Why are some emails from Charlie Root and others are from root?

Leave a Comment / dma, Mail, Postfix / By

It’s another Saturday morning outside the coffee shop. My abundance of free time, without conferences to run, has resulted in mind shattering pondering.

Case in point:

The from list of recent emails: some are from Charlie Root, some are from root@ - These are the daily run output, daily security run output, and weekly run output emails sent from my FreeBSD hosts.
The from list of recent emails: some are from Charlie Root, some are from root@ – These are the daily run output, daily security run output, and weekly run output emails sent from my FreeBSD hosts.

In this post:

  • FreeBSD 14.1-RELEASE

Let’s use these two hosts:

  1. r730-01 – email is from root
  2. nagios03 – email is from Charlie Root

What are the differences?

First idea

My first idea: /etc/password differences.

Let’s check that idea:

[11:19 r730-01 dvl ~] % grep root /etc/passwd 
root:*:0:0:Charlie &:/root:/bin/sh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin

[11:19 zuul dan ~] % grep root /etc/passwd 
root:*:0:0:Charlie &:/root:/bin/sh
toor:*:0:0:Bourne-again Superuser:/root:
daemon:*:1:1:Owner of many system processes:/root:/usr/sbin/nologin

No, that’s exactly the same. It’s not that.

Second idea

My second idea, near the end of my first latte: is this an MTA (mail transfer agent) issue? Specifically, dma (see also Replacing postfix with dma) vs postfix.

Let’s check who answers:

[11:19 r730-01 dvl ~] % telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host

[11:19 zuul dan ~] % telnet localhost 25
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
220 zuul.example.org ESMTP Postfix
grep dma /etc/rc.conf
400 4.5.2 Error: command not recognized
^C^\^]
telnet> quit
Connection closed.

OK, first difference is known to be MTA. One of my goals is to use dma wherever there is outgoing mail only. I use Postfix only for receiving email.

Changing from postfix to dma

Let’s try modifying zuul to use dma.

Here are the commands I issued, based on what I found in the Ansible playbook mentioned in the blog post:

Disable postfix:

[11:52 zuul dan ~] % sudo service postfix stop
postfix/postfix-script: stopping the Postfix mail system

[11:52 zuul dan ~] % sudo service postfix disable 
postfix disabled in /etc/rc.conf

Disable sendmail (possibly not required on FreeBSD 14.1, which is what this host is running):

[11:52 zuul dan ~] % grep sendmail /etc/rc.conf
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"
[11:53 zuul dan ~] % sudo sysrc sendmail_enable="NO"
sendmail_enable: NONE -> NO
[11:54 zuul dan ~] % sudo sysrc daily_queuerun_enable="NO"
daily_queuerun_enable:  -> NO
[11:54 zuul dan ~] %

I created /etc/mail/mailer.conf:

sendmail      /usr/libexec/dma
mailq         /usr/libexec/dma
newaliases    /usr/libexec/dma
rmail         /usr/libexec/dma

I created /etc/dma/dma.conf with this:

SMARTHOST smtp.fastmail.com
PORT 465
SECURETRANSFER

AUTHPATH /etc/dma/auth.conf

See man dma for more information.

The /etc/dma/auth.conf file contains:

dvl|smtp.example.com:my-password

This file is chmod 600 to keep the secret secret.

/usr/local/etc/cron.d/dma contains:

*/30    *       *       *       *       root    /usr/libexec/dma -q

If it doesn’t work!

I had trouble with this host and I could not figure out why, until I went through the Ansible script. In there, it removes /usr/local/etc/mail/mailer.conf – for some historical reason, I have that file on this host. Attempts to send mail resulted in the mail being added to the queue but it was not being sent. Once I moved that file out of the way, I had success.

Testing

This is my test:

root@zuul:~ # echo testing | mail dan@example.net
root@zuul:~ #

Remember, I have to do this as root, because of Charlie Root

Here’s the logs (/var/log/maillog):

Jul 27 17:52:14 zuul dma[861b][84740]: new mail from user=root uid=26 envelope_from=<root@zuul.example.org>
Jul 27 17:52:14 zuul dma[861b][84740]: mail to=<dan@example.net > queued as 861b.485ceb648000
Jul 27 17:52:14 zuul dma[861b.485ceb648000][84741]: <dan@example.net > trying delivery
Jul 27 17:52:14 zuul dma[861b.485ceb648000][84741]: using smarthost (smtp.fastmail.com:465)
Jul 27 17:52:14 zuul dma[861b.485ceb648000][84741]: trying remote delivery to smtp.fastmail.com [103.168.172.60] pref 0
Jul 27 17:52:14 zuul dma[861b.485ceb648000][84741]: using SMTP authentication for user foo@example.net
Jul 27 17:52:15 zuul dma[861b.485ceb648000][84741]: <dan@example.net> delivery successful

What email did I receive?

To: dan@example.net
Date: Sat, 27 Jul 2024 17:52:13 +0000
Message-Id: <66a533cd.861b.4ab4a660@zuul.example.org>
From: <root@zuul.example.org>

testing

No Charlie Root

OK, cause confirmed.

Postfix is modifying the envelope, something not unusual. It is a desired objective.

Here endeth the lesson.

Problems I hit

I hit this problem:

Jul 27 12:55:44 nagios03 dma[dma][9546]: can not open auth file ` /etc/dma/auth.conf': No such file or directory

NOTE the space at the start of the path.

I had two spaces after AUTHPATH. Reducing that to one space fixed the issue.

Website Pin Facebook Twitter Myspace Friendfeed Technorati del.icio.us Digg Google StumbleUpon Premium Responsive

Leave a Comment

Scroll to Top