netbsd-bugs: bin/37226: Failure to send mail from cron when using STARTTLS client

Subject: bin/37226: Failure to send mail from cron when using STARTTLS client
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org>
From: None <cross+netbsd@distal.com>
List: netbsd-bugs
Date: 10/26/2007 18:55:00

>Number:         37226
>Category:       bin
>Synopsis:       Failure to send mail from cron when using STARTTLS client
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    bin-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Oct 26 18:55:00 +0000 2007
>Originator:     Chris Ross
>Release:        4.0_RC3
>Organization:
>Environment:
NetBSD host.distal.com 4.0_RC3 NetBSD 4.0_RC3 (GENERIC) #6: Wed Oct 24 15:30:14 EDT 2007  cross@host.distal.com:/export/obj/NetBSD-4.sparc64/data/NetBSD/src-4/sys/arch/sparc64/compile/HARMONY sparc64
>Description:
This is approximately the problem described in PR lib/3204.  While that was closed indicated that libexec/crond was deprecated, the problem still exists in usr.sbin/cron.

I have a machine using sendmail as the local MTA, and configured to use STARTTLS for outgoing email.  My mail server is also allowing STARTTLS, so that this works.

The definition of MAILARGS in usr.sbin/cron/config.h still is:

#define MAILARGS "%s -FCronDaemon -odi -oem -oi -or0s -t"      /*-*/

This will fail (with a "Connection timed out") if the MTA is using STARTTLS.  I infer from the earlier PR (lib/3204) that this would not be the case if I were not using STARTTLS, but I have not tested this.

I have confirmed that if I remove the "-or0s" argument, as described in lib/3204, the problem does not occur for me.
>How-To-Repeat:
root@host# echo "From: Chris Ross <cross@distal.com>
To: Chris Ross <cross@distal.com>
Subject: cron-like mail test

This is a test message.  Yay.
" | sendmail -FCronDaemon -odi -oem -oi -or0s -t -v

----

The above command will yield (for an IPv6 enabled host, obviously):

>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO dumbo.distal.com
Chris Ross <cross@distal.com>... Deferred: Connection timed out with [ipv6:::1]
Closing connection to [ipv6:::1]

If I remove the -or0s, it works more as expected, showing:

>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO dumbo.distal.com
250-mail.distal.com Hello localhost [IPv6:::1], pleased to meet you

>Fix:

Unknown