Solved

Outlook won't send outgoing mail.

Posted on 2001-09-04
16
288 Views
Last Modified: 2013-12-17
I'm having a problem with sendmail and outlook.  It seems that if I try to send mail with outlook, it fails.

The error message (from outlook) says that relaying is denied.  Quote:
"The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'scott@killen.homeip.net'. Subject 'test', Account: 'killen2.homeip.net', Server: 'killen2.homeip.net', Protocol: SMTP, Server Response: '550 5.7.1 <scott@killen.homeip.net>... Relaying denied', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79"

But if i telnet to port 25 I can type in the same information and it works fine.

Also, when I telnet in it says it is running ESMTP.

Is this a problem with sendmail or a problem with outlook, and how do i fix it?
0
Comment
Question by:packratt_jk
  • 7
  • 5
  • 4
16 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 6457046
By default a modern sendmail will deny relay access to any host that it doesn't think it is supposed to relay for. Frequently on a local lan that happens because the client machine's hostname can't be resolved from the DNS by IP (reverse lookup) and thus sendmail can't determine if the client is in the local domain. The fix for that is either to get a proper PTR record for the client, make a hosts file record on the sendmail server for the client, or to specifically allow relaying for that IP. Other solutions are possible for dial up clients, like SMTP AUTH.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 6457960
It's just on a local lan - can i specify to allow relaying to the entire subnet?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6459544
Yes if all the clients are on the local lan you can include:

FEATURE(`relay_entire_domain')

ins your .mc file and build a new sendmail.cf. Sendmail will still need to be able to do a reverse lookup of the client IP's to see that they lie within the domain. But once it sees an FQDN for the client that is within the domain the above feature will allow it to relay mail for that client.

If you don't have a DNS that can list all of the systems on your lan you can, as an alternative, include the client IP's or network in /etc/mail/access and build a new map (makemap hash /etc/mail/access </etc/mail/access), something like:

10.0.0.1     RELAY
10.0.0       RELAY

The first line allows a specific IP to relay through sendmail and the second line allows any IP in the 10.0.0.0/24 network to relay through sendmail. Specifying a network is limited to octect boundaries. So if you were to have a subnet that doesn't fall on an octet boundary (like 10.0.0.128/25) you'd need to use the first form and list each IP in the subnet, e.g. 10.0.0.128, 10.0.0.129, etc.
0
 
LVL 2

Expert Comment

by:ksemat
ID: 6461189
Jlevie has pretty much said it all. One thing though, for security reasons you could use a smtp after pop solution i.e after a client connects to pop their mail, their ip address is automatically added to /etc/mail/access and a new map generated  that then allows them to send mail using your server. This ip is then dropped out after a set time like say 15-30 minutes.
There is a package available on http://www.freshmeat.net called popaccess that can do this neatly.

cheers.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 6464258
Question: If this is true then why can i still telnet to port 25 and have it work fine?
0
 
LVL 2

Expert Comment

by:ksemat
ID: 6464525
Where are you telnetting from? the local host or the remote machine? If it is the localhost, relaying will work. If it is remote, what did you put in your from:<> line?
Anyway either way please edit /etc/mail/access and put
your ip range let us imagine it is 192.168.1.0/24 in there like this
192.168.1   RELAY
and then run
makemap hash -f /etc/mail/access < /etc/mail/access

remember to separate the ip range and the RELAY parameter with a [tab] and not spaces.
for good measure restart sendmail. That should solve your problem. On the other hand you can relay by from line i.e you edit /etc/mail/relay-domains and put
your.domain.com in the file I hope it is relay-domains in your distro.You can check with
grep 'FR-o' /etc/sendmail.cf
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 6466113
Well, that still didn't help.
It will send mail fine to anybody in the domain (killen2.homeip.net), but will not forward mail from outlook on the windows clients to any address outside that domain.

What I want is for the outlook users to be able to send mail to people outside of the domain.

If I can prevent relaying spoofed mail from the outside, that would be great too, but not required.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 6466123
here is output from the server log (/var/log/messages) with telnet:

Sep  7 19:32:06 killen2 sendmail[5708]: f87JW0p05707: to=justin@killen.homeip.net, delay=00:00:06, xdelay=00:00:05, mailer=esmtp, pri=30767,
relay=killen.homeip.net. [24.41.40.242], dsn=2.0.0, stat=Sent (f882Gf505442 Message accepted for delivery)
Sep  7 19:36:46 killen2 sendmail[5732]: f87Jakp05732: Authentication-Warning: killen2.homeip.net: merci.killen2.homeip.net [192.168.1.2] didn't use HELO protocol
Sep  7 19:37:03 killen2 sendmail[5732]: f87Jakp05732: from=MERCI@KILLEN.HOMEIP.NET, size=17, class=0, nrcpts=1, msgid=<200109071936.f87Jakp05732@killen2.homeip.net>, proto=SMTP, daemon=MTA, relay=merci.killen2.homeip.net [192.168.1.2]
Sep  7 19:37:09 killen2 sendmail[5736]: f87Jakp05732: to=justin@killen.homeip.net, delay=00:00:13, xdelay=00:00:05, mailer=esmtp, pri=30027, relay=killen.homeip.net. [24.41.40.242], dsn=2.0.0, stat=Sent (f882Li505460 Message accepted for delivery)


and here is one when using outlook:
Sep  7 19:38:46 killen2 sendmail[5743]: f87Jckp05743: ruleset=check_rcpt, arg1=<justin@killen.homeip.net>, relay=merci.killen2.homeip.net [192.168.1.2], reject=550 5.7.1 <justin@killen.homeip.net>... Relaying denied
Sep  7 19:38:46 killen2 sendmail[5743]: f87Jckp05743: from=<merci@killen.homeip.net>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=merci.killen2.homeip.net [192.168.1.2]
0
Free book by J.Peter Bruzzese, Microsoft MVP

Are you using Office 365? Trying to set up email signatures but you’re struggling with transport rules and connectors? Let renowned Microsoft MVP J.Peter Bruzzese show you how in this exclusive e-book on Office 365 email signatures. Better yet, it’s free!

 
LVL 3

Author Comment

by:packratt_jk
ID: 6466127
Hey - good news.
I put my domain in the relay-domains and now it works great!

Now I am just curious - does this allow people to spoof off of users in my domain?
0
 
LVL 2

Expert Comment

by:ksemat
ID: 6466705
in a way yes! If I connect to your smtp server and masquerade as username@your.domain you server will allow me to send mail through it to anyone which is why allowing relaying based on ip address is better. They are slightly harder to spoof than names.
what is the output of
grep 'Kaccess' /etc/sendmail.cf We may have been assuming your file is in that location when it should be another file altogether.
Did you remember to run makemap hash -f /etc/mail/access < /etc/mail/access after making your changes? And did you restart sendmail?
Also did you use [tab] instead of spacebar to separate your ip and the RELAY command?
try to use two tabs there.
Anyway it is nice that at least it is now working with the  domain in relay-domains.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6469182
If you modified your sendmail.cf file by adding he FEATURE to your mc file and it didn't allow your outlook clients to send email, the the problem must be that sendmail wsan't able to verify, by reverse lookup, that the clients are inside the domain. What do you see if, while on the mail server, you do an 'nslookup ckient-IP'?
0
 
LVL 2

Expert Comment

by:ksemat
ID: 6470280
Actually you could setup dns for the private ip range in order to reverse the ip addresses to the correct names on the server. Or simpler, you could put them in /etc/hosts.
0
 
LVL 3

Author Comment

by:packratt_jk
ID: 6485334
I got curious and the access file does not show up anywhere in my sendmail.cf file - what directive should it be under (I'm using slackware 7.1, sendmail 8.10.2)
0
 
LVL 40

Accepted Solution

by:
jlevie earned 200 total points
ID: 6485804
If you don see 'Kaccess hash /etc/mail/access' in your sendmail.cf file, then that feature isn't enabled. To use it you'll need to build a new sendmail.cf file and make sure that FEATURE(`access_db') is in the .mc file. I don't use Slackware and thus don't know if it includes the sendmail cf directory, which enables you to build a new cf file. Actually, given that you are running 8.10.2, I suggest getting the 8.11.6 release from http://www.sendmail.org and build your own copy of sendmail. That's not a terribly difficult project and you'd be running a much safer sendmail. A simple, basic, mc file that would probably work for you would be:

divert(-1)
dnl This is the sendmail macro config file for a Linux system. This file
dnl belongs in /path-to/sendmail-8.11.6/cf/cf and you build a new sendmail.cf
dnl with:
dnl   m4 ../m4/cf.m4 sendmail.mc >sendmail.cf
dnl
VERSIONID(`Linux setup')dnl
OSTYPE(`linux')
define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(`access_db')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`accept_unresolvable_domains')dnl
FEATURE(`relay_entire_domain')dnl
MAILER(smtp)dnl

0
 
LVL 3

Author Comment

by:packratt_jk
ID: 6486463
Hey - upgraded to 8.11.6, used the mc file above, removed relay-domains file, and everything works great!

Thanks a lot.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 6487596
Great!
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Join & Write a Comment

Import PST to Exchange using Power Shell new-mailboximportrequest command, you can simply import the PST file into Exchange mailbox or archived. To know How to import PST into Exchange  2013 read the complete article.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now