luyan
asked on
failed on telnet sendmail 25 port on linux
Dear expert,
I have sendmail on Fedora in front of exchange 2003. Recently I put a a new firewall online, no firewall before, and use nat for pravite ip in internal. I have changed all ip addresses on my network.
I found mail system can not sending and receiving email. After disscussing with pix expert, They found they can telnet to exchange 25 and 110 ports and can not telnet to Sendmail 25 and 110 ports. So I moved Sendmail box out of firewall, it did fix the email problem. I can telnet sendmail box 25 port but not 110 port. I can receive and send email.
Few days later, I found I can not telnet sendmail box 25 port again and can not receive email. I have to reboot sendmail box every morning. Please tell how to fix the problem.
Many thanks.
Yan
I have sendmail on Fedora in front of exchange 2003. Recently I put a a new firewall online, no firewall before, and use nat for pravite ip in internal. I have changed all ip addresses on my network.
I found mail system can not sending and receiving email. After disscussing with pix expert, They found they can telnet to exchange 25 and 110 ports and can not telnet to Sendmail 25 and 110 ports. So I moved Sendmail box out of firewall, it did fix the email problem. I can telnet sendmail box 25 port but not 110 port. I can receive and send email.
Few days later, I found I can not telnet sendmail box 25 port again and can not receive email. I have to reboot sendmail box every morning. Please tell how to fix the problem.
Many thanks.
Yan
ASKER
I got this message:
#
netstat -nltp | grep -E *(:25|:110)*
bash: syntax error near unexpected token `('
something wrong?
#
telnet localhost 25
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused
#
telnet localhost 110
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused
# local
telnet x.x.x.x 25
Trying x.x.x.x...
Connected to hostname.domain.com (x.x.x.x).
Escape character is '^]'.
220 hostname.domain.com ESMTP Sendmail 8.13.1/8.13.2; Wed, 21 Dec 2005 09:08:09 -0500
# local
telnet x.x.x.x 110
Trying x.x.x.x...
telnet: connect to address x.x.x.x: Connection refused
telnet: Unable to connect to remote host: Connection refused
# other machine
telnet x.x.x.x 25
220 hostname.domain.com ESMTP Sendmail 8.13.1/8.13.2; Wed,21 Dec 2005 09:10:17 05 00
#other machine
telnet x.x.x.x 110
Connecting To x.x.x.x...Could not open connection to the host, on port 110: Connect failed
thanks
Yan
#
netstat -nltp | grep -E *(:25|:110)*
bash: syntax error near unexpected token `('
something wrong?
#
telnet localhost 25
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused
#
telnet localhost 110
Trying 127.0.0.1...
telnet: connect to address 127.0.0.1: Connection refused
telnet: Unable to connect to remote host: Connection refused
# local
telnet x.x.x.x 25
Trying x.x.x.x...
Connected to hostname.domain.com (x.x.x.x).
Escape character is '^]'.
220 hostname.domain.com ESMTP Sendmail 8.13.1/8.13.2; Wed, 21 Dec 2005 09:08:09 -0500
# local
telnet x.x.x.x 110
Trying x.x.x.x...
telnet: connect to address x.x.x.x: Connection refused
telnet: Unable to connect to remote host: Connection refused
# other machine
telnet x.x.x.x 25
220 hostname.domain.com ESMTP Sendmail 8.13.1/8.13.2; Wed,21 Dec 2005 09:10:17 05 00
#other machine
telnet x.x.x.x 110
Connecting To x.x.x.x...Could not open connection to the host, on port 110: Connect failed
thanks
Yan
ASKER
Is this possible because of virus?
Thanks
Thanks
Check if the daemon is running:
ps -ax | grep sendmail
ps -ax | grep pop3d (or check the xinetd config if it is running with xinetd)
also check the sendmail.cf file for the listening interface:
O DaemonPortOptions=Port=smt
ASKER
Here is the result of commands
[root@wizard etc]# ps -ax | grep sendmail
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2. 3/FAQ
3447 ? Ss 0:03 sendmail: accepting connections
3449 ? S 0:46 sendmail: ./jBLCb7lJ003449 blazenet.net.mail1.psmtp.c om.: client RCPT
3455 ? Ss 0:00 sendmail: Queue runner@01:00:00 for /var/spool/client mqueue
6215 ? D 0:49 sendmail: running queue: /var/spool/mqueue
8024 ? D 0:30 sendmail: running queue: /var/spool/mqueue
11326 ? D 0:15 sendmail: running queue: /var/spool/mqueue
12352 ? S 0:00 sendmail: jBLGHgYl012352 [61.173.41.80]: DATA
13196 ? D 0:04 sendmail: running queue: /var/spool/mqueue
13701 ? S 0:00 sendmail: server abdi197.neoplus.adsl.tpnet .pl [83.6. 250.197] cmd read
13986 ? S 0:00 sendmail: jBLH3ej3013986 m27.net81-67-152.noos.fr [81 .67.152.27]: DATA
14032 ? S 0:00 sendmail: server teresita.belmontcc.com [65.254.135.2 44] cmd read
14102 ? S 0:00 sendmail: server smtpcafe2.ibsystems.com [67.121.116. 207] cmd read
14317 ? Ss 0:00 sendmail: ./jBLHH98m014317 mx3.mail.yahoo.com.: user open
14320 ? S 0:00 sendmail: startup with 69.239.192.8
14353 pts/1 S+ 0:00 grep sendmail
[root@wizard etc]#
[root@wizard etc]# ps -ax | grep pop3d
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2. 3/FAQ
14377 pts/1 S+ 0:00 grep pop3d
yes, there is a line in sendmail.cf
O DaemonPortOptions=Port=smt p,Addr=x.x .x.x, Name=MTA
It's running ok all day after rebooting at morning, But don't know when telnet stop work
Thanks
Yan.
[root@wizard etc]# ps -ax | grep sendmail
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.
3447 ? Ss 0:03 sendmail: accepting connections
3449 ? S 0:46 sendmail: ./jBLCb7lJ003449 blazenet.net.mail1.psmtp.c
3455 ? Ss 0:00 sendmail: Queue runner@01:00:00 for /var/spool/client mqueue
6215 ? D 0:49 sendmail: running queue: /var/spool/mqueue
8024 ? D 0:30 sendmail: running queue: /var/spool/mqueue
11326 ? D 0:15 sendmail: running queue: /var/spool/mqueue
12352 ? S 0:00 sendmail: jBLGHgYl012352 [61.173.41.80]: DATA
13196 ? D 0:04 sendmail: running queue: /var/spool/mqueue
13701 ? S 0:00 sendmail: server abdi197.neoplus.adsl.tpnet
13986 ? S 0:00 sendmail: jBLH3ej3013986 m27.net81-67-152.noos.fr [81 .67.152.27]: DATA
14032 ? S 0:00 sendmail: server teresita.belmontcc.com [65.254.135.2 44] cmd read
14102 ? S 0:00 sendmail: server smtpcafe2.ibsystems.com [67.121.116. 207] cmd read
14317 ? Ss 0:00 sendmail: ./jBLHH98m014317 mx3.mail.yahoo.com.: user open
14320 ? S 0:00 sendmail: startup with 69.239.192.8
14353 pts/1 S+ 0:00 grep sendmail
[root@wizard etc]#
[root@wizard etc]# ps -ax | grep pop3d
Warning: bad syntax, perhaps a bogus '-'? See /usr/share/doc/procps-3.2.
14377 pts/1 S+ 0:00 grep pop3d
yes, there is a line in sendmail.cf
O DaemonPortOptions=Port=smt
It's running ok all day after rebooting at morning, But don't know when telnet stop work
Thanks
Yan.
Are you running amavis,mailscanner or another antivirus program on fedora? Sendmail will reject connections when the load average gets too high which it can if you are scanning mail. Have you checked /var/log/messages for the date sendmail wouldnt accept connections?
Looks like sendmail is running just fine. Listening on port 25. If the mail does stop flowing run those same commands to see if any telnet works or if a netstat shows port 25 open. If its not, then look in the log and let us know what you find (if anything)
BTW, when you run the netstat command exchange the * (asterisk) with a " (double quote) and it should work.
What are you using as a POP3 server (I use Courier-Imap w/ pop3 extension). Is that daemon running? Sendmail is just the MTA; meaning it will deliver mail to the mailbox, but you can't use it to get access to the mailbox.
BTW, when you run the netstat command exchange the * (asterisk) with a " (double quote) and it should work.
What are you using as a POP3 server (I use Courier-Imap w/ pop3 extension). Is that daemon running? Sendmail is just the MTA; meaning it will deliver mail to the mailbox, but you can't use it to get access to the mailbox.
ASKER
Cyclops3590,
I have use this command:
netstat -nltp | grep -E "(:25|:110)"netstat -nltp | grep -E "(:25|:110)"
It come up nothing. Is there some problem?
Thanks
Yan
I have use this command:
netstat -nltp | grep -E "(:25|:110)"netstat -nltp | grep -E "(:25|:110)"
It come up nothing. Is there some problem?
Thanks
Yan
ASKER
Owensleftfoot,
You are right. I have checked the maillog, It gave a lot this kind of message:
sendmail[3443]: rejecting connections on daemon MTA: load average: 15
last message repeated 5 times
sendmail[20375]: jBGNif6V025424: to=root, delay=19:38:08, xdelay=00:00:02, mailer=local, pri=1049527, dsn=4.0.0, stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL
I think this machine is ok after reboot. And then going slow and slow, and then over load.
How can I check it and fix it, or may be I need a faster machine?
Thanks
Yan
You are right. I have checked the maillog, It gave a lot this kind of message:
sendmail[3443]: rejecting connections on daemon MTA: load average: 15
last message repeated 5 times
sendmail[20375]: jBGNif6V025424: to=root, delay=19:38:08, xdelay=00:00:02, mailer=local, pri=1049527, dsn=4.0.0, stat=Deferred: local mailer (/usr/bin/procmail) exited with EX_TEMPFAIL
I think this machine is ok after reboot. And then going slow and slow, and then over load.
How can I check it and fix it, or may be I need a faster machine?
Thanks
Yan
ASKER
Hi, I want to restart the sendmail service to see if I can clean up this issue temprally, It gave me message:
[root@host log]# /etc/init.d/sendmail restart
Shutting down sendmail: [ OK ]
Shutting down sm-client: [FAILED]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
Why sm-client failed?
Thanks
Yan
[root@host log]# /etc/init.d/sendmail restart
Shutting down sendmail: [ OK ]
Shutting down sm-client: [FAILED]
Starting sendmail: [ OK ]
Starting sm-client: [ OK ]
Why sm-client failed?
Thanks
Yan
running
netstat -nltp | grep -E "(:25|:110)"
should come up with two lines, one for the sendmail proc and one for the pop3 proc
sm-client failed on the shutdown. It could be that it wasn't running, thus would fail if you tried to shut it down.
Check your logs to see if the sm-client proc is dying after being started.
You can also run
ps aux | grep sm-client
to see if it is running. Although i'm not sure if sm-client is the actual name of the proc
As for the load problem. can you run
top -n 1 -u <userid of user that sendmail runs as> | head
when you seem to be having a higher load
and post the results. curious as to what process might be causing the problem
netstat -nltp | grep -E "(:25|:110)"
should come up with two lines, one for the sendmail proc and one for the pop3 proc
sm-client failed on the shutdown. It could be that it wasn't running, thus would fail if you tried to shut it down.
Check your logs to see if the sm-client proc is dying after being started.
You can also run
ps aux | grep sm-client
to see if it is running. Although i'm not sure if sm-client is the actual name of the proc
As for the load problem. can you run
top -n 1 -u <userid of user that sendmail runs as> | head
when you seem to be having a higher load
and post the results. curious as to what process might be causing the problem
ASKER
How can I find userid of user that sendmail runs as?
Thanks
Yan
Thanks
Yan
just run ps -ef
you can find the userid for sendmail service.
you can find the userid for sendmail service.
it seems config issue with Sendmail...
Can u post ur sendmail.mc?
Can u post ur sendmail.mc?
ASKER
I'm not sure which on is correct, post them all:
#
top -n 1 -u smmsp | head
top - 13:55:22 up 21:31, 3 users, load average: 6.06, 6.03, 6.21
Tasks: 98 total, 2 running, 96 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.6% us, 1.8% sy, 0.1% ni, 0.1% id, 96.0% wa, 0.5% hi, 0.0% si
Mem: 255696k total, 252640k used, 3056k free, 48292k buffers
Swap: 524280k total, 47280k used, 477000k free, 58340k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3455 smmsp 16 0 8228 1688 1568 S 0.0 0.7 0:00.01 sendmail
15138 smmsp 16 0 7396 2588 1768 S 0.0 1.0 0:00.00 sendmail
15182 smmsp 16 0 7084 2588 1768 S 0.0 1.0 0:00.00 sendmail
You have mail in /var/spool/mail/root
#
top -n 1 -u root | head
top - 13:56:07 up 21:32, 3 users, load average: 6.06, 6.00, 6.19
Tasks: 102 total, 2 running, 100 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.6% us, 1.8% sy, 0.1% ni, 0.1% id, 96.0% wa, 0.5% hi, 0.0% si
Mem: 255696k total, 250364k used, 5332k free, 47360k buffers
Swap: 524280k total, 47280k used, 477000k free, 53656k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4087 root 15 0 78044 28m 5124 S 2.0 11.4 11:32.35 X
9398 root 25 10 35048 11m 5308 S 2.0 4.7 0:51.51 rhn-applet-gui
23315 root 17 0 9092 4088 2624 S 2.0 1.6 0:00.02 sendmail
# sendmail.mc
#
[root@wizard mail]# more sendmail.post
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendma il-cf/m4/c f.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp. your.provi der')
dnl #
define(`confDEF_USER_ID',` `8:12'')dn l
dnl define(`confAUTO_REBUILD') dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LI ST',true)d nl
define(`confDONT_PROBE_INT ERFACES',t rue)dnl
define(`PROCMAIL_MAILER_PA TH',`/usr/ bin/procma il')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics' )dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS' , `authwarnings,novrfy,noexp n,restrict qrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISM S', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',` /usr/share /ssl/certs ')
dnl define(`confCACERT',`/usr/ share/ssl/ certs/ca-b undle.crt' )
dnl define(`confSERVER_CERT',` /usr/share /ssl/certs /sendmail. pem')
dnl define(`confSERVER_KEY',`/ usr/share/ ssl/certs/ sendmail.p em')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SEN DMAIL',`gr oupreadabl ekeyfile') dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN ', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',` dnl')dnl
FEATURE(`smrsh',`/usr/sbin /smrsh')dn l
FEATURE(`mailertable',`has h -o /etc/mail/mailertable.db') dnl
FEATURE(`virtusertable',`h ash -o /etc/mail/virtusertable.db ')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain) dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 12.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHI LDREN', 12)dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RAT E_THROTTLE ', 3)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipie nts')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp, Addr=x.x.x .x, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submi ssion, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps , Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp, Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v 4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvab le_domains ')dnl
dnl #
dnl FEATURE(`relay_based_on_MX ')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.lo caldomain' )dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.co m')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelop e)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_ domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhos t)dnl
dnl MASQUERADE_DOMAIN(localhos t.localdom ain)dnl
dnl MASQUERADE_DOMAIN(mydomain alias.com) dnl
dnl MASQUERADE_DOMAIN(mydomain .lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Thanks & Merry Christmas
Yan
#
top -n 1 -u smmsp | head
top - 13:55:22 up 21:31, 3 users, load average: 6.06, 6.03, 6.21
Tasks: 98 total, 2 running, 96 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.6% us, 1.8% sy, 0.1% ni, 0.1% id, 96.0% wa, 0.5% hi, 0.0% si
Mem: 255696k total, 252640k used, 3056k free, 48292k buffers
Swap: 524280k total, 47280k used, 477000k free, 58340k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
3455 smmsp 16 0 8228 1688 1568 S 0.0 0.7 0:00.01 sendmail
15138 smmsp 16 0 7396 2588 1768 S 0.0 1.0 0:00.00 sendmail
15182 smmsp 16 0 7084 2588 1768 S 0.0 1.0 0:00.00 sendmail
You have mail in /var/spool/mail/root
#
top -n 1 -u root | head
top - 13:56:07 up 21:32, 3 users, load average: 6.06, 6.00, 6.19
Tasks: 102 total, 2 running, 100 sleeping, 0 stopped, 0 zombie
Cpu(s): 1.6% us, 1.8% sy, 0.1% ni, 0.1% id, 96.0% wa, 0.5% hi, 0.0% si
Mem: 255696k total, 250364k used, 5332k free, 47360k buffers
Swap: 524280k total, 47280k used, 477000k free, 53656k cached
PID USER PR NI VIRT RES SHR S %CPU %MEM TIME+ COMMAND
4087 root 15 0 78044 28m 5124 S 2.0 11.4 11:32.35 X
9398 root 25 10 35048 11m 5308 S 2.0 4.7 0:51.51 rhn-applet-gui
23315 root 17 0 9092 4088 2624 S 2.0 1.6 0:00.02 sendmail
# sendmail.mc
#
[root@wizard mail]# more sendmail.post
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendma
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.
dnl #
define(`confDEF_USER_ID',`
dnl define(`confAUTO_REBUILD')
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LI
define(`confDONT_PROBE_INT
define(`PROCMAIL_MAILER_PA
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics'
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS'
define(`confAUTH_OPTIONS',
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS',
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISM
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`
dnl define(`confCACERT',`/usr/
dnl define(`confSERVER_CERT',`
dnl define(`confSERVER_KEY',`/
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SEN
dnl #
dnl define(`confTO_QUEUEWARN',
dnl define(`confTO_QUEUERETURN
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`
FEATURE(`smrsh',`/usr/sbin
FEATURE(`mailertable',`has
FEATURE(`virtusertable',`h
FEATURE(redirect)dnl
FEATURE(always_add_domain)
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 12.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHI
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RAT
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipie
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submi
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvab
dnl #
dnl FEATURE(`relay_based_on_MX
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.lo
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.co
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelop
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_
dnl #
dnl MASQUERADE_DOMAIN(localhos
dnl MASQUERADE_DOMAIN(localhos
dnl MASQUERADE_DOMAIN(mydomain
dnl MASQUERADE_DOMAIN(mydomain
MAILER(smtp)dnl
MAILER(procmail)dnl
Thanks & Merry Christmas
Yan
Do you have fedora scanning your mail for viruses or spam?
ASKER
I don't know if I have some antispam thing running. How can I check that?
[root@host ~]# netstat -nltp | grep -E "(:25|:110)"
tcp 0 0 x.x.x.x:25 0.0.0.0:* LISTEN 15174/sendmail: acc
[root@host ~]# ps aux | grep sm-client
root 9382 0.0 2.2 14112 5816 ? Ss 07:33 0:01 /usr/bin/metacity --sm-client-id=default1
root 9387 0.0 2.4 24304 6208 ? Ss 07:33 0:01 gnome-panel --sm- client-id default2
root 9389 0.0 2.7 42412 6964 ? Ssl 07:33 0:01 nautilus --no-def ault-window --sm-client-id default3
root 9391 0.0 1.3 21044 3424 ? Ss 07:33 0:00 gnome-volume-mana ger --sm-client-id default6
root 9393 0.0 1.5 31028 4052 ? Ss 07:33 0:00 eggcups --sm-clie nt-id default5
root 9396 0.0 1.0 13164 2756 ? Ss 07:33 0:00 pam-panel-icon -- sm-client-id default0
root 9398 0.2 4.3 34536 11248 ? SNs 07:33 0:23 /usr/bin/python / usr/bin/rhn-applet-gui --sm-client-id default4
root 15975 0.0 0.2 5624 664 pts/2 S+ 10:12 0:00 grep sm-client
Thanks
Yan
[root@host ~]# netstat -nltp | grep -E "(:25|:110)"
tcp 0 0 x.x.x.x:25 0.0.0.0:* LISTEN 15174/sendmail: acc
[root@host ~]# ps aux | grep sm-client
root 9382 0.0 2.2 14112 5816 ? Ss 07:33 0:01 /usr/bin/metacity --sm-client-id=default1
root 9387 0.0 2.4 24304 6208 ? Ss 07:33 0:01 gnome-panel --sm- client-id default2
root 9389 0.0 2.7 42412 6964 ? Ssl 07:33 0:01 nautilus --no-def ault-window --sm-client-id default3
root 9391 0.0 1.3 21044 3424 ? Ss 07:33 0:00 gnome-volume-mana ger --sm-client-id default6
root 9393 0.0 1.5 31028 4052 ? Ss 07:33 0:00 eggcups --sm-clie nt-id default5
root 9396 0.0 1.0 13164 2756 ? Ss 07:33 0:00 pam-panel-icon -- sm-client-id default0
root 9398 0.2 4.3 34536 11248 ? SNs 07:33 0:23 /usr/bin/python / usr/bin/rhn-applet-gui --sm-client-id default4
root 15975 0.0 0.2 5624 664 pts/2 S+ 10:12 0:00 grep sm-client
Thanks
Yan
I find it interesting that your 1,5, and 15 min avgs are all a little above 6.0.
Try running this command to see which procs are running
ps aux | grep " R"
and make sure that in the quotes there is a space before the capital R. This way it should only match procs that are in the running state.
Also, just out of curiousity, you don't by chance have some extra RAM you'd be able to put in the machine do you. Just curious if that'd help at all since it showed you using about 50MB or swap. Its not bad I'd say, but it doesn't hurt to eliminate the possibility if you can that the system is getting backed up due to I/O requests to the swap on the hard drive.
Still think Sendmail is configured and running fine, its just that the load is getting so high that the system can't recover. Essentially, the system thrashes and the processes is rendered dead due to the intense I/O requests. Just my theory anyway.
Try running this command to see which procs are running
ps aux | grep " R"
and make sure that in the quotes there is a space before the capital R. This way it should only match procs that are in the running state.
Also, just out of curiousity, you don't by chance have some extra RAM you'd be able to put in the machine do you. Just curious if that'd help at all since it showed you using about 50MB or swap. Its not bad I'd say, but it doesn't hurt to eliminate the possibility if you can that the system is getting backed up due to I/O requests to the swap on the hard drive.
Still think Sendmail is configured and running fine, its just that the load is getting so high that the system can't recover. Essentially, the system thrashes and the processes is rendered dead due to the intense I/O requests. Just my theory anyway.
ASKER
I run it sometimes. it gave me different result.
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 5050 0.5 0.3 3972 776 pts/1 R+ 07:21 0:00 ps aux
root 5051 0.0 0.2 4652 656 pts/1 R+ 07:21 0:00 grep R
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 5068 0.0 1.5 8364 3948 ? Rs 07:22 0:00 sendmail: ./jBNCM 0Fb005064 Exchange.domain.com: client RCPT
root 5069 0.0 0.3 2932 776 pts/1 R+ 07:22 0:00 ps aux
root 5070 0.0 0.2 4668 664 pts/1 S+ 07:22 0:00 grep R
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 3448 0.6 1.6 9004 4340 ? R 07:07 0:05 sendmail: running queue: /var/spool/mqueue
root 4836 0.8 7.4 33184 18936 ? RNs 07:17 0:02 /usr/bin/python / usr/bin/rhn-applet-gui --sm-client-id default4
root 5082 0.0 0.3 2852 776 pts/1 R+ 07:22 0:00 ps aux
root 5083 0.0 0.2 5176 664 pts/1 S+ 07:22 0:00 grep R
You have mail in /var/spool/mail/root
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 3448 0.6 1.7 9044 4384 ? R 07:07 0:05 sendmail: running queue: /var/spool/mqueue
root 4836 0.7 7.4 33184 18936 ? RNs 07:17 0:02 /usr/bin/python /usr/bin/rhn-applet-gui --sm-client-id default4
root 5093 0.0 0.3 4308 776 pts/1 R+ 07:22 0:00 ps aux
root 5094 0.0 0.2 5044 664 pts/1 S+ 07:22 0:00 grep R
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 3448 0.6 1.7 9084 4412 ? R 07:07 0:05 sendmail: running queue: /var/spool/mqueue
root 5101 0.0 0.3 3572 776 pts/1 R+ 07:23 0:00 ps aux
root 5102 0.0 0.2 4884 664 pts/1 S+ 07:23 0:00 grep R
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 5106 0.0 0.3 3004 772 pts/1 R+ 07:23 0:00 ps aux
root 5107 0.0 0.2 3800 652 pts/1 R+ 07:23 0:00 grep R
Merry Christmas and Happy New year
Yan
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 5050 0.5 0.3 3972 776 pts/1 R+ 07:21 0:00 ps aux
root 5051 0.0 0.2 4652 656 pts/1 R+ 07:21 0:00 grep R
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 5068 0.0 1.5 8364 3948 ? Rs 07:22 0:00 sendmail: ./jBNCM 0Fb005064 Exchange.domain.com: client RCPT
root 5069 0.0 0.3 2932 776 pts/1 R+ 07:22 0:00 ps aux
root 5070 0.0 0.2 4668 664 pts/1 S+ 07:22 0:00 grep R
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 3448 0.6 1.6 9004 4340 ? R 07:07 0:05 sendmail: running queue: /var/spool/mqueue
root 4836 0.8 7.4 33184 18936 ? RNs 07:17 0:02 /usr/bin/python / usr/bin/rhn-applet-gui --sm-client-id default4
root 5082 0.0 0.3 2852 776 pts/1 R+ 07:22 0:00 ps aux
root 5083 0.0 0.2 5176 664 pts/1 S+ 07:22 0:00 grep R
You have mail in /var/spool/mail/root
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 3448 0.6 1.7 9044 4384 ? R 07:07 0:05 sendmail: running queue: /var/spool/mqueue
root 4836 0.7 7.4 33184 18936 ? RNs 07:17 0:02 /usr/bin/python /usr/bin/rhn-applet-gui --sm-client-id default4
root 5093 0.0 0.3 4308 776 pts/1 R+ 07:22 0:00 ps aux
root 5094 0.0 0.2 5044 664 pts/1 S+ 07:22 0:00 grep R
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 3448 0.6 1.7 9084 4412 ? R 07:07 0:05 sendmail: running queue: /var/spool/mqueue
root 5101 0.0 0.3 3572 776 pts/1 R+ 07:23 0:00 ps aux
root 5102 0.0 0.2 4884 664 pts/1 S+ 07:23 0:00 grep R
[root@wizard ~]# ps aux |grep " R"
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 5106 0.0 0.3 3004 772 pts/1 R+ 07:23 0:00 ps aux
root 5107 0.0 0.2 3800 652 pts/1 R+ 07:23 0:00 grep R
Merry Christmas and Happy New year
Yan
Honestly I don't know what to say, something is causing a backup of processes wanting to use the processor (but seem to not use it even though its free), but I don't know what.
ASKER
Here is something in maillog:
Dec 24 03:28:14 host sm-msp-queue[3474]: jBJKQ5FQ019874: to=postmaster, delay=4+11:54:13, xdelay=00:00:00, mailer=relay, pri=2116282, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Dec 24 03:28:14 host sendmail[4560]: jBO8S6h9004557: jBO8SEh9004560: DSN: User unknown
Dec 24 03:28:16 host sm-msp-queue[3474]: jBJDQ5CR003475: to=root, delay=4+19:01:17, xdelay=00:00:00, mailer=relay, pri=2116916, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Dec 24 03:28:23 host sendmail[3448]: grew WorkList for /var/spool/mqueue to 31000
What means delay and xdelay?
Thanks
Yan
Dec 24 03:28:14 host sm-msp-queue[3474]: jBJKQ5FQ019874: to=postmaster, delay=4+11:54:13, xdelay=00:00:00, mailer=relay, pri=2116282, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Dec 24 03:28:14 host sendmail[4560]: jBO8S6h9004557: jBO8SEh9004560: DSN: User unknown
Dec 24 03:28:16 host sm-msp-queue[3474]: jBJDQ5CR003475: to=root, delay=4+19:01:17, xdelay=00:00:00, mailer=relay, pri=2116916, relay=[127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]
Dec 24 03:28:23 host sendmail[3448]: grew WorkList for /var/spool/mqueue to 31000
What means delay and xdelay?
Thanks
Yan
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I had the same problem and fixed it with remarling out this line (this text copied from posted contents).
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp, Addr=x.x.x .x, Name=MTA')dnl
ADD A dnl HERE and run make -C /etc/mail to compile a new sendmail.cf also "service sendmail restart" to restart the services.
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,
ADD A dnl HERE and run make -C /etc/mail to compile a new sendmail.cf also "service sendmail restart" to restart the services.
what is the output of
netstat -nltp | grep -E "(:25|:110)"
If this shows that sendmail is listening, then is there a firewall of any sort running (IPTables, SELinux, etc.)
Also, can you give the output of what happens when you try to telnet to port 25 and 110 in three places
on the machine: telnet localhost <port>
on the machine: telnet <serverIP> <port>
different machine on same subnet: telnet <serverIP> <port>