# sendmail from a jail - intermittent problems



## kel (May 31, 2016)

I have a web server running in a jail that needs to send mail. The server script is configured properly and I get mail from it *intermittently*. Here's the kicker: all the sendmail requests show up properly in /var/log/maillog but most are just never received. I'm confused how this could happen. I can reliably send mail from the command line inside the jail.

Here is a recent set of log entries trying to send mail from the script. I've anonymized the email and domains to protect the innocent:


```
May 30 16:15:03 webjail sendmail[54383]: u4UMF24X054383: from=www, size=1911, class=0, nrcpts=1, msgid=<54bd126df09223d3801a199e5d72f22a@my.securesite.com>, relay=www@localhost
May 30 16:15:03 webjail sm-mta[54384]: STARTTLS=server, relay=[10.0.0.1], version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
May 30 16:15:03 webjail sendmail[54383]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
May 30 16:15:03 webjail sm-mta[54384]: u4UMF38c054384: from=<www@webjail>, size=2021, class=0, nrcpts=1, msgid=<54bd126df09223d3801a199e5d72f22a@my.securesite.com>, proto=ESMTPS, daemon=Daemon0, relay=[10.0.0.1]
May 30 16:15:03 webjail sendmail[54383]: u4UMF24X054383: to=Noreen Somebody <noreensomebody@gmail.com>, ctladdr=www (80/80), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31911, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u4UMF38c054384 Message accepted for delivery)
May 30 16:15:03 webjail sendmail[54387]: u4UMF31m054387: from=www, size=1128, class=0, nrcpts=1, msgid=<7ecf1131971053c7881ba0295d547c7e@my.securesite.com>, relay=www@localhost
May 30 16:15:03 webjail sm-mta[54388]: STARTTLS=server, relay=[10.0.0.1], version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
May 30 16:15:03 webjail sendmail[54387]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
May 30 16:15:03 webjail sm-mta[54386]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
May 30 16:15:03 webjail sm-mta[54388]: u4UMF3lu054388: from=<www@webjail>, size=1238, class=0, nrcpts=1, msgid=<7ecf1131971053c7881ba0295d547c7e@my.securesite.com>, proto=ESMTPS, daemon=Daemon0, relay=[10.0.0.1]
May 30 16:15:03 webjail sendmail[54387]: u4UMF31m054387: to=Noreen Somebody <noreensomebody@gmail.com>, ctladdr=www (80/80), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31128, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u4UMF3lu054388 Message accepted for delivery)
May 30 16:15:04 webjail sendmail[54391]: u4UMF3W9054391: from=www, size=987, class=0, nrcpts=2, msgid=<9b64a1b5489988ac34a99a92bb95d501@my.securesite.com>, relay=www@localhost
May 30 16:15:04 webjail sendmail[54391]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
May 30 16:15:04 webjail sm-mta[54392]: STARTTLS=server, relay=[10.0.0.1], version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
May 30 16:15:04 webjail sm-mta[54390]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
May 30 16:15:04 webjail sm-mta[54386]: u4UMF38c054384: to=<noreensomebody@gmail.com>, ctladdr=<www@webjail> (80/80), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=32021, relay=gmail-smtp-in.l.google.com. [74.125.126.26], dsn=2.0.0, stat=Sent (OK 1464646504 127si27813404itv.11 - gsmtp)
May 30 16:15:04 webjail sm-mta[54392]: u4UMF4Dq054392: from=<www@webjail>, size=1070, class=0, nrcpts=2, msgid=<9b64a1b5489988ac34a99a92bb95d501@my.securesite.com>, proto=ESMTPS, daemon=Daemon0, relay=[10.0.0.1]
May 30 16:15:04 webjail sendmail[54391]: u4UMF3W9054391: to=info@securesite.com,"SecureSite Admin" <admin@securesite.com>, ctladdr=www (80/80), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=60987, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u4UMF4Dq054392 Message accepted for delivery)
May 30 16:15:04 webjail sm-mta[54390]: u4UMF3lu054388: to=<noreensomebody@gmail.com>, ctladdr=<www@webjail> (80/80), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=31238, relay=gmail-smtp-in.l.google.com. [173.194.198.26], dsn=2.0.0, stat=Sent (OK 1464646505 69si3936877ioe.191 - gsmtp)
May 30 16:15:04 webjail sm-mta[54394]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
May 30 16:15:04 webjail sm-mta[54394]: u4UMF4Dq054392: to=<admin@securesite.com>,<info@securesite.com>, ctladdr=<www@webjail> (80/80), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=61070, relay=aspmx.l.google.com. [74.125.70.27], dsn=2.0.0, stat=Sent (OK 1464646505 f3si40822457ioa.19 - gsmtp)
```

From what I can see the mail is going out fine but I never receive it. In this case it's To: noreensomebody@gmail.com, who is a customer, and BCC: or CC: admin@securesite.com which is my email.

Some details:
- FreeBSD 10.x with latest patches
- jail only runs Apache/PHP, sendmail, cron and syslog
- jail bound to lo1 as 10.0.0.1, no external interfaces
- Internal Sendmail running as a daemon
- no sendmail entry in the jail's /etc/rc.conf or /etc/rc.local
- mail is not being blocked by the firewall on the host

Any thoughts on how to better diagnose this issue? Should I try to use an external SMTP server and see if that works? I'd like to try that but I suspect it will be painful, as my only option would be to use Gmail, which I'm sure will require a TLS connection to one of my accounts... securesite.com's domain is also hosted by Google.

If I send mail to one of my own addresses from the command line, I get the email. Here's what the log looks like. Maybe I'm missing something obvious in the logs.


```
May 30 18:12:33 webjail sendmail[54911]: u4V0CWsL054911: from=root, size=95, class=0, nrcpts=1, msgid=<201605310012.u4V0CWsL054911@webjail>, relay=root@localhost
May 30 18:12:33 webjail sendmail[54911]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.2, verify=FAIL, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
May 30 18:12:33 webjail sm-mta[54912]: STARTTLS=server, relay=[10.0.0.1], version=TLSv1.2, verify=NO, cipher=DHE-RSA-AES256-GCM-SHA384, bits=256/256
May 30 18:12:33 webjail sm-mta[54912]: u4V0CXLL054912: from=<root@webjail>, size=395, class=0, nrcpts=1, msgid=<201605310012.u4V0CWsL054911@webjail>, proto=ESMTPS, daemon=Daemon0, relay=[10.0.0.1]
May 30 18:12:33 webjail sendmail[54911]: u4V0CWsL054911: to=me@mytestsite.com, ctladdr=root (0/0), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30095, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (u4V0CXLL054912 Message accepted for delivery)
May 30 18:12:33 webjail sm-mta[54914]: STARTTLS=client, relay=aspmx.l.google.com., version=TLSv1.2, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128
May 30 18:12:34 webjail sm-mta[54914]: u4V0CXLL054912: to=<me@mytestsite.com>, ctladdr=<root@webjail> (0/0), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30395, relay=aspmx.l.google.com. [74.125.193.26], dsn=2.0.0, stat=Sent (OK 1464653554 i78si28053286ita.45 - gsmtp)
```

Thanks,
Kelly


----------



## kel (May 31, 2016)

I just posted this to the freebsd-questions mailing list as well...


----------



## fullauto2012 (May 31, 2016)

Did you properly config your /etc/mail/access file?


----------

