3

I just upgraded my server from FreeBSD 10.3 to 11.1. It's now running Sendmail 8.15.2 and OpenSSL 1.0.2k-freebsd 26 Jan 2017.

Since the upgrade, sending mail to my server is failing. I cranked up the log level to show all incoming and outgoing SMTP commands using /usr/sbin/sendmail -d95.99 -bD -X /tmp/test.log. A typical incoming connection looks like this:

34431 >>> 220 localhost.FKEinternet.net ESMTP Sendmail 8.15.2/8.15.2; Thu, 8 Mar 2018 11:35:32 -0500 (EST)
34431 <<< EHLO [192.168.14.73]
34431 >>> 250-localhost.FKEinternet.net Hello rrcs-184-74-100-26.nys.biz.rr.com [184.74.100.26], pleased to meet you
34431 >>> 250-ENHANCEDSTATUSCODES
34431 >>> 250-PIPELINING
34431 >>> 250-8BITMIME
34431 >>> 250-SIZE
34431 >>> 250-DSN
34431 >>> 250-ETRN
34431 >>> 250-STARTTLS
34431 >>> 250-DELIVERBY
34431 >>> 250 HELP
34431 <<< STARTTLS

and in /var/log/messages I find

Mar  8 11:35:32 Dreamer kernel: pid 34431 (sendmail), uid 0: exited on signal 11

Is there a crash log somewhere I can look at to figure out what's going on? What else can I do to debug this problem?

EDIT

Other than instances of sh.core, pkg.core and pkg-static.core created during the server upgrade two days ago, find / -name "*.core" -ls did not return any core files less than a year old. Where there's a sendmail instance crashing with every piece of mail being attempted for delivery, I would have expected to find one not more than a few minutes old. What would be likely to prevent the .core files from being created?

FKEinternet
  • 291
  • 2
  • 4
  • 11
  • Signal 11 should produce a core dump unless system settings prevent that. But more generally.... sendmail in 2018? – jordanm Mar 08 '18 at 17:30
  • Yes, I'm still using the same MTA I was 20 years ago - because I haven't seen a compelling reason to make the heavy investment required to change to a different one. – FKEinternet Mar 08 '18 at 19:36
  • ulimit is the most common way of preventing coredumps, but I don't have much experience with freebsd. The core dumps should be created in the working directory of the process. – jordanm Mar 08 '18 at 19:45

1 Answers1

0

I found the answer in DutchDaemon's Dec 12, 2017 reply in the [sendmail] Lots of "did not issue MAIL/EXPN/VRFY/ETRN" logs thread on the FreeBSD forums:

A standard install will put something like this in your .mc file:

dnl Enable STARTTLS for receiving email.
define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confSERVER_CERT', `CERT_DIR/host.cert')dnl
define(`confSERVER_KEY', `CERT_DIR/host.key')dnl
define(`confCLIENT_CERT', `CERT_DIR/host.cert')dnl
define(`confCLIENT_KEY', `CERT_DIR/host.key')dnl
define(`confCACERT', `CERT_DIR/cacert.pem')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confDH_PARAMETERS', `CERT_DIR/dh.param')dnl

I compared that code block with what was in my server's .mc file, and found it was missing the define('confDH_PARAMETERS','CERT_DIR/dh.param')dnl line. I added that, restarted sendmail, and it's working now.

I would still like to know why there were never any .core files generated, and as SirDice observed on the FreeBSD forums,

Odd that it actually crashed though, I would have expected it to produce a failure message and refuse to run, not start and segfault when you try to use it.

FKEinternet
  • 291
  • 2
  • 4
  • 11