# Sendmail connection refused, pf.conf?



## sijohans (Jan 27, 2016)

Hello!

My sendmail.log is filled up with messages about connection refused. I do not have much knowledge about sendmail, iI think iI will have to read the manual for configuring it later.

This is how /var/log/maillog typically looks like. It is reloaded quite often.

```
Jan 27 03:16:57 nas sendmail[8436]: u0N259O9008763: to=root, ctladdr=root (0/0), delay=4+00:11:48, xdelay=00:00:00, mailer=relay, pri=480918, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsS083827: to=root, delay=5+00:11:45, xdelay=00:00:00, mailer=relay, pri=481511, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsS083827: u0R2GhvO008436: return to sender: Cannot send message for 5 days
Jan 27 03:16:57 nas sendmail[8436]: u0R2GhvO008436: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32890, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsT083827: to=root, delay=5+00:11:45, xdelay=00:00:00, mailer=relay, pri=481666, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsT083827: u0R2GhvP008436: return to sender: Cannot send message for 5 days
Jan 27 03:16:57 nas sendmail[8436]: u0R2GhvP008436: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=33045, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsQ083827: to=root, delay=5+00:11:58, xdelay=00:00:00, mailer=relay, pri=482092, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsQ083827: u0R2GhvQ008436: return to sender: Cannot send message for 5 days
Jan 27 03:16:57 nas sendmail[8436]: u0R2GhvQ008436: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=33667, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsU083827: to=root, delay=5+00:11:45, xdelay=00:00:00, mailer=relay, pri=482533, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsU083827: u0R2GhvR008436: return to sender: Cannot send message for 5 days
Jan 27 03:16:57 nas sendmail[8436]: u0R2GhvR008436: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=33920, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0N259WZ008800: to=root, delay=4+00:11:34, xdelay=00:00:00, mailer=relay, pri=489083, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0N259WT008800: to=root, delay=4+00:11:47, xdelay=00:00:00, mailer=relay, pri=492020, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0N259Wa008800: to=postmaster, delay=4+00:11:34, xdelay=00:00:00, mailer=relay, pri=492073, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0N259mg008824: to=root, ctladdr=root (0/0), delay=4+00:11:48, xdelay=00:00:00, mailer=relay, pri=493747, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24wAW083790: to=root, ctladdr=root (0/0), delay=5+00:11:59, xdelay=00:00:00, mailer=relay, pri=570809, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24wAW083790: u0R2GhvS008436: sender notify: Cannot send message for 5 days
Jan 27 03:16:57 nas sendmail[8436]: u0R2GhvS008436: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32139, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xJZ083851: to=root, ctladdr=root (0/0), delay=5+00:11:58, xdelay=00:00:00, mailer=relay, pri=580690, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xJZ083851: u0R2GhvT008436: sender notify: Cannot send message for 5 days
Jan 27 03:16:57 nas sendmail[8436]: u0R2GhvT008436: to=root, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=132020, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsR083827: to=root, delay=5+00:11:46, xdelay=00:00:00, mailer=relay, pri=583946, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Jan 27 03:16:57 nas sendmail[8436]: u0M24xsR083827: u0R2GhvU008436: return to sender: Cannot send message for 5 days
Jan 27 03:16:57 nas sendmail[8436]: u0R2GhvU008436: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=135521, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
```

This is my pf.conf:

```
local_host="192.168.1.150"
udp_services = "{ ntp }"
tcp_services = "{ ssh }"
allowed_ips="{ 192.168.1.0/24 }"

table <blockedips> persist file "/etc/blocked_ips.conf"

interface="bge0"
set block-policy return
set skip on lo0
scrub in all

block all
block drop in log quick on $interface from <blockedips> to any

# Host
pass out on $interface inet from $local_host to any
pass in on $interface inet proto tcp from any to $local_host port $tcp_services
pass in on $interface inet proto udp from any to $local_host port $udp_services
pass in on $interface inet proto icmp from any to $local_host icmp-type echoreq
pass out on $interface inet from $local_host to $allowed_ips
pass in on $interface inet from $allowed_ips to $local_host

# Jails
ip_jails ="{ 192.168.1.151 , 192.168.1.152 }"
pass out on $interface inet from $ip_jails to any

# MySQL Jail
pass in on $interface inet proto tcp from any to 192.168.1.151 port mysql

# www Jail
pass in on $interface inet proto tcp from $allowed_ips to 192.168.1.152 port 22
pass in on $interface inet proto tcp from any to 192.168.1.152 port {http,https}

table <sshguard> persist
block drop in log quick on $interface inet from <sshguard> to any
```

And my rc.conf:

```
hostname="nas"
keymap="swedish.iso.kbd"
syslogd_enable="YES"
syslogd_flags="-s -b 127.0.0.1"
zfs_enable="YES"
dumpdev="AUTO"
ifconfig_bge0="192.168.1.150 netmask 255.255.255.0"
defaultrouter="192.168.1.1"
sshd_enable="YES"
# Disable sendmail
sendmail_enable="NO"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
# Date and time settings
ntpd_enable="YES"
ntpdate_enable="YES"
nptdate_hosts="0.se.pool.ntp.org"
# PF Firewall and sshguard
pf_enable="YES"
pf_rules="/etc/pf.conf"
sshguard_enable="YES"
sshguard_safety_thresh="30"
sshguard_pardon_min_intervall="600"
sshguard_prescribe_interval="7200"
# Jail settings
ezjail_enable="YES"
gateway_enable="YES"
ifconfig_bge0_alias0="inet 192.168.1.151 netmask 255.255.255.255"
ifconfig_bge0_alias1="inet 192.168.1.152 netmask 255.255.255.255"
```

What I wonder is:

What causes the mail that is sent? Is that necessary?
How do I solve it?


----------



## SirDice (Jan 27, 2016)

Your rc.conf shows sendmail being disabled completely. So you shouldn't even have sendmail running.


----------



## kpa (Jan 27, 2016)

Those mails are coming from periodic(8) runs that are run daily, some weekly or even monthly. You could install a minimal alternative to Sendmail such as mail/dma that can handle local mail as well as sending outgoing mail.


----------



## sijohans (Jan 27, 2016)

Thank you for quick reply. This is how my periodic.conf looks like:

```
pools="zroot data"
hourly_show_success="NO"
hourly_show_info="YES"
hourly_show_badconfig="NO"
hourly_zfs_snapshot_enable="YES"
hourly_zfs_snapshot_pools="$pools"
hourly_zfs_snapshot_keep=24
daily_zfs_snapshot_enable="YES"
daily_zfs_snapshot_pools="$pools"
daily_zfs_snapshot_keep=7
daily_status_zfs_enable="YES"
weekly_zfs_snapshot_enable="YES"
weekly_zfs_snapshot_pools="$pools"
weekly_zfs_snapshot_keep=8
monthly_zfs_snapshot_enable="YES"
monthly_zfs_snapshot_pools="$pools"
monthly_zfs_snapshot_keep=18
twoweekly_zfs_scrub_enable="YES"
twoweekly_zfs_scrub_pools="$pools"
```

Are these mails that have been posted in a queue somewhere now? How can iI remove them?

```
# mailq
/var/spool/mqueue is empty
                Total requests: 0
```

I think iI will do like this, is this a suitable solution?

```
hourly_output="/var/log/hourly.log"
daily_output="/var/log/daily.log"
monthly_output="/var/log/monthly.log"
```

I also found this in my maillog:

```
Jan 27 13:15:36 nas sendmail[18321]: gethostbyaddr(192.168.1.150) failed: 1
Jan 27 13:15:36 nas sendmail[18321]: gethostbyaddr(192.168.1.151) failed: 1
Jan 27 13:15:36 nas sendmail[18321]: gethostbyaddr(192.168.1.152) failed: 1
Jan 27 13:16:17 nas sendmail[18323]: gethostbyaddr(192.168.1.150) failed: 1
Jan 27 13:16:17 nas sendmail[18323]: gethostbyaddr(192.168.1.151) failed: 1
Jan 27 13:16:17 nas sendmail[18323]: gethostbyaddr(192.168.1.152) failed: 1
```

I suppose I haven't configured my jails properly?


----------



## sijohans (Jan 28, 2016)

Investigated this a little bit further. It seems like the mails are coming from the periodic security routines. /var/log/clientmqueue is full with these mails.

I also saw this in the handbook:


> *Warning: *
> If Sendmail's outgoing mail service is disabled, it is important that it is replaced with an alternative mail delivery system. Otherwise, system functions such as periodic(8) will be unable to deliver their results by email. Many parts of the system expect a functionalMTA. If applications continue to use Sendmail's binaries to try to send email after they are disabled, mail could go into an inactiveSendmail queue and never be delivered.



I suppose this is what happened to me, perhaps this will fix it:

```
daily_status_security_output="/var/log/daily.log"
weekly_status_security_output="/var/log/weekly.log"
monthly_status_security_output="/var/log/monthly.log"
```

I will consider configuring sendmail, would be nice with some reports instead of logging in and checking zpool status etc.


----------

