# sendmail 17: strange log entries...



## MAM (Apr 5, 2022)

yesterday I was forced to switch to sendmail 17 from the ports collection because my new ISP demands authentication for using the smarthost. 
It was not too complicated to switch from base sendmail to ports sendmail, and most things kept on working without any problem (mostly the smarthost worked again instantly  )

But today I've scrolled through the protocols and saw quite wierd entries like these:

*Apr  5 19:31:56 l3router sm-mta[88098]: ruleset=trust_auth, arg1=www@l3router.meiszl.de, relay=localhost [127.0.0.1], reject=550 5.7.1 <www@l3router.meiszl.de>... not authenticated*

Aha, a reject. Mail from localhost got rejected? but reading on I saw:

Apr  5 19:31:57 l3router sm-mta[88098]: 235HVufB088098: from=<www@l3router.meiszl.de>, size=907, class=0, nrcpts=1, msgid=<9B2YpT4ZfRJNqp6EHvkdya25I474p7vOCcS09u8UqYI@homepage.meiszl.de>, proto=ESMTPS, daemon=IPv4, relay=localhost [127.0.0.1]
Apr  5 19:31:57 l3router sendmail[88097]: 235HVuhM088097: to=WPSecurity@meiszl.de, ctladdr=www (80/80), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30751, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (235HVufB088098 Message accepted for delivery)
Apr  5 19:31:57 l3router sm-mta[88100]: 235HVufB088098: to=XXX, ctladdr=<www@l3router.meiszl.de> (80/80), delay=00:00:00, xdelay=00:00:00, mailer=local, pri=61525, dsn=2.0.0, stat=Sent
Apr  5 19:31:57 l3router sm-mta[88100]: 235HVufB088098: to="| /usr/local/etc/BanWPFromMail", ctladdr=failmail (26/0), delay=00:00:00, xdelay=00:00:00, mailer=prog, pri=61525, dsn=2.0.0, stat=Sent
Apr  5 19:31:57 l3router sm-mta[88100]: 235HVufB088098: done; delay=00:00:00, ntries=1

instead of the reject, the mail was finally accepted and delivered !!!
(ok this example is a bit bad, the "recipient" is an alias and the message is forwarded to "XXX" and a fail2ban script. But both destinations got the mail!

Searching the logs for "not authenticated" showed quite a lot of these "rejects". (there is no need for authentication within the local net, this is the mail dump for everything and everybody within the lan). 

So I am about to think, that this message is just fake news spread by sendmail to make the admin wonder and panic... 

Or, can anybody explain what is going on and why the message shows up at all? 

(btw: dear spammers: no need to try those email addresses from the listing, they are not accessible from the outside)


----------



## covacat (Apr 5, 2022)

your www/mailer uses mail from:address auth=address in its smpt session which fails from unauthenticated users
you can use sasl with base senmdail too (probably wont change anything), just have this in make.conf

SENDMAIL_CFLAGS+=   -I/usr/local/include -DSASL=2
SENDMAIL_LDFLAGS+=  -L/usr/local/lib
SENDMAIL_LDADD+=    -lsasl2
and rebuild libsm, llibsmutil and sendmail
but you have to rebuild after freebsd-update (not always, normaly only when upgrade)


----------



## MAM (Apr 6, 2022)

yeah i know that i can rebuilt my own and for some years I also did it.
But, as you say, you need to keep an eye on it if you upgrade and so I decided to keep the stock BSD and use the port instead.

And, as I said, it works!

Just this rather stupid error message  (or better "warning" because the mails are still delivered despite the "reject") puzzles me.


----------

