1

I would like to set a milter using MIMEDefang on Ubuntu 16.04. I have an existing server using Sendmail 8.15.2-3. I installed MIMEDefang 2.78-1ubuntu1.1 (default package from apt). I configured my filter as I wanted and the service seems to be running. I can't seem to get sendmail to connect to the milter through.

I originally tried adding this line to my sendmail.mc line:

INPUT_MAIL_FILTER(`mimedefang', `S=unix:/var/spool/MIMEDefang/mimedefang.sock, F=T, T=S:1m;R:1m')

but with that configuration I no one can send mail and the log file shows:

May 23 11:21:52  sm-mta[17052]: w4NFLq30017052: Milter (mimedefang): local socket name /var/spool/MIMEDefang/mimedefang.sock unsafe
May 23 11:21:52  sm-mta[17052]: w4NFLq30017052: Milter (mimedefang): 
to error state
May 23 11:21:52  sm-mta[17052]: w4NFLq30017052: Milter: initialization failed, temp failing commands

I can see the socket listing by running netstat -na | grep fang

unix  2      [ ACC ]     STREAM     LISTENING     154381   /var/spool/MIMEDefang/mimedefang-multiplexor.sock
unix  2      [ ACC ]     STREAM     LISTENING     154399   /var/spool/MIMEDefang/mimedefang.sock

But if I list the contents of /var/spool/MIMEDefang the socket isn't listed (ls -l /var/spool/MIMEDefang):

total 8
-rw------- 1 defang defang 6 May 23 15:15 mimedefang-multiplexor.pid
srwx------ 1 defang defang 0 May 23 15:15 mimedefang-multiplexor.sock
-rw------- 1 defang defang 6 May 23 15:15 mimedefang.pid

I didn't think it was the answer but I tried linking sendmail to mimedefang-multiplexor.sock since I didn't see mimedefang.sock in the ls but since I got different error. If that is what I'm supposed to do then I'm asking the wrong question.

I feel as though I'm missing something obvious.

Edit: As best I can tell from the service status mimedefang seems to have started correctly:

● mimedefang.service
   Loaded: loaded (/etc/init.d/mimedefang; bad; vendor preset: enabled)
   Active: active (running) since Wed 2018-05-23 16:51:17 EDT; 4min 34s ago
     Docs: man:systemd-sysv-generator(8)
  Process: 21578 ExecStop=/etc/init.d/mimedefang stop (code=exited, status=0/SUCCESS)
  Process: 20006 ExecReload=/etc/init.d/mimedefang reload (code=exited, status=0/SUCCESS)
  Process: 21587 ExecStart=/etc/init.d/mimedefang start (code=exited, status=0/SUCCESS)
    Tasks: 8
   Memory: 20.8M
      CPU: 122ms
   CGroup: /system.slice/mimedefang.service
           ├─21617 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -E -z /var/spool/MIMEDefang -m 2 -x 10 -U defang -b 600 -l -y 0 -s /var/spool/MIMEDefang/mimedefang-multiplexor.sock
           ├─21634 /usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -R -1 -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -z /var/spool/MIMEDefang -U defang -s  -p /var/spool/MIMEDefang/mimedefang.sock
           ├─21636 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -E -z /var/spool/MIMEDefang -m 2 -x 10 -U defang -b 600 -l -y 0 -s /var/spool/MIMEDefang/mimedefang-multiplexor.sock
           └─21647 /usr/bin/mimedefang-multiplexor -p /var/spool/MIMEDefang/mimedefang-multiplexor.pid -E -z /var/spool/MIMEDefang -m 2 -x 10 -U defang -b 600 -l -y 0 -s /var/spool/MIMEDefang/mimedefang-multiplexor.sock

May 23 16:51:17  systemd[1]: Starting mimedefang.service...
May 23 16:51:17  mimedefang[21587]: Starting mimedefang-multiplexor:                            [  OK  ]
May 23 16:51:17  mimedefang-multiplexor[21617]: started; minSlaves=2, maxSlaves=10, maxRequests=500, maxIdleTime=300, busyTimeout=600, clientTimeout=10
May 23 16:51:17  mimedefang[21634]: MIMEDefang alive. slavesReservedForLoopback=-1 AllowNewConnectionsToQueue=0 doRelayCheck=0 doHeloCheck=0 doSenderCheck=1 doRecipientCheck=0
May 23 16:51:17  mimedefang-multiplexor[21617]: Initialized embedded Perl interpreter
May 23 16:51:17  mimedefang-multiplexor[21617]: Starting slave 0 (pid 21636) (1 running): Bringing slaves up to minSlaves (2)
May 23 16:51:17  mimedefang[21634]: Multiplexor alive - entering main loop
May 23 16:51:17  mimedefang[21587]: Starting mimedefang:                                        [  OK  ]
May 23 16:51:17  systemd[1]: Started mimedefang.service.
May 23 16:51:20  mimedefang-multiplexor[21617]: Starting slave 1 (pid 21647) (2 running): Bringing slaves up to minSlaves (2)

The log here doesn't react at all to sendmail trying to use the normal MD socket. It does show an error (I think it was a timeout error) if I try the multiplexor socket.

kubanczyk
  • 13,502
  • 5
  • 40
  • 55
Fr33dan
  • 133
  • 8
  • It's mimedefang issue, independent of sendmail. For me `ls` shows that `mimedefang.sock` all right. Anything interesting in `systemctl status -l mimedefang` besides `Cannot read filter /etc/mail/mimedefang-filter`? Please edit it into the question. Probably the main process isn't running (`/usr/bin/mimedefang -P /var/spool/MIMEDefang/mimedefang.pid -R -1 -m /var/spool/MIMEDefang/mimedefang-multiplexor.sock -z /var/spool/MIMEDefang -U defang -p /var/spool/MIMEDefang/mimedefang.sock`) – kubanczyk May 23 '18 at 20:44
  • @kubanczyk I wanted to tag both pieces of software, but there isn't a mimedefang tag and I don't have enough rep to create one. I have edited the service status in but it looks good to me. – Fr33dan May 23 '18 at 21:03
  • Status looks correct. – kubanczyk May 23 '18 at 21:10

1 Answers1

1

After staring at the service status very closely I noticed the problem. If you look at the command listed in the status in the question it looks like this:

-U defang -s  -p /var/spool/MIMEDefang/mimedefang.sock

The crucial thing to notice is that there are two space between the -s parameter and the -p parameter. I dove into /etc/init.d/mimedefang to investigate. I'm nowhere near an expert in bash but I noticed that the quotes on these lines seems suspicious:

`[ "$MD_SKIP_BAD_RCPTS" = "yes" ] && echo "-N"` \
"`[ -n "$X_SCANNED_BY" ] && \
        ( [ "$X_SCANNED_BY" = "-" ] && \
            echo "-X" || echo "-x$X_SCANNED_BY" )`" \
`[ "$ALLOW_NEW_CONNECTIONS_TO_QUEUE" = "yes" ] && echo "-q"` \

I suspected that even if $X_SCANNED_BY is not defined as it is in my case the white space between the commands would still be added. I wasn't sure what their purpose was and since my case doesn't use $X_SCANNED_BY I removed the outer quotes:

`[ "$MD_SKIP_BAD_RCPTS" = "yes" ] && echo "-N"` \
`[ -n "$X_SCANNED_BY" ] && \
        ( [ "$X_SCANNED_BY" = "-" ] && \
            echo "-X" || echo "-x$X_SCANNED_BY" )` \
`[ "$ALLOW_NEW_CONNECTIONS_TO_QUEUE" = "yes" ] && echo "-q"` \

After this the command only had a single space between the options and sock appears as it should in the ls results:

total 8
-rw------- 1 defang defang 6 May 24 10:29 mimedefang-multiplexor.pid
srwx------ 1 defang defang 0 May 24 10:29 mimedefang-multiplexor.sock
-rw------- 1 defang defang 6 May 24 10:29 mimedefang.pid
srwx------ 1 defang defang 0 May 24 10:29 mimedefang.sock

Finally Sendmail works without issue.

Fr33dan
  • 133
  • 8
  • Qualifies as a bug to be handled by the package maintainer. Good find. (Also, no expert wrote this. It lacks clarity.) – kubanczyk May 24 '18 at 16:12