Subject: Re: daily (& security) mail not delivered
To: NetBSD current list <>
From: William Allen Simpson <>
List: tech-security
Date: 06/28/2003 20:23:24
To checkpoint and summarize the discussion, taking place on various 
lists, and giving credit where due....


Christian Limpach <> found a root cause:

The special handling you see is not involved in finding the host to which to 
submit mail.  Our uses the default MTAHost value which is 
`localhost'.  The sample explicitly sets the MTAHost to, 
our should do the same.

Index: gnu/usr.sbin/sendmail/cf/cf/
RCS file: /cvs/netbsd/src/gnu/usr.sbin/sendmail/cf/cf/,v
retrieving revision 1.2
diff -u -r1.2
--- gnu/usr.sbin/sendmail/cf/cf/   1 Apr 2003 03:19:19 -
0000       1.2
+++ gnu/usr.sbin/sendmail/cf/cf/   28 Jun 2003 15:34:07 -0000
@@ -2,4 +2,4 @@
 VERSIONID(`@(#)   $Revision: 1.2 $')
+FEATURE(`msp', `[]')dnl


Alan Barrett <> confirmed:

Thank you!  The above change to causes the following change to (which is also installed as /etc/mail/


and, with that change, sendmail on my test system no longer connects to (which is the IP address of in my test


Alan Barrett <> and Andrew Brown <>
both suggested appending various lines to /etc/rc.conf:

    # Local mail delivery seems to require sendmail and smmsp.
    # For smmsp, the $smmsp_flags from /etc/defaults/rc.conf are OK.
    # For sendmail, append extra flags to make it bind only to localhost.
    sendmail=YES ; sendmail_flags="${sendmail_flags}


This may solve the symptoms (I have not tried it yet), but not the 
underlying dilemma, eloquently expressed by 
"Wolfgang S. Rupprecht" <>:

3) run sendmail in non-daemon mode out of cron every so often.  This
   is what I had in /etc/daily.local before I moved to postfix*:

    # cd to a safe directory in case something drops core.
    cd /tmp

    # Send all accumulated mail (mostly needed on the slave machines).
    # This is only a fall-back if the mail failed to go out at the
    # time it was sent.  (This can block on wlan portables, added
    # ampersand. -wsr) send stuff from main queue (should be empty on
    # all but
    /usr/sbin/sendmail -q0 &

    # send stuff from submit queue too.
    /usr/sbin/sendmail -Ac -q0 &


* ironically I moved because sendmail had the highly annoying habit of
fully qualifying remote addresses, by appending my domain name.
Appending crap to "localhost" is the least of its problems.
William Allen Simpson
    Key fingerprint =  17 40 5E 67 15 6F 31 26  DD 0D B9 9B 6A 15 2C 32