# Sendmail stops working after upgrade from 9.1 to 9.3



## rfranzke (Jan 14, 2015)

I did an upgrade to my FreeBSD server. I followed this guide:

https://www.freebsd.org/doc/handbook/updating-upgrading-freebsdupdate.html

Things seemed to work pretty well....after attempt 4 (helps to read some).

It seems though something is still not correct as Sendmail stopped working. The specific steps I took are as follows:


```
freebsd-update -r 9.3-RELEASE upgrade
freebsd-update install
shutdown -r now
freebsd-update install
portsnap fetch update && portupgrade -a -m BATCH=yes
freebsd-update install
```

I have this server setup to relay local mail from ports to Gmail smarthost. When a local mail is generated I see the following in the maillog:


```
stat=Deferred: Connection reset by [127.0.0.1]
```

Since I am relaying through gmail I have done all the appropriate SSL configurations (was working before upgrade fine). Telneting to the host reveals this:


```
root@draco:/etc/mail # telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 draco.domain.com ESMTP Sendmail 8.14.9/8.14.9; Wed, 14 Jan 2015 15:35:15 -0600 (CST)
ehlo
Connection closed by foreign host.
[EMAIL]root@draco:/etc/mail[/EMAIL] #
```

So no:



```
250-ETRN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-8BITMIME
250-ENHANCEDSTATUSCODES
250-STARTTLS
250 SIZE
```

I don't think sendmail would need to send local mail using TLS or anything but on a whim I checked SSL functionality like so:


```
root@draco:/etc/mail # openssl s_client -connect localhost:25
CONNECTED(00000003)
33083:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:/usr/src/secure/lib/libssl/../../../crypto/openssl/ssl/s23_clnt.c:618:
```

That does not look correct but am not sure if its relevant to the issue I am seeing. So something is really busted here and I am too much of a novice with BSD to figure it out. Is there some way to rebuild sendmail after an upgrade like this that I need to be doing here?

Any help is appreciated.


----------



## drhowarddrfine (Jan 14, 2015)

Unless it tells you differently, it's not necessary to upgrade all ports when you do a minor upgrade.

Are you using mail/sendmail from ports or the base install? In some cases, an update may overwrite your config file if you are using mail/sendmail from the base system.


----------



## rfranzke (Jan 14, 2015)

Thanks for the reply. I am using the base I believe. pkg version does not show sendmail installed. It would if installed from ports correct?

During the install I merged sendmail.cf and submit.cf. I thought that may have been the problem so I did the following in /etc/mail:

`make all install restart`

I had made a backup of /etc before the upgrade and diffed the sendmail.cf files from before and after the upgrade. They look the same AFAICT other than some version info. I went ahead and built a new hostname.mc file, added the correct information from the backup, and then ran the above code just to see if its indeed a configuration issue. No change.

To use SASL with the base sendmail, don't you need to compile it with that option somehow. Worried FreeBSD-update does not do that?

I suppose I could just replace config files from the backup and restart to see if things work better. Would really like to know what the issue is here though. Also having some permissions trouble with rsyncd after the upgrade. Not sure whats going on. Thanks again for the reply


----------



## rfranzke (Jan 14, 2015)

Sorry forgot to add that during the upgrade `freebsd-update` told me to rebuild ports. I understood the same that that would not be needed for minor upgrade but it said it needed to. As I mentioned I did this several times (revert to snapshot after fail) and it was broken with or without rebuilding ports.

Would it be worth it to try and install sendmail via ports?


----------



## junovitch@ (Jan 18, 2015)

rfranzke said:


> Sorry forgot to add that during the upgrade `freebsd-update` told me to rebuild ports. I understood the same that that would not be needed for minor upgrade but it said it needed to. As I mentioned I did this several times (revert to snapshot after fail) and it was broken with or without rebuilding ports.


The message to rebuild ports gets printed to the screen after any upgrade however the official upgrade instructions are correct and you don't need to rebuild ports after minor version upgrades.



rfranzke said:


> Would it be worth it to try and install sendmail via ports?


According to mail/sendmail the port has TLS and SASL on by default.  Using the port may be the path of least resistance and the most maintainable route.


----------



## kpa (Jan 18, 2015)

The Sendmail in the base system is quite problematic if you need to add anything to it like SASL support because then you have base system components explicitly depending on installed ports and every update on the base system can potentially break it. Using the port version is recommended. In a future version of FreeBSD the base system Sendmail might be even replaced with a very lightweight local/smarthost only alternative such as mail/dma.


----------



## rfranzke (Jan 19, 2015)

Thanks for the replies. I was able to get this working. I tried another upgrade by doing the following:

```
freebsd-update -r 9.3-RELEASE upgrade

freebsd-update install

shutdown -r now

freebsd-update install
```
I took the above suggestion and did not go through the process of upgrading the installed ports. I noticed that Sendmail would accept local relay right after the upgrade without rebuilding Sendmail. As I mentioned, I am using the base Sendmail with SASL to support relaying to my GMAIL smarthost via TLS/Authentication. That was not working directly after the upgrade (Sendmail would accept the connection and accept the local mail for relaying to smarthost, but the relay to GMAIL would not work). Normally rebuilding Sendmail with included SASL support seems to fix this so what I was doing was rebuilding Sendmail after the upgrade like so:

```
cd /usr/src/usr.sbin/sendmail
make clean
make depend
make
make install
cd /etc/mail
make all install restart
```
After doing this Sendmail was broken. Would get an error of : stat=Deferred: Connection reset by [127.0.0.1] among others and Sendmail would not even accept local email.

Instead this time I tried this:

```
# cd /usr/src/lib/libsmutil
# make cleandir && make obj && make
# cd /usr/src/lib/libsm
# make cleandir && make obj && make
# cd /usr/src/usr.sbin/sendmail
# make cleandir && make obj && make && make install
# cd /etc/mail
# make all install restart
```
I found this suggestion in the following link:

https://forums.freebsd.org/threads/adding-sasl-support-to-a-running-sendmail-configuration.29732/

After doing this Sendmail fired right up and was relaying to Gmail properly. I am not really sure what the difference is between the two versions of rebuilding Sendmail.

I agree it seems the base Sendmail is becoming harder to use. I frequently have to rebuild it when upgrading to a new SASL version. I may switch to the ports version at some point but at the moment its working correctly. Thanks for the suggestions.


----------

