• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

sendmail question in openbsd... strange log entries

N

nuttervm

Golden Member
i've been looking at my sendmail logs and can't figure out what to make of some of this crap. i have the default sendmail config running, which i think should deny all outside access, but allow cron to mail results to root and things like that. my logs are filled with this crap and i see sendmail trying all the time... why?

Feb 27 23:01:54 regis sm-msp-queue[24133]: g1N205Jl011990: to=root, ctladdr=root (0/0), delay=4+21:01:49, xdelay=00:00:00, m
ailer=relay, pri=21090230, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:54 regis sm-msp-queue[24133]: g1N205tG006600: to=postmaster, delay=4+21:01:05, xdelay=00:00:00, mailer=relay, p
ri=21091631, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:54 regis sm-msp-queue[24133]: g1N205tL006600: to=root, delay=4+21:01:02, xdelay=00:00:00, mailer=relay, pri=210
92970, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:55 regis sm-msp-queue[24133]: g1N205tH006600: to=postmaster, delay=4+21:01:05, xdelay=00:00:00, mailer=relay, p
ri=21094204, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:55 regis sm-msp-queue[24133]: g1N205tI006600: to=postmaster, delay=4+21:01:05, xdelay=00:00:00, mailer=relay, p
ri=21095469, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:55 regis sm-msp-queue[24133]: g1N205tJ006600: to=postmaster, delay=4+21:01:04, xdelay=00:00:00, mailer=relay, p
ri=21095676, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:55 regis sm-msp-queue[24133]: g1N205tK006600: to=postmaster, delay=4+21:01:04, xdelay=00:00:00, mailer=relay, p
ri=21097197, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:55 regis sm-msp-queue[24133]: g1N102hQ019826: to=root, delay=4+22:01:48, xdelay=00:00:00, mailer=relay, pri=212
70155, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:55 regis sm-msp-queue[24133]: g1N102sw002586: to=root, ctladdr=root (0/0), delay=4+22:01:53, xdelay=00:00:00, m
ailer=relay, pri=21270230, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:56 regis sm-msp-queue[24133]: g1N0025h018992: to=postmaster, delay=4+23:01:08, xdelay=00:00:00, mailer=relay, p
ri=21450153, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:56 regis sm-msp-queue[24133]: g1N0025g018992: to=root, delay=4+23:01:52, xdelay=00:00:00, mailer=relay, pri=214
50155, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost
Feb 27 23:01:56 regis sm-msp-queue[24133]: g1N002f9018078: to=root, ctladdr=root (0/0), delay=4+23:01:54, xdelay=00:00:00, m
ailer=relay, pri=21450230, relay=localhost, dsn=4.0.0, stat=Deferred: Connection refused by localhost


so there is gobs of this type of stuff, it looks like its all being denied. is someone trying to use me as a relay?

i know openbsd is supposed to have some sort of patch for sendmail listed on their errata page, but it says that it probably isnt a problem with the default install of sendmail.
 
Try setting up some logging on port 25 to see who is accessing it. Im no sendmail expert (personally hate the thing) but it looks like local traffic... I think there would be a hostname or something if someone else was trying to access it. And if you dont need sendmail to have access to the outside world, block port 25 on every interface except lo0

EDIT: oh yeah, and install qmail 😉
 
yeah i'm 99% sure its coming from localhost, but there seems to be alot more activity lately than there used to be, which is what caught my attention.

i've always known through the experiences of others that sendmail is a bloated mess. however, the openbsd guys installed it by default for whatever reason and i have to trust them as knowing more than i do about these things (for now). i don't even use it to send mail, its only used for logging purposes (which i dont really use anyways). i just check the logs directly and dont look at the summaries or whatever.

i already block port 25 on the external nic, maybe i'll do it for the internal one too just in case.


is qmail relatively easy to install and configure?
 
The #1 reason sendmail is on the system is because of the history. Its the standard in mail daemons. But that doesnt necessarily make it the best 😉

I setup qmail on Sunday. It took me probably ~3 hours to read through the docs and fuddle my way around. Not tough at all. I havent finished with it, but I kind of ran out of time 😛
 
Have you checked the mail queues to see what's in them?
Here's my guess as to what's happening:
1. Some local program sends mail to root
2. The connection is denied (possibly due to a firewall rule, or permissions on any number of files/dirs - sendmail, queue dirs, program trying to send the mail, etc...)
3. sendmail tries to send to postmaster, either as a 2nd chance or to report the error
( It might also be that mail is sent to postmaster and aliased to root )
4. The mail collects in the queue (/var/mail/mqueue or clientmqueue on my machine) and sendmail keeps retrying every $X number of minutes, hours, days...

But I'm no sendmail expert, either.

[Edit:] And ctladdr=root (0/0) means it's sent by root or a root process
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top