Fedora Sendmail

Sendmail – Spamassassin – Configuration Errors

This is an entry to remind me of how I corrected some small issues with Spamassassin. I use Fedora, Sendmail, Spamassassin and upon upgrading to latest version I started getting some errors from Spamassassin. This is how I fixed the errors.

Can’t locate MLDBM/ error

I got this error even though the MLDBM perl module was installed via the package system. This may be a deprecated configuration, as it appears the solution is something to do with mySQL databases. I went with the cpan, cpanm, then install the MLDBM::Sync module route. Quick and painless. As root:

; Install cpanminus.
#cpan App::cpanminus
; Using cpanm to install the MLDBM:Sync that is missing from package.
#cpanm MLDBM::Sync

FuzzyOcr: Cannot find executable for gifinter

This error is due to the giflibs v5.x no longer has many of the utilities that were in the v4.x releases and FuzzyOcr hasn’t been updated. I suspect this isn’t really used much anymore, but there’s a couple solutions. I used the method of downloading, compiling and copying over the giflib v4.x gifinter program. Just download the latest v4.x version from the sourceforge project. Do the usual ./configure; make. But not make install. Copy the gifinter program to /usr/local/bin. Edit the /etc/mail/spamassassin/ file. Look for the #focr_bin_gifinter line and change it to /usr/local/bin/gifinter. I use /usr/local/bin to keep manually compiled programs separate from package installed programs that are usually in /usr/bin/.

Configuration file requires version 3.004002 of SpamAssassin, but this is code version 3.004003

Was surprised this even occurred. This was simple as running as root;

Fedora Sendmail

Sendmail – LetsEncrypt and verify=OK

How To Configure LetsEncrypt and Sendmail Properly

This documentation pulls from a form post on FreeBSD from user Kuli.

LetsEncrypt certificates aren’t listed in the main distributed ca-bundle.crt. The confCACERTand confCACERT_PATH configurations are two independent configurations that don’t really have anything to do with each other. When verifying certificates, it looks in the confCACERT_PATH for individual hashed files of root certificates. The confCACERTwill be configured with the intermediary LetsEncrypt chain.pem. Sendmail will then be happy to verify=OK the certificates. Do note that, it appears the majority of mail servers are using certificates that can’t be verified. So you will see a lot of NO. It’s better than FAIL. The script works with Fedora and probably any variant of Linux. Your experience may vary.

2021 Update!

I have discovered a much better way to generate the hashed ca files! I really struggled with the shell script. I have only tested this with Fedora 33, though I suspect it should work on other distributions.

Sendmail Configuration

define(CERT_DIR',/etc/letsencrypt/live/<your site>')

Create the CACERT_PATH files

2021 New Easy Way:

#p11-kit extract --format=openssl-directory --filter=ca-anchors --overwrite /usr/local/etc/ssl/ROOT/

Old Kinda Broken Shell Script Way:

#Separate the root cert into files each with only one cert and name hashed

mkdir -p $DESTDIR
rm -f *
cat $RCert | sed -E '/^(Certificate:|SHA1 Fingerprint|#| |$)/d' | awk 'BEGIN {c=0;} /BEGIN TRUS/{c++} { print > "cert." c ".pem"}'

for a in ls $DESTDIR
    mv $a openssl x509 -hash -noout < $a.0

Fedora Other Sendmail

Sendmail – How To Disable IPv6 When Sending/Relaying

Well, we learned how to configure Sendmail to send to a specific IP address on a per domain basis. Google and it’s business service e-mail is now by default publishing IPv6 addresses for MX records, it’s almost impossible to do a per domain setup.  We do not want to disable IPv6 entirely on the server, but Sendmail keeps sending out via IPv6. How the hell do you make it stop!  It’s quite simple but just a refresher since this is a configuration that is out of sight and mind.  Remember that Sendmail is really two things. A Daemon (the part that listens for incoming mail) and a Client (the part that sends/relays e-mail). Naturally you have the DAEMON settings by default, but not the CLIENT settings.  So here we go.

I have only found one forum post regarding the proper solution to this problem.  It appears not to be properly documented and possibly this is changed behavior in a recent update. However, it does make sense.  Essentially you need to tell the IPv6 stack to use your IPv4 address.

Edit /etc/mail/

Look for

DAEMON_OPTIONS(`Port=smtp,, Name=MTA')dnl

Below the above line add this;


Save the file, make the db files and restart Sendmail.

Now, Sendmail will use IPv4 for it’s CLIENT operations.



Fedora Other Sendmail

Sendmail – How To Deliver To IPv4 Address Per Domain

More mail servers are now accepted e-mail via IPv6.  I have had a dynamically assigned IPv6 block on my Comcast Business account for awhile and I have let Sendmail decide what to use, and about 99.9% of mail is delivered via IPv4.  Just recently it appears Comcast has assigned an IPv6 MX record for their mail server. My Sendmail picked this up and now happily attempts to deliver the mail via the IPv6 address.  Unfortunately, it is immediately rejected due to the IPv6 address does not have a PTR record.  Of course Comcast Business is far behind on assigning IPv6 blocks so there is no way to get a static IPv6 block and a PTR entry.

How do I get Sendmail to deliver to the IPv4 address instead?  It’s called the mailertable feature..  You will need this feature enabled in your file. Most likely it is already enabled.




Now you need to make an entry into the mailertable file with the domain and IPv4 address. In order to get the IPv4 MX address for the domain you can do so by using the host command. We first look up the main domain name to get the MX records. Then lookup the IPv4 address for the MX record.  We now have the IPv4 address to where we want to deliver the mail.

[root@superstar ~]# host has address mail is handled by 5 mail is handled by 5
[root@superstar ~]# host has address has IPv6 address 2001:558:fe16:1b::15


We now add these lines to our mailertable file.

/etc/mail/mailertable     esmtp:[]     esmtp:[]


Don’t forget to issue make to update the db files for Sendmail to see the changes to the mailertable file. And then restart Sendmail.  It will now deliver to the specific IPv4 address.

[root@superstar mail]# make
[root@superstar mail]# service sendmail restart
Redirecting to /bin/systemctl restart  sendmail.service
You bet there is a catch! If the IPv4 address changes, you will need to manually make the change.
That’s it all there is to this. Sendmail is now delivering to the IPv4 address.