Leap 15.2 port 25 no longer accept remote connections

English Applications
1

I recently build a brand new mail server with Leap 15.2

I installed sendmail as MTA and enabled remote connections on port 25 using Yast and also checking that /etc/sysconfig/mail has the value:

SMTPD_LISTEN_REMOTE=“yes”

and restarted sendmail.

sendmail accepts connections on port 25 for the localhost but refuses it from the external interface. I have firewall and apparmor disabled (yes I do not need them, I have an enterprise class firewall).

This works instead on a 15.1 server and on a 15.1 server that has been upgraded to 15.2.

This is the nmap output on the local interface:

nmap -sS -O 127.0.0.1

Starting Nmap 7.70 ( https://nmap.org ) at 2021-04-14 19:58 EDT
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000040s latency).
Not shown: 991 closed ports
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
119/tcp open nntp
139/tcp open netbios-ssn
443/tcp open https
445/tcp open microsoft-ds
873/tcp open rsync
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

This on the external interface:

nmap -sS -O 192.168.0.4

Starting Nmap 7.70 ( https://nmap.org ) at 2021-04-14 19:56 EDT
Nmap scan report for smoke (192.168.0.4)
Host is up (0.000049s latency).
Not shown: 992 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
80/tcp filtered http
119/tcp open nntp
139/tcp open netbios-ssn
443/tcp filtered https
445/tcp open microsoft-ds
873/tcp open rsync
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

Has anyone experienced this issue and is there a way to enable remote smtp conncetions?

2

I don’t have direct experience here, but just speculating that maybe examine /etc/mail/sendmail.mc and check the options there…you may need to comment out “DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA’)” as mentioned here…

https://www.linuxquestions.org/questions/linux-software-2/sendmail-is-running-but-25-is-not-listening-860827/#post4248900

Similar archived thread…
https://opensuse.opensuse.narkive.com/YXCqEjpy/sle-sendmail-not-accepting-connections

3

No, that setting is not in the linux.mc (or sendmail.mc) Also trying the sendmail.cf that is working on the 15.1 and 15.1 that was upgraded to 15.2 and still isn’t working.

4

‘brand new’ and ‘sendmail’ are contradicting. Switched from sendmail to postfix when openSUSE switched their default and never experienced this problem.:wink:

PORT     STATE SERVICE 
80/tcp   open  http 
631/tcp  open  ipp 
8200/tcp open  trivnet1
5

Any particular reason for choosing sendmail over postfix?

6

I don’t doubt it, but I have used sendmail for the past 30 years (I have met Eric Allman personally and he has signed my Sendmail book), so I am not about to switch to postfix anytime soon. Perhaps in the afterlife I shall consider it.

On another note, OS developers should develop systems that are application agnostic, and not push their personal preferences over people who then have uses them. :wink:

7

I have been administering Unix systems for over 30 years (since PDP-11) and I have always used sendmail. I know how to program rulesets and I would like to continue doing so and not having to go rewrite all in a totally different MTA I do not know. I know Postfix is a much easier MTA to manage, but as I was mentioning earlier, I do believe OS developers should not push one application over another, just because they like it, or at least if they believe openSUSE should run postfix as an MTA only, then they should remove sendmail from the distribution entirely (so that people like me can then choose a different Linux distribution that supports what we like to use). If not, then they should properly support it.

8

I do not quite understand you. I nowhere read that “OS developers” (do you mean Linux Kernel, Linux in general or openSUSE developers) are pushing anything upon you.

I only only read a few fellow openSUSE users, and probably also MTA users, who ask you why you prefer the one over the other. Probably because they have good experiences with the one you do not use, and thus could better help you whith what they think is a good (maybe even better) product. They do not “push” you, but are trying to access the background of you and your problem with the idea that people that understand each others motives and goals do have a more fruitful communication.

9

And since they have asked I have given my opinion, I am sorry if you do not like it, but that is what I think. I never said they were pushing me in one direction or the other. What I said is that OS developers (meaning whoever put the 15.2 distribution together) if they want to have Postfix as a default MTA, that is fine. However, If they keep Sendmail as an alternative MTA they need to make sure it works in the exact same conditions as Postfix does (i.e., it accepts local and remote connections), so that fellow openSUSE users and MTA users, such as me, are not forced to move to Postfix if their Sendmail distribution ain’t working anymore. If they cannot do that, then better to stop supporting it entirely, because as it is now, it is unusable. What I meant when I said they were pushing (and again to be clear NOT who asks me why I use sendmail, but who maintains the 15.2 distribution) is that by supporting one MTA correctly and the other not, indirectly one is been pushed to go for what works, even if he/she does not like/does not know it, has done a lot of work on the other and now is forced to migrate all of that work to a new one.

In my opinion, a “better product” is most of the time a matter of preference. They both may do what they are supposed to do, but one may be preferred from another for different reasons, and most of the time it is personal (past experience, easy to configure and maintain, etc). In this case one fails to perform as expected, not because it is a worse product, but because of something else, and that is why I am asking for help.

10

They are not here.

11

This works as intended on a 15.2 LiveCD or -NET install in a VM.

Changing /etc/sysconfig/mail SMTPD_LISTEN_REMOTE=“no” to SMTPD_LISTEN_REMOTE=“yes”, then restarting or starting sendmail makes it listen to 0.0.0.0:25.

Have you altered the sendmail configuration files/templates or the systemd service file?

12

I have not used sendmail for a long time but maybe you could execute /usr/sbin/config.sendmail. I think this script will create a new /etc/sendmail.cf from your new settings in /etc/sysconfig/mail. Then restart sendmail.
I am not sure if this works correct when IPv6 is enabled for sendmail. Maybe you need to set SENDMAIL_USE_IPV6=“no” in /etc/sysconfig/sendmail if sendmail complains for IPv6 related problems.

13

I am well aware of that. I have tried suggesting something else to them in the past whilst reporting a bug, and I got a very condescending response. If they were here, I would have noticed immediately by the abrasive way they usually answer, when they do answer…

I am slowly coming to the conclusion that perhaps it is time to try another distribution other than SuSE. It is not what it used to be.

14

When I disable IPv6 and set SENDMAIL_USE_IPV6=“no” I get the following:

Apr 15 16:28:14 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
Apr 15 16:28:14 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
Apr 15 16:28:19 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
Apr 15 16:28:19 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
Apr 15 16:28:24 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
Apr 15 16:28:24 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
Apr 15 16:28:24 smoke rsyslogd[930]: action ‘action-0-builtin:omfwd’ resumed (module ‘builtin:omfwd’) [v8.39.0 try http://www.rsyslog.com/e/2359 ]
Apr 15 16:28:24 smoke rsyslogd[930]: action ‘action-1-builtin:omfwd’ resumed (module ‘builtin:omfwd’) [v8.39.0 try http://www.rsyslog.com/e/2359 ]
Apr 15 16:28:29 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
Apr 15 16:28:29 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
Apr 15 16:28:34 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
Apr 15 16:28:34 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
Apr 15 16:28:39 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
Apr 15 16:28:39 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
Apr 15 16:28:39 smoke systemd[1]: sendmail.service: Main process exited, code=exited, status=71/n/a
Apr 15 16:28:39 smoke sendmail[1323]: **NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: server SMTP socket wedged: exiting

**And then sendmail enters a failed state on systemd.

To be noted also that disabling IPv6 on a 15.1 did not create this kind of issue, so it would also seem IPv6 cannot longer be fully disabled in this distribution if you do not need it.

15

Yes, that variable is set to Yes (tried manually and then with Yast), and no I did not touch the systemd service file. It is a new clean install, I have done little or no customization at all, not even recompiled my sendmail.mc, it is using the plain vanilla .cf.

The install is from -NET image, on a VM.

16

I just built a new server from scratch (to make sure), and at the first boot I enabled sendmail (using yast) and again it does not accept remote connections.

This is the log after finalizing settings with yast:

Apr 15 17:25:09 smoke systemd[1]: Reloading.
Apr 15 17:25:10 smoke systemd[1]: Reloading.
Apr 15 17:25:10 smoke systemd[1]: Reloading.
Apr 15 17:25:10 smoke systemd[1]: Reloading.
Apr 15 17:25:10 smoke systemd[1]: Reloading.
Apr 15 17:25:11 smoke systemd[1]: Stopping Sendmail Mail Transport Client…
Apr 15 17:25:11 smoke systemd[1]: Stopped Sendmail Mail Transport Client.
Apr 15 17:25:11 smoke systemd[1]: Stopping Sendmail Mail Transport Agent…
Apr 15 17:25:11 smoke systemd[1]: Stopped Sendmail Mail Transport Agent.
Apr 15 17:25:11 smoke systemd[1]: Starting Sendmail Mail Transport Agent…
Apr 15 17:25:11 smoke echo[4228]: Initializing SMTP port (sendmail)
Apr 15 17:25:11 smoke sendmail[4234]: alias database /etc/aliases rebuilt by root
Apr 15 17:25:11 smoke sendmail[4234]: /etc/aliases: 40 aliases, longest 10 bytes, 465 bytes total
Apr 15 17:25:11 smoke sendmail[4259]: starting daemon (8.16.1): SMTP+queueing@00:30:00
Apr 15 17:25:11 smoke systemd[1]: Started Sendmail Mail Transport Agent.
Apr 15 17:25:11 smoke systemd[1]: Starting Sendmail Mail Transport Client…
Apr 15 17:25:11 smoke systemd[1]: sendmail-client.service: Failed to read PID from file /var/spool/clientmqueue/sm-client.pid: Invalid argument
Apr 15 17:25:11 smoke sendmail-client[4276]: starting daemon (8.16.1): persistent-queueing@00:01:00
Apr 15 17:25:11 smoke systemd[1]: Started Sendmail Mail Transport Client.

Could the line in red be the cause of this?

17

I have tried the following:

  1. Built a plain vanilla 15.1 with sendmail. enabled remote connection: WORKS
  2. Upgraded to 15.2, and made no changes: FAILS I get the same entries of the above quoted log (and this whether I enable or disable IPv6).

I have a theory that at some point in time some patches have introduced some sort of bug, because servers that I had upgraded back when 15.2 was new do not experience this issue, no errors binding to port 25 and they accept remote connection with sendmail. I have no option but to downgrade this server to 15.1 in the hope that future patches, or perhaps 15.3 solve this problem.

Has anyone tried a recent install from the -NET distribution of 15.2?

18

Hmm i installed the goodold sendmail-8.16.1-lp152.10.3.1 on a Leap 15.2 VM with all available updates today. Then set SMTPD_LISTEN_REMOTE=“yes” and SENDMAIL_USE_IPV6=“no” and since i do not use yast i reconfigured it with the script. And the result is:


**gnomegurke:~ #** systemctl status  sendmail  
**●** sendmail.service - Sendmail Mail Transport Agent 
   Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: disabled) 
   Active: **active (running)** since Fri 2021-04-16 11:38:55 CEST; 7min ago 
  Process: 39441 ExecStart=/usr/sbin/sendmail $SENDMAIL_ARGS (code=exited, status=0/SUCCESS) 
  Process: 39438 ExecStartPre=/etc/mail/system/sm.pre (code=exited, status=0/SUCCESS) 
  Process: 39437 ExecStartPre=/bin/echo Initializing SMTP port (sendmail) (code=exited, status=0/SUCCESS) 
 Main PID: 39442 (sendmail) 
    Tasks: 1 
   CGroup: /system.slice/sendmail.service 
           └─39442 sendmail: accepting connections 

Apr 16 11:38:55 gnomegurke systemd[1]: Starting Sendmail Mail Transport Agent... 
Apr 16 11:38:55 gnomegurke echo[39437]: Initializing SMTP port (sendmail) 
Apr 16 11:38:55 gnomegurke sendmail[39442]: starting daemon (8.16.1): SMTP+queueing@00:30:00 
Apr 16 11:38:55 gnomegurke systemd[1]: Started Sendmail Mail Transport Agent. 
**gnomegurke:~ #** ss -tnlp 
State         Recv-Q        Send-Q                 Local Address:Port                 Peer Address:Port                                                     
LISTEN        0             128                          0.0.0.0:22                        0.0.0.0:*            users:(("sshd",pid=1161,fd=3))              
LISTEN        0             5                          127.0.0.1:631                       0.0.0.0:*            users:(("cupsd",pid=953,fd=7))              
LISTEN        0             10                           0.0.0.0:25                        0.0.0.0:*            users:(("sendmail",pid=39442,fd=4))         
LISTEN        0             128                             ::]:22                           ::]:*            users:(("sshd",pid=1161,fd=4))              
LISTEN        0             5                              ::1]:631                          ::]:*            users:(("cupsd",pid=953,fd=6))

so at least it starts. If SENDMAIL_USE_IPV6=“yes” is set sendmail complains that it cannot bind the IPv6 socket. But as this strace snippet shows


**gnomegurke:~ #** grep bind sendmail.tarce  
36960 **bind**(4, {sa_family=AF_INET, sin_port=htons(25), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 
**36960 **bind**(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 **
36960 **bind**(6, {sa_family=AF_UNIX, sun_path="/var/run/sendmail/control"}, 110) = 0 
**36960 **bind**(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS**
E (Address already in use) 
36960 **bind**(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS
E (Address already in use) 
36960 **bind**(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS
E (Address already in use)
..

it is sendmail himself that is trying to bind twice to “::” and this might be a bug or more likely a configuration problem. I have not enough sendmail know how to distinguish this.

19

Yes, I agree with you, it must be a configuration problem. What surprises me is that it is the default distribution configuration, I have basically done nothing other than install a 15.1 with sendmail, enable remote connection (which was working fine) and then upgrade it to a 15.2.

If I install a 15.2 straight away instead it just refuses remote connection, even if I do the exact same thing you did. So my question is: did you do a network install or a DVD install? I am wondering if the issue may be with the -NET distribution…

20

I used the 15.2 golden master ISO to install this test VM last summer. Just for fun i made a snapshot of the VM and installed the Leap 15.1 sendmail version 8.15.2 and it did start without IPv6 complains. But this default 8.15.2 sendmail.cf did not even try to start a IPv6 MTA-v6. And a diff between 8.15.2 and 8.16.1 version of /usr/lib/sendmail.d/update


gnomegurke:~> diff update-8.16.1 update-8.15.2  
130,138d129 
<       if test "$SMTPD_LISTEN_REMOTE" != yes ; then 
<               if test "$SENDMAIL_USE_IPV6" = yes ; then 
<                       AddressV4="127.0.0.1" 
<                       AddressV6="::1" 
<               else 
<                       Address="127.0.0.1" 
<               fi 
<               DAEMON_OPTIONS="${DAEMON_OPTIONS:+${DAEMON_OPTIONS}, }Addr=" 
<       fi 
140,147c131 
<               if test "$SENDMAIL_USE_IPV6" = yes ; then 
<                       echo "DAEMON_OPTIONS(\`Name=MTA-v4, Family=inet, ${DAEMON_OPTIONS}${AddressV4+"$AddressV4"}')dnl" 
&lt;                       echo "DAEMON_OPTIONS(\`Name=MTA-v6, Family=inet6, ${DAEMON_OPTIONS}${AddressV6+"$AddressV6"}')dnl" 
<               else 
<                       echo "DAEMON_OPTIONS(\`Name=MTA, ${DAEMON_OPTIONS}${Address+"$Address"}')dnl" 
&lt;               fi 
&lt;       elif test "$SENDMAIL_USE_IPV6" = yes ; then 
&lt;               echo "define(\`_NETINET6_')dnl" 
--- 
>               echo "DAEMON_OPTIONS(\`Name=MTA,${DAEMON_OPTIONS}')dnl"

shows that there is no MTA-v6 at all in the Leap 15.1 version of the configuration script. I think these changes are the reason for the problem. And i must admit that from a security perspective the default value “SMTPD_LISTEN_REMOTE=no” in 15.2 is a good choice for most users.