christyjo
asked on
Postfix and Sendmail
Thank you in advance!
Hi,
I have installed Sendmail and Openwebmail on RedHat 9. I am also using IMAPS to log on and download my mail. I am using SSL on the web to use Openwebmail. I have a registered domain. I am currently hosting it at my business. I have DNS installed. I have an MX record pointing to my mailserver. When I use "DIG" or "NSLOOKUP" I get an appropriate response. I have configured my hosts file. I have configured sendmail using sendmail.mc and NOT sendmail.cf. I have run m4 after making changes. I believe my problem is with "relay". I also have a side question when editing the sendmail.mc file. If you comment out by removing the " # " character, should you also leave the dnl at the beginning and the end as not to create a line space? Example:
dnl # DaemonPortOptions=Port=smt p, Name=MTA dnl ( I assume this is comment out and not parsed)
dnl DaemonPortOptions=Port=smt p, Name=MTA dnl (This is uncommented out and parsed?)
or is this correct?
DaemonPortOptions=Port=smt p, Name=MTA dnl (dnl at the end only)
or this?
DaemonPortOptions=Port=smt p, Name=MTA (No dnl at end or beginning)
The major PROBLEM:
I can send mail from Outlook or Webmail using https: both on my network and remotely to users only on my domain. I can't send e-mail via sendmail to anyone who is not part or my domain. I receive the following error almost exclusively:
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'randol.larson@emcmail.mar icopa.edu' . Subject 'Again', Account: 'mail.larsonlinux.org', Server: 'mail.larsonlinux.org', Protocol: SMTP, Server Response: '550 5.7.1 <randol.larson@emcmail.mar icopa.edu> ... Relaying denied', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
I have open on my firewall the following: 25 53 80 443 and 993. I have tried "providing a username and password to outgoing mail to authenticate. I am pretty sure it is in "relaying" the mail, and I have tried several suggestions from postings here. I can telnet to port 25 as the instructions explain. I have read the relaying is turned off or tweaked to prevent others from using you as SPAM in a can.
I will copy my sendmail.mc file (I have taken out some of the comments because of size of posting here. Should I drop sendmail and try Postfix, can I do that after configuring sendmail. Any help you can give will be surely appreciated. Again, thank you. Christy Jo
divert(-1)dnl
dnl # make -C /etc/mail
include(`/usr/share/sendma il-cf/m4/c f.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`SMART_HOST',`smtp. mail.larso nlinux.org ')
define(`confDEF_USER_ID',` `8:12'')dn l
dnl define(`confAUTO_REBUILD') dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LI ST',true)d nl
define(`confDONT_PROBE_INT ERFACES',t rue)dnl
define(`PROCMAIL_MAILER_PA TH',`/usr/ bin/procma il')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS' , `authwarnings,novrfy,noexp n,restrict qrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISM S', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',` /usr/share /ssl/certs ')
dnl define(`confCACERT',`/usr/ share/ssl/ certs/ca-b undle.crt' )
dnl define(`confSERVER_CERT',` /usr/share /ssl/certs /sendmail. pem')
dnl define(`confSERVER_KEY',`/ usr/share/ ssl/certs/ sendmail.p em')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SEN DMAIL',`gr oupreadabl ekeyfile') dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN ', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',` dnl')dnl
FEATURE(`smrsh',`/usr/sbin /smrsh')dn l
FEATURE(`mailertable',`has h -o /etc/mail/mailertable.db') dnl
FEATURE(`virtusertable',`h ash -o /etc/mail/virtusertable.db ')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain) dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipie nts')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl # DAEMON_OPTIONS(`Port=smtp, Addr=127.0 .0.1, Name=MTA')dnl
DaemonPortOptions=Port=smt p, Name=MTA dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submi ssion, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps , Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp, Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvab le_domains ')dnl
dnl #
FEATURE(`relay_based_on_MX ')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.lo caldomain' )dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.co m')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelop e)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_ domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhos t)dnl
dnl MASQUERADE_DOMAIN(localhos t.localdom ain)dnl
dnl MASQUERADE_DOMAIN(larsonli nux.org)dn l
dnl MASQUERADE_DOMAIN(mydomain .lan)dnl
FEATURE(always_add_domain) dnl
FEATURE(`masquerade_entire _domain')d nl
dnl FEATURE(`masquerade_envelo p')dnl
MASQUERADE_AS(`larsonlinux .org')dnl
MASQUERADE_DOMAIN(`larsonl inux.org') dnl
MASQUERADE_AS(larsonlinux. org)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
Hi,
I have installed Sendmail and Openwebmail on RedHat 9. I am also using IMAPS to log on and download my mail. I am using SSL on the web to use Openwebmail. I have a registered domain. I am currently hosting it at my business. I have DNS installed. I have an MX record pointing to my mailserver. When I use "DIG" or "NSLOOKUP" I get an appropriate response. I have configured my hosts file. I have configured sendmail using sendmail.mc and NOT sendmail.cf. I have run m4 after making changes. I believe my problem is with "relay". I also have a side question when editing the sendmail.mc file. If you comment out by removing the " # " character, should you also leave the dnl at the beginning and the end as not to create a line space? Example:
dnl # DaemonPortOptions=Port=smt
dnl DaemonPortOptions=Port=smt
or is this correct?
DaemonPortOptions=Port=smt
or this?
DaemonPortOptions=Port=smt
The major PROBLEM:
I can send mail from Outlook or Webmail using https: both on my network and remotely to users only on my domain. I can't send e-mail via sendmail to anyone who is not part or my domain. I receive the following error almost exclusively:
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'randol.larson@emcmail.mar
I have open on my firewall the following: 25 53 80 443 and 993. I have tried "providing a username and password to outgoing mail to authenticate. I am pretty sure it is in "relaying" the mail, and I have tried several suggestions from postings here. I can telnet to port 25 as the instructions explain. I have read the relaying is turned off or tweaked to prevent others from using you as SPAM in a can.
I will copy my sendmail.mc file (I have taken out some of the comments because of size of posting here. Should I drop sendmail and try Postfix, can I do that after configuring sendmail. Any help you can give will be surely appreciated. Again, thank you. Christy Jo
divert(-1)dnl
dnl # make -C /etc/mail
include(`/usr/share/sendma
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`SMART_HOST',`smtp.
define(`confDEF_USER_ID',`
dnl define(`confAUTO_REBUILD')
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LI
define(`confDONT_PROBE_INT
define(`PROCMAIL_MAILER_PA
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS'
define(`confAUTH_OPTIONS',
dnl #
dnl define(`confAUTH_OPTIONS',
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISM
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`
dnl define(`confCACERT',`/usr/
dnl define(`confSERVER_CERT',`
dnl define(`confSERVER_KEY',`/
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SEN
dnl #
dnl define(`confTO_QUEUEWARN',
dnl define(`confTO_QUEUERETURN
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`
FEATURE(`smrsh',`/usr/sbin
FEATURE(`mailertable',`has
FEATURE(`virtusertable',`h
FEATURE(redirect)dnl
FEATURE(always_add_domain)
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipie
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl # DAEMON_OPTIONS(`Port=smtp,
DaemonPortOptions=Port=smt
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submi
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl # a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvab
dnl #
FEATURE(`relay_based_on_MX
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.lo
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.co
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelop
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_
dnl #
dnl MASQUERADE_DOMAIN(localhos
dnl MASQUERADE_DOMAIN(localhos
dnl MASQUERADE_DOMAIN(larsonli
dnl MASQUERADE_DOMAIN(mydomain
FEATURE(always_add_domain)
FEATURE(`masquerade_entire
dnl FEATURE(`masquerade_envelo
MASQUERADE_AS(`larsonlinux
MASQUERADE_DOMAIN(`larsonl
MASQUERADE_AS(larsonlinux.
MAILER(smtp)dnl
MAILER(procmail)dnl
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
(1) Yes, replacing 1.2.3.4 with, say 140.180.1.0, would allow any machine on the 140.180.1.0/24 network to relay mail through your server.
(2) I presume that you mean that the Outloook client is on the 192.168.1.0/24 network. Since the access map is checked first a client on that network would be allowed to relay whether the client authenticates or not. And if Sendmail isn't configured to offer SMTP AUTH the client won't even try it even if authentication is configured.
It is possible to restrict relaying to only authenticated users. This means that you first must configure sendmail to offer authentication and then remove any network relay privs from the access map.
(2) I presume that you mean that the Outloook client is on the 192.168.1.0/24 network. Since the access map is checked first a client on that network would be allowed to relay whether the client authenticates or not. And if Sendmail isn't configured to offer SMTP AUTH the client won't even try it even if authentication is configured.
It is possible to restrict relaying to only authenticated users. This means that you first must configure sendmail to offer authentication and then remove any network relay privs from the access map.
ASKER
Thanks again!
R
R
ASKER
You are indeed talented! I had worked on this for hours, but not wasted. I continually learn more and more when things don't go well. I had stated so many points because how critical this issue was, and to me it was very complicated. I thank you so much. I can now forward mail from Openwebmail. I can send mail out on my local domain. Your instuctions are very well written. Can I ask two questions from above before I close this ticket out?
1. The access map I changed to 192.168.1.0 RELAY (This of course must of have worked)
The example 1.2.3.4 listed, would that be an example if I was another office and wanted to use Outlook? The remote network would say example.... 140.180.1.0? Would I substitute that 1.2.3.4? But what would really be difficult, what if you are on various networks. How could you list them all? Or because of security, would that be dangerous? Also does the access file under /etc/mail/ write to the access.db auto-magically or is there a command to do this. Or is access.db and acess unrelated?
2. I also want to ask the user remotely to choose under Outlook account options; "Under Servers" "My outgoing mail requires authentication" I can choose it now either way and it sends mail. My ulimate goal is to require users in Outlook to choose the option.. "Log on using secure password authentication". If this is possible I will open up another ticket.
Thanks again:
Christyjo