.com mail is handled by 5 nucleus.dnalounge.com.
I think your problem may be to do with the split between MTA-sendmail and MSP-sendmail (the privilege split that came in around 8.11 (?)). If I understand correctly, you are configuring the smarthost in the MTA-level one, but it's passing everything onto smmsp for routing. That one doesn't have the DS line defined. I couldn't tell you exactly how to specify the config on OpenBSD, because I'm not an expert in either sendmail or OpenBSD, but I think that that is where your problem is:
, size=384, class=0, nrcpts=1,
Jan 22 01:01:59 membrane sm-mta[6943]: j0M91xEd006943:
from=
msgid=<200501220901.j0M91xPN006497@membrane.dnalounge.com>,
proto=ESMTP, daemon=MTA, relay=smmsp@localhost [127.0.0.1]
so you need to work out which config file that sendmail is using (it won't be the same one, typically) and set the smarthost in that.
Good Luck
If this is in fact the problem then the smmsp config file should be the one named submit.{mc,cf}
Nope, adding SMART_HOST to /usr/share/sendmail/cf/submit.mc, rebuilding /etc/mail/submit.cf, and restarting sendmail doesn't fix it.
Actually, this appears to have made mail to "jwz@dnalounge.com" and "jwz@nucleus.dnalounge.com" start being delivered to nucleus -- but mail to "root" is still being delivered locally into "/var/mail/jwz".
Right, that'd be the local delivery class stuff. You need to change CL, which if not defined implicitly contains root, AFAIR. Damned if I can remember the m4 macro that does this.
Ah, well, if that's the case, try
define(`LOCAL_USER', `')dnl
Nope, it's not a LOCAL_USER problem, because mail to "jwz" still gets delivered locally too. (Even if I set LOCAL_USER to `'.)
I remember specifically but dimly that root is specifically exempted from SMART_HOST, because it's assumed that you'll want root mail even when the net breaks, and because all machines have user root. So this is, iirc, expected behaviour.
If nothing else works, you could always write a macro akin to:
R$root<@>$* $1<@>nucleus.dnalounge.com catch rootR$root $1<@>nucleus.dnalounge.com particularly this kind
This is kind of typed off the top of my head and I haven't done this in the last year, so take it accordingly, but it's approximately right.
I haven't used sendmail under recent OpenBSD but I wonder if they're doing something like running the smtp-listening daemon in a chroot... it just comes to mind since the sendmail.cf changes don't seem to be affecting the daemon. If you try intentionally breaking stuff in sendmail.cf does something happen?
Also, anything in /etc/mail/service.switch?
I'm (happily) pretty rusty on sendmail these days.
The running sendmail is definitely consulting /etc/mail/localhost.cf. Also, "locate .cf" doesn't turn up anything likely, so I don't think it's in a chroot.
If the machine will never store mail locally, for any user, use sendmail's nullclient feature instead of smart host.
How? And why would that work when smarthost does not?
Check the value of CL class in sendmail.cf - it has list of users, which will be routed locally(and root is there by default).
Personally, I use MSP setup for the config you want - all the mails from my boxes go to central host:
divert(0)dnl
VERSIONID(`1.0')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
FEATURE(masquerade_envelope)
MASQUERADE_AS(com.bat.ru)
EXPOSED_USER(daemon postmaster)
FEATURE(`msp', `msp.home.bat.ru')dnl
The last line is essential and tells sendmail not to bother and pull all the mail to msp.home host...
putting FEATURE(`msp', `nucleus.dnalounge.com') in submit.mc seems to be what finally did it. That defaults to 127.0.0.1.
Something like
divert(0)
VERSIONID(`blah blah')
OSTYPE(openbsd)
FEATURE(nullclient,`the.mail.host')dnl
nullclient makes sendmail forward all mail to the mail host. Sendmail no longer cares about local delivery, or /etc/aliases, or .forwards or anything. It was designed for cases where you have a bunch of Unix workstations and a central mail hub; you don't want the workstations to do any mail processing at all.
If you look at nullclient.m4, you'll see that it sets the.mail.host be the smarthost, among other things.
Using this config:
it still delivers locally, but now halfway pretends (in the envelope) that localhost is named "nucleus" instead of "membrane."
This is completely tangential and (possibly, maybe not) unhelpful to your current situation, and I know you hate these kind of suggestions, but I hate to see anyone I respect languish in sysadmin hell.
Have you considered Postfix? If you're not in an enterprise mail situation that needs all of the truly heavy lifting features of Sendmail, Postfix is more than sufficient (and probably more secure), and has completely sane and understandable configuration files.
I resisted converting to Postfix for years, but when I finally did, it was a lightbulb experience. Did I really spend all that time fucking around with Sendmail? I'll never get those months of my life back.
I think I had to edit like 3-4 lines of the default Postfix installation to get it doing what I wanted.
I get a certain satisfaction when people don't follow his simple requests not to tell him to switch distros, or in this case, switch mailers. It's like nerds have this mental block when it comes to not expressing their opinions and causes them no end of social grief, and then they wonder why no one likes them.
As for jwz's actual problem, what we do at work to direct all mail no matter what to a specific mail host is put the following line in
/etc/mail/mailertable:. esmtp:mailhostWhere
mailhostis the name of the machine where you want mail to go. Then either runmakein the mail directory or themakemapcommand manually.SHOT TO THE HEAD!
Did you think I was joking?
It sounds like addmitting a defeat, but could you just put a .forward on
"membrane"?
If I were at home I'd send you one, but I'm on a lab computer now and I keep forgetting to punch a hole in my FW for ssh.
Your mc file is gonna look something like:
OSTYPE(`bsd4.4')dnl
DOMAIN(`generic')dnl
FEATURE(`nullclient',`nucleus.dnalounge.com')dnl
That's it, unless you want to bother to put in masquerading. I use null cfs for all non mailserver unix boxes. That "FEATURE" contains the right combination of incantations to say, "make mail go over *there*, all of it, I mean it". Will *not* read aliases files. If you need aliases too, let me know, I have an mc that will do it.
ps: love the naming scheme, if you run out of organelles let me know, I'll hook you up. ;-)
Alas, no...
[If you're operating in your usual "if you haven't actually done this yourself, don't bother me" mode, then, um, skip the rest of this comment.]
Doing a bit of searching, I found this article:
http://www.deer-run.com/~hal/sysadmin/sendmail.html
In particular, in the bit talking about 8.12 and the MTA/MSP split, he suggests:
He also wrote a followup article with some clarifications that might be relevant:
http://www.deer-run.com/~hal/sysadmin/sendmail2.html
Hope this helps.
So, uh, it is completely like asking you if the power cord is plugged in but ... after editing /etc/aliases did you run newaliases?
You know, you might try reading all the way to the end first. Like, the part where I said the problem was now fixed? Or even earlier, the part where I said, "yes, of course I ran newaliases"?
Actually, I did read the whole thread as it was when I submitted the post. I did miss the newalises at the end of your original post (which is odd because I went back to check because it is the kind of thing that people forget at first and then remember so they tend to mention it); but when I clicked send in my LJ posting client widget, there was not the update about the problem being fixed. Mea culpa.