[Bug 251258] Sendmail does not accept mail from OpenLDAP users

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Thu Nov 19 16:41:08 UTC 2020 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251258

            Bug ID: 251258
           Summary: Sendmail does not accept mail from OpenLDAP users
           Product: Base System
           Version: 12.2-STABLE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Some People
          Priority: ---
         Component: bin
          Assignee: bugs at FreeBSD.org
          Reporter: kheuer at gwdg.de

After upgrading from 11.4 to 12.2 via freebsd-update, only users found in the
local user database can send mail via sendmail as submission program anymore.
Mail of users only in the remote OpenLDAP database gets rejected. All other
system components using OpenLDAP via pam_ldap and nss_ldap work as expected.

Installed: nss_ldap-1.265_13, pam_ldap-1.8.6_3

Query for OpenLDAP user:

fbsdhost# getent passwd | grep user
user:*:1001:20:User Name:/home/user:/bin/tcsh

Sendmail configuration:

fbsdhost# cat /etc/mail/gwdu60.gwdg.de.submit.mc
divert(-1)
#
# Copyright (c) 2001-2003 Sendmail, Inc. and its suppliers.
#       All rights reserved.
#
# By using this file, you agree to the terms and conditions set
# forth in the LICENSE file which can be found at the top level of
# the sendmail distribution.
#

#
#  This is the FreeBSD configuration for a set-group-ID sm-msp sendmail
#  that acts as a initial mail submission program.
#

divert(0)dnl
VERSIONID(`$FreeBSD: releng/12.2/etc/sendmail/freebsd.submit.mc 363465
2020-07-24 00:22:33Z gshapiro $')
define(`confCF_VERSION', `Submit')dnl
define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining
define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet
define(`confTIME_ZONE', `USE_TZ')dnl
define(`confDONT_INIT_GROUPS', `True')dnl
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
dnl
dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:0:0:0:0:0:0:0:1]
FEATURE(`msp', `[relay.ourdomain.de]')dnl

Local user:

fbsdhost% echo Test | mail -s test user at ourdomain.de
user at ourdomain.de... Connecting to [127.0.0.1] via relay...
220 fbsdhost.gwdg.de ESMTP Sendmail 8.16.1/8.16.1; Thu, 19 Nov 2020 17:18:39
+0100 (CET)
>>> EHLO fbsdhost.gwdg.de
250-fbsdhost.gwdg.de Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO fbsdhost.gwdg.de
250-fbsdhost.gwdg.de Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> MAIL From:<user at fbsdhost.ourdomain.de> SIZE=39
250 2.1.0 <user at fbsdhost.ourdomain.de>... Sender ok
>>> RCPT To:<user at ourdomain.de>
>>> DATA
250 2.1.5 <user at ourdomain.de>... Recipient ok
354 Enter mail, end with "." on a line by itself
>>> .
250 2.0.0 0AJGIdfE048266 Message accepted for delivery
user at ourdomain.de... Sent (0AJGIdfE048266 Message accepted for delivery)
Closing connection to [127.0.0.1]
>>> QUIT
221 2.0.0 fbsdhost.ourdomain.de closing connection

OpenLDAP user:

fbsdhost% echo Test | mail -s test user at ourdomain.de
kheuer at gwdg.de... Connecting to [127.0.0.1] via relay...
220 fbsdhost.ourdomain.de ESMTP Sendmail 8.16.1/8.16.1; Thu, 19 Nov 2020
17:17:27 +0100 (CET)
>>> EHLO fbsdhost.ourdomain.de
250-fbsdhost.ourdomain.de Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-STARTTLS
250-DELIVERBY
250 HELP
>>> STARTTLS
220 2.0.0 Ready to start TLS
>>> EHLO fbsdhost.ourdomain.de
250-fbsdhost.ourdomain.de Hello localhost [127.0.0.1], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
>>> MAIL From:<user at fbsdhost.ourdomain.de> SIZE=39
user at ourdomain.de... Deferred
Closing connection to [127.0.0.1]

/etc/nsswitch.conf:

#
# nsswitch.conf(5) - name service switch configuration file
# $FreeBSD: releng/12.2/lib/libc/net/nsswitch.conf 338729 2018-09-17 18:56:47Z
brd $
#
group: files ldap
hosts: files dns
netgroup: compat
networks: files
passwd: files ldap
shells: files
services: compat
protocols: files
rpc: files

Best regards
Konrad Heuer

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list