On 2018-01-19, Grant Taylor <gtay...@tnetconsulting.net> wrote:
> On 01/19/2018 11:38 AM, Grant Edwards wrote:
>
>> I have a /usr/bin/sendmail emulator that transfers mail to an MTA
>> that will then worry about delivery. I need an SMTP server that
>> will relay incoming mail by using that existing command-line
>> utility.
> …
>> I need something that accepts mail via SMTP (with SSL and AUTH
>> support), and then relays each received message by invoking a
>> command line utilty that has the same API as /usr/bin/sendmail.
>
> You want (what Sendmail calls) a custom mailer.
Yep, and it looks like the Postfix equivalent is a custom pipe
transport. Once you know what phrases to google for, it's a lot
easier. :)
>> I would very much prefer that there is no queueing: the smtp server
>> should not acknowlege acceptance of the message until the smtp
>> server has invoked /usr/bin/sendmail and it has returned success.
>
> That's possible. But it does add some additional constraints. It
> also means that traditional MTAs likely won't operate the way that
> you want this to.
I could live with queueing/retrying as long as the eventual failures
generated messages that are sent back to the sender. Those failure
messages would need to be sent via a normal SMTP smarthost/relayhost
(with AUTH) and not via the custom mailer.
> Have you tried putting ssltunnel (or the likes) in front of your
> existing SMTP server to see if it (they) can handle STARTTLS for
> you? - Is it possible to augment your existing solution without
> needing to replace it?
Yes, I've been thinking about that. I think I'll try that first -- if
my understanding of the failure mode is correct, it should work.
> Also, this sounds use case specific enough that I would consider
> going back to the person maintaining the scrip SMTP server that
> you're currently using and try to fix it.
I wrote the server I'm using now, but it uses somebody else's snmpd
module, and that's where the SSL breakage is. I've filed a bug, and
I've been doing some reading toward attempting a fix, but it looks
like it might be a bit hairy: it involves Python's asyncore/asynchat
framework (and process pools). What's missing is handling for ssl
"want read" and "want write" exceptions.
--
Grant Edwards grant.b.edwards Yow! FEELINGS are cascading
at over me!!!
gmail.com
