Solved

Gateway SM 8.12.10+Spamassassin+MimeDefang=tagged mail but no relay to final destination server

Posted on 2003-11-11
4
544 Views
Last Modified: 2013-12-17
I have configured RH 9 with SM 8.12.10, latest SpamAssasin and MimeDefang.  My external DNS is configured so that the "main" email server (Exchange 5.5, booooo) is the primary MX for the domain, and the SM mail filter machine is the secondary MX.  I receive the Internet emails, and tagging of email (either spam or ham) works great, but the messages are not being relayed to the Exchange server as they should.  I had an older version of SM and SpamAssassin working on this machine, and it did this no problem.   I have attempted to configure /etc/mail/sendmail.mc and thought that I had the correct stuff turned on.  I made sure that I included the Exchange server in the /etc/mail/relay-domains file, in the access.db (which I re-hashed), and in the hosts file.  I also insured that the internal DNS servers were correct on the SM machine so that it could do a lookup and see that it was not the primary destination for mail for the domain and forward it over to Exchange.  I am desperate to get this up, if anyone has the secret please let me know and I will be forever grateful.  Thanks and cheers.

Keith Starks
0
Comment
Question by:kstarks
  • 2
4 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 9723518
If you want your Sendmail server to be an anti-spam filter it needs to be the Primary MX for your domain. Otherwise mail for your domain won't, in general, ever reach your Sendmail server.

Now as to what is happening with mail that does reach the Sendmail server... You should be able to tell from your /var/log/maillog if sendmail is attempting to relay filtered messages to your Exchange server. Know what's happening, as shown in the logs, is essential to determining what your problem is.
0
 

Author Comment

by:kstarks
ID: 9723719
Jlevie -

Thanks for the repsonse.

Regarding the DNS, what I have had working for the past year or so is to have the primary (Exchange) set as MX (10), and the spam milter as MX (20).  I then turn off access to the primary MX machine via my firewall, which leaves only the MX (20) machine responding.  Mail servers trying to deliver to our domain try the 10, fail and retry to the 20, which works.  Since our DNS is split, the spam milter would recieve an email for our domain, use internal DNS to see that it was not the default server, run the mail through SpamAssassin and our anti-virus package, then forward over to Exchange.  Worked like a champ, right up until I rebuilt the server with the latest version of Sendmail.

Regarding the maillog, here is a tail of the last few  lines:

v 11 11:10:35 foxhound sendmail[2008]: hABGA9fU002008: Milter change: header  MIME-Version: from 1.0 to 1.0
Nov 11 11:10:35 foxhound sendmail[2008]: hABGA9fU002008: Milter message: body replaced
Nov 11 11:10:35 foxhound sendmail[2008]: hABGA9fU002008: Milter add: header: X-Scanned-By: MIMEDefang 2.38
Nov 11 11:10:35 foxhound sendmail[2011]: hABGA9fU002008: to=<kstarks@beallsinc.com>, delay=00:00:18, xdelay=00:00:00, mailer=local, pri=33923, dsn=2.0.0, stat=Sent
Nov 11 11:27:55 foxhound sendmail[2027]: hABGRsfU002027: <belindah@beallsinc.com>... User unknown
Nov 11 11:27:55 foxhound sendmail[2027]: hABGRsfU002027: <billw@beallsinc.com>... User unknown
Nov 11 11:27:55 foxhound sendmail[2027]: hABGRsfU002027: lost input channel from [65.125.82.35] to MTA after rcpt
Nov 11 11:27:55 foxhound sendmail[2027]: hABGRsfU002027: from=<vutypdgr2@onlinemeds.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[65.125.82.35]
Nov 11 11:28:46 foxhound sendmail[2041]: hABGSjfU002041: ruleset=check_rcpt, arg1=<cindys@mygiftcottage.com>, relay=pcp05312216pcs.norstn01.pa.comcast.net [68.84.225.163], reject=550 5.7.1 <cindys@mygiftcottage.com>... Relaying denied
Nov 11 11:28:46 foxhound sendmail[2041]: hABGSjfU002041: lost input channel from pcp05312216pcs.norstn01.pa.comcast.net [68.84.225.163] to MTA after rcpt
Nov 11 11:28:46 foxhound sendmail[2041]: hABGSjfU002041: from=<dxvnhkdaz@yahoo.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=pcp05312216pcs.norstn01.pa.comcast.net [68.84.225.163]
Nov 11 11:33:53 foxhound sendmail[2052]: hABGXrfU002052: <tosullivan@beallsinc.com>... User unknown
Nov 11 11:33:53 foxhound sendmail[2052]: hABGXrfU002052: from=<bounce-ttnews-express-607301@lyris.truckline.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=lyris.truckline.com [207.247.51.181]
Nov 11 11:39:11 foxhound sendmail[2058]: hABGcQfU002058: from=<admin@BEALLSINC.COM>, size=30780, class=0, nrcpts=1, msgid=<200311111638.hABGcQfU002058@foxhound.beallsinc.com>, proto=SMTP, daemon=MTA, relay=w118.z208037117.nyc-ny.dsl.cnc.net [208.37.117.118] (may be forged)
Nov 11 11:39:20 foxhound mimedefang.pl[1777]: MDLOG,hABGcQfU002058,virus,W32/Mimail-A,208.37.117.118,<admin@beallsinc.com>,<postmaster@beallsinc.com>,your account                         oiofiiwa
Nov 11 11:39:20 foxhound mimedefang.pl[1777]: filter: hABGcQfU002058:  bounce=1 quarantine=1
Nov 11 11:39:20 foxhound mimedefang[1790]: hABGcQfU002058: Bouncing because filter instructed us to
Nov 11 11:39:20 foxhound mimedefang[1790]: hABGcQfU002058: Filter time is 9381ms
Nov 11 11:39:20 foxhound sendmail[2058]: hABGcQfU002058: Milter: data, reject=554 5.7.1 Virus W32/Mimail-A found in mail - rejected
Nov 11 11:39:20 foxhound sendmail[2058]: hABGcQfU002058: to=<postmaster@BEALLSINC.COM>, delay=00:00:38, pri=60780, stat=Virus W32/Mimail-A found in mail - rejected
Nov 11 11:41:11 foxhound sendmail[2070]: hABGf9fU002070: <belindah@beallsinc.com>... User unknown
Nov 11 11:41:11 foxhound sendmail[2070]: hABGf9fU002070: lost input channel from pcp842662pcs.beridg01.fl.comcast.net [68.56.170.105] to MTA after rcpt
Nov 11 11:41:11 foxhound sendmail[2070]: hABGf9fU002070: from=<odly30@hotmail.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=pcp842662pcs.beridg01.fl.comcast.net [68.56.170.105]
Nov 11 11:41:15 foxhound sendmail[2068]: hABGf6fU002068: ruleset=check_mail, arg1=<pvvyvfr@loyus.com>, relay=200-207-114-27.zeronet.psi.br [200.207.114.27] (may be forged), reject=553 5.1.8 <pvvyvfr@loyus.com>... Domain of sender address pvvyvfr@loyus.com does not exist
Nov 11 11:41:19 foxhound sendmail[2068]: hABGf6fU002068: from=<pvvyvfr@loyus.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=200-207-114-27.zeronet.psi.br [200.207.114.27] (may be forged)
Nov 11 11:45:08 foxhound sendmail[2074]: hABGj7fU002074: <brianr@beallsinc.com>... User unknown
Nov 11 11:45:08 foxhound sendmail[2074]: hABGj7fU002074: lost input channel from mx3.efax.com [207.213.246.143] to MTA after rcpt
Nov 11 11:45:08 foxhound sendmail[2074]: hABGj7fU002074: from=<b.13ca.32511f9@mx3.efax.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=mx3.efax.com [207.213.246.143]
Nov 11 11:47:01 foxhound sendmail[2076]: hABGkqfU002076: <janak@beallsinc.com>... User unknown
Nov 11 11:47:04 foxhound sendmail[2076]: hABGkqfU002076: lost input channel from adsl-215-42-108.bct.bellsouth.net [68.215.42.108] to MTA after rcpt
Nov 11 11:47:04 foxhound sendmail[2076]: hABGkqfU002076: from=<john@beallsinc.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=adsl-215-42-108.bct.bellsouth.net [68.215.42.108]

It is listing users in my proper domain as unknown (shouldn't even be looking them up) and apparently allowing relays that should not be.
Thanks for any help you can lend.

Keith
0
 
LVL 40

Accepted Solution

by:
jlevie earned 500 total points
ID: 9724003
The process you used to employ was pretty much of a kludge and was decidedly unfriendly to the Internet mail servers that sent you mail since they had to time out on the primary MX. I understand why you did it that way but there are better ways.

Given the volume of spam these days it only makes sense to me to reject as much of it as possible as early as possible. This means that the mail relay really needs to know what the valid email addresses are for your domain(s). With that knowledge the relay will reject and spam that isn't addressed to a valid email address immediately. This does mean that you have to maintain an aliases or virtusertable map on the relay box, but it also solves the issue of forwarding and the MX problem. The target of the alias or virtuser is the email address at your exchange server by hostname (i.e. user@exchange-srv.my-dom.tld) and you have to configure each exchange account to listen for mail addressed to the FQDN in addation to mail addressed to the domain ('casue exchange is to brain dead to realize the the FQDN and the domain are the same server).

With those details attended to you re-do the DNS so that your Sendmail server is the only MX for the domain. The exchange server doesn't even need to be listed as an MX host. Oh yeah, I highly recommend configuring the exange server to use your Sendmail box as a SMART HOST so that it never, ever, talks to any Internet servers for security reasons.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

When it comes to providing great business solutions, IBM and Microsoft are the two top companies excelling in the art. Both launch similar products aimed at a wide audience set and have a good customer satisfaction rate. Since their products are qui…
Resolve DNS query failed errors for Exchange
Familiarize people with the process of utilizing SQL Server views from within Microsoft Access. Microsoft Access is a very powerful client/server development tool. One of the SQL Server objects that you can interact with from within Microsoft Access…
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now