# Cannot send email - openSMTPD



## fred974 (Jun 10, 2015)

Hi,

I have a problem to get my email working with openSMTPD...
When I run `route -n show default`, I get the following back

```
route: writing to routing socket: No such process
```

Could anyone please tell me what this mean?

This is a web server inside a ezjail jail

Thank you


----------



## ShelLuser (Jun 10, 2015)

fred974 said:


> When I run `route -n show default`, I get the following back
> 
> ```
> route: writing to routing socket: No such process
> ...


The route command uses sockets to access the kernel routing table. However, within a jail that kind of access is normally restricted. One of the reasons why you most likely also won't be able to use ping from within a jail to, well, ping to an outside host.

What you could do is check the security.jail.allow_raw_sockets value on the host. Use sysctl for that. My assumption is that its value is 0, change it to 1 and then this should work.

I'm basing the "it should work" on this page in the handbook. The socket which route is using is definitely PF_ROUTE. Some output from `truss route -n show default 2>&1 |less`, I emphased the relevant section (edit: but it doesn't show ):


```
getpid()                                         = 46241 (0xb4a1)
geteuid()                                        = 1001 (0x3e9)
*** socket(PF_ROUTE,SOCK_RAW,0)                      = 3 (0x3) ***
__sysctl(0xbfbfe31c,0x2,0xbfbfe354,0xbfbfe350,0x804cf5e,0x8) = 0 (0x0)
__sysctl(0xbfbfe354,0x2,0x804e248,0xbfbfe414,0x0,0x0) = 0 (0x0)
__sysctl(0xbfbfe31c,0x2,0xbfbfe354,0xbfbfe350,0x804cf67,0xd) = 0 (0x0)
__sysctl(0xbfbfe354,0x2,0x804e24c,0xbfbfe414,0x0,0x0) = 0 (0x0)
```
(don't mind the three asterisks, I put those there to indicate the line I'm referring to)

Hope this helps.


----------



## fred974 (Jun 10, 2015)

Hi ShelLuser ,

Sorry but you completely lost me here.
Basically, my real problem is that I setup OpenBSD to act relay my local email to my Google gmail account....
When I try to send and email, I keep getting the following error message:

```
Jun 10 20:02:09 zion smtpd[1366]: warn: queue: no return path!
Jun 10 20:02:09 zion smtpd[1366]: relay: Expire for 9cac4fd05282a436: from=<@>, to=<gmailaddress@gmail.com>, rcpt=<webadmin@zion.mydomain.ltd>, delay=4h, stat=Envelope expired
Jun 10 20:06:07 zion smtpd[1371]: smtp-out: Connecting to tls://64.233.184.108:587 (wa-in-f108.1e100.net) on session 32ea93b7f18f746f...
Jun 10 20:06:07 zion smtpd[1371]: smtp-out: Connected on session 32ea93b7f18f746f
Jun 10 20:06:07 zion smtpd[1371]: smtp-out: Started TLS on session 32ea93b7f18f746f: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
Jun 10 20:06:07 zion smtpd[1371]: smtp-out: Server certificate verification succeeded on session 32ea93b7f18f746f
Jun 10 20:06:07 zion smtpd[1371]: smtp-out: Error on session 32ea93b7f18f746f: AUTH rejected: 535 5.7.8 https://support.google.com/mail/answer/14257 bw5sm15862852wjc.31 - gsmtp
Jun 10 20:06:07 zion smtpd[1371]: smtp-out: Disabling route [] <-> 64.233.184.108 (wa-in-f108.1e100.net) for 800s
Jun 10 20:06:09 zion smtpd[1371]: smtp-out: Connecting to tls://64.233.184.109:587 (wa-in-f109.1e100.net) on session 32ea93b86e1fa99e...
Jun 10 20:06:09 zion smtpd[1371]: smtp-out: Connected on session 32ea93b86e1fa99e
Jun 10 20:06:09 zion smtpd[1371]: smtp-out: Started TLS on session 32ea93b86e1fa99e: version=TLSv1/SSLv3, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128
Jun 10 20:06:09 zion smtpd[1371]: smtp-out: Server certificate verification succeeded on session 32ea93b86e1fa99e
Jun 10 20:06:09 zion smtpd[1371]: smtp-out: Error on session 32ea93b86e1fa99e: AUTH rejected: 535 5.7.8 https://support.google.com/mail/answer/14257 m10sm9250799wib.17 - gsmtp
Jun 10 20:06:09 zion smtpd[1371]: smtp-out: Disabling route [] <-> 64.233.184.109 (wa-in-f109.1e100.net) for 800s
Jun 10 20:06:11 zion smtpd[1371]: smtp-out: No valid route for [connector:[]->[relay:smtp.gmail.com,port=587,starttls,auth=secrets:label,mx],0x0]
Jun 10 20:06:18 zion smtpd[1371]: relay: TempFail for 0f8f161c559c9247: session=0000000000000000, from=<webadmin@zion.mydomain.ltd>, to=<gmailaddress@gmail.com>, rcpt=<->, source=-, relay=smtp.gmail.com, delay=6m52s, stat=Network error on destination MXs
Jun 10 20:12:47 zion smtpd[1371]: smtp-out: Enabling route [] <-> 173.194.78.108 (wg-in-f108.1e100.net)
Jun 10 20:12:49 zion smtpd[1371]: smtp-out: Enabling route [] <-> 173.194.78.109 (wg-in-f109.1e100.net)
Jun 10 20:19:27 zion smtpd[1371]: smtp-out: Enabling route [] <-> 64.233.184.108 (wa-in-f108.1e100.net)
Jun 10 20:19:29 zion smtpd[1371]: smtp-out: Enabling route [] <-> 64.233.184.109 (wa-in-f109.1e100.net)
```

I have been on the link https://support.google.com/mail/answer/14257 but with no luck..
I use the exact same setting in the FreeBSD host with no problem and receive email everyday.

My problem is that I don't know if the problem is with jail security or the email setup..


----------



## fred974 (Jun 10, 2015)

I don't know if this will help...here is my file from inside the jail
/etc.rc.conf

```
# Miscellaneous Configuration
moused_enable="NO"
hostname="zion.mydomain.ltd"
network_interfaces="lo1"                # No network interfaces aside from the loopback device
ip6addrctl_enable="NO"                  # Dissable IPv6
ip6addrctl_policy="ipv4_prefer"         # Use IPv4 instead of IPv6
ipv6_activate_all_interfaces="NO"       # Do not automatically add IPv6 addresses
kern_securelevel_enable="YES"           # Enable 'securelevel' kernel security
kern_securelevel="1"                    # See init(8)
rpcbind_enable="NO"                     # Disable RPC daemon
cron_flags="$cron_flags -J 15"          # Prevent lots of jails running cron jobs at the same time
syslogd_flags="-ss"                     # Disable syslogd listening for incoming connections
sendmail_enable="NONE"                  # Comppletely disable sendmail
clear_tmp_enable="YES"                  # Clear /tmp at startup

## sendmail daemons disabled
dumpdev="NO"
sendmail_enable="NO"                    # Disable Sendmail
sendmail_submit_enable="NO"             # Disable sendmail submit
sendmail_outbound_enable="NO"           # Disable sendmail outbound
sendmail_msp_queue_enable="NO"          # Disable sendmail msp queing

### Enable opensmtpd  MTA ###
smtpd_enable="YES"

# SSHD Configuration
sshd_enable="YES"                       # Enable sshd
### Web Configuration
hiawatha_enable=YES
php_fpm_enable="YES"

# Enable OSSEC
ossechids_enable="YES"
```


----------



## ShelLuser (Jun 11, 2015)

As to you not following my previous comment: I think that the socket error you got can be traced back to the security.jail.allow_raw_sockets system setting. So you could try `# sysctl security.jail.allow_raw_sockets=1` on the host and then see if the error is gone.

I'm not fully sure about the other problem. I'm not familiar enough with OpenSMTPD to fully interpret the logfile, but it seems to me that a network (jail related) problem could be the cause of it. I conclude as much because of the eventual network error.


----------



## fred974 (Jun 11, 2015)

ShelLuser,
Sorry I didn't realised that what you meant.
Will try it now.
Thank you


----------



## fred974 (Jun 11, 2015)

Ran `sysctl security.jail.allow_raw_sockets=1` and restarted smtpd on the jail and the issue is still there.

Thank you for the input tough.

I'll carry on digging.


----------



## da1 (Jun 11, 2015)

Did you actually read the logs?

```
Jun 10 20:06:09 zion smtpd[1371]: smtp-out: Error on session 32ea93b86e1fa99e: AUTH rejected: 535 5.7.8 https://support.google.com/mail/answer/14257 m10sm9250799wib.17 - gsmtp
```
 Did you notice the "AUTH rejected" and the link following it?

If you plan on only sending emails out (a.k.a no full fledged email server) have a look at mail/ssmtp


----------



## fred974 (Jun 11, 2015)

Hi da1
Yes I did read the log and this is why I also posted the following


fred974 said:


> I have been on the link https://support.google.com/mail/answer/14257 but with no luck..


Someone else also sugested today that I use mail/ssmtp.
Thank you for the information, I'll give that a go


----------



## da1 (Jun 11, 2015)

If you will use mail/ssmtp with a relay server, you might as well just use OpenSMTPd because you can relay all your local mails to this (relay) server.


----------



## fred974 (Jun 12, 2015)

Hi,

I installed mail/ssmtp and I ended up with the same error message:

```
Jun 11 22:10:53 zion sSMTP[8647]: SSL connection using ECDHE-RSA-AES128-GCM-SHA256
Jun 11 22:10:54 zion sSMTP[8647]: Authorization failed (535 5.7.8 https://support.google.com/mail/answer/14257 l6sm2802563wjz.4 - gsmtp)
```
I went to the URL and done the catcha stuff and did the allow less secure apps access ...
Will it be because the FreeBSD host is already using my gmail account?


----------



## da1 (Jun 12, 2015)

Hi,

Can you post the conf. file?


----------



## fred974 (Jun 12, 2015)

Thank you da1 
Here are the files
/usr/local/etc/ssmtp/ssmtp.conf

```
root=emailaddress@gmail.com
mailhub=smtp.gmail.com:587
rewriteDomain=
hostname=emailaddress@gmail.com
FromLineOverride=YES
UseSTARTTLS=YES
AuthUser=emailaddress@gmail.com
AuthPass=secretppassword
AuthMethod=LOGIN
Debug=YES
```
/usr/local/etc/ssmtp/revaliases

```
root:emailaddress@gmail.com:smtp.gmail.com:587
localusername:emailaddress@gmail.com:smtp.gmail.com:587
```


----------



## da1 (Jun 12, 2015)

Do you absolutely need to relay the email via gmail?
Can you not simply send them out to the internet (ex: via sendmail/opensmtpd)?


----------



## fred974 (Jun 12, 2015)

da1 said:


> Can you not simply send them out to the internet (ex: via sendmail/opensmtpd)?


This is the web server and I have an e-commerce on it.
At the moment, the customer are not receiving email acknowledgment that order has been makes.
If iy make you understand what I am trying to do, Here is my openSMTPD confi file

```
1 ## listen on localhost (ipv4 only) and port 25 (smtp)
  2 #listen on 192.168.1.125 port 25 hostname zion.trinitech.ltd
  3 listen on 192.168.1.125
  4
  5 ## expire messages in the mail queue after 4 hours. Expired messages will
  6 ## be bounced back to the sender after this time.
  7 expire 4h
  8
  9 ## the mail aliases database, created with "newaliases"
10 #table aliases file:/usr/local/etc/mail/aliases
11 table aliases db:/usr/local/etc/mail/aliases.db
12
13 ## the file holding the gmail username and password
14 ## created with "/usr/local/libexec/opensmtpd/makemap /usr/local/etc/mail/secrets"
15 table secrets db:/usr/local/etc/mail/secrets.db
16
17 ## accept mail from the local machine (lo0) to localhost accounts and pass to
18 ## the recipient's procmail rules. Address mapping is derived from the aliases file.
19 ## This rule is for internal machine mail only.
20 accept from local for local alias <aliases > deliver to mda "/usr/local/bin/procmail -f -"
21
22 ## outgoing mail is accepted from localhost only and relayed through
23 ## Google's gmail using TLS authentication on port 587. The user and password
24 ## from the map "secrets"' file is used.
25 ## This rule is for local users _only_ to send mail through gmail. No open relays!
26 accept from local for any relay via tls+auth://label@smtp.gmail.com:587 auth <secrets>
```


----------



## da1 (Jun 12, 2015)

I understand but what I'm trying to say is that unless you have a specific reason (ex: you are being blocked by your ISP), you do not need to use gmail or any other email server as a relay server.

For instance, one of my servers, is unfortunately,  being blocked by the ISP but they provide an open relay server so I'm simply using that:

```
listen on lo0
table aliases db:/etc/mail/aliases.db
accept for local alias <aliases> deliver to mbox
accept from local for any relay via "smtp-relay.isp.tld"
```

Of course mail/ssmtp has this option too:

```
mailhub=smtp-relay.isp.tld
```

The above configuration works if you wish to just send email out and tbh, if you do not have a specific need to use gmail as a relay server (a.k.a you are not being blocked by your ISP), using OpenSMTPd's default settings should suffice.

Then again, so would the default sendmail in base.

PS: if your OpenSMTPd secrets file formated correctly? a.k.a does `smtpd -n` show everything ok?


----------



## gkontos (Jun 12, 2015)

You can't just use a local smtp server to sent emails without proper reverse DNS and a valid MX to receive bounces.


----------

