corecode / dma Goto Github PK

In short: Why is the recipient (last argument) not seen in sendmail -i -FCronDaemon -B8BITMIME -oem simon?

It also fails when running * (manually)* sendmail simon or dma simon. When I understand the man page correctly, this should work.
But it works as sendmail aa simon (sends to simon, ignores unknown user aa) or sendmail simon aa. Strange. All arrives to me because of *: simon in /etc/aliases. But why does it need two arguments?

longer:
Since some time (no idea since when), cron does not send emails when a job fails. In /var/log/syslog, I see the message:
Aug 26 10:10:01 myComputer CRON[17238]: (simon) MAIL (mailed 74 bytes of output but got status 0x0042 from MTA#012)
In /var/log/mail.err, I see the error message Aug 26 10:10:01 myComputer dma[c0988]: no recipients

I wrapped the call to sendmail (with a shell script) and found out how dma is called, what it gets as input and what it returns. It always fails with error 66.
The call is sendmail -i -FCronDaemon -B8BITMIME -oem simon. (This also fails when running manualy.)
Why is the last argument not seen as a recipient?

version (of debian package): 0.11-1+b1

Hi,

I find that several error handling sites forget to free the resource, which is allocated by function SSL_CTX_new(). See the following code, at line 128, function SSL_CTX_new() allocates the resource. However, several followed up error handling sites forget to free the resource that allocated by SSL_CTX_new(), including the handling actions of function SSL_new() (line 170 - line 172), SSL_set_fd() (line 181 - line 183), SSL_connect() (line 189 - line 191), SSL_get_peer_certificate(line 197 - line 199). For example, function SSL_new() does the handling actions: print the log message, then propogate the error code, therefore, miss the resource release action related to SSL_CTX_new(). This causes a missing resource release bug about function SSL_CTX_new().

function SSL_CTX_new() call site:

followed up handling actions:

======================================================================

Furthermore, I check the usages of SSL_CTX_new() from other projects, for instance, in the OpenSSL project at apps/ciphers.c. See the following code, in the end, the resource allocated by SSL_CTX_new() is freed by the action SSL_CTX_free(ctx) (line 280) :

line 195:    ctx = SSL_CTX_new(meth);
...
line 223:    ssl = SSL_new(ctx);
line 224:    if (ssl == NULL)
line 225:        goto err;
...
line 275: err:
line 276:    ERR_print_errors(bio_err);
line 277: end:
line 278:    if (use_supported)
line 279:        sk_SSL_CIPHER_free(sk);
line 280:    SSL_CTX_free(ctx);
line 281:    SSL_free(ssl);
line 282:    return ret;

Ref: https://github.com/openssl/openssl/blob/master/apps/ciphers.c

Hi,

It would be nice if there was a away to add the user fullname to the From header when sending a mail.

Maybe the EMAIL environment variable could be abused and dma could be extended to detect cases like 'name [email protected]'? Or maybe there is a more suitable way?

Cheers

We ran into problems calling dma (on FreeBSD) from the nagios check_mailq script, and found out that it behaves correctly when called as just "mailq", but incorrectly when called as "/usr/bin/mailq" (with a path) for example. This patch (see pull request #52) written by my colleague Klaus-Uwe Ittner corrects this.

Also reported as https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=216910.

Hi!

I have been trying for hours to figure this out but did not manage, therefore I wanted to ask here.

I installed dma on a raspberry pi with the current ubuntu server and set everything up to work with gmail. I also configured /etc/aliases with an e-mail adress e.g. "[email protected]" for root.

When I use dma root the mails arrive just fine in my inbox at "[email protected]". When I do mail root according to /var/log/mail.log the mails go to "[email protected]".

Is this to be expected? Does this have anything to do with dma?

Also, should the mail command work out of the box with dma or does one need to install mailutils first? Please excuse my possibly dumb question, I just saw that mail is the way to test dma on (this)[https://wiki.mageia.org/en/Dma_Dragonfly_Mail_Agent] site and it didn`t work for me out of the box.

Hi,

Low priority.

dma version: 0.7

Unable to compile on Solaris 9 or 10.

The yacc does not support the -o option. Setting YACC to bison fixes that...

get-version.sh need to be edited to use bash. (The "$()" construct is not valid in real Bourne shell)

err.h needs some help to be found...

Output for Solaris 10 with GNU make is then:
$ C_INCLUDE_PATH=/usr/sfw/include/openssl gmake
get-version.sh: syntax error at line 3: gitver=$' unexpected gcc -O -pipe -Wall -DDMA_VERSION='""' -DLIBEXEC_PATH='"/usr/local/lib"' -DCONF_PATH='"/etc/dma"' -include dfcompat.h -o aliases_parse.o -c aliases_parse.c In file included from aliases_parse.y:5: **dma.h:111: error: redefinition ofstruct queue'**
aliases_parse.y: In function yyerror': aliases_parse.y:15: warning: implicit declaration of functionwarnx'
/usr/ccs/bin/yaccpar: At top level:
/usr/ccs/bin/yaccpar:5: warning: ignoring #pragma ident
/usr/ccs/bin/yaccpar: In function yyparse': /usr/ccs/bin/yaccpar:164: warning: labelyynewstate' defined but not used
/usr/ccs/bin/yaccpar:374: warning: label `yyerrlab' defined but not used
gmake: *** [aliases_parse.o] Error 1

It might be that it is mostly documentation problems... (Dependencies, etc is not clear from the README)

Thanks,
Gert van den Berg

dma does not read the server greeting to determine whether
STARTTLS or AUTH are available (minor problem as this probably is
just a configuration problem because only one "smarthost" is
contacted).

Spotted in : http://bugs.dragonflybsd.org/issues/953

Hello,

one of the more inconvenient issues I've encountered with dma, is that it just doesn't build out-of-the-box correct binaries on some OS. For example on FreeBSD it builds, but the default username "mail" just doesn't exist there. That makes it impossible for root to send any e-mails. On some other architectures it just refuses to build.

One solution to this is switching from the Makefiles to a cmake project. It's just much easier to add custom rules for specific architectures there. That's why I've created a little cmake project for dma in my repo

It also:

• automatically searches for dependencies
• adds the capability to use libbsd on Linux systems, if available
• checks if the default usernames/groups actually exist on the system
• provides an install option and separate target to create the spooldirs

In order to support the libbsd, I've had to change the logic of embedding dfcompat.[ch] and add a copy of the roundup()-macro there.

I've tested it on various Linux, FreeBSD, Dragonfly BSD systems. It also compiles on SunOS, it just needs a custom username to be provided as an environment-variable.

If you like it, I can happily create a PR to merge it.

Hi,

this is rather a support request than a bug report.

Is it possible to delete a message from the queue.
Where are the files, maybe I can delete messages manually in the filesystem?

thanks

@seebi

First let me say thanks for DMA, it's a great lightweight MTA. I use it everywhere I don't want a full MTA and it does the job perfectly.

I'm trying to dma with runbox.com and am getting the error in my logs. First the basics...

OS: Debian Buster
DMA package version: 0.11-1+b1

Error snipped from mail.info...

dma[1be00ac.5574372207e0]: trying remote delivery to mail.runbox.com [91.220.196.250] pref 0
dma[1be00ac.5574372207e0]: remote delivery deferred: SSL handshake failed fatally: error:1409442E:SSL routines:ssl3_read_bytes:tlsv1 alert protocol version

My /etc/dma.conf..

SMARTHOST mail.runbox.com
PORT 465
SECURETRANSFER
AUTHPATH /etc/dma/auth.conf
MAILNAME /etc/mailname

This might be related to a change runbox.com made recently about supported TLS versions...

We will be retiring support for TLS 1.0 and 1.1 and will only support TLS 1.2 or later.

Is the TLS version at issue here? If so, is there anything I can do to set it to use newer version? If not any suggestions?

Thanks.

I'm using dma with the MASQUERADE config setting, but unfortunately, it doesn't work when an application sends a message via /usr/bin/mail.

It seems that gnu mailutils (the usual mail command on ubuntu and debian) insists on invoking sendmail with the -f option, overriding dma's MASQUERADE setting with a local_username@local_hostname address. The end result is that the SMARTHOST rejects the message for having a bad SMTP MAIL FROM address.

Because of this, I wish dma had a config option to prevent -f from overriding MASQUERADE.

The CERTFILE option of DMA allows specification of the client-side certificate.
Ideally, it would also be possible to specify the cert of the server and force DMA to NOT connect to the server if the cert does not match. Additionally, a fingerprint could be specified.

Noticed dma doesn't support .forward files and there's a placeholder in dma.c

The use of a TAB (\t) character when generating the From line in local.c may not be correct.
Granted the standards don't explicitly say a space is used to separate, however, some mail clients don't seem to handle the tab character correctly (http://mailutils.org/).

at least in aliases_scan.l and conf.c strdup is being used without checking

Looks like Netscape/Sun/iPlanet/Oracle SMTP server doesn't like multiple addresses in a RCPT TO: line. Eg, it'll completely reject:

RCPT TO:<[email protected],[email protected],[email protected]>

But it WILL accept multiple RCPT TO:'s with one address each, eg:

RCPT TO:[email protected]
RCPT TO:[email protected]
RCPT TO:[email protected]

it looks like sSMTP does the multiple RCPT TO thing, probably for the same reason (or maybe so that it can tell which addresses get accepted and which don't?): https://github.com/ajwans/sSMTP/blob/master/ssmtp.c#L1642

I did the same basic hack locally to dma to make it work the same way, pull out a nasty strtok() for a comma :(.

Currently dma chokes on mail input which contains lines longer than 1000 bytes, because of the buffer being used.
When it does not find a newline at the end, it adds one, but then assumes/requires this to be the last line.

The error is "bad mail input format".

This might happen when using dma to handle web application errors during development / local setup, and the included debug information contains huge environment etc settings (e.g. "LS_COLORS").

I think that it would be saner to not require RFC2822 compliance, but accept the mail nonetheless.

The code in question: https://github.com/corecode/dma/blob/master/mail.c#L376

http://refspecs.linuxbase.org/LSB_3.1.0/LSB-Core-generic/LSB-Core-generic/baselib-sendmail-1.html

After upgrading my postfix server, I see the following error when trying to send a mail via mail + dma:

Sep 21 00:10:31 elfe postfix/smtpd[13234]: connect from unknown[external-ip]
Sep 21 00:10:31 elfe dovecot: auth-worker(13617): mysql(internal-ip): Connected to database foo
Sep 21 00:10:33 elfe postfix/smtpd[13234]: warning: unknown[external-ip]: SASL CRAM-MD5 authentication failed: xxx==
Sep 21 00:10:33 elfe postfix/smtpd[13234]: NOQUEUE: reject: RCPT from unknown[external-ip]: 554 5.7.1 <unknown[external-ip]>: Client host rejected: Access denied; from=<foo> to=<bar> proto=ESMTP helo=<baz>
Sep 21 00:10:33 elfe postfix/smtpd[13234]: lost connection after RCPT from unknown[external-ip]
Sep 21 00:10:33 elfe postfix/smtpd[13234]: disconnect from unknown[external-ip]

Local mail.log:

Sep 21 00:10:31 localhost dma[10048e]: new mail from user=user uid=1000 envelope_from=<user@localhost>
Sep 21 00:10:31 localhost dma[10048e]: mail to=<user@host> queued as 10048e.f238f0
Sep 21 00:10:31 localhost dma[10048e.f238f0]: trying delivery
Sep 21 00:10:31 localhost dma[10048e.f238f0]: using smarthost (host:587)
Sep 21 00:10:31 localhost dma[10048e.f238f0]: trying remote delivery to host [host-ip] pref 0
Sep 21 00:10:31 localhost dma[10048e.f238f0]: SSL initialization successful
Sep 21 00:10:31 localhost dma[10048e.f238f0]: using SMTP authentication for user user@host
Sep 21 00:10:33 localhost dma[10048e.f238f0]: remote delivery deferred: AUTH cram-md5 failed: 535 5.7.8 Error: authentication failed: xxx
Sep 21 00:10:33 localhost dma[10048e.f238f0]: SMTP login not available. Trying without.
Sep 21 00:10:33 localhost dma[10048e.f238f0]: remote delivery to host [host-ip] failed after RCPT TO: 554 5.7.1 <unknown[91.64.37.19]>: Client host rejected:
Sep 21 00:10:33 localhost dma[10048e.f238f0]: delivery failed, bouncing as 100b9a
Sep 21 00:10:33 localhost dma[100b9a]: new mail from user=user uid=1000 envelope_from=<>
Sep 21 00:10:33 localhost dma[100b9a]: mail to=<user> queued as 100b9a.f5b450
Sep 21 00:10:33 localhost dma[100b9a.f5b450]: trying delivery
Sep 21 00:10:33 localhost dma[100b9a.f5b450]: delivery successful

Delivery via Thunderbird and STARTTLS on the same port works.

I am using dma 0.9-1 from Debian/Ubuntu.

I would like to switch my servers from ssmtp to dma, but my email provider (fastmail) only supports plain authentication (see https://www.fastmail.com/help/technical/servernamesandports.html?u=85f84118).

Do you plan to add support for plain authentication?

Until recently everything worked fine .. think I did update / upgrade and than the trouble started.

I am running dma on a debian stretch.
dma version 0.11-1+b1
Here an extract of /var/log/syslog ... the last two timestamps are after reboot :

...
Jan 4 22:15:01 schwinn-desktop dma[300ecc.55af3e5a9140]: using smarthost (smtp.gmx.net:587)
Jan 4 22:15:01 schwinn-desktop dma[3009ff.559ba99dd140]: trying remote delivery to smtp.gmx.net [212.227.17.168] pref 0
Jan 4 22:15:01 schwinn-desktop dma[301231.560649c73140]: trying remote delivery to smtp.gmx.net [212.227.17.168] pref 0
Jan 4 22:15:01 schwinn-desktop dma[300013.5629a24c4140]: trying remote delivery to smtp.gmx.net [212.227.17.168] pref 0
Jan 4 22:15:01 schwinn-desktop dma[300ecc.55af3e5a9140]: trying remote delivery to smtp.gmx.net [212.227.17.168] pref 0
Jan 4 22:15:01 schwinn-desktop dma[300581.563feb9032b0]: SSL initialization successful
Jan 4 22:15:01 schwinn-desktop dma[300ecc.55af3e5a9140]: SSL initialization successful
Jan 4 22:15:01 schwinn-desktop dma[3009ff.559ba99dd140]: SSL initialization successful
Jan 4 22:15:01 schwinn-desktop dma[301231.560649c73140]: SSL initialization successful
Jan 4 22:15:01 schwinn-desktop dma[300013.5629a24c4140]: SSL initialization successful
Jan 4 22:15:01 schwinn-desktop dma[300581.563feb9032b0]: using SMTP authentication for user [email protected]
Jan 4 22:15:01 schwinn-desktop dma[300ecc.55af3e5a9140]: using SMTP authentication for user [email protected]
Jan 4 22:15:01 schwinn-desktop dma[3009ff.559ba99dd140]: using SMTP authentication for user [email protected]
Jan 4 22:15:01 schwinn-desktop dma[301231.560649c73140]: using SMTP authentication for user [email protected]
Jan 4 22:15:01 schwinn-desktop dma[300013.5629a24c4140]: using SMTP authentication for user [email protected]
Jan 4 22:15:01 schwinn-desktop dma[300581.563feb9032b0]: smarthost authentication: AUTH cram-md5 not available: 504 Authentication mechanism invalid
Jan 4 22:15:01 schwinn-desktop dma[300ecc.55af3e5a9140]: smarthost authentication: AUTH cram-md5 not available: 504 Authentication mechanism invalid
Jan 4 22:15:01 schwinn-desktop dma[3009ff.559ba99dd140]: smarthost authentication: AUTH cram-md5 not available: 504 Authentication mechanism invalid
Jan 4 22:15:01 schwinn-desktop dma[301231.560649c73140]: smarthost authentication: AUTH cram-md5 not available: 504 Authentication mechanism invalid
Jan 4 22:15:02 schwinn-desktop dma[300013.5629a24c4140]: smarthost authentication: AUTH cram-md5 not available: 504 Authentication mechanism invalid
Jan 4 22:15:02 schwinn-desktop dma[300581.563feb9032b0]: remote delivery to smtp.gmx.net [212.227.17.168] failed after MAIL FROM: 550-Requested action not taken: mailbox unavailable#015#012550 Sender address is not allowed.
Jan 4 22:15:02 schwinn-desktop dma[300581.563feb9032b0]: can not bounce a bounce message, discarding
Jan 4 22:15:02 schwinn-desktop dma[300ecc.55af3e5a9140]: remote delivery to smtp.gmx.net [212.227.17.168] failed after MAIL FROM: 550-Requested action not taken: mailbox unavailable#015#012550 Sender address is not allowed.
Jan 4 22:15:02 schwinn-desktop dma[300ecc.55af3e5a9140]: can not bounce a bounce message, discarding
Jan 4 22:15:02 schwinn-desktop dma[3009ff.559ba99dd140]: remote delivery to smtp.gmx.net [212.227.17.168] failed after MAIL FROM: 550-Requested action not taken: mailbox unavailable#015#012550 Sender address is not allowed.
Jan 4 22:15:02 schwinn-desktop dma[3009ff.559ba99dd140]: can not bounce a bounce message, discarding
Jan 4 22:15:02 schwinn-desktop dma[301231.560649c73140]: remote delivery to smtp.gmx.net [212.227.17.168] failed after MAIL FROM: 550-Requested action not taken: mailbox unavailable#015#012550 Sender address is not allowed.
Jan 4 22:15:02 schwinn-desktop dma[301231.560649c73140]: can not bounce a bounce message, discarding
Jan 4 22:15:02 schwinn-desktop dma[300013.5629a24c4140]: remote delivery to smtp.gmx.net [212.227.17.168] failed after MAIL FROM: 550-Requested action not taken: mailbox unavailable#015#012550 Sender address is not allowed.
Jan 4 22:15:02 schwinn-desktop dma[300013.5629a24c4140]: can not bounce a bounce message, discarding
Jan 4 22:26:48 schwinn-desktop systemd-modules-load[256]: Inserted module 'lp'
Jan 4 22:26:48 schwinn-desktop systemd-modules-load[256]: Inserted module 'ppdev'

If I can do more for diagnosis, please let me know !

commit c3a04c8 causes this error:

cc -O -pipe -ggdb -Wall -Wno-format-truncation -DDMA_VERSION='"v0.13.13.gc3a04c8"' -DLIBEXEC_PATH='"/usr/local/lib"' -DCONF_PATH='"/etc/dma"'  -include dfcompat.h -o crypto.o -c crypto.c
crypto.c:82:1: error: static declaration of ‘verify_server_fingerprint’ follows non-static declaration
   82 | verify_server_fingerprint(const X509 *cert)
      | ^~~~~~~~~~~~~~~~~~~~~~~~~
In file included from crypto.c:47:
dma.h:211:5: note: previous declaration of ‘verify_server_fingerprint’ was here
  211 | int verify_server_fingerprint(const X509 *);
      |     ^~~~~~~~~~~~~~~~~~~~~~~~~
make: *** [Makefile:96: crypto.o] Error 1

reverting it fixes the error. I don't get any compiler warning that the commit says it should fix.
cc (Gentoo Hardened 10.2.0-r5 p6) 10.2.0

I can open a PR for the revert if you want.

Hello,

Is this command alias still necessary (I don't see it being created by make)? If so, it should also use basename(3) like for "mailq" (see below). At the moment the check doesn't work for it being run as for example ./newaliases or/path/to/newaliases

Compare to:

I liked the direct replacement for sendmail on FreeBSD, which works out of the box without any daemon in the system, with remote SMTP auth (the main reason I wanted replace sendmail, which is taught to configure for non-standard ports, etc...), but DMA doesn’t care about some simple things like basic RFC headers, which causes filtering emails on spam filters and unassuming appearance of emails (no To, no From, no default Subject). Neither it creats message id!

I know I can setup trusted network, I probably can forming headers in the "app" - in my case crontab's periodic tasks (which I never done for many years before, because sendmail did care about it), but I think it should be done on DMA's side.

So, as the result it hits the following scores:

1.0 MISSING_HEADERS Missing To: header
1.0 MISSING_FROM Missing From: header
1.8 MISSING_SUBJECT Missing Subject: header
0.0 UNPARSEABLE_RELAY Informational: message has unparseable relay lines
1.4 MISSING_DATE Missing Date: header

Additionally:
Message-ID: GENERATED-WASMISSING-1gRdIz-000BsD-JS@MYSERVERNAMEHERE
X-ACL-Warn: Adding Message-ID header because it is missing!

Do you plan to fix it anytime soon?

I see previous issues about this, but I'm a little lost here...
I'm using dma 0.11 from debian stretch and using this config :

SMARTHOST ssl0.ovh.net
PORT 587
AUTHPATH /etc/dma/auth.conf
SECURETRANSFER
STARTTLS

I get this in mail.log

dma[]: trying delivery
dma[]: using smarthost (ssl0.ovh.net:587)
dma[]: trying remote delivery to ssl0.ovh.net [213.186.33.20] pref 0
dma[]: SSL initialization successful
dma[]: using SMTP authentication for user postmaster@domain
dma[]: smarthost authentication: AUTH cram-md5 not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
dma[]: delivery successful

But the email it's not received...
Using the same smarthost config in postfix, works fine

Any advice how I can debug this ?

I have the following setup: My system is supposed to have network connectivity and dma is supposed to send mail via SMARTHOST right away. However, occasionally, the connectivity drops and I want dma to take care of the queuing. But at that point, the SMARTHOST can no longer be resolved, and the message gets bounced. I have run 3 test scenarios, sending a mail to a host that can receive mail by itself (and not having an MX record):

Before the following: I disconnect from the network.

1. no SMARTHOST
   May 27 08:54:02 alice dma[1fba5.21545c0]: trying delivery
   May 27 08:54:02 alice dma[1fba5.21545c0]: remote delivery deferred: DNS lookup failure: host {destinationhost}.de not found
2. SMARTHOST as FQDN
   May 27 08:54:56 alice dma[1fc69.12255c0]: trying delivery
   May 27 08:54:56 alice dma[1fc69.12255c0]: using smarthost ({smarthostFQDN}.de:25)
   May 27 08:54:56 alice dma[1fc69.12255c0]: remote delivery failed: DNS lookup failure: host {smarthostFQDN}.de not found
   May 27 08:54:56 alice dma[1fc69.12255c0]: delivery failed, bouncing as 1fc79
   May 27 08:54:56 alice dma[1fc79]: new mail from user={USER} uid=8 envelope_from=<>
   May 27 08:54:56 alice dma[1fc79]: mail to={SENDER-EMAIL-ADDRESS} queued as 1fc79.1226b30
   May 27 08:54:56 alice dma[1fc79.1226b30]: trying delivery
   May 27 08:54:56 alice dma[1fc79.1226b30]: using smarthost ({smarthostFQDN}.de:25)
   May 27 08:54:56 alice dma[1fc79.1226b30]: remote delivery failed: DNS lookup failure: host {smarthostFQDN}.de not found
   May 27 08:54:56 alice dma[1fc79.1226b30]: can not bounce a bounce message, discarding
3. SMARTHOST as IP address
   May 27 08:56:03 alice dma[1fc69.12155c0]: trying delivery
   May 27 08:56:03 alice dma[1fc69.12155c0]: using smarthost ({smarthostIP}:25)
   May 27 08:56:03 alice dma[1fc69.12155c0]: trying remote delivery to {smarthostIP} [{smarthostIP}] pref 0
   May 27 08:56:03 alice dma[1fc69.12155c0]: connect to {smarthostIP} [{smarthostIP}] failed: Network is unreachable

I end up with three mails in the queue and according to ps ax no running dma process.

ID : 1fba5.21545c0
From : {SENDER-EMAIL-ADDRESS}
To : {RECEIVER-EMAIL-ADDRESS}

ID : 1fc79.1226b30
From :
To : {SENDER-EMAIL-ADDRESS}

ID : 1fc69.12155c0
From : {SENDER-EMAIL-ADDRESS}
To : {RECEIVER-EMAIL-ADDRESS}

I then reconnect and run dma -q

May 27 08:58:40 alice dma[1fc79.1226b30]: trying delivery
May 27 08:58:40 alice dma[1fc79.1226b30]: using smarthost ({smarthostIP}:25)
May 27 08:58:40 alice dma[1fc79.1226b30]: trying remote delivery to {smarthostIP} [{smarthostIP}] pref 0
May 27 08:58:46 alice dma[1fc79.1226b30]: delivery successful
May 27 08:59:02 alice dma[1fba5.21545c0]: trying delivery
May 27 08:59:02 alice dma[1fba5.21545c0]: trying remote delivery to {destinationhost}.de [{destinationIP}] pref 0
May 27 08:59:03 alice dma[1fc69.12155c0]: trying delivery
May 27 08:59:03 alice dma[1fc69.12155c0]: using smarthost ({smarthostIP})
May 27 08:59:03 alice dma[1fc69.12155c0]: trying remote delivery to {smarthostIP} [{smarthostIP}] pref 0
May 27 08:59:07 alice dma[1fba5.21545c0]: delivery successful
May 27 08:59:08 alice dma[1fc69.12155c0]: delivery successful

Scenario 1 and 3 then get deliverd as expected, and for scenario 2 I get a bounce message with this text in front:

This is the DragonFly Mail Agent v0.9 at alice.

There was an error delivering your mail to {RECEIVER-EMAIL-ADDRESS}.

DNS lookup failure: host {smarthostFQDN}.de not found

Message headers follow.

My dma.conf only contains a SMARTHOST entry (not for scenario 1) and a MASQUERADE entry to add a valid domain (like the example MASQUERADE percolator will send mails as $username@percolator, e.g. fish@percolator)

I would expect that scenarios 2 and 3 should be treated equivalently. And also scenario 1 is not too different from 2. If this needs a fix, I would suspect the function add_host() to be the problem. And that after the call to getaddrinfo() more error codes than only EAI_AGAIN should make add_host() return a 1.

Alternatively, there could be an option like DEFER_INSTEAD_OF_BOUNCE_ON_CERTAIN_NETWORK_ERRORS (this is too long ;-) but you get the idea) for non permanent network connections.

I've installed dma locally (and dkpg-diverted the /usr/sbin/dma binary).

While dma kept working in general (e.g. with mail ...), the following errors appeared regularly in mail.log, probably from the munin process:

dma: could not open flush file: Permission denied

I've tried sudo -u munin mail ..., but this worked.

The flush file looks like this:

-r--r----- 1 mail mail 0 Sep 22 17:20 /var/spool/dma/flush

After removing it, it got recreated and the errors went away:

-rw-r----- 1 mail mail 0 Sep 22 18:05 /var/spool/dma/flush

It seems that somehow the flush file has been created with wrong permisisons.

Hi,
Function SSL_connect() returns the value of 0 and less than 0 are both on error. However , the return value of function SSL_connect() in dma/crypto.c is not checked correctly, which forgot to check the return value 0. See the following code:

Chi Li, Zuxing Gu, Jiecheng Wu

Hello,

I was browsing my twitter feed when OpenSMTPD was requesting people spam their test box with emails.

$ jot 10000 | while read line; do echo eat duck | mail -s 'duck you' [email protected]; done

I ran this on a few of my spare boxes, a few of which were using dma. On one particular box with lower resources my SSH connection disconnected. Strange! After logging back in and getting a few alerts from my monitoring I realized some daemons were no longer running. Turns out, you can trick dma into running send-mail processes until the system runs out of memory and fires up the oomkiller.

pid 616 (varnishd), uid 80, was killed: out of swap space
pid 620 (postgres), uid 70, was killed: out of swap space
pid 622 (postgres), uid 70, was killed: out of swap space
pid 623 (postgres), uid 70, was killed: out of swap space
pid 621 (postgres), uid 70, was killed: out of swap space
pid 618 (postgres), uid 70, was killed: out of swap space
pid 77182 (varnishd), uid 80, was killed: out of swap space
pid 628 (php-fpm), uid 0, was killed: out of swap space
pid 316 (devd), uid 0, was killed: out of swap space
pid 3225 (sshd), uid 1001, was killed: out of swap space
pid 3221 (sshd), uid 0, was killed: out of swap space
pid 79223 (dma), uid 1001, was killed: out of swap space
pid 79099 (dma), uid 1001, was killed: out of swap space
pid 79393 (dma), uid 1001, was killed: out of swap space
pid 563 (varnishd), uid 0, was killed: out of swap space

Would it be feasible to have dma refuse to fire up send-mail and drop the message in the local queue if more than X send-mail processes are running? That might be a sane solution if you recommend that dma clear it's queue by cron regularly.

Hello,

im not an expert on this, but the IPFire project recently integrated your mailagent for notification purposes.

Unfortunately some providers (including mine) didn´t support the cram-md5 login mechanism.

Do you see a chance to offer alternative login methods, so we can use them?

Thanks in advacne!

Gmail seems to have some limits on the number of simultaneous logins. It seems to be around 16. It's repeatable, so I don't think 'Temporary System Problem' below is some problem on Google's end, and sometimes the error is a max login error. Eventually everything succeeds and even though there's a 5 min retry time, I'm still seeing my machine become sluggish during this time with a bunch of processes spawned. Having some configurable throttling would be helpful.

Here's a log on one process:

dma[27748]: trying delivery
dma[27748]: using smarthost (smtp.gmail.com:587)
dma[27748]: trying remote delivery to smtp.gmail.com [173.194.78.109] pref 0
dma[27748]: SSL initialization successful
dma[27748]: using SMTP authentication for user [email protected]
dma[27748]: smarthost authentication: AUTH cram-md5 not available: 504 5.7.4 Unrecognized Authentication Type w72sm5765858oie.49 - gsmtp
dma[27748]: remote delivery deferred: smtp.gmail.com [173.194.78.109] failed after DATA: 421 4.3.0 Temporary System Problem. Try again later (10). w72sm5765858oie.49 - gsmtp
dma[27748]: trying delivery
dma[27748]: using smarthost (smtp.gmail.com:587)
dma[27748]: trying remote delivery to smtp.gmail.com [173.194.78.109] pref 0
dma[27748]: SSL initialization successful
dma[27748]: using SMTP authentication for user [email protected]
dma[27748]: smarthost authentication: AUTH cram-md5 not available: 504 5.7.4 Unrecognized Authentication Type r10sm6650760otn.37 - gsmtp
dma[27748]: remote delivery deferred: smtp.gmail.com [173.194.78.109] failed after DATA: 421 4.3.0 Temporary System Problem. Try again later (10). r10sm6650760otn.37 - gsmtp
dma[27748]: trying delivery
dma[27748]: using smarthost (smtp.gmail.com:587)
dma[27748]: trying remote delivery to smtp.gmail.com [173.194.78.109] pref 0
dma[27748]: SSL initialization successful
dma[27748]: using SMTP authentication for user [email protected]
dma[27748]: smarthost authentication: AUTH cram-md5 not available: 504 5.7.4 Unrecognized Authentication Type e6sm6633658otl.12 - gsmtp
dma[27748]: remote delivery deferred: smtp.gmail.com [173.194.78.109] failed after DATA: 421 4.3.0 Temporary System Problem. Try again later (10). e6sm6633658otl.12 - gsmtp
dma[27748]: trying delivery
dma[27748]: using smarthost (smtp.gmail.com:587)
dma[27748]: trying remote delivery to smtp.gmail.com [173.194.78.108] pref 0
dma[27748]: SSL initialization successful
dma[27748]: using SMTP authentication for user [email protected]
dma[27748]: smarthost authentication: AUTH cram-md5 not available: 504 5.7.4 Unrecognized Authentication Type p184sm5756456oic.40 - gsmtp
dma[27748]: delivery successful

Great project! I am currently using Exim configured as a local-only MTA and would like to switch to dma. I couldn't find a way to configure dma to disable remote delivery. Is it currently possible? If not, is it a feature which you might be willing to consider? If you are don't plan to implement it, but would accept a PR, any guidelines for the configuration option name etc.?

Thanks for considering,
Kevin

My mailname as set to same as the recipient hostname.

mail(1) using dma complained like:
send-mail: no recipients
Can't send mail: sendmail process failed with error code 66

dma logged
Nov 17 18:26:37 work dma[4a11a1]: no recipients

See add_recp() in dma.c:

192         host = strrchr(it->addr, '@');
193         if (host != NULL &&
194             (strcmp(host + 1, hostname()) == 0 ||
195              strcmp(host + 1, "localhost") == 0)) {
196                 *host = 0;
197         }

So this undocumented (?) behavior hides the hostname (in it->addr).

My trivial workaround is to mix up the case of my mailname (since the above strcmp is case sensitive).

Please document this behavior or please consider removing it or having it optional.

Also while there, two different conditions can log "no recipients". Please change one so don't have potential for identical logging.

If dma is incorrectly configured and fails to deliver (e.g. to a smarthost), it will keep using the old (bad) config, even if the configuration is corrected. Maybe the config should be re-read on retrying the delivery, or on SIGHUP.

Function strchr() returns return a pointer to the matched character or NULL if the character is not found. However , the return value of function strchr() in dma/ dma-mbox-create.c is wrong checked? See the following code:

The correct useness is may be change the error check into

if (!strchr(user, '/')) {
		errno = 0;
		logfail(EX_DATAERR, "path separator in username `%s'", user);
		exit(1);
}

My mail is not hosted on the same box as my main domain's A record. This is fine, MX is very well supported, but dma refuses to deliver mail to addresses at the domain that is the same as my local box's hostname?

Seems like 'readfile' converts the last character of the line to a "\n" when it finds it missing for it's read; kinda ironic that I noticed this during #18 since it actually allows an extra byte into the input (should be 998 and the ommission of the CR allows 999). Anyway, it's all semantics really, don't think it's functionally interesting.

Hello,

dma seems to differ in behavior from other MTAs in the following scenario:

In my /etc/aliases file I have root defined as "[email protected]", which is not local, so dma mails that off to a smarthost. It eventually hits spam filters before being delivered to my mail server. This is fine, except something very strange has happened: the message comes through with the correct envelope-to of [email protected], but the To: header
gets changed to "To: root@spamfilter(1|2|3).company.com".

At first I thought the problem was really a bug in my IMAP server, Archiveopteryx, which is known to modify email headers that are not RFC-compliant. This led to a discussion with one of its authors, Arnt Gulbrandsen. The thread in question can be found here: http://archives.aox.org/archives/mailstore-users/4734/thread

After further research I discovered that dma is sending this mail off the server without any domain in the To: header at all, because I'm specifying the alias name not a full email address. It traverses MTAs simply as "To: root" until it hits a Postfix server which will then append its own hostname! This apparently is known behavior; Postfix has done this for years. The real issue at hand is that when I recreate this exact scenario with Postfix, Exim, or Sendmail as the sending MTA on my server the To: header is set to "[email protected]", my server's hostname.

Below you'll find that this behavior may not be correct anyway, but dma certainly differs from the behavior I expected after working with several other MTAs. The following is the important part of the mailing list thread where Arnt replies to himself to further detail the situation which I will paste below:

It isn't just Postfix, many MTAs do that.
"To: arnt" isn't legal syntax today, but it was legal a few
decades ago and quite commonly used for years after the syntax
changed (in, IIRC, 1982) and various MTAs still contains glue to
support that. I think that's mostly a bug these days. It landed
on the wrong side of the fence when servers learnt to
distinguish between their own users (for whom they will relay)
and others.

To elaborate on that:

In the old days, mail servers didn't really have much of an idea whether
they were serving their own user or someone else. Then came the spammers.
Today each and every mail server is loyal to either the sender or the
recipient of a message.

Ones loyal to the sender know something about the sender, and are willing
to send to the entire net on behalf of that sender. Ones loyal to the
recipient know nothing about the sender, and are willing to send only to
their own (or whitelisted) set of recipients.

My point here is that when the sender isn't authenticated, then there is no
reason to believe that the sender is in any way tied to the MTA's own
domain. If an MTA (for whatever reasons) has to add domains, then it can
use an RFC2606 domain such as buggy-sender.invalid or
unknown-domain.invalid:

To: [email protected]

To: [email protected]

Those are safe and not likely to mislead any human readers. But gluing your
own domain name into mail from unauthenticated sources is bad, bad, bad.
Your own domain should only be used when carrying out the rewrites
mentioned in RFC4409, and that RFC only applies to authenticated senders.

Arnt

At this point I'm not sure what to suggest. Should dma behave as other MTAs do or should it do as Arnt suggests and use buggy-sender.invalid or unknown-domain.invalid? The former will give a more consistent experience, but the latter gives a more compliant experience. I almost feel that compliance is more important, but one thing is for sure -- dma shouldn't send mail off the server without a domain in the To: header.

hi corecode,

I recently switched from postfix to dma feeling that dma better fits my needs and do not wastes my hardware resources.

I'm using it in a way that I open a ssh tunnel which entry is at my port 2525 so that my relay is localhost:2525.
sometimes I do not have net or I simply forget the tunnel so my mails a queued which is ok for me since I have a script to warn me of "unsent" mails. I then start the tunnel and force to sent them.

with postfix I did this with mailq -q and watched the queue with simply mailq.

with dma I watch the queue with dma -bp and force-sending with dma -q does not work so reliable and I have no idea where to look for errors or log-entries.

Do I use it in a wrong way? I did activate the DEFER option since I actually WANT instant sending if everything is up (which is most often the case).

I have an aliases file in /etc/dma/aliases that I've mentioned in /etc/dam/dma.conf. I'm getting:

Aug 11 00:30:02 ac-hcn0002 dma: aliases line 0: syntax error
Aug 11 00:30:02 ac-hcn0002 dma: could not parse aliases file `/etc/dma/aliases': Success

The file contains only one line:

root:	[email protected]

My problem is: I can't find a suitable documentation of the format of that file.

Hello,

I'm trying to set up local email delivery for cron output in Void Linux using:

• dcron - Dillon's lightweight cron daemon
• dma - Small Mail Transport Agent (MTA), designed for home and office use
• mailx - Feature-rich BSD mail(1)

I've installed the above packages, enabled the dcron service, and ran a test:

$ echo hello world | mail -s testing $USER

Immediately after, I can see that dma has accepted and queued that email:

$ ls /var/spool/dma
Q1fef0.564ce8239eb0  M1fe62.564952c5feb0

$ dma -bp
ID      : 1fef0.564ce8239eb0
From    : void@linux
To      : void

However, when I use mailx to read that email message, it's unable to access it:

$ mail
No mail for void

I've also ran dma -q to manually flush the queue, but it didn't affect mailx.

How do I make dma deliver email to mailx so that I can read my cron output?

Thanks for your consideration.

P.S. I've also asked this question on the Void Linux Forum without much success. 😖

Hi,
I've setup dma like this:

# $DragonFly: src/etc/dma/dma.conf,v 1.2 2008/02/04 10:11:41 matthias Exp $
#
# Your smarthost (also called relayhost).  Leave blank if you don't want
# smarthost support.
# NOTE: on Debian systems this is handled via debconf!
# Please use dpkg-reconfigure dma to change this value.
SMARTHOST smtp.example.com

# Use this SMTP port.  Most users will be fine with the default (25)
PORT 587

# Path to your alias file.  Just stay with the default.
#ALIASES /etc/aliases

# Path to your spooldir.  Just stay with the default.
#SPOOLDIR /var/spool/dma

# SMTP authentication
AUTHPATH /etc/dma/auth.conf

# Uncomment if yout want TLS/SSL support
SECURETRANSFER

# Uncomment if you want STARTTLS support (only used in combination with
# SECURETRANSFER)
STARTTLS

# Uncomment if you have specified STARTTLS above and it should be allowed
# to fail ("opportunistic TLS", use an encrypted connection when available
# but allow an unencrypted one to servers that do not support it)
#OPPORTUNISTIC_TLS

# Path to your local SSL certificate
#CERTFILE

# If you want to use plain text SMTP login without using encryption, change
# the SECURE entry below to INSECURE.  Otherwise plain login will only work
# over a secure connection.  Use this option with caution.
#INSECURE

# Uncomment if you want to defer your mails.  This is useful if you are
# behind a dialup line.  You have to submit your mails manually with dma -q
#DEFER

# Uncomment if you want the bounce message to include the complete original
# message, not just the headers.
#FULLBOUNCE

# The internet hostname dma uses to identify the host.
# If not set or empty, the result of gethostname(2) is used.
# If MAILNAME is an absolute path to a file, the first line of this file
# will be used as the hostname.
# NOTE: on Debian systems this is handled via debconf!
# Please use dpkg-reconfigure dma to change this value.
MAILNAME /etc/mailname

# Masquerade envelope from addresses with this address/hostname.
# Use this if mails are not accepted by destination mail servers because
# your sender domain is invalid.
# By default, MASQUERADE is not set.
# Format: MASQUERADE [user@][host]
# Examples:
# MASQUERADE john@  on host "hamlet" will send all mails as john@hamlet
# MASQUERADE percolator  will send mails as $username@percolator, e.g. fish@percolator
# MASQUERADE herb@ert  will send all mails as herb@ert

# Directly forward the mail to the SMARTHOST bypassing aliases and local delivery
#NULLCLIENT

auth.conf

foobar|smtp.example.com:XXXXX

Now, when I send messages, they are delivered successfully, but I get the following error message in mail.log:

Sep  8 19:46:11 raspberrypi dma[9ddae.277150]: trying delivery
Sep  8 19:46:11 raspberrypi dma[9ddae.277150]: using smarthost (smtp.example.com:587)
Sep  8 19:46:11 raspberrypi dma[9ddae.277150]: trying remote delivery to smtp.example.com [XXX.XXX.XXX.XXX] pref 0
Sep  8 19:46:11 raspberrypi dma[9ddae.277150]: SSL initialization successful
Sep  8 19:46:11 raspberrypi dma[9ddae.277150]: using SMTP authentication for user foobar
Sep  8 19:46:11 raspberrypi dma[9ddae.277150]: smarthost authentication: AUTH cram-md5 not available: 535 5.7.8 Error: authentication failed: Invalid authentication mechanism
Sep  8 19:46:11 raspberrypi dma[9ddae.277150]: delivery successful

Hi,

In case of error, smtp_init_crypto() returns 1, this means that deliver_to_host() will return 1 to deliver_remote() which is translated as a temporary failure.

Shouldn't failure to establish a secure SSL connection be a permanent failure?

When run as 'newaliases' the config file is not read and only /etc/aliases is parsed, even though a different aliases-file may be set in the config file. Is this intentional?

The reason is:
read_aliases() is called:

Hi,

On my machine, on initial installation, the flush file is created with mode 640, which is not intended I think. This is because the open(2) function applies the umask of the process.

Shouldn't the umask be temporary modified before calling the open(2) function (if the wanted resulting mode is really 660)?

I'm using this configuration:

root@brix:/etc/dma# grep -vE '(^$|^#)' dma.conf
SMARTHOST localhost
MAILNAME /etc/mailname
MASQUERADE [email protected]

to send all mails to a docker container running an smtp replay which accepts mail on port 25 and forwards it to
a mail hub using smtp auth.

I can send mail fine using the mail command like this:

echo hi | mail root

But cronmail is rejected because the From: header is root (Cron Daemon) without any domain.
My smtp relay rejects it with these message:

H=(brix.MY.DOMAIN) [172.17.0.1] F=<[email protected]> rejected after DATA: header syntax (unqualified address not permitted: failing address in "From:" header is: roo

t (Cron Daemon)): unqualified address not permitted: failing address in "From:" header is: root (Cron Daemon)

Shortly after that, a bounce notification is also rejected:

H=(brix.MY.DOMAIN) [172.17.0.1] F=<> rejected after DATA: header syntax (missing or malformed local part: failing address in "From:" header is: MAILER-DAEMON <>): missing or malformed local part: failing address in "From:" header is: MAILER-DAEMON <>

And i end up having 2 mails in the /var/spool/dma/ spool directory:

root@brix:/etc# cat /var/spool/dma/M22152e.55d8f3dcc2f0
Received: from MAILER-DAEMON
        id 22152e
        by brix.MY.DOMAIN (DragonFly Mail Agent v0.11);
        Wed, 05 Feb 2020 13:46:02 +0100
X-Original-To: <[email protected]>
From: MAILER-DAEMON <>
To: [email protected]
Subject: Mail delivery failed
Message-Id: <[email protected]>
Date: Wed, 05 Feb 2020 13:46:02 +0100

This is the DragonFly Mail Agent v0.11 at brix.MY.DOMAIN.

There was an error delivering your mail to <[email protected]>.

localhost [::1] did not like our final DATA:
550 header syntax

Message headers follow.

Received: from root (uid 0)
        (envelope-from [email protected])
        id 22152a
        by brix.MY.DOMAIN (DragonFly Mail Agent v0.11);
        Wed, 05 Feb 2020 13:46:01 +0100
From: root (Cron Daemon)
To: root
Subject: Cron <root@brix> fhkqrjhfb
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Cron-Env: <SHELL=/bin/sh>
X-Cron-Env: <HOME=/root>
X-Cron-Env: <PATH=/usr/bin:/bin>
X-Cron-Env: <LOGNAME=root>
Date: Wed, 05 Feb 2020 13:46:01 +0100
Message-Id: <[email protected]>

root@brix:/etc# cat /var/spool/dma/Q22152e.55d8f3dcc2f0
ID: 22152e.55d8f3dcc2f0
Sender:
Recipient: [email protected]

What am I doing wrong ? Unfortunatly you can't configure the From address for cron mails, so there's nothing I can do about this on cron's side.

If a long To: header is wrapped (Emacs message does this), the folded header is not parsed correctly.

In case of the following email:

From: [email protected]
To: "to1" <[email protected]>,
 "to2" <[email protected]>
Subject: hello

Hello

dma queues only the email to "to1".

In case of

From: [email protected]
To: "to1" <[email protected]>, "to2"
 <[email protected]>
Subject: hello

Hello

dma fails with:

dma: invalid recipient `"to2"'

I haven't looked into mail.c address parser in much detail, so the patch below might break something else, but it seems to queue messages to all recipients mentioned in the folded To: header.

diff --git a/mail.c b/mail.c
index 0dfbce4..591c0cb 100644
--- a/mail.c
+++ b/mail.c
@@ -200,7 +200,8 @@ again:
                                goto newaddr;
                        return (0);
                }
-               /* fallthrough */
+               ps->state = MAIN;
+               break;
 
        case QUIT:
                return (0);

Disclaimer: I am working with an ancient sparc box, running a bastardized version of Debian Sarge. Many packages are several years (5+) old, and I acknowledge that I may be out of luck as far as support goes.

I'm trying to compile dma v0.10, and getting an error almost immediately. I believe it's YACC related, but I haven't found much via google to help me in narrowing it down. If not YACC, then it might just be that my copy of gcc is Too Damn Old.

I've installed the latest versions of both bison and flex (bison to v3.0.4 flex to v2.5.39). gcc is v3.3.5.

The output is below:

[warped@dark-core:~/Code/dma-0.10]$ make CC=/usr/bin/gcc YACC=/usr/local/bin/bison LEX=/usr/local/bin/flex SH=/bin/bash INSTALL=/usr/bin/install
/usr/bin/gcc -O -pipe -Wall -DDMA_VERSION='"v0.10"' -DLIBEXEC_PATH='"/usr/local/lib"' -DCONF_PATH='"/etc/dma"'  -include dfcompat.h -o aliases_parse.o -c aliases_parse.c
In file included from aliases_parse.y:6:
dma.h:96: error: syntax error before "SLIST_ENTRY"
dma.h:96: warning: no semicolon at end of struct or union
dma.h:98: error: syntax error before '}' token
dma.h:99: warning: type defaults to `int' in declaration of `SLIST_HEAD'
dma.h:99: warning: parameter names (without types) in function declaration
dma.h:99: warning: data definition has no type or storage class
dma.h:104: error: field `dests' has incomplete type
dma.h:147: error: syntax error before "SLIST_ENTRY"
dma.h:147: warning: no semicolon at end of struct or union
dma.h:151: error: syntax error before '}' token
dma.h:152: warning: type defaults to `int' in declaration of `SLIST_HEAD'
dma.h:152: warning: parameter names (without types) in function declaration
dma.h:152: warning: data definition has no type or storage class
aliases_parse.y: In function `yyparse':
aliases_parse.y:47: warning: implicit declaration of function `LIST_FIRST'
aliases_parse.y:47: error: invalid lvalue in assignment
aliases_parse.y:58: error: syntax error before "else"
aliases_parse.y:74: warning: implicit declaration of function `SLIST_FIRST'
aliases_parse.y:74: error: invalid lvalue in assignment
aliases_parse.y:89: error: dereferencing pointer to incomplete type
aliases_parse.y:92: error: dereferencing pointer to incomplete type
aliases_parse.y:101: error: dereferencing pointer to incomplete type
aliases_parse.y:104: error: dereferencing pointer to incomplete type
aliases_parse.y:105: warning: implicit declaration of function `SLIST_NEXT'
aliases_parse.y:105: error: `next' undeclared (first use in this function)
aliases_parse.y:105: error: (Each undeclared identifier is reported only once
aliases_parse.y:105: error: for each function it appears in.)
aliases_parse.y:105: error: invalid lvalue in assignment
make: *** [aliases_parse.o] Error 1
[warped@dark-core:~/Code/dma-0.10]$ 

Can anyone point me in the right direction?