Sendmail 8.12.2 on Mac OS X 10.1.5

Introduction | Operation | Upgrading | Related

Introduction

Apple’s Mac OS X ships with the sendmail Mail Transport Agent (MTA) as part of the underlying Berkeley Software Distribution (BSD) compatibility layer. Mac OS 10.1.5 ships with the 8.12.2 release of sendmail. Due to system-specific problems involved with both the stock sendmail and newer versions, I have made these notes available. Notes for other versions of sendmail on OS X are also available.

This page assumes the reader is reasonably competent with Unix.

Operation

To see what version of sendmail is installed on your system, use the following command.

$ sendmail -d0 < /dev/null | grep -i version
Version 8.10.2

Getting Started

Sendmail 8.12.2 on Mac OS X 10.1.5 ships misconfigured in a number of ways. For increased security, 8.12 should be run without the suid bit set, as detailed in sendmail/SECURITY. Sendmail on OS X does not:

$ ls -l /usr/sbin/sendmail
-r-sr-xr-x 1 root smmsp 581060 Jul 3 13:12 /usr/sbin/sendmail

More relevant to working local mail are configuration issues. Sending a test message appears to work:

$ echo "just a test" | mail -s "test" root

However, chasing down where the message ends up reveals various problems:

$ mailq
/etc/mail/sendmail.cf: line 81: fileclass: cannot open
'/etc/mail/local-host-names': Group writable directory
Msmtp: Warning: first argument in [IPC] mailer must be TCP or FILE

Once found, the mail log reveals even more details:

$ grep mail /etc/syslog.conf
*.err;kern.*;auth.notice;authpriv,remoteauth.none;mail.crit
/dev/console
*.notice;*.info;authpriv,remoteauth,ftp.none;kern.debug;mail.crit
/var/log/system.log
mail.*
/var/log/mail.log
$ tail -2 /var/log/mail.log
Jul 5 13:09:42 wumpus sendmail[352]: g65K9gS7000352: from=admin, size=36,
class=0, nrcpts=1, msgid=<200207052009.g65K9gS7000352@wumpus.example.org>,
relay=admin@localhost
Jul 5 13:09:42 wumpus sendmail[352]: g65K9gS7000352: to=root, ctladdr=admin
(501/20), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30024,
relay=localhost [127.0.0.1], dsn=4.0.0,
stat=Deferred: Connection refused by localhost

The (undelivered) message can be found in the /var/spool/clientmqueue directory. The connection refused message indicates that the mail submission agent (configured with /etc/mail/submit.cf) was not able to deliver the message to the mail transport agent (configured with /etc/mail/sendmail.cf). The solution depends on what role the system will play in the mail flow on the network.

Dumb Client

If the system in question simply forwards all local mail to a central mail server, one solution is to configure the mail submission agent to deliver mail directly to the central system. This can be done by altering the D{MTAHost} definition in /etc/mail/submit.cf using the following mtahost.patch file. An advantage of this method is that no sendmail daemon need be left running on each client.

$ perl -i -ple 's/example.org/yourdomain.dom/g' mtahost.patch
$ sudo patch -p0 < mtahost.patch

The above patch assumes there is a MX entry for yourdomain.dom pointing to the mail server(s) in your domain. For example:

$ host -t mx example.org
example.org mail is handled (pri=5) by mx1.example.org
example.org mail is handled (pri=5) by mx2.example.org

For more information on submit.cf and how to generate it from scratch, peruse /etc/mail/README, as well as the README and cf/submit.mc files under the /usr/share/sendmail/conf directory. Quick preference-like changes can be made to sendmail’s *.cf files; however, I usually recommend that all editing be done via a *.mc file.

In certain setups, unqualified mail sent to the D{MTAHost} as above may get stuck on the server trying to deliver the mail back to the client. The hackish work-around in this case is to set the Dj entry in /etc/mail/sendmail.cf to not include the client’s hostname.

Crontab Mail

As a consequence of fixing the mail flow, various status reports will begin to be delivered from the Unix side of things. If required, these can be disabled with the following /etc/crontab patch. The reports will still be saved to /var/log/*.out for review.

Aliases

Aliases are covered in the 8.10.2 notes fairly well.

Advanced Config

Reconfiguration of sendmail is best done with a sendmail.mc file, from which sendmail.cf can be rebuilt. The sendmail.mc is a list of m4(1) macros that produce the sendmail.cf when combined properly with the cf/* files under the sendmail source directory. As noted about, reconfiguration of the mail submission agent can be done through a submit.mc file.

The Apple Developer Tools package may need to be installed to obtain the m4 command required to convert a *.mc file into a *.cf file.

OS X 10.1.5 ships with the old configuration file from previous releases of OS X, so you will need to rebuild sendmail.cf. The old *.cf is the source of various warnings sendmail will emit in response to certain commands and in the daily cron jobs:

$ sendmail -C/etc/mail/sendmail.cf -bt < /dev/null | grep date
Warning: .cf file is out of date: sendmail 8.12.2 supports version 10, .cf file
is version 9

Startup

To startup the sendmail server daemon, ensure MAILSERVER=-YES- is present in /etc/hostconfig and run the following to start the daemon:

$ sudo sh /System/Library/StartupItems/Sendmail/Sendmail

You will need to edit the Sendmail script to include the -L sm-mta argument if you fix the suid permissions on sendmail.

For older systems without the Sendmail startup script, one can also setup a cron job for root to perform the same task:

$ sudo crontab -l | grep sendmail
@reboot /usr/sbin/sendmail -L sm-mta -bd -q30m
# clean out sendmail's mail submission queue every so often
*/30 * * * * /usr/sbin/sendmail -L sm-msp-queue -Ac -q

See crontab(5) for more details on configuring cron jobs. The above jobs could also be placed in /etc/crontab.

Upgrading

The latest versions of sendmail offer bugfixes and improvements, and better support for features such as SMTP AUTH and STARTTLS. The latest release can be compiled from source and manually configured on Mac OS X.

Sendmail with SASL support is tricky, as sendmail currently wants to use the cyrus-sasl 1.x library, while the Cyrus developers only really began supporting OS X in the new 2.x sasl library. The 1.x library should be available as a binary from the Fink project.

Related