[Solved] Mail Service, sendmail segfault

Post Reply
User avatar
cbrown
Posts: 41
Joined: December 29th, 2017, 11:54 pm
Location: Texas

[Solved] Mail Service, sendmail segfault

Post by cbrown » October 19th, 2018, 1:01 pm

On fresh install of core 124 ...
I did the “Mail Service” configuration and tried sending a test message.

I got this in /var/log/mail ...
Oct 19 07:43:20 ipfire dma[e03a6]: new mail from user=nobody uid=99 envelope_from=<root@ipfire.pookie.home>
Oct 19 07:43:20 ipfire dma[e03a6]: mail to=<cab_77573@yahoo.com> queued as e03a6.676340
Oct 19 07:43:20 ipfire dma[e03a6.676340]: trying delivery
Oct 19 07:43:20 ipfire dma[e03a6.676340]: using smarthost (smtp.mail.yahoo.com:465)
Oct 19 07:43:21 ipfire dma[e03a6.676340]: trying remote delivery to smtp.mail.yahoo.com [74.6.141.43] pref 0

After a few minutes, I see segfault on sendmail in /var/log/messages ...
Oct 19 07:48:21 ipfire kernel: sendmail[2601]: segfault at 0 ip (null) sp 00007fff2254c330 error 14 in dma[400000+f000]

Anyone have any insight into what may be wrong?

-------------------------------------------------------------
IPFire version: IPFire 2.21 (x86_64) - core124
Pakfire version: 2.21-x86_64
Kernel version: Linux ipfire.pookie.home 4.14.72-ipfire #1 SMP Thu Sep 27 08:30:44 GMT 2018 x86_64 AMD A6-5400K APU with Radeon(tm) HD Graphics AuthenticAMD GNU/Linux
Last edited by cbrown on March 9th, 2019, 2:05 pm, edited 1 time in total.
Image

User avatar
cbrown
Posts: 41
Joined: December 29th, 2017, 11:54 pm
Location: Texas

Re: Mail Service, sendmail segfault

Post by cbrown » October 19th, 2018, 1:21 pm

If this could help ...

Here’s the contents of /var/dma/mail.conf …
SENDER=root@ipfire.pookie.home
RECIPIENT=cab_77573@yahoo.com
USEMAIL=on

and /var/dma/dma.conf ...
FULLBOUNCE
SECURETRANSFER
SMARTHOST smtp.mail.yahoo.com
STARTTLS
AUTHPATH /var/ipfire/dma/auth.conf
MAILNAME ipfire.pookie.home
SPOOLDIR /var/spool/dma
PORT 465
Image

User avatar
cbrown
Posts: 41
Joined: December 29th, 2017, 11:54 pm
Location: Texas

Re: Mail Service, sendmail segfault

Post by cbrown » October 19th, 2018, 6:05 pm

d2f437fa-7cc9-4269-b833-b34c958a8120.png
Image

User avatar
cbrown
Posts: 41
Joined: December 29th, 2017, 11:54 pm
Location: Texas

Re: Mail Service, sendmail segfault

Post by cbrown » November 9th, 2018, 1:21 pm

Any clues as to how I might further diagnose the problem here?
Image

cfusco
Posts: 184
Joined: March 23rd, 2015, 4:19 pm

Re: Mail Service, sendmail segfault

Post by cfusco » November 9th, 2018, 5:44 pm

port 465 or 587? I did a google search and I found several pages indicating that for TLS is port 587.
Image

User avatar
cbrown
Posts: 41
Joined: December 29th, 2017, 11:54 pm
Location: Texas

Re: Mail Service, sendmail segfault

Post by cbrown » November 10th, 2018, 3:13 am

Switching port to 587 was progress. I didn't get the segfault from sendmail and the message appeared to be sent. However, I'm now getting error "Authentication failed: 535 5.7.1 Authentication failed" back from the smtp server
...
Nov 9 20:48:37 ipfire dma[e019c.142e340]: trying delivery
Nov 9 20:48:37 ipfire dma[e019c.142e340]: using smarthost (smtp.mail.yahoo.com:587)
Nov 9 20:48:37 ipfire dma[e019c.142e340]: trying remote delivery to smtp.mail.yahoo.com [74.6.141.43] pref 0
Nov 9 20:48:38 ipfire dma[e019c.142e340]: Server greeting successfully completed
Nov 9 20:48:38 ipfire dma[e019c.142e340]: Server supports STARTTLS
Nov 9 20:48:38 ipfire dma[e019c.142e340]: SSL initialization successful
Nov 9 20:48:38 ipfire dma[e019c.142e340]: Server greeting successfully completed
Nov 9 20:48:38 ipfire dma[e019c.142e340]: Server does not support STARTTLS
Nov 9 20:48:38 ipfire dma[e019c.142e340]: Server supports LOGIN authentication
Nov 9 20:48:38 ipfire dma[e019c.142e340]: using SMTP authentication for user xxxxxx@yahoo.com
Nov 9 20:48:38 ipfire dma[e019c.142e340]: remote delivery failed: Authentication failed: 535 5.7.1 Authentication failed
Nov 9 20:48:38 ipfire dma[e019c.142e340]: remote delivery failed: SMTP login failed: Success
Nov 9 20:48:38 ipfire dma[e019c.142e340]: delivery failed, bouncing as e03d7
Nov 9 20:48:38 ipfire dma[e03d7]: new mail from user=nobody uid=99 envelope_from=<>
Nov 9 20:48:38 ipfire dma[e03d7]: mail to=<root> queued as e03d7.1453fe0
Nov 9 20:48:38 ipfire dma[e03d7.1453fe0]: trying delivery
Nov 9 20:48:38 ipfire dma[e03d7.1453fe0]: delivery successful
....
I have verified my login credentials so I wouldn't expect that to be the issue.

Looking at my settings for smtp in thunderbird, It sends to port 465 with TLS. Thunderbird sends mail successfully.
When I try those settings in ipfire, sendmail gets a segfault.
Image

cfusco
Posts: 184
Joined: March 23rd, 2015, 4:19 pm

Re: Mail Service, sendmail segfault

Post by cfusco » November 11th, 2018, 8:40 pm

Few hypothesis for your troubleshooting.
  • Can it be a problem of some special character in the credentials that somehow needs to be escaped?
  • Do you have a 2 factor authentication in your yahoo mail? In that case probably you need to set up an application password specific for your IPFire MTA.
  • In auth.conf, is there a username/password in the form of:

    Code: Select all

    username|smtp_hostname:password 
    ? For example, google would be:

    Code: Select all

    gmail_user@gmail.com|smtp.gmail.com:Password
  • Also, maybe you need to use the "INSECURE" directive (careful, as it will send your credentials in clear text), as suggested here for gmail:
    https://www.dragonflybsd.org/docs/howto ... dma_gmail/

    I say this because I find strange that in your logs you have one message suggesting that one server does support STARTTLS and after a couple of lines it says that it does not. Maybe the login has to be done in clear text? Maybe this is the reason why when you use port 465 the server crashes, as it is possible (just a conjecture) that dragonfly mail agent (let's call it DMA, as it is used by IPFire) can only support STARTTLS and not the implicit SSL/TLS.

    My understanding is that port 465 is reserved for an implicit SSL/TLS authentication (meaning encrypted from the beginning), while port 587 is reserved for STARTTLS which is first established in clear text and then it is upgraded to a secure channel when both mail transfer agents can use an encrypted communication, otherwise it proceeds in clear text.

    To summarize this hypothesis, yahoo use port 465 only for implicit encryption, which crashes IPFire's DMA because it uses only STARTTLS. Meanwhile on port 587 yahoo does use STARTTLS but when DMA starts the communication, yahoo refuses to upgrade to an encrypted channel as it wants to use only clear text (again, just a conjecture). At this point, because DMA has not be instructed to use the clear text it sends the credentials encrypted anyway, which yahoo does not understand, hence the credentials error.

    I know, it's an unlikely mess, even if it fits with the events.
  • maybe like gmail, yahoo needs a "MASQUERADE" directive (see link below for an explanation, the howto of dragonfly mail agent).
  • Maybe you can test some other MTA, like google? Just to see if it's a problem with yahoo server.
Here you might get some other idea: https://wiki.mageia.org/en/Dma_Dragonfly_Mail_Agent.

In case you are curious about the ports 465/587 and that messy encryption issue: https://www.fastmail.com/help/technical ... rttls.html
Image

User avatar
cbrown
Posts: 41
Joined: December 29th, 2017, 11:54 pm
Location: Texas

Re: Mail Service, sendmail segfault

Post by cbrown » November 12th, 2018, 1:35 am

Special characters in password seems to be the culprit for the segfault -- I switched to a junk email account with simple password and the segfault issue went away. Still not successfully getting mail delivered. Thanks for all the good leads, this will probably keep me busy for a few days :)
Image

Post Reply