AIX Open Source

AIX Open Source

Share your experiences and connect with fellow developers to discover how to build and manage open source software for the AIX operating system


#Operatingsystems
#Opensource
#AIX
#AIX Open Source
 View Only
Back to discussions
Expand all | Collapse all

Sendmail with SASL, STARTTLS and HASURANDOMDEV

  • 1.  Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Thu April 14, 2022 11:01 AM
    Last year I asked here for Sendmail with enabled SASL and STARTTLS support. This was released in AIX 7.3, but we are not allowed to upgrade our AIX to this version yet. So, I was happy when Sendmail in AIX Toolbox was updated to 8.17.1 with enabled SASL and STARTTLS. Unfortunately, it gives error message "STARTTLS: Error: missing random file definition". The output of "/opt/freeware/sbin/sendmail -d0.10" tells this:

    Version 8.17.1
    Compiled with: DANE DNSMAP HES_GETMAILHOST IPV6_FULL LDAPMAP
    LDAP_NETWORK_TIMEOUT LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8
    MIME8TO7 NAMED_BIND NETINET NETINET6 NETUNIX NEWDB=5.3 NIS
    PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS TLS_EC
    TLS_VRFY_PER_CTX USERDB USE_LDAP_INIT
    OS Defines: HASFLOCK HAS_GETHOSTBYNAME2 HASGETUSERSHELL
    HASINITGROUPS HASLSTAT HASNICE HASRANDOM HASRRESVPORT HASSETSID
    HASSETVBUF HASUNSETENV HASWAITPID IDENTPROTO IP_SRCROUTE
    SFS_NONE USE_DOUBLE_FORK USESETEUID

    There is missing HASURANDOMDEV, which is needed for STARTTLS.

    I tried to add "define(`confRAND_FILE',`file:/dev/urandom')dnl" in sendmail.mc, but then it tells "STARTTLS: Warning: safeopen(/dev/urandom) failed".

    Is it possible to get this Sendmail working, or does it need to be recompiled with HASURANDOMDEV flag?

    ------------------------------
    Petr Kišš
    ------------------------------


  • 2.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Mon April 25, 2022 05:25 AM
    Are you getting this error while starting the sendmail daemon?

    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 3.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Mon April 25, 2022 10:04 AM
    Yes, this message appears in syslog during Sendmail start.

    ------------------------------
    Petr Kišš
    ------------------------------

    Original Message


  • 4.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Tue April 26, 2022 07:36 AM
    I also get error message when sending e-mail using mail command - "send-mail: illegal option -- x". The "-x" parameter is accepted by system version of Sendmail, but RPM Sendmail does not know it.

    I got information that it is a remnant of OSF/1, and that Sendmail can be built with or without the code silently ignoring the -x flag. To accept and ignore the -x flag Sendmail needs to be built with "__osf__" or "_AIX3" defined.


    So it would be nice to have also this corrected.



    ------------------------------
    Petr Kišš
    ------------------------------

    Original Message


  • 5.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Wed April 27, 2022 12:44 AM
    We will look into this issue. For the first error, can you share the output of the following command?
    truss /opt/freeware/sbin/sendmail -bd -q30m

    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 6.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Thu April 28, 2022 06:10 AM
      |   view attached
    In attached file there is output of truss.

    Here are relevant lines from syslog:
    Apr 28 13:04:42 sokondtest mail:warn|warning sendmail[23921142]: STARTTLS: Warning: safeopen(/dev/urandom) failed
    Apr 28 13:04:42 sokondtest mail:debug sendmail[23921142]: engine=(null), path=(null), ispre=1, pre=0, initialized=0
    Apr 28 13:04:42 sokondtest mail:info sendmail[12452302]: starting daemon (8.17.1): SMTP+queueing@00:30:00
    Apr 28 13:04:42 sokondtest mail:info sendmail[12452302]: started as: /opt/freeware/sbin/sendmail -bd -q30m


    ------------------------------
    Petr Kišš
    ------------------------------

    Attachment(s)

    log
    truss.log   90 KB 1 version
    Original Message


  • 7.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Fri May 20, 2022 01:26 AM
    We have fixed the first issue by rebuilding sendmail with HASURANDOMDEV.
    Regarding the second issue, can you share the command you ran which gave the error "send-mail: illegal option -- x"?

    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 8.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Fri May 20, 2022 04:49 AM

    With RPM version of Sendmail I try to send an e-mail:

    # mail -v kissp
    Subject: test
    sdlfsj
    Cc:
    send-mail: illegal option -- x

    Debug parameter for mail command tells more:

    # mail -v -d kissp
    uid = 0, user = root, mailname = /var/spool/mail/root
    deadletter = /home/root/dead.letter, mailrc = /home/root/.mailrc, mbox = /home/root/mbox
    Subject: test
    sslsd
    Cc:
    Recipients of message:
    "send-mail" "-i" "-v" "-x" "kissp"

    So I tried it directly with sendmail. "/usr/sbin/sendmail -i -v -x kissp" passed, but "/opt/freeware/sbin/sendmail -i -v -x kissp" failed with message "/opt/freeware/sbin/sendmail: illegal option -- x".

    As I already wrote, I got following information regarding "-x":
    AIX mail command passes "-x" flag to sendmail, and AIX sendmail accepts it without actually taking a particular action. In the literature it can be found that this is a remnant of OSF/1. sendmail can be built with or without the code silently ignoring the -x flag (it needs to be built with "__osf__" or "_AIX3" defined to accept and silently ignore the -x flag). AIX sendmail is built with this code.



    ------------------------------
    Petr Kišš
    ------------------------------

    Original Message


  • 9.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Mon June 06, 2022 08:24 AM
    These issues have been fixed and the fixed sendmail(8.17.1-2) is now available in AIX toolbox.
    https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc/sendmail/sendmail-8.17.1-2.aix6.1.ppc.rpm



    ------------------------------
    RESHMA KUMAR
    ------------------------------

    Original Message


  • 10.  RE: Sendmail with SASL, STARTTLS and HASURANDOMDEV

    Posted Mon July 11, 2022 07:54 AM
    Thank you.

    I am still not able to get it working with Amazon SES, but at least "illegal option -- x" disappeared.

    ------------------------------
    Petr Kišš
    ------------------------------

    Original Message