mailwrapper(8): do not use _PATH_DEFAULTMTA if mailer.conf cannot be opened

[llfw]

Previously, mailwrapper(8) would default to invoking _PATH_DEFAULTMTA (i.e., dma) if mailer.conf couldn't be opened for any reason, including transient errors like ENFILE. This behaviour is undesirable, because if the administrator has configured a different MTA in mailer.conf, they almost certainly don't want mailwrapper to unpredictably fall back to the compiled-in default; and in any case, the default MTA is probably not running, meaning the mail may be queued and then never delivered, which is worse than not accepting it to begin with.

Change this behaviour depending on why mailer.conf can't be opened:

• If it doesn't exist, keep the existing behaviour of falling back to the default MTA, on the assumption that this is a reasonable default if mailer.conf hasn't been configured at all.

• If it cannot be opened for any other reason, do not invoke an MTA and instead return an error to the caller.

PR: 25218

---

note that there was on discussion on the PR about whether this change is desirable or not, and in particular the original submitter changed their mind about it. i think this is worth reconsidering because the current behaviour does not seem very good: the world has changed a lot in the last 20 years, and nowadays any remotely important system will almost certainly be monitored by an external NMS, so the idea of depending on this as a "last gasp" attempt to send a notification mail doesn't seem to justify the downsides.