• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 316
  • Last Modified:

Outlook won't send outgoing mail.

I'm having a problem with sendmail and outlook.  It seems that if I try to send mail with outlook, it fails.

The error message (from outlook) says that relaying is denied.  Quote:
"The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'scott@killen.homeip.net'. Subject 'test', Account: 'killen2.homeip.net', Server: 'killen2.homeip.net', Protocol: SMTP, Server Response: '550 5.7.1 <scott@killen.homeip.net>... Relaying denied', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79"

But if i telnet to port 25 I can type in the same information and it works fine.

Also, when I telnet in it says it is running ESMTP.

Is this a problem with sendmail or a problem with outlook, and how do i fix it?
  • 7
  • 5
  • 4
1 Solution
By default a modern sendmail will deny relay access to any host that it doesn't think it is supposed to relay for. Frequently on a local lan that happens because the client machine's hostname can't be resolved from the DNS by IP (reverse lookup) and thus sendmail can't determine if the client is in the local domain. The fix for that is either to get a proper PTR record for the client, make a hosts file record on the sendmail server for the client, or to specifically allow relaying for that IP. Other solutions are possible for dial up clients, like SMTP AUTH.
packratt_jkAuthor Commented:
It's just on a local lan - can i specify to allow relaying to the entire subnet?
Yes if all the clients are on the local lan you can include:


ins your .mc file and build a new sendmail.cf. Sendmail will still need to be able to do a reverse lookup of the client IP's to see that they lie within the domain. But once it sees an FQDN for the client that is within the domain the above feature will allow it to relay mail for that client.

If you don't have a DNS that can list all of the systems on your lan you can, as an alternative, include the client IP's or network in /etc/mail/access and build a new map (makemap hash /etc/mail/access </etc/mail/access), something like:     RELAY
10.0.0       RELAY

The first line allows a specific IP to relay through sendmail and the second line allows any IP in the network to relay through sendmail. Specifying a network is limited to octect boundaries. So if you were to have a subnet that doesn't fall on an octet boundary (like you'd need to use the first form and list each IP in the subnet, e.g.,, etc.

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Jlevie has pretty much said it all. One thing though, for security reasons you could use a smtp after pop solution i.e after a client connects to pop their mail, their ip address is automatically added to /etc/mail/access and a new map generated  that then allows them to send mail using your server. This ip is then dropped out after a set time like say 15-30 minutes.
There is a package available on http://www.freshmeat.net called popaccess that can do this neatly.

packratt_jkAuthor Commented:
Question: If this is true then why can i still telnet to port 25 and have it work fine?
Where are you telnetting from? the local host or the remote machine? If it is the localhost, relaying will work. If it is remote, what did you put in your from:<> line?
Anyway either way please edit /etc/mail/access and put
your ip range let us imagine it is in there like this
192.168.1   RELAY
and then run
makemap hash -f /etc/mail/access < /etc/mail/access

remember to separate the ip range and the RELAY parameter with a [tab] and not spaces.
for good measure restart sendmail. That should solve your problem. On the other hand you can relay by from line i.e you edit /etc/mail/relay-domains and put
your.domain.com in the file I hope it is relay-domains in your distro.You can check with
grep 'FR-o' /etc/sendmail.cf
packratt_jkAuthor Commented:
Well, that still didn't help.
It will send mail fine to anybody in the domain (killen2.homeip.net), but will not forward mail from outlook on the windows clients to any address outside that domain.

What I want is for the outlook users to be able to send mail to people outside of the domain.

If I can prevent relaying spoofed mail from the outside, that would be great too, but not required.
packratt_jkAuthor Commented:
here is output from the server log (/var/log/messages) with telnet:

Sep  7 19:32:06 killen2 sendmail[5708]: f87JW0p05707: to=justin@killen.homeip.net, delay=00:00:06, xdelay=00:00:05, mailer=esmtp, pri=30767,
relay=killen.homeip.net. [], dsn=2.0.0, stat=Sent (f882Gf505442 Message accepted for delivery)
Sep  7 19:36:46 killen2 sendmail[5732]: f87Jakp05732: Authentication-Warning: killen2.homeip.net: merci.killen2.homeip.net [] didn't use HELO protocol
Sep  7 19:37:03 killen2 sendmail[5732]: f87Jakp05732: from=MERCI@KILLEN.HOMEIP.NET, size=17, class=0, nrcpts=1, msgid=<200109071936.f87Jakp05732@killen2.homeip.net>, proto=SMTP, daemon=MTA, relay=merci.killen2.homeip.net []
Sep  7 19:37:09 killen2 sendmail[5736]: f87Jakp05732: to=justin@killen.homeip.net, delay=00:00:13, xdelay=00:00:05, mailer=esmtp, pri=30027, relay=killen.homeip.net. [], dsn=2.0.0, stat=Sent (f882Li505460 Message accepted for delivery)

and here is one when using outlook:
Sep  7 19:38:46 killen2 sendmail[5743]: f87Jckp05743: ruleset=check_rcpt, arg1=<justin@killen.homeip.net>, relay=merci.killen2.homeip.net [], reject=550 5.7.1 <justin@killen.homeip.net>... Relaying denied
Sep  7 19:38:46 killen2 sendmail[5743]: f87Jckp05743: from=<merci@killen.homeip.net>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=merci.killen2.homeip.net []
packratt_jkAuthor Commented:
Hey - good news.
I put my domain in the relay-domains and now it works great!

Now I am just curious - does this allow people to spoof off of users in my domain?
in a way yes! If I connect to your smtp server and masquerade as username@your.domain you server will allow me to send mail through it to anyone which is why allowing relaying based on ip address is better. They are slightly harder to spoof than names.
what is the output of
grep 'Kaccess' /etc/sendmail.cf We may have been assuming your file is in that location when it should be another file altogether.
Did you remember to run makemap hash -f /etc/mail/access < /etc/mail/access after making your changes? And did you restart sendmail?
Also did you use [tab] instead of spacebar to separate your ip and the RELAY command?
try to use two tabs there.
Anyway it is nice that at least it is now working with the  domain in relay-domains.
If you modified your sendmail.cf file by adding he FEATURE to your mc file and it didn't allow your outlook clients to send email, the the problem must be that sendmail wsan't able to verify, by reverse lookup, that the clients are inside the domain. What do you see if, while on the mail server, you do an 'nslookup ckient-IP'?
Actually you could setup dns for the private ip range in order to reverse the ip addresses to the correct names on the server. Or simpler, you could put them in /etc/hosts.
packratt_jkAuthor Commented:
I got curious and the access file does not show up anywhere in my sendmail.cf file - what directive should it be under (I'm using slackware 7.1, sendmail 8.10.2)
If you don see 'Kaccess hash /etc/mail/access' in your sendmail.cf file, then that feature isn't enabled. To use it you'll need to build a new sendmail.cf file and make sure that FEATURE(`access_db') is in the .mc file. I don't use Slackware and thus don't know if it includes the sendmail cf directory, which enables you to build a new cf file. Actually, given that you are running 8.10.2, I suggest getting the 8.11.6 release from http://www.sendmail.org and build your own copy of sendmail. That's not a terribly difficult project and you'd be running a much safer sendmail. A simple, basic, mc file that would probably work for you would be:

dnl This is the sendmail macro config file for a Linux system. This file
dnl belongs in /path-to/sendmail-8.11.6/cf/cf and you build a new sendmail.cf
dnl with:
dnl   m4 ../m4/cf.m4 sendmail.mc >sendmail.cf
VERSIONID(`Linux setup')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable')dnl

packratt_jkAuthor Commented:
Hey - upgraded to 8.11.6, used the mc file above, removed relay-domains file, and everything works great!

Thanks a lot.

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

  • 7
  • 5
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now