In the process of updating MySQL on my FreeBSD server last week, I did a pkg upgrade
and after my server rebooted itself last night, sendmail won't start:
/etc/mail # make start
Starting: sendmailShared object "libdb-6.1.so" not found, required by "sendmail"
sendmail-clientmqueueShared object "libdb-6.1.so" not found, required by "sendmail"
I tried
# pkg upgrade sendmail
Updating FreeBSD repository catalogue...
FreeBSD repository is up-to-date.
All repositories are up-to-date.
pkg: sendmail is not installed, therefore upgrade is impossible
Checking integrity... done (0 conflicting)
Your packages are up to date.
and
/usr/ports/mail/sendmail # make
===> License Sendmail accepted by the user
===> Found saved configuration for sendmail+tls+sasl2+db6-8.15.2
===> sendmail+tls+sasl2+db5-8.15.2_3 depends on file: /usr/local/sbin/pkg - found
=> sendmail.8.15.2.tar.gz doesn't seem to exist in /usr/ports/distfiles/.
=> Attempting to fetch `ftp://ftp7.freebsd.org/pub/FreeBSD/ports/distfiles/sendmail.8.15.2.tar.gz`
fetch: `ftp://ftp7.freebsd.org/pub/FreeBSD/ports/distfiles/sendmail.8.15.2.tar.gz`: No route to host
=> Attempting to fetch `ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz`
fetch: `ftp://ftp.sendmail.org/pub/sendmail/sendmail.8.15.2.tar.gz`: Permission denied
=> Attempting to fetch `ftp://ftp7.freebsd.org/pub/FreeBSD/ports/distfiles/sendmail.8.15.2.tar.gz`
fetch: `ftp://ftp7.freebsd.org/pub/FreeBSD/ports/distfiles/sendmail.8.15.2.tar.gz`: No route to host
=> Couldn't fetch it - please try to retrieve this
=> port manually into /usr/ports/distfiles/ and try again.
*** Error code 1
Stop.
make[1]: stopped in /usr/ports/mail/sendmail
*** Error code 1
Stop.
make: stopped in /usr/ports/mail/sendmail
I found it really odd there wasn't a route to ftp://ftp7.freebsd.org/pub/FreeBSD/ports/distfiles/sendmail.8.15.2.tar.gz
. I tried using traceroute
but it seems the UDP packets are being blocked by ipfw which is set up to allow ICMP packets for traceroute. I found and installed tcptraceroute
and checked the server address:
# tcptraceroute ftp7.freebsd.org
Selected device re0, address 100.0.193.99, port 47109 for outgoing packets
Tracing the path to ftp7.freebsd.org (212.219.56.184) on TCP port 80 (http), 30 hops max
1 lo0-100.BSTNMA-VFTTP-304.verizon-gni.net (100.0.193.1) 0.873 ms 4.060 ms 1.295 ms
2 B3304.BSTNMA-LCR-21.verizon-gni.net (100.41.201.13) 4.982 ms 2.465 ms 3.963 ms
3 * * *
4 * * *
5 0.ae7.GW10.EWR6.ALTER.NET (140.222.231.129) 13.909 ms 13.042 ms 16.170 ms
6 customer.customer.alter.net (157.130.91.86) 12.101 ms 13.999 ms 14.463 ms
7 nyk-bb2-link.telia.net (62.115.134.109) 12.736 ms 12.905 ms 10.899 ms
8 ldn-bb2-link.telia.net (213.155.133.6) 87.360 ms 90.585 ms 88.851 ms
9 ldn-b3-link.telia.net (62.115.137.197) 87.316 ms 86.608 ms 85.195 ms
10 jisc-ic-318433-ldn-b3.c.telia.net (62.115.148.159) 80.234 ms 81.564 ms 81.709 ms
11 ae29.londpg-sbr2.ja.net (146.97.33.2) 82.335 ms 80.600 ms 81.831 ms
12 ae30.londtw-sbr2.ja.net (146.97.33.6) 81.793 ms 80.232 ms 82.312 ms
13 kpsn.londtw-sbr2.ja.net (146.97.41.86) 82.862 ms 82.107 ms 82.119 ms
14 212.219.171.222 83.104 ms 85.585 ms 88.442 ms
15 www.mirrorservice.org (212.219.56.184) [open] 85.161 ms 83.739 ms 85.358 ms
I double-checked to be sure something hadn't changed while I wasn't looking, but make
failed with the same "No route to host" error. I checked to see if the firewall was blocking the FTP connection:
# less /var/log/security
Aug 21 11:00:00 Dreamer newsyslog[20945]: logfile turned over due to size>100K
Aug 21 11:00:09 Dreamer kernel: ipfw: 56599 Deny TCP 123.59.55.92:48049 100.0.193.99:3128 in via re0
Aug 21 11:00:44 Dreamer kernel: ipfw: 56599 Deny TCP 93.174.95.87:36924 100.0.193.102:110 in via re0
Aug 21 11:00:47 Dreamer last message repeated 2 times
Aug 21 11:00:47 Dreamer kernel: ipfw: 299 Deny TCP 100.0.193.99:23489 212.219.56.184:21 out via re0
Aug 21 11:00:54 Dreamer kernel: ipfw: 299 Deny TCP 100.0.193.99:59597 212.219.56.184:21 out via re0
Aug 21 11:01:45 Dreamer kernel: ipfw: 56599 Deny TCP 182.191.88.195:45481 100.0.193.102:23 in via re0
Aug 21 11:01:48 Dreamer kernel: ipfw: 56599 Deny TCP 182.191.88.195:45481 100.0.193.102:23 in via re0
Aug 21 11:02:13 Dreamer kernel: ipfw: 299 Deny TCP 100.0.193.99:28015 212.219.56.184:21 out via re0
Aug 21 11:02:13 Dreamer kernel: ipfw: 299 Deny TCP 100.0.193.99:23314 209.246.26.16:21 out via re0
Aug 21 11:02:13 Dreamer kernel: ipfw: 299 Deny TCP 100.0.193.99:26752 212.219.56.184:21 out via re0
Aug 21 11:04:10 Dreamer kernel: ipfw: 299 Deny TCP 100.0.193.99:25337 212.219.56.184:21 out via re0
Aug 21 11:04:10 Dreamer kernel: ipfw: 299 Deny TCP 100.0.193.99:37933 209.246.26.16:21 out via re0
Aug 21 11:04:10 Dreamer kernel: ipfw: 299 Deny TCP 100.0.193.99:65061 212.219.56.184:21 out via re0
I then tried
# wget `ftp://ftp7.freebsd.org/pub/FreeBSD/ports/distfiles/sendmail.8.15.2.tar.gz`
--2016-08-21 11:05:45-- `ftp://ftp7.freebsd.org/pub/FreeBSD/ports/distfiles/sendmail.8.15.2.tar.gz`
=> 'sendmail.8.15.2.tar.gz'
Resolving ftp7.freebsd.org (ftp7.freebsd.org)... 212.219.56.184, 2001:630:341:12::184
Connecting to ftp7.freebsd.org (ftp7.freebsd.org)|212.219.56.184|:21... failed: Permission denied.
Connecting to ftp7.freebsd.org (ftp7.freebsd.org)|2001:630:341:12::184|:21... failed: No route to host.
It seems the "No route to host" message is a red herring - the real problem is "Permission denied" on the IPV4 connection.
When I paste the URL ftp://ftp7.freebsd.org/pub/FreeBSD/ports/distfiles/sendmail.8.15.2.tar.gz
into my browser, I get an error dialog saying "550 Failed to change directory." When I connect to ftp7.freebsd.org using WinSCP and navigate to /pub/FreeBSD/ports/distfiles/ I find a README.txt that says
Our distfiles cache has been moved to: `http://distcache.FreeBSD.org/ports-distfiles/` distfiles can be fetched by name from there, as specified in the corresponding port that uses it.
I just re-ran portsnap fetch
update (again, for the nth time this week), then tried make
again in the sendmail ports directory - and got the same FTP failure.
If the distfiles cache has been moved, why is make in a port directory still using the old path when attempting to fetch the distfiles for the port?
Also, when I try to navigate to http://distcache.freebsd.org/ports-distfiles/
with my browser, I get a 403 Forbidden error page from nginx.
Because of the problems described above, I am unable to retrieve the sendmail distribution files, so I tried
# pkg install sendmail
Updating FreeBSD repository catalogue...
Fetching meta.txz: 100% 944 B 0.9kB/s 00:01
Fetching packagesite.txz: 100% 6 MiB 5.8MB/s 00:01
Processing entries: 100%
FreeBSD repository update completed. 25584 packages processed.
Updating database digests format: 100%
pkg: No packages available to install matching 'sendmail' have been found in the repositories
I've also posted this at https://forums.freebsd.org/threads/57359/ but haven't gotten any usable replies.
I can't get the sendmail port's distribution files, and there isn't a package available, so at the moment I'm in a really difficult position because this is a PRODUCTION server that blew up!.
What do I have to do to get sendmail working again?
# uname -a
FreeBSD Dreamer.FKEinternet.net 10.2-RELEASE FreeBSD 10.2-RELEASE #0: Mon Oct 5 23:53:36 EDT 2015 root@Dreamer.FKEinternet.com.:/usr/obj/usr/src/sys/GENERIC amd64