# What is sendmail doing?



## JonaEngel (Oct 30, 2022)

I have a raspberry pi 3 b running 13.1-RELEASE-p2 GENERIC arm64 in which `sendmail` is using 30% -- 100% of IO.


How could I find out what sendmail is trying to do on this system?


----------



## Alain De Vos (Oct 30, 2022)

I find sendmail a relic of an older time. You might want to add to /etc/rc.conf,

```
sendmail_enable="NO"    # Run the sendmail inbound daemon
sendmail_cert_create="NO"   # Create a server certificate if none 
sendmail_submit_enable="NO" # Start a localhost-only MTA for mail submission
sendmail_outbound_enable="NO"   # Dequeue stuck mail
sendmail_msp_queue_enable="NO"  # Dequeue stuck clientmqueue mail
```


----------



## JonaEngel (Oct 30, 2022)

Thanks. I only disabled `sendmail` not all its ancestors.
For forensic proposes I'd still be curious if there is a way to find out what sendmail is doing (without dtrace).


----------



## shepper (Oct 30, 2022)

Michael Lucus described sendmail configuration as a rite of passage and similar to smashing a Full Beer Can on your forehead.


----------



## VladiBG (Oct 30, 2022)

Check the logs or use truss to trace the process calls.


----------



## cy@ (Oct 30, 2022)

You might find your answer in tail -f /var/log/mail.

Tracing syscalls is probably a waste of time before understanding the situation, by looking at the logs. You could be spammed or some daemon is shoveling email to you. Truss of sendmail at this point is like taking Aspirin for the pain instead of watching your feet to avoid stubbing your toe.


----------



## PMc (Oct 30, 2022)

shepper said:


> Michael Lucus described sendmail configuration as a rite of passage and similar to smashing a Full Beer Can on your forehead.


Sadly, there is no downvote button here. Wonder what that guy would suggest to interpret all my .cf code - or if he just doesn't have a clue.


----------



## hunter0one (Oct 31, 2022)

I've gathered that sendmail_enable="YES" actually launches mailwrapper, which means you can replace sendmail with dma easily (this is what I do). You can see how to do this in mailer.conf(5).


----------



## cy@ (Oct 31, 2022)

The plan is to remove sendmail from 14-CURRENT and enable dma as default MTA.

Sendmail doesn't have the market share it used to, especially since it was purchased a few years ago.






						Mail (MX) Server Survey
					

Report on the types and numbers of mail (MX) servers on the internet.



					www.securityspace.com


----------



## Jose (Oct 31, 2022)

JonaEngel said:


> I have a raspberry pi 3 b running 13.1-RELEASE-p2 GENERIC arm64 in which `sendmail` is using 30% -- 100% of IO.
> 
> 
> How could I find out what sendmail is trying to do on this system?


Probably a mail loop. Check /var/log/mail like cy@ says.


----------



## tux2bsd (Oct 31, 2022)

JonaEngel said:


> I have a raspberry pi 3 b running


That is what I have FreeBSD running on, it's very slow for IO but works perfectly well.  Look at some of my recent posts or about page to find something that will benefit you.


----------



## facedebouc (Oct 31, 2022)

cy@ said:


> The plan is to remove sendmail from 14-CURRENT and enable dma as default MTA.
> 
> Sendmail doesn't have the market share it used to, especially since it was purchased a few years ago.
> 
> ...


I'm in the 3.58% and it just works (Sendmail in jail as MX for my own domain SPF+DKIM+DMARC).


----------



## drhowarddrfine (Oct 31, 2022)

facedebouc said:


> I'm in the 3.58% and it just works


ditto


----------



## zirias@ (Oct 31, 2022)

So? The major point is, base doesn't need a full-featured MTA, it just needs a tiny one with the most basic features (like local delivery and relaying to a "smarthost"). Or would you want Postfix or Exim to replace Sendmail in base? Would make little sense.

For all those who prefer sendmail, there's always mail/sendmail.


----------



## hruodr (Oct 31, 2022)

I think a full MTA should be part of a full OS (not like linux a kernel). I have no problem substituting sendmail: 
with something better, but I do not know something better.

I think, instead of excluding sendmail, it should be upgraded for example to allow authentification. And cyrus 
sasl is not acceptable, then also a replacement of it should be written.

Or in what direction should the development of FreeBSD go? Writing Desktop bloat?


----------



## Alain De Vos (Oct 31, 2022)

A minimal one MTA/MDA/MUA is good. What are the minimal ones ?
Mutt & opensmtpd ?
Bigger ones should be in ports.


----------



## hruodr (Oct 31, 2022)

Alain De Vos said:


> What are the minimal ones ?
> Mutt & opensmtpd ?


sendmail is a minimal program, really a small program, but people condemn it due to its huge functionality.

People love bloat that do almost nothing.


----------



## Alain De Vos (Oct 31, 2022)

I know sendmail because it gives me configuration&syntax headache.
My full,complete opensmtpd configuration, takes just 6 very readable lines in one file.


----------



## zirias@ (Oct 31, 2022)

Alain De Vos said:


> A minimal one MTA/MDA/MUA is good. What are the minimal ones ?
> Mutt & opensmtpd ?


MTA: dma(8), MUA: mail(1), both in base, a separate MDA is not needed for correct operation (most MTAs, including dma, can also deliver mail themselves).

Everything else should be installed from ports, indeed.


----------



## W.hâ/t (Oct 31, 2022)

/etc/mail/mailer.conf

```
sendmail        /usr/libexec/dma
mailq           /usr/libexec/dma
newaliases      /usr/libexec/dma
hoststat        /usr/libexec/dma
purgestat       /usr/libexec/dma
```
/etc/crontab

```
*/30    *       *       *       *       root    /usr/libexec/dma -q
```

PR: 261536


----------



## Alain De Vos (Oct 31, 2022)

I have the feeling there is some "conservatism" when it comes to sendmail. Like, let's not change it because it's "old".


----------



## facedebouc (Oct 31, 2022)

Alain De Vos said:


> I know sendmail because it gives me configuration&syntax headache.
> My full,complete opensmtpd configuration, takes just 6 very readable lines in one file.


My sendmail configuration involves m4 macros only. I don't have to touch .cf files. No more headaches.


----------



## usdmatt (Oct 31, 2022)

People don't condemn sendmail because of its functionality, that makes no sense. They condemn it because it's barely supported, difficult for anyone other than bearded sysadmins to use, and is complete nonsense to be part of base considering the mail functionality required in a standard system.

It's not big, but still 60x the size of dma. Obviously functionality is completely different, but for anyone "not" running an actual mail handling system, dma does exactly what they need, and makes those things easier. Try telling a novice FreeBSD user how to get their system to deliver system emails via their authenticated smtp relay using sendmail. (and then find a good answer to their question about why a simple and common need uses an entirely over the top mailer and is still needlessly complicated in 2022).

And if you're actually running a mail system, where's the issue with "pkg install sendmail". Not only do you get to choose which mail application you want to use, but you also get updates without having to upgrade base or install the pkg anyway.

I used sendmail for a long time, but it's presence in base at this point is nonsense. It's like Microsoft using Exchange for basic mail functionality in windows nt and still having it in Server 2022 because of a few sysadmins whinging that they have a couple of machines that use it (and apparently are too idle to just install it in that case) and arguing it's not *that* hard for the other 99.9% of users to configure it to use a smarthost - as long as you jump through 17 hoops, install a few additional features and know exactly what you're doing in the first place.


----------



## zirias@ (Oct 31, 2022)

Fully agree with usdmatt (except I can't say anything about MS Exchange, never operated that )

I build my base system without sendmail for quite some time, and indeed, dma(8) works perfectly fine on all the "regular" machines. In my case, I want all mail stored on some internal mail machine (so, no local delivery at all), and the configuration needed for dma to do this is dead simple:

```
SMARTHOST my.mail.machine.invalid
NULLCLIENT
```

This one mail machine of course needs a lot more ... in my case exim as an MTA, dovecot as an MDA and for IMAP access. But that's "special purpose", so it makes sense to install that software from ports. People prefering sendmail would just install that instead.


----------



## hruodr (Oct 31, 2022)

usdmatt said:


> Try telling a novice FreeBSD user how to get their system to deliver system emails via their authenticated smtp relay using sendmail. (and then find a good answer to their question about why a simple and common need uses an entirely over the top mailer and is still needlessly complicated in 2022).











						mail, metamail, gpg, openssl, sendmail, fetchmail, etc AS MAIL CLIENT
					

This thread is dedicated to simple command line tools as mail client for normal desktop users, in order to show that FreeBSD has a past and a future as desktop system.  My contribution is to configure sendmail as smart host, in order that one can use normal mail to send mails. Perhaps someone...




					forums.freebsd.org


----------



## cy@ (Oct 31, 2022)

zirias@ said:


> So? The major point is, base doesn't need a full-featured MTA, it just needs a tiny one with the most basic features (like local delivery and relaying to a "smarthost"). Or would you want Postfix or Exim to replace Sendmail in base? Would make little sense.
> 
> For all those who prefer sendmail, there's always mail/sendmail.


I think the minimalist dma is probably the best approach (see my comments below about my philosophy). People who want something a little more feature rich should choose one of the ports (postfix, exim, sendmail, or one of the others).

Personally, I use postfix. I've used it on my exterior gateway for a couple of decades and have switched all my machines, except one, to it this calendar year, with the last one running the sendmail port because I feel I should keep one sendmail machine around just to keep my hands dirty with it.

Regarding my base O/S philosophy, everything server-like except for the absolute essentials such as sshd should be moved to ports. This includes moving KRB5 KDC, ntp, full featured MTA (keeping dma), telnetd, ftpd, and all other daemons not needed for initial system setup, all moved to ports. People should be able to pick and choose what they want to run on their machines.


----------



## usdmatt (Oct 31, 2022)

> We need sendmail compiled with cyrussasl support. Do first:
> 
> # pkg install cyrus-sasl
> 
> ...



Yeah, brilliant start. You need additional packages because the first change made by the average user isn't supported by default, and then you have to recompile part of base.
This just backs up my point that configuring a basic feature that many people need is way more awkward than it should be.

To make it even more ridiculous, it would of been easier to *not* have sendmail in base, and for the instructions to just start with installing the sendmail package that has SASL enabled.


----------



## cy@ (Oct 31, 2022)

usdmatt said:


> People don't condemn sendmail because of its functionality, that makes no sense. They condemn it because it's barely supported, difficult for anyone other than bearded sysadmins to use, and is complete nonsense to be part of base considering the mail functionality required in a standard system.


The reason sendmail is not supported like before was that the Sendmail corporation was sold to a company which incorporated it into their firewall/gateway appliance.  They were subsequently purchased by another company. My hunch is that they're probably not sharing as much of the work they've put into it since then or maybe not even developing it as before because if it ain't broke, don't fix it. (I've worked for software development companies before. Those are the discussions management has, even over the objections of developers. It's about profitability.)


----------



## hruodr (Oct 31, 2022)

usdmatt said:


> To make it even more ridiculous, it would of been easier to *not* have sendmail in base, and for the instructions to just start with installing the sendmail package that has SASL enabled.



The solution is, as I wrote before:



hruodr said:


> I think, instead of excluding sendmail, it should be upgraded for example to allow authentification. And cyrus
> sasl is not acceptable, then also a replacement of it should be written.



Authentication on MTAs is since long a standard.


----------



## usdmatt (Oct 31, 2022)

cy@ said:


> The reason sendmail is not supported like before was that the Sendmail corporation was sold to a company which incorporated it into their firewall/gateway appliance.  They were subsequently purchased by another company. My hunch is that they're probably not sharing as much of the work they've put into it since then or maybe not even developing it as before because if it ain't broke, don't fix it. (I've worked for software development companies before. Those are the discussions management has, even over the objections of developers. It's about profitability.)



Yes I'm sure I looked into this years ago and it had effectively become closed software with maybe the odd fix here and there for the open source version.


----------



## cy@ (Oct 31, 2022)

zirias@,

The only thing dma(8) does not support is $HOME/.forward. This can be addressed by using /etc/mail/aliases.

There was some discussion about adding .forward support to our dma(8). I'm not enamoured with that idea because our dma(8) source diverges from DragonFlyBSD sources. I'd prefer we send them the patch so they can maintain it for everyone.

Note that Qmail doesn't support .forward either. An add-on package is required. I don't know how many others don't support it either. The major MTAs, Sendmail, Postfix, and Exim, do but I think support for .forward outside of them is a bit of hit and miss and probably not a big concern anyway. For those who do need it should install one of the three MTAs that do support it.


----------



## cy@ (Oct 31, 2022)

usdmatt said:


> Yes I'm sure I looked into this years ago and it had effectively become closed software with maybe the odd fix here and there for the open source version.


Your an my conclusions are probably the same.


----------



## usdmatt (Oct 31, 2022)

> I think, instead of excluding sendmail, it should be upgraded for example to allow authentification. And cyrus
> sasl is not acceptable, then also a replacement of it should be written.



Sorry but I absolutely disagree. The solution is to finally remove sendmail from base, a decade after it was first discussed, and get something small and simple that provides the basic requirements of local delivery and smtp forwarding and can be set up with a couple of simple config lines. Suggesting large changes to an already massively complex application built on decades of legacy code, that is basically the product of a commercial company these days, is insane, especially to anyone with even the slightest experience in software development.

It just needs a simple application with modern tls & auth subsystems built-in as fundamental parts of the initial software (i.e. dma), not shoe-horned in as an afterthought 4 decades later.

I don't get what the issue is. Even for die-hard sendmail users, you are literally better off with `pkg add sendmail` than you are with the one in base.


----------



## bob2112 (Oct 31, 2022)

hruodr said:


> sendmail is a minimal program, really a small program, but people condemn it due to its huge functionality.


No, people condemn it because of its poor record of vulnerabilities, and the difficulty of configuration. I'm not an expert on MTAs but I've hung-out on mailing lists where there are people with the decades of full-time experience of them and I've never seen anyone recommend sendmail except for legacy installation and certain niche uses in large organizations. The usual recommendation is postfix which was designed from the start to be as secure as possible.

I'm not even keen on smtp forwarding because it's a potential gift to a hacker.


----------



## hruodr (Oct 31, 2022)

bob2112 said:


> No, people condemn it because of its poor record of vulnerabilities, and the difficulty of configuration.


Other are not better, regarding vulnerabilities and configuration.

I tried to configure postfix and exim, ended with sendmail.

Exim had not long ago a big vulnerability, sendmail no one since many years.

People complain for complaining.


----------



## drhowarddrfine (Oct 31, 2022)

Alain De Vos said:


> let's not change it because it's "old".


More like let's change it because it's old


----------



## zirias@ (Oct 31, 2022)

cy@ as I already mentioned, I _do_ use dma for these simple requirements. I think a complete self-contained base system actually needs a (simple) MTA, e.g. for cron mail... but thinking about ~/.forward, that very much sounds like some extra feature really not needed for base.


----------



## cy@ (Oct 31, 2022)

zirias@ said:


> cy@ as I already mentioned, I _do_ use dma for these simple requirements. I think a complete self-contained base system actually needs a (simple) MTA, e.g. for cron mail... but thinking about ~/.forward, that very much sounds like some extra feature really not needed for base.


Probably just needs an UPDATING entry and a simple note in release-notes.


----------



## hruodr (Oct 31, 2022)

drhowarddrfine said:


> More like let's change it because it's old


Believe me, a computer "scientist" told me once, that also mathematical theorems become obsolete (and false).


----------



## cy@ (Oct 31, 2022)

drhowarddrfine said:


> More like let's change it because it's old


Still have that old 2.0.5 CD. An oldie but a goodie.


----------

