[OmniOS-discuss] OmniOS sendmail suitable for Internet mail hub?

[Dale Ghent]

> On Feb 7, 2016, at 4:03 PM, Bob Friesenhahn <bfriesen at simple.dallas.tx.us> wrote:
> 
> Perhaps being naive, yesterday I switched my Internet mail server from Solaris 10 to OmniOS r151016, using OmniOS sendmail, self-built Dovecot, self-built bogofilter, and self-built milter-greylist. These components are running in an isolated zone.  A self-built BIND named runs in the global zone.
> 
> While the sendmail version and sendmail features seem to be very similar compared with Solaris 10, I have noticed at least one difference, which was that SMTP does not support user authentication (I saw a post on a Illumos list that Dale Ghent is working to improve this).
> 
> I have heard from a Comcast user that Comcast refused to send email to me.  Sometime later, I did see an email arrive from this user.  It is not clear to me if there is a problem on my end.  He tells me that he is able to ping the IP address but telnet to port 25 hung forever without any smtp hello string (might be a Comcast filter).
> 
> I see that TLS is not working/enabled.  The feature list and package dependencies suggest that I should be able to get this working.
> 
> Many suggest using Postfix but I have been using sendmail successfully for many years and have a simple configuration which has been working for me.
> 
> Are there any known issues with OmniOS sendmail with regards to receipt of messages from the Internet at large?

Being on comcast's network who, like most consumer ISPs (outside of business accounts) generally block port 25 in and out; which is why if you're sending to a mail server, you should be using the MSP port anyway (port 587) ... but this is something that the stock sendmail in OmniOS, which comes straight out of illumos-gate, doesn't have configured by default.

Future plans and thoughts on MTAs in OmniOS specifically:

You mentioned my mail, maybe you saw the one last night where I proposed cutting sendmail out of illumos-gate entirely (in due time). Right now my plans are to cease the inclusion and use of illumos-gate's sendmail in OmniOS, and replace it with a small, lightweight MTA called DMA (Dragonfly Mail Agent.) The only thing this will do is send mails to either the local user's spool in /var/mail, or to a remote host via MX record lookup or defined smarthost with TLS/SMTP-AUTH as an option. It also does basic /etc/mail/aliases lookups and a outgoing queuing ability. That's it, and a solution that I believe is suitable for /most/ OmniOS use-cases (ie; 1 of many servers in a datacenter which never accept incoming mail, but may send a lot to somewhere remotely.)

This DMA package will be mediated under IPS, and provide the usual /usr/lib/sendmail, /usr/sbin/sendmail, /usr/bin/mailq symlinks to itself. The reason why these links will be mediated is because my plan is to provide a better sendmail, also IPS-mediatetd, than is what on current offer from illumos-gate. This sendmail will continue to have all the SUN_* options enabled in the code, but it being freed from illumos-gate means we can flush out additional features in it and track newer versions faster. Because of the MTA mediation in IPS, one can even implement other MTAs, such as postfix or opensmtpd or ... whatever your heart wants.

Sound reasonable?

/dale
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <https://omniosce.org/ml-archive/attachments/20160207/d82f9b7e/attachment.bin>