new install installs mailwrapper, but not sendmail

[lotheac]

'nightly' on my newish bloody box failed:

mailwrapper: cannot exec /usr/lib/smtp/sendmail/sendmail: No such file or directory

This is because sendmail isn't installed at all. I get that mailwrapper and the mediated links allow for different MTA implementations (actually in two different ways), but it would be sensible to install an actual MTA by default, not just mailwrapper. Though to be fair, I only noticed this one because this particular box is not under configuration management.

[danmcd]

Funny, after resizing my VM to have enough memory to perform nightly, I saw the same thing. I think adding pkg:/service/network/smtp/sendmail to "entire" will fix this.

[danmcd]

diff --git a/build/entire/entire.p5m b/build/entire/entire.p5m
index 8569df5..2c08003 100644
--- a/build/entire/entire.p5m
+++ b/build/entire/entire.p5m
@@ -278,6 +278,7 @@ depend fmri=service/file-system/smb@0.5.11,5.11-@PVER@ type=require
 depend fmri=service/hal@0.5.11,5.11-@PVER@ type=require
 depend fmri=service/network/network-clients@0.5.11,5.11-@PVER@ type=require
 depend fmri=service/network/ntp@4.2.8,5.11-@PVER@ type=require
+depend fmri=service/network/smtp/sendmail@8.14.4,5.11-@PVER@ type=require
 depend fmri=service/network/ssh@0.5.11,5.11-@PVER@ fmri=network/openssh-server type=require-any
 depend fmri=service/picl@0.5.11,5.11-@PVER@ type=require
 depend fmri=service/resource-pools/poold@0.5.11,5.11-@PVER@ type=require

[lotheac]

On Thu, Oct 15 2015 04:19:06 -0700, Dan McDonald wrote:

Funny, after resizing my VM to have enough memory to perform nightly, I saw the same thing. I think adding pkg:/service/network/smtp/sendmail to "entire" will fix this.

That should do it, yes. mailwrapper does get installed though, but it isn't useful without at least one MTA installed. It's kind of funny; pkg mediations which exist for sendmail and mailwrapper can be used to select the MTA to be used, and if that is mailwrapper, then mailwrapper can further be used to select what is executed. I guess upstream did it this way (include mailwrapper) to avoid depending on IPS.

Lauri Tirkkonen | lotheac @ IRCnet

[danmcd]

Closed with a push:

commit 612ad548f381c3fc395c5c98aae21fbe637d420f
Author: Dan McDonald <danmcd@omniti.com>
Date:   Thu Oct 15 07:26:42 2015 -0400

    Close issue #69 - put sendmail in 'entire'.

[danmcd]

I may need to backpatch this for r151014 too.

[danmcd]

Today's lively discussion on omnios-discuss makes this an open question again. Do we need to install an MTA?

[daleghent]

I think we do need a MDA, albeit perhaps a minimal one for just sending mail and delivering it either remotely or locally into /var/mail in accordance to a basic /etc/mail/aliases. The in-tree Sendmail rev is old, has at least one CVE registered against it, and is not actively maintained. Many people roll their own (I do) for this very reason, and it also lacks sufficient compile-time features which pretty much nyx it as a component of an actual working mail server.

The problem with minimal MDAs is that they're not very popular and are under-developed, and can be minimal to the point where they lack capabilities such as the ability to do SMTP AUTH with complex mechanisms, TLS, or local queuing of outbound mail. Once you get all those features together, you're pretty much back at looking at Sendmail or Postfix.

My suggestion is this, in the following steps:

1) Update the in-tree (usr/src/cmd/sendmail) to the latest 8.15.2, and turn on all the modern features one expects these days. (-DSTARTTLS, -DMILTER, -DTCPWRAPPERS, -DSASL=2)

SASL2 will be problematic because illumos ships only antiquated SASL1.

2) Break up how it's packaged into more logical, granular units. There should basically be a sendmail-core, sendmail-client, sendmail-server, and packages for any supporting cast that has uses external to sendmail, such as libmilter & and associated header files.

3) Architect the new sendmail packages in ways that make them easy to excise from a installed image completely.

Here's a list of things which reference /usr/bin/mail directly and presume its presence: http://grok.elemental.org/source/search?q=%22%5C%2Fusr%5C%2Fbin%5C%2Fmail%22&defs=&refs=&path=&hist=&type=&project=illumos-omnios-016

And the same, but /usr/lib/sendmail: http://grok.elemental.org/source/search?q=%22usr%2Flib%2Fsendmail%22&defs=&refs=&path=-usr%2Fsrc%2Fcmd%2Fsendmail&hist=&type=&project=illumos-omnios-016

And the same, but with /usr/bin/mailx: http://grok.elemental.org/source/search?q=%22%5C%2Fusr%5C%2Fbin%5C%2Fmailx%22&defs=&refs=&path=&hist=&type=&project=illumos-omnios-016

Apparently some things also look for /usr/SBIN/sendmail http://grok.elemental.org/source/search?q=%22usr%2Fsbin%2Fsendmail%22&defs=&refs=&path=-usr%2Fsrc%2Fcmd%2Fsendmail&hist=&type=&project=illumos-omnios-016

[lotheac]

On Wed, Nov 04 2015 15:46:09 -0800, Dale Ghent wrote:

I think we do need a MDA, albeit perhaps a minimal one for just sending mail and delivering it either remotely or locally into /var/mail in accordance to a basic /etc/mail/.

I agree.

The problem with minimal MDAs is that they're not very popular and are under-developed, and can be minimal to the point where they lack capabilities such as the ability to do SMTP AUTH with complex mechanisms, TLS, or local queuing of outbound mail. Once you get all those features together, you're pretty much back at looking at Sendmail or Postfix.

All those features I don't think we need by default though. I personally don't much like sendmail either, but having it on disk doesn't bother me because of KYSTY.

1) Update the in-tree (usr/src/cmd/sendmail) to the latest 8.15.2, and turn on all the modern features one expects these days. (-DSTARTTLS, -DMILTER, -DTCPWRAPPERS, -DSASL=2)

SASL2 will be problematic because illumos ships only antiquated SASL1.

2) Break up how it's packaged into more logical, granular units. There should basically be a sendmail-core, sendmail-client, sendmail-server, and packages for any supporting cast that has uses external to sendmail, such as libmilter & and associated header files.

Updating I'm fine with, but I'm not sure that the rest of this will be worth the effort. It depends on the goals, of course, but I think the problem being solved is not to make the base install be suitable for a general purpose mail server, rather we just need some combination of a MSA and LDA. Shipping something smaller or at least better maintained than sendmail for those would probably not be a bad idea.

3) Architect the new sendmail packages in ways that make them easy to excise from a installed image completely.

The type=group suggestion is interesting if it works, because it's minimal effort and keeps the sendmail-hating crowd happy.

Here's a list of things which reference /usr/bin/mail directly and presume its presence: http://grok.elemental.org/source/search?q=%22%5C%2Fusr%5C%2Fbin%5C%2Fmail%22&defs=&refs=&path=&hist=&type=&project=illumos-omnios-016

And the same, but /usr/lib/sendmail: http://grok.elemental.org/source/search?q=%22usr%2Flib%2Fsendmail%22&defs=&refs=&path=-usr%2Fsrc%2Fcmd%2Fsendmail&hist=&type=&project=illumos-omnios-016

And the same, but with /usr/bin/mailx: http://grok.elemental.org/source/search?q=%22%5C%2Fusr%5C%2Fbin%5C%2Fmailx%22&defs=&refs=&path=&hist=&type=&project=illumos-omnios-016

This is a good list of the in-gate reasons we do need an MTA (or at least MSA+LDA). There might be something else in omnios-build too, though I didn't check.

Lauri Tirkkonen | lotheac @ IRCnet

[lotheac]

On Thu, Nov 05 2015 08:42:42 +0200, Lauri Tirkkonen wrote:

3) Architect the new sendmail packages in ways that make them easy to excise from a installed image completely.

The type=group suggestion is interesting if it works, because it's minimal effort and keeps the sendmail-hating crowd happy.

To that end, https://github.com/omniti-labs/omnios-build/pull/73

Whether or not replace, update, or add/remove features to sendmail is maybe worht discussing, but that PR should fix the immediate issue.

Lauri Tirkkonen | lotheac @ IRCnet

[lotheac]

This was fixed already, so closing.