DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD General

FreeBSD General Other questions regarding FreeBSD which do not fit in any of the categories below.

 
 
Thread Tools Display Modes
Prev Previous Post   Next Post Next
  #1   (View Single Post)  
Old 11th May 2008
NathanPardoe's Avatar
NathanPardoe NathanPardoe is offline
Real Name: Nathan Pardoe
New User
 
Join Date: May 2008
Location: United Kingdom
Posts: 6
Default Sendmail 8.14.2 undisclosed DNSBL lookup failure and NOQUEUE errors (FreeBSD 7.0)

Hi everyone,

I've been having a problem for months with Sendmail and DNSBL lookups. DNSBL lookups fail without any output in error logs, even with Sendmail's log level set to 22. Furthermore, NOQUEUE errors occur as per the mail logs. The server runs FreeBSD 7.0, fully up-to-date in terms of the base system and ports. The problem has been present since FreeBSD 6.2, and at the risk of sounding stupid, "seemed to happen overnight without me changing anything". Sendmail details are as follows -

Code:
root@darkweb# sendmail -d0.1
Version 8.14.2
 Compiled with: DNSMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF STARTTLS TCPWRAPPERS USERDB XDEBUG
My hostname.mc file -

Code:
OSTYPE(freebsd6)
DOMAIN(generic)

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')dnl
FEATURE(blacklist_recipients)dnl
FEATURE(greet_pause, `500')dnl Wait half a second before issuing 220 greeting
FEATURE(lookupdotdomain)dnl
FEATURE(mailertable)dnl
FEATURE(masquerade_envelope)dnl
FEATURE(no_default_msa)dnl
FEATURE(nocanonify, `canonify_hosts')dnl
FEATURE(nouucp, 'reject')dnl
FEATURE(redirect)dnl
FEATURE(relay_hosts_only)dnl
FEATURE(smrsh,'/usr/libexec/smrsh')dnl
FEATURE(use_ct_file)dnl
FEATURE(use_cw_file)dnl
FEATURE(virtuser_entire_domain)dnl
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')dnl

dnl Binding options
DAEMON_OPTIONS(`Name=MSA, Family=inet, Port=submission, M=Ea')dnl
DAEMON_OPTIONS(`Name=MTA, Family=inet, Port=smtp, M=E')dnl
DAEMON_OPTIONS(`Name=MTA-SSL, Family=inet, Port=smtps, M=Es')dnl

dnl Local host names file location
define(`confCT_FILE', `-o /etc/mail/trusted-users')dnl
define(`confCW_FILE', `-o /etc/mail/local-host-names')dnl

dnl Various configuration options
define(`confALIAS_WAIT', `0')dnl
define(`confBAD_RCPT_THROTTLE', `2')dnl
define('confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
define('confCHECK_ALIASES','False')dnl
define(`confCON_EXPENSIVE', `true')dnl
define(`confCONNECTION_RATE_THROTTLE', `2')dnl
define(`confDEF_CHAR_SET', `iso-8859-1')dnl
define('confDELIVERY_MODE','background')dnl
define(`confDIAL_DELAY', `20s')dnl
define(`confDIRECT_SUBMISSION_MODIFIERS', `C')
define(`confDOMAIN_NAME',`darkweb.ticklestix.co.uk')dnl
define('confDONT_EXPAND_CNAMES', 'False')dnl
define('confDONT_PROBE_INTERFACES','True')dnl
define(`confFORWARD_PATH', `')
define(`confMAX_DAEMON_CHILDREN', 20)dnl
define(`confMAX_HOP', `35')dnl
define(`confMAX_MESSAGE_SIZE', `20971520')dnl 20MB attachment limit
define(`confMAX_RCPTS_PER_MESSAGE', `10')dnl
define(`confMILTER_MACROS_ENVRCPT',`b,r,v,Z')dnl
define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl
define('confPRIVACY_FLAGS', 'authwarnings,noexpn,novrfy,goaway,restrictmailq,restrictqrun,needmailhelo,nobodyreturn')dnl
define(`confQUEUE_LA', `5')dnl
define(`confQUEUE_SORT_ORDER', `Time')dnl
define(`confREFUSE_LA', `12')dnl
define(`confRUN_AS_USER', `root:wheel')
define(`confSEPARATE_PROC', `False')dnl
define(`confSINGLE_LINE_FROM_HEADER', `True')dnl
define(`confSMTP_LOGIN_MSG', `$j TickleStix MTA: $b')dnl
define(`confSUPER_SAFE',`true')dnl
define(`confTO_COMMAND', `1m')dnl
define(`confTO_DATABLOCK', `1m')dnl
define(`confTO_DATAFINAL', `1m')dnl
define(`confTO_DATAINIT', `1m')dnl
define(`confTO_HELO', `2m')dnl
define(`confTO_HOSTSTATUS', `2m')dnl
define(`confTO_ICONNECT', `15s')dnl
define('confTO_IDENT','0s')dnl
define(`confTO_INITIAL', `6m')dnl
define(`confTO_MAIL', `1m')dnl
define(`confTO_MISC', `1m')dnl
define(`confTO_QUIT', `1m')dnl
define(`confTO_RCPT', `1m')dnl
define(`confTO_RSET', `1m')dnl
define(`confTO_STARTTLS', `2m')dnl
define(`confWORK_RECIPIENT_FACTOR', `1000')dnl
define(`confWORK_TIME_FACTOR', `3000')dnl

dnl DNS blacklists
FEATURE(`dnsbl',`bl.spamcop.net', `"554 Rejected: Unsolicited e-mail from " $`'&{client_addr} " has been refused. DNSBL list: SpamCop (bl.spamcop.net)."', `t')dnl
FEATURE(`dnsbl',`zen.spamhaus.org', `554 Rejected: Unsolicited e-mail from " $`'&{client_addr} " has been refused. DNSBL list: Spamhaus (zen.spamhaus.org)."', `t')dnl

dnl Mail filters (Milters)
INPUT_MAIL_FILTER(`clamav-milter',`S=local:/var/run/clamav/clmilter.sock, F=, T=S:4m;R:4m')dnl
INPUT_MAIL_FILTER(`spamassassin', `S=local:/var/run/spamass-milter.sock, F=, T=C:15m;S:4m;R:4m;E:10m')dnl

dnl SMTP authentication
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
define(`confAUTH_OPTIONS',`A p y')dnl
define(`confCACERT_PATH', `/usr/local/certs/mail')dnl
define(`confCACERT', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confCLIENT_CERT', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confCLIENT_KEY', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confDONT_BLAME_SENDMAIL', `GroupReadableSASLDBFile')dnl
define(`confRELAY_MSG',`"550 Relaying denied without authentication: Relaying requires authentication over STARTTLS or SSL. Originating sender:" $`'&{client_addr} "."')dnl
define(`confSERVER_CERT', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confSERVER_KEY', `/usr/local/certs/mail/sendmail.pem')dnl
define(`confTLS_SRV_OPTIONS', `V')
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl

dnl Enabling debugging
define(`confLOG_LEVEL', `22')dnl

MAILER(local)dnl
MAILER(smtp)dnl
And an example of the NOQUEUE errors which I cannot resolve -

Code:
May  5 10:49:48 darkweb sm-mta[87963]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MSA: cannot bind: Address already in use
May  5 10:49:48 darkweb sm-mta[87963]: daemon MSA: problem creating SMTP socket
Disabling all daemons and commenting out mailer entries sees the daemon referred to in NOQUEUE errors change accordingly (i.e. disable MSA --> MTA --> MTA-SSL --> Daemon0 when no user-specified daemons exist). I usually operate with the MAILER(local) entry disabled. Besides this, I've tried every combination of rc.conf sendmail-related options. In use at the moment are -

Code:
# Mail Services
## Core
mta_start_script="/etc/rc.sendmail"
sendmail_pidfile="/var/run/sendmail.pid"
sendmail_procname="/usr/sbin/sendmail"
sendmail_enable="YES"
sendmail_flags="-L sm-mta -bd -q30m"
sendmail_submit_enable="NO"
sendmail_submit_flags="-L sm-mta -bd -q30m -ODaemonPortOptions=Addr=localhost"
sendmail_outbound_enable="YES"
sendmail_outbound_flags="-L sm-queue -q30m"
sendmail_msp_queue_enable="YES"
sendmail_msp_queue_flags="-L sm-msp-queue -Ac -q30m"
sendmail_rebuild_aliases="YES"
## Extras
clamav_clamd_enable="YES"
clamav_freshclam_enable="YES"
clamav_freshclam_flags="--checks=12"
saslauthd_enable="YES"
spamass_milter_enable="YES"
spamd_enable="YES"
As I said, I've tried using only one of the sendmail_*_enable options in turn, using all, using different flags, using the /etc/rc.d/sendmail init script and other things Google has turned up - all to no avail.

Regarding the DNSBL problem, I've tried using a variety of other lists, and tried removing my custom error message. The only thing I can think of that would cause the DNSBL lookups to fail silently is the, "t" option, but this is to prevent lookup timeouts causing spam mail to be received. I can successfully use the dig command to lookup known spam IP addresses. I'm not sure if it is relevant, but the server defaults to using the router for DNS lookups and the local cache otherwise (djbdns), with both processing DNS queries OK.

I apologise if I haven't explained my problem very well. The e-mail server sends and receives e-mail without issue, however, even when the log level is set to the default the NOQUEUE errors are still present. I appreciate the NOQUEUE errors may be of no significance, but the output of '/etc/rc.d/sendmail status' concerns me -

Code:
root@darkweb# /etc/rc.d/sendmail status
sendmail is running as pid 1038.
sendmail_clientmqueue is not running.
The main issue is the DNSBL lookups failing and seemingly all mail is accepted - when DNSBL lookups worked 90% of the spam I receive was dropped.

Thanks for your help in advance. Again, I apologise for any difficulties in understanding the problem, and if the information provided isn't sufficient. Any advice or comments would be of assistance.
__________________
Best regards,

Nathan Pardoe
TickleStix
www.ticklestix.co.uk
Reply With Quote
 

Tags
dnsbl, freebsd, lookups, sendmail

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Script to test whether an IP address has been listed in a DNSBL J65nko Guides 12 2nd February 2016 03:30 AM
sendmail host name lookup failure ducu_00 General software and network 9 21st January 2009 02:42 AM
Ipsec freebsd openbsd failure kasse OpenBSD General 3 31st December 2008 01:42 AM
Sendmail Timmy66 OpenBSD General 11 19th October 2008 03:01 PM
Sendmail, issues... pcfxer FreeBSD General 2 8th May 2008 10:07 AM


All times are GMT. The time now is 11:15 PM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick