Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: Leap 15.2 port 25 no longer accept remote connections

  1. #11
    Join Date
    May 2012
    Location
    Finland
    Posts
    2,127

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    This works as intended on a 15.2 LiveCD or -NET install in a VM.

    Changing /etc/sysconfig/mail SMTPD_LISTEN_REMOTE="no" to SMTPD_LISTEN_REMOTE="yes", then restarting or starting sendmail makes it listen to 0.0.0.0:25.

    Have you altered the sendmail configuration files/templates or the systemd service file?
    .: miuku #suse @ irc.freenode.net

  2. #12

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    I have not used sendmail for a long time but maybe you could execute /usr/sbin/config.sendmail. I think this script will create a new /etc/sendmail.cf from your new settings in /etc/sysconfig/mail. Then restart sendmail.
    I am not sure if this works correct when IPv6 is enabled for sendmail. Maybe you need to set SENDMAIL_USE_IPV6="no" in /etc/sysconfig/sendmail if sendmail complains for IPv6 related problems.

  3. #13
    Join Date
    May 2017
    Location
    New York
    Posts
    32

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    Quote Originally Posted by hcvv View Post
    They are not here.
    I am well aware of that. I have tried suggesting something else to them in the past whilst reporting a bug, and I got a very condescending response. If they were here, I would have noticed immediately by the abrasive way they usually answer, when they do answer....

    I am slowly coming to the conclusion that perhaps it is time to try another distribution other than SuSE. It is not what it used to be.

  4. #14
    Join Date
    May 2017
    Location
    New York
    Posts
    32

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    Quote Originally Posted by rawar View Post
    I have not used sendmail for a long time but maybe you could execute /usr/sbin/config.sendmail. I think this script will create a new /etc/sendmail.cf from your new settings in /etc/sysconfig/mail. Then restart sendmail.
    I am not sure if this works correct when IPv6 is enabled for sendmail. Maybe you need to set SENDMAIL_USE_IPV6="no" in /etc/sysconfig/sendmail if sendmail complains for IPv6 related problems.
    When I disable IPv6 and set SENDMAIL_USE_IPV6="no" I get the following:

    Apr 15 16:28:14 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:14 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:19 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:19 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:24 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:24 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:24 smoke rsyslogd[930]: action 'action-0-builtinmfwd' resumed (module 'builtinmfwd') [v8.39.0 try http://www.rsyslog.com/e/2359 ]
    Apr 15 16:28:24 smoke rsyslogd[930]: action 'action-1-builtinmfwd' resumed (module 'builtinmfwd') [v8.39.0 try http://www.rsyslog.com/e/2359 ]
    Apr 15 16:28:29 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:29 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:34 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:34 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:39 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:39 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:39 smoke systemd[1]: sendmail.service: Main process exited, code=exited, status=71/n/a
    Apr 15 16:28:39 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: server SMTP socket wedged: exiting

    And then sendmail enters a failed state on systemd.

    To be noted also that disabling IPv6 on a 15.1 did not create this kind of issue, so it would also seem IPv6 cannot longer be fully disabled in this distribution if you do not need it.

  5. #15
    Join Date
    May 2017
    Location
    New York
    Posts
    32

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    Quote Originally Posted by Miuku View Post
    This works as intended on a 15.2 LiveCD or -NET install in a VM.

    Changing /etc/sysconfig/mail SMTPD_LISTEN_REMOTE="no" to SMTPD_LISTEN_REMOTE="yes", then restarting or starting sendmail makes it listen to 0.0.0.0:25.

    Have you altered the sendmail configuration files/templates or the systemd service file?
    Yes, that variable is set to Yes (tried manually and then with Yast), and no I did not touch the systemd service file. It is a new clean install, I have done little or no customization at all, not even recompiled my sendmail.mc, it is using the plain vanilla .cf.

    The install is from -NET image, on a VM.

  6. #16
    Join Date
    May 2017
    Location
    New York
    Posts
    32

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    Quote Originally Posted by cdieni View Post
    When I disable IPv6 and set SENDMAIL_USE_IPV6="no" I get the following:

    Apr 15 16:28:14 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:14 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:19 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:19 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:24 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:24 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:24 smoke rsyslogd[930]: action 'action-0-builtinmfwd' resumed (module 'builtinmfwd') [v8.39.0 try http://www.rsyslog.com/e/2359 ]
    Apr 15 16:28:24 smoke rsyslogd[930]: action 'action-1-builtinmfwd' resumed (module 'builtinmfwd') [v8.39.0 try http://www.rsyslog.com/e/2359 ]
    Apr 15 16:28:29 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:29 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:34 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:34 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:39 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: cannot bind: Address already in use
    Apr 15 16:28:39 smoke sendmail[1323]: daemon MTA-v6: problem creating SMTP socket
    Apr 15 16:28:39 smoke systemd[1]: sendmail.service: Main process exited, code=exited, status=71/n/a
    Apr 15 16:28:39 smoke sendmail[1323]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA-v6: server SMTP socket wedged: exiting

    And then sendmail enters a failed state on systemd.

    To be noted also that disabling IPv6 on a 15.1 did not create this kind of issue, so it would also seem IPv6 cannot longer be fully disabled in this distribution if you do not need it.
    I have tried the following:


    1. Built a plain vanilla 15.1 with sendmail. enabled remote connection: WORKS
    2. Upgraded to 15.2, and made no changes: FAILS I get the same entries of the above quoted log (and this whether I enable or disable IPv6).


    I have a theory that at some point in time some patches have introduced some sort of bug, because servers that I had upgraded back when 15.2 was new do not experience this issue, no errors binding to port 25 and they accept remote connection with sendmail. I have no option but to downgrade this server to 15.1 in the hope that future patches, or perhaps 15.3 solve this problem.

    Has anyone tried a recent install from the -NET distribution of 15.2?

  7. #17

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    Hmm i installed the goodold sendmail-8.16.1-lp152.10.3.1 on a Leap 15.2 VM with all available updates today. Then set SMTPD_LISTEN_REMOTE="yes" and SENDMAIL_USE_IPV6="no" and since i do not use yast i reconfigured it with the script. And the result is:
    Code:
    gnomegurke:~ # systemctl status  sendmail  
     sendmail.service - Sendmail Mail Transport Agent 
       Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: disabled) 
       Active: active (running) since Fri 2021-04-16 11:38:55 CEST; 7min ago 
      Process: 39441 ExecStart=/usr/sbin/sendmail $SENDMAIL_ARGS (code=exited, status=0/SUCCESS) 
      Process: 39438 ExecStartPre=/etc/mail/system/sm.pre (code=exited, status=0/SUCCESS) 
      Process: 39437 ExecStartPre=/bin/echo Initializing SMTP port (sendmail) (code=exited, status=0/SUCCESS) 
     Main PID: 39442 (sendmail) 
        Tasks: 1 
       CGroup: /system.slice/sendmail.service 
               └─39442 sendmail: accepting connections 
    
    Apr 16 11:38:55 gnomegurke systemd[1]: Starting Sendmail Mail Transport Agent... 
    Apr 16 11:38:55 gnomegurke echo[39437]: Initializing SMTP port (sendmail) 
    Apr 16 11:38:55 gnomegurke sendmail[39442]: starting daemon (8.16.1): SMTP+queueing@00:30:00 
    Apr 16 11:38:55 gnomegurke systemd[1]: Started Sendmail Mail Transport Agent. 
    gnomegurke:~ # ss -tnlp 
    State         Recv-Q        Send-Q                 Local Address:Port                 Peer Address:Port                                                     
    LISTEN        0             128                          0.0.0.0:22                        0.0.0.0:*            users:(("sshd",pid=1161,fd=3))              
    LISTEN        0             5                          127.0.0.1:631                       0.0.0.0:*            users:(("cupsd",pid=953,fd=7))              
    LISTEN        0             10                           0.0.0.0:25                        0.0.0.0:*            users:(("sendmail",pid=39442,fd=4))         
    LISTEN        0             128                             [::]:22                           [::]:*            users:(("sshd",pid=1161,fd=4))              
    LISTEN        0             5                              [::1]:631                          [::]:*            users:(("cupsd",pid=953,fd=6))    
    
    so at least it starts. If SENDMAIL_USE_IPV6="yes" is set sendmail complains that it cannot bind the IPv6 socket. But as this strace snippet shows
    Code:
    gnomegurke:~ # grep bind sendmail.tarce  
    36960 bind(4, {sa_family=AF_INET, sin_port=htons(25), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 
    36960 bind(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 
    36960 bind(6, {sa_family=AF_UNIX, sun_path="/var/run/sendmail/control"}, 110) = 0 
    36960 bind(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS
    E (Address already in use) 
    36960 bind(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS
    E (Address already in use) 
    36960 bind(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS
    E (Address already in use)
    ..
    it is sendmail himself that is trying to bind twice to "::" and this might be a bug or more likely a configuration problem. I have not enough sendmail know how to distinguish this.

  8. #18
    Join Date
    May 2017
    Location
    New York
    Posts
    32

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    Quote Originally Posted by rawar View Post
    Hmm i installed the goodold sendmail-8.16.1-lp152.10.3.1 on a Leap 15.2 VM with all available updates today. Then set SMTPD_LISTEN_REMOTE="yes" and SENDMAIL_USE_IPV6="no" and since i do not use yast i reconfigured it with the script. And the result is:
    Code:
    gnomegurke:~ # systemctl status  sendmail  
     sendmail.service - Sendmail Mail Transport Agent 
       Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: disabled) 
       Active: active (running) since Fri 2021-04-16 11:38:55 CEST; 7min ago 
      Process: 39441 ExecStart=/usr/sbin/sendmail $SENDMAIL_ARGS (code=exited, status=0/SUCCESS) 
      Process: 39438 ExecStartPre=/etc/mail/system/sm.pre (code=exited, status=0/SUCCESS) 
      Process: 39437 ExecStartPre=/bin/echo Initializing SMTP port (sendmail) (code=exited, status=0/SUCCESS) 
     Main PID: 39442 (sendmail) 
        Tasks: 1 
       CGroup: /system.slice/sendmail.service 
               └─39442 sendmail: accepting connections 
    
    Apr 16 11:38:55 gnomegurke systemd[1]: Starting Sendmail Mail Transport Agent... 
    Apr 16 11:38:55 gnomegurke echo[39437]: Initializing SMTP port (sendmail) 
    Apr 16 11:38:55 gnomegurke sendmail[39442]: starting daemon (8.16.1): SMTP+queueing@00:30:00 
    Apr 16 11:38:55 gnomegurke systemd[1]: Started Sendmail Mail Transport Agent. 
    gnomegurke:~ # ss -tnlp 
    State         Recv-Q        Send-Q                 Local Address:Port                 Peer Address:Port                                                     
    LISTEN        0             128                          0.0.0.0:22                        0.0.0.0:*            users:(("sshd",pid=1161,fd=3))              
    LISTEN        0             5                          127.0.0.1:631                       0.0.0.0:*            users:(("cupsd",pid=953,fd=7))              
    LISTEN        0             10                           0.0.0.0:25                        0.0.0.0:*            users:(("sendmail",pid=39442,fd=4))         
    LISTEN        0             128                             [::]:22                           [::]:*            users:(("sshd",pid=1161,fd=4))              
    LISTEN        0             5                              [::1]:631                          [::]:*            users:(("cupsd",pid=953,fd=6))    
    
    so at least it starts. If SENDMAIL_USE_IPV6="yes" is set sendmail complains that it cannot bind the IPv6 socket. But as this strace snippet shows
    Code:
    gnomegurke:~ # grep bind sendmail.tarce  
    36960 bind(4, {sa_family=AF_INET, sin_port=htons(25), sin_addr=inet_addr("0.0.0.0")}, 16) = 0 
    36960 bind(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = 0 
    36960 bind(6, {sa_family=AF_UNIX, sun_path="/var/run/sendmail/control"}, 110) = 0 
    36960 bind(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS
    E (Address already in use) 
    36960 bind(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS
    E (Address already in use) 
    36960 bind(5, {sa_family=AF_INET6, sin6_port=htons(25), sin6_flowinfo=htonl(0), inet_pton(AF_INET6, "::", &sin6_addr), sin6_scope_id=0}, 28) = -1 EADDRINUS
    E (Address already in use)
    ..
    it is sendmail himself that is trying to bind twice to "::" and this might be a bug or more likely a configuration problem. I have not enough sendmail know how to distinguish this.

    Yes, I agree with you, it must be a configuration problem. What surprises me is that it is the default distribution configuration, I have basically done nothing other than install a 15.1 with sendmail, enable remote connection (which was working fine) and then upgrade it to a 15.2.

    If I install a 15.2 straight away instead it just refuses remote connection, even if I do the exact same thing you did. So my question is: did you do a network install or a DVD install? I am wondering if the issue may be with the -NET distribution...

  9. #19

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    I used the 15.2 golden master ISO to install this test VM last summer. Just for fun i made a snapshot of the VM and installed the Leap 15.1 sendmail version 8.15.2 and it did start without IPv6 complains. But this default 8.15.2 sendmail.cf did not even try to start a IPv6 MTA-v6. And a diff between 8.15.2 and 8.16.1 version of /usr/lib/sendmail.d/update
    Code:
    gnomegurke:~> diff update-8.16.1 update-8.15.2  
    130,138d129 
    <       if test "$SMTPD_LISTEN_REMOTE" != yes ; then 
    <               if test "$SENDMAIL_USE_IPV6" = yes ; then 
    <                       AddressV4="127.0.0.1" 
    <                       AddressV6="::1" 
    <               else 
    <                       Address="127.0.0.1" 
    <               fi 
    <               DAEMON_OPTIONS="${DAEMON_OPTIONS:+${DAEMON_OPTIONS}, }Addr=" 
    <       fi 
    140,147c131 
    <               if test "$SENDMAIL_USE_IPV6" = yes ; then 
    <                       echo "DAEMON_OPTIONS(\`Name=MTA-v4, Family=inet, ${DAEMON_OPTIONS}${AddressV4+"$AddressV4"}')dnl" 
    <                       echo "DAEMON_OPTIONS(\`Name=MTA-v6, Family=inet6, ${DAEMON_OPTIONS}${AddressV6+"$AddressV6"}')dnl" 
    <               else 
    <                       echo "DAEMON_OPTIONS(\`Name=MTA, ${DAEMON_OPTIONS}${Address+"$Address"}')dnl" 
    <               fi 
    <       elif test "$SENDMAIL_USE_IPV6" = yes ; then 
    <               echo "define(\`_NETINET6_')dnl" 
    --- 
    >               echo "DAEMON_OPTIONS(\`Name=MTA,${DAEMON_OPTIONS}')dnl"
    
    shows that there is no MTA-v6 at all in the Leap 15.1 version of the configuration script. I think these changes are the reason for the problem. And i must admit that from a security perspective the default value "SMTPD_LISTEN_REMOTE=no" in 15.2 is a good choice for most users.

  10. #20
    Join Date
    May 2017
    Location
    New York
    Posts
    32

    Default Re: Leap 15.2 port 25 no longer accept remote connections

    Quote Originally Posted by rawar View Post
    I used the 15.2 golden master ISO to install this test VM last summer. Just for fun i made a snapshot of the VM and installed the Leap 15.1 sendmail version 8.15.2 and it did start without IPv6 complains. But this default 8.15.2 sendmail.cf did not even try to start a IPv6 MTA-v6. And a diff between 8.15.2 and 8.16.1 version of /usr/lib/sendmail.d/update
    Code:
    gnomegurke:~> diff update-8.16.1 update-8.15.2  
    130,138d129 
    <       if test "$SMTPD_LISTEN_REMOTE" != yes ; then 
    <               if test "$SENDMAIL_USE_IPV6" = yes ; then 
    <                       AddressV4="127.0.0.1" 
    <                       AddressV6="::1" 
    <               else 
    <                       Address="127.0.0.1" 
    <               fi 
    <               DAEMON_OPTIONS="${DAEMON_OPTIONS:+${DAEMON_OPTIONS}, }Addr=" 
    <       fi 
    140,147c131 
    <               if test "$SENDMAIL_USE_IPV6" = yes ; then 
    <                       echo "DAEMON_OPTIONS(\`Name=MTA-v4, Family=inet, ${DAEMON_OPTIONS}${AddressV4+"$AddressV4"}')dnl" 
    <                       echo "DAEMON_OPTIONS(\`Name=MTA-v6, Family=inet6, ${DAEMON_OPTIONS}${AddressV6+"$AddressV6"}')dnl" 
    <               else 
    <                       echo "DAEMON_OPTIONS(\`Name=MTA, ${DAEMON_OPTIONS}${Address+"$Address"}')dnl" 
    <               fi 
    <       elif test "$SENDMAIL_USE_IPV6" = yes ; then 
    <               echo "define(\`_NETINET6_')dnl" 
    --- 
    >               echo "DAEMON_OPTIONS(\`Name=MTA,${DAEMON_OPTIONS}')dnl"
    
    shows that there is no MTA-v6 at all in the Leap 15.1 version of the configuration script. I think these changes are the reason for the problem. And i must admit that from a security perspective the default value "SMTPD_LISTEN_REMOTE=no" in 15.2 is a good choice for most users.
    Yes, that has been always the default on all distributions: to not accept remote connections. I managed to make it work by recompiling: m4 /etc/mail/linux.mc >/etc/sendmail.cf, and setting the SENDMAIL_USE_IPV6="no". It works now and it accepts remote connections.

    Thank you so much for your help!

Page 2 of 3 FirstFirst 123 LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •