Allowing remote sendmail connections I'm in the process of creating some gate and clones for an internal project. Part of the
gate maintenance requires mail to be sent to a specific host such that a checkin kicks of
some sanity checks. I've got a working example on another host. But I can't get mine to work.
First we need to make sure that sendmail is running on the target box:
> svcs -a | grep smtp
online Jun_04 svc:/network/smtp:sendmail
> netstat -a | grep smtp
localhost.smtp *.* 0 0 49152 0 LISTEN
Okay, it appears to be up. Can we confirm that from a remote host?
> telnet kanigix 25
Trying 192.168.2.XXX...
telnet: connect to address 192.168.2.XXX: Connection refused
> sudo nmap kanigix
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2007-06-06 10:51 CDT
Interesting ports on kanigix.XXX (192.168.2.XXX):
Not shown: 1676 closed ports
PORT STATE SERVICE
22/tcp open ssh
111/tcp open rpcbind
2049/tcp open nfs
4045/tcp open lockd
MAC Address: 00:03:47:B1:6E:45 (Intel)
Nmap finished: 1 IP address (1 host up) scanned in 45.244 seconds
Okay, internally it appears up and externally it appears down. Further, a google doesn't
yield anything interesting. Time to check the man pages for sendmail:
On an unmodified system, access to sendmail by remote
clients is enabled and disabled through the service manage-
ment facility (see smf(5)). In particular, remote access is
determined by the value of the local_only SMF property:
svc:/network/smtp:sendmail/config/local_only = true
A setting of true, as above, disallows remote access; false
allows remote access. The default value is true.
The following example shows the sequence of SMF commands
used to enable sendmail to allow access to remote systems:
# svccfg -s svc:/network/smtp:sendmail setprop config/local_only = false
# svcadm refresh svc:/network/smtp:sendmail
Okay, what is the current value of the property?
> svccfg -s svc:/network/smtp:sendmail listprop config/local_only
config/local_only boolean true
Time to correct it:
> sudo svccfg -s svc:/network/smtp:sendmail setprop config/local_only = false
> sudo svcadm refresh svc:/network/smtp:sendmail
And what do we see now? Nothing changed. Try this:
> sudo svcadm restart svc:/network/smtp:sendmail
And we see some changes start:
> netstat -a | grep smtp
*.smtp *.* 0 0 49152 0 LISTEN
*.smtp *.* 0 0 49152 0 LISTEN
*.smtp *.* 0 0 49152 0 LISTEN
And from the client:
> telnet kanigix 25
Trying 192.168.2.XXX...
Connected to kanigix.
Escape character is '^]'.
220 kanigix.XXX ESMTP Sendmail 8.14.1+Sun/8.14.1; Wed, 6 Jun 2007 11:12:54 -0500 (CDT)
^]
telnet> q
Connection closed.
Okay, that wasn't intuitive. And neither was the control for remote access being buried in a property.
I will say that the man page was helpful.
Trackback URL: http://blogs.sun.com/tdh/entry/allowing_remote_sendmail_connections
Posted by Graeme Mathieson on June 06, 2007 at 11:30 AM CDT #
Yes, I saw that when I started writing the blog entry. I didn't see it when I was really debugging the issue.
For me, the real proof was the inability to telnet to the port. The first thought I had with that was that telnet was being blocked. And nmap showed me that even if that was the case, the port was still closed off.
Posted by Tom Haynes on June 06, 2007 at 11:35 AM CDT #
Posted by Graeme Mathieson on June 08, 2007 at 01:29 PM CDT #
Posted by Moinak Ghosh on June 15, 2007 at 07:01 AM CDT #
meaning lots of phone calls for us when services won't start. Thanks for the reference!
Posted by support monkey on July 29, 2007 at 10:39 AM CDT #
After spending too much time searching off and on for two days, this was the page that helped me out! I just did a fresh install of Nevada Bld 77, and after flipping the boolean value, my system is good.
Posted by Alan Steinberg on November 19, 2007 at 04:58 PM CST #