[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 538
  • Last Modified:

Linux /etc/hosts file entry help

I currently have a linux webserver (55.55.55.2 = www.mywebsite.com) and I have a windows exchange server (55.55.55.3 = mail.mywebsite.com).

Becuase of the configuration of my watchguard firebox 1000 firewall appliance, I have to create an entry on the linux webserver that will tell it to send email to the windows exchange server.

Here's what I have created in my /etc/hosts file:
__________________________
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       www     localhost.localdomain   localhost
192.168.16.3    mail    mail.mywebsite.com
__________________________

Well, even after I restart the linux webserver, I will go to the website's contact form (I use sendmail) and fill out the contact us form and send it.  If the email address I use is: user@mywebsite.com, the email never goes through.  If the email address I use is from any other domain, the email does get sent!

Any ideas on what I can do to route 'internal' email correctly??
0
compinfo
Asked:
compinfo
  • 28
  • 24
  • 15
  • +1
1 Solution
 
compinfoAuthor Commented:
Oh, yeah, and the firewall is configure to route email going to the external address of 55.55.55.3 to the internal address of 192.168.16.3.  And the linux webserver at 55.55.55.2 can ping 192.168.16.3.
0
 
jlevieCommented:
When you use an address of the form user@mywebsite.com the MTA (probably Sendmail) will do an MX lookup on the domain name to find out what mailserver to use. It won't use the hostname from the hosts file unless you send the mail to user@mail.mywebsite.com. In which case you have to tell exchange to listen from mail addressed to mail.mywebsite.com (that's just one of the ways that exchange is brain dead).

If you reall need to be able to use addresses of the form user@mywebsite.com you'll need to arrainge for the MX lookup to work and to point to 192.168.16.3. In a firewalled environment this usually means running a private DNS on the inside that equates the host names to private IP's. You can do this pretty easily on the Linux server.
0
 
compinfoAuthor Commented:
Well, ok, so I went to dnsstuff.com and did a MX lookup on mywebsite.com and get this:

Domain Type Class TTL Answer
mywebsite.com. MX IN 7200 MAIL.mywebsite.com. [Preference = 10]
mywebsite.com. NS IN 7200 NS80.WORLDNIC.com.
mywebsite.com. NS IN 7200 NS79.WORLDNIC.com.
MAIL.mywebsite.com. A IN 7200 55.55.55.3
****************

So, does this matter?  I'm not sure I understand about how I could setup private DNS 'on the inside'  but I can try.  Right now, the exchange server is NAT'd through the firewall to a trusted lan, and the websever is in the DMZ of the firewall.
 
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
compinfoAuthor Commented:
Just FYI:  The firewall is showing a message:

'arp called for own IP address'

0
 
jlevieCommented:
The problem here is that your Linux box and exchange server are located on RFC1918 private networks. When the linux box looks up the MX record for the domain it ultimately resolves to the public (Internet) IP of the exchange server. That means that a data connection to exchange would have to go out the firewall and back in, which is something that the majority of firewalls won't allow.

So what you need is a DNS server on the local LAN that has hostnames like are defined in your Outside (Internet accessible) DNS but that using private IP's.
0
 
GnsCommented:
Why not just defer any mailing to the M-Sexchange? Set sendmail to use it as a smart relay host (DS in sendmail.cf.... Dunno in sendmail.mc... Jim does though:-).

BTW, what is the topology here? Is the website on the DMZ interfance and the exchange on the trusted?

-- Glenn
0
 
GnsCommented:
Oh, and I can attest that using a "local" DNS (set it so that it has your ISPs DNSes as forwarders, and define a zone for mywebsite.com that has all "local" addresses... effectively masking the "public" ones) is a very viable option.

-- Glenn
0
 
compinfoAuthor Commented:
GNS:

"Right now, the exchange server is NAT'd through the firewall to a trusted lan, and the websever is in the DMZ of the firewall."
0
 
GnsCommented:
:-)
Sorry, I'm going blind....:-)

Ok, that only means that you'd need set up one DNS proxy from webserver->local DNS server on trusted (and of course just allow DNS from trusted to external for local DNS server) if you go with the local DNS server setup.

The problem you have seem to be that you have the 55.55/16 network (or whatever... the externally visible net) on one interface and as a related network on the other (for DMZ and external), but you can only set the static NAT from 55.55.55.3 for the external interface... So getting mail from DMZ to trusted becomes a routing/rule issue as well. The routing would be trivial (it knows all this:-), as would the rule for mail from DMZ->trusted/exchange too. Sorry for beuing a bit slow today:-).
Hm. The Local DNS server approach would handle this. As would a smarthost.

-- Glenn
0
 
compinfoAuthor Commented:
JLEVIE:

"The problem here is that your Linux box and exchange server are located on RFC1918 private networks."

My linux box is in the DMZ of the firewall with an public IP address.  However, being in the DMZ, it has the ability to ping the local 'trusted' network as well.
0
 
compinfoAuthor Commented:
Quick Note:

I control the DNS routing via the Advanced DNS service from Network Solutions.  
0
 
GnsCommented:
Yes, but it goes to the "public" DNS for MX, so ends up with that address, which you cannot route through the FB1k.
Problem in a nutshell. I realize I might be misstaken about address assignment for the DMZ, and in actuality... That doesn't matter... now does it?

-- Glenn
0
 
GnsCommented:
Ah, crossing posts... The comment was to your comment to Jim.

-- Glenn
0
 
compinfoAuthor Commented:
Also,  I see I have a ton of email requests in /var/spool/mail/root, how can I extract this to a TXT file to download it?

0
 
compinfoAuthor Commented:
So, now that I've added a bit more information, what might I try to make this work?  

If the suggestion  "...is a DNS server on the local LAN that has hostnames like are defined in your Outside (Internet accessible) DNS but that using private IP's."

Isn't this done by the firebox already?  I have the firebox setup as the local DNS at 192.168.16.205.
0
 
GnsCommented:
Hm, what version of the WFAS/WLS/whatchamacallitr do you have? 7.0?
If the FB is your DNS, then it has to be taught about the exchange MX.... Which it can't be, since it's really not a DNS server (I assume you've set the DNS info on the DNS/WINS tab of the Network->Configuration, right?)

Anyway, you sidestep this whole DNS/MX trouble by using a smart relay/ smart host. Either edit /etc/sendmail.cf, or better edit /etc/sendmail.mc and set a line like
define(`SMART_HOST', `mail.mywebsite.com')
(which will use the /etc/hosts entry if you have "order hosts,bind" in /etc/host.conf), then do
m4 ../m4/cf.m4 yourhost.m4 > yourhost.cf
Make a backup of your /etc/sendmail.cf and copy yourhost.cf to /etc/sendmail.cf.
(these lines were adapted from http://www.sendmail.org/~ca/email/offline_mailing.html)

Restart sendmail and you should be fine.

-- Glenn
0
 
GnsCommented:
About the /var/spool/mail/root file... that's probably an mbox-format textfile. All mails to root go there, and since one usually have an alias postmaster->root...
You can read them via the mail command logged on as root (or any other mail user agent you feel comfortable with.
If you install an IMAP service on the linux box and create appropriate rules for imap ... you could use OutLook to access the files content and even move it over to the exchange via drag'n'drop.

-- Glenn
0
 
jlevieCommented:
So the Linux box is in a classical DMZ with public IP's and the mail server is behind a NAT'ing firewall. In that case you need to set up the firewall with either a port forward of the SMTP port to the exchange box or give the exchange box a static NAT translation. In both cases the hosts file entry on the Linux box will be the outside IP of the port forward or static NAT. You'll also need to allow the IP of the Linux box to open an SMTP connection through the firewall.
0
 
compinfoAuthor Commented:
GNS:

Version 7.2 of the watchguard System Manager.  Yes, I have DNS set in the Network->Configuration to my ISP's primary and secondary DNS and the domain name is there too.

Let me try the sendmail function.

JLEVIE:  Yes, the firebox is setup like you're saying (I believe), it's just a bit different terminology in that I setup services for SMTP that state who is allow in, out, and who is NAT'd to where, etc...
0
 
compinfoAuthor Commented:
GNS:

YOu lost me here:

m4 ../m4/cf.m4 yourhost.m4 > yourhost.cf
Make a backup of your /etc/sendmail.cf and copy yourhost.cf to /etc/sendmail.cf.

*what does this mean??

*how do I restart sendmail?
0
 
GnsCommented:
m4 is a "macro processor" that'll translate the "easy to understand" sendmail.mc into the "less easy to understand" sendmail.cf (which is the file sendmail reads). As said, those lines are quoted directly from a faq, so (I see now:) they don't really match too well:-). (Personally I _don't_ use sendmail, so I can't say for sure which files should be used... probably /etc/sendmail.mc or similar... Jim is the attested Guru when it comes to sendmail, and I'm sure he can guide you through the steps needed). If you'd like to set something up "quick", then edit /etc/sendmail.cf and change the line
DS
or mayby it is
# DS
to
DSmail.mywebsite.com
... and all mails should the be routed through exchange. Don't forget to set your exchange so that it allows this;-).

I realise we lack two bits of info. You say you use sendmail _in the webform_, but this doesn't necessarily mean you use the sendmail MTA(!), since most MTAs (Mail Transfer Agents) will have a "convenience sendmail command"... So even though the form uses the sendmail command, it might be Postfix, qmail, exim....;-). Could you tell us what distro you use on webserver, as well as what MTA?

-- Glenn
0
 
garak1357Commented:
If clients are using your local server for DNS, and it is not resolving by the host file, have your checked your resolv.conf file to make sure that it is pointed to your local DNS server?  You may also need to set the order in which it is resolved there.  Just a thought.
0
 
GnsCommented:
Please read the entire question garak1357. Covered ground.

-- Glenn
0
 
compinfoAuthor Commented:
Let me check out things today and get back with you guys.  Thanks!
0
 
compinfoAuthor Commented:
It's Red Hat Enterprise Edition Version 3 with Up2date.

I went here:

http://linux-rep.fnal.gov/sundocs/Raven/EyeView/SSR03/SSR03-16.htm#ss16.5

(As instructed by Red Hat Support).

And found out the following:

ESMTP Sendmail 8.12.11/8.12.11;

****

So, how would I know which MTA is used on my distro?  I didn't setup anything different, so I'm assuming it's using whatever it's defaulted to use.



0
 
GnsCommented:
Hm, I don't remember... Jim? Wait a moment, you're saying you did the "telnet localhost 25" and got the above? Well, then you are running Sendmail version 8.12.11 ... And the advice pertaining to sendmail configuration above applies.

-- Glenn
0
 
jlevieCommented:
Since a 'telnet localhost 25' (I assume that's what you did) talks directly to the MTA, if it says Sendmail that's what your MTA is. But whether it is Sendmail, Postfix, Qmail, etc. doesn't really matter here if, as I think, the problem is a DNS/firewall issue. If it is a DNS and/or firewall issue nothing else matters until that is resolved.

From what you've said about the network topology I believe it looks like:

          Internet
                |
                |----- Web Server
                |
          Firewall
                |
                |------Mail Server
                |
        Local LAN

That would mean that the Web server has an Internet routable IP, as would the outside interface of the Firewall. So to be able to send an email to the mail server the firewall would have to allow inbound SMTP connections with a port forward or static NAT through the firewall to the mail server. For mail from Internet sites to work that port forward or static NAT translation would already have to be in place, assuming that the MX record for your domain directs mail to your mail server.

With that topology all that we need do is to tell Sendmail that it should forward local mail to your mail server, which we can accomplish by including:

define(`LUSER_RELAY', `mail.mywebsite.com')dnl

in /etc/mail/sendmail.mc, and restarting sendmail. That will tell sendmail to forward mail that looks like a local address (user@mywebsite.com) but that doesn't correspond to a local Linux account.

However, I could be confused about the topology and it might look like:

            Internet
                 |
            Firewall
             /          \
           /              \
Web Server    Local LAN

In this case everything has private IP's and the firewall will have to have ACL's that allow an SMTP connection from the DMZ to the mail server's IP. We can't use your Internet DNS records here for the mail server since they point to the outside IP, not the private IP. The solution to that is to either set up a priave DNS that equates names to private IP's or use a hosts file record. For a single domain the hosts solution is fine and we still need the LUSER_RELAY.
0
 
compinfoAuthor Commented:
This is the topology:

     Internet
                 |
            Firewall
             /          \
           /              \
Web Server    Local LAN
0
 
GnsCommented:
Exactly, and since there is no "local DNS" to query, one could (as I've said a couple of times before) resort to using the "smarthost" thing instead. And that is where the actual MTA becomes relevant:-).

-- Glenn
0
 
GnsCommented:
Oh, and Jims note on there needing to be "ACLs for SMTP from DMZ to mailserver" is quite true... As I think we've already covered before:-). Easiest to add a SMTP filter (not the proxy, since that puts undue load on the FW... as well as being a bit ... picky:-) from DMZ to trusted.

Of course it's not a bad idea to set up a local DNS server, so that you can draw benefit from the cache if nothing else, but... If those are all the hosts you have, it feels a bit like overkill:-):-). If your exchange server is part of an AD, then you already have a DNS server active on the trusted LAN .... At least one of the DCs would be a DNS server...

-- Glenn
0
 
GnsCommented:
Oh read Jims WHOLE message.... LUSER_RELAY it is:-)

-- Glenn
0
 
jlevieCommented:
Right! A SMART_HOST doesn't help in this case because presumably the web server is in the same domain as the mail server.  LUSER_RELAY will work because it says where to send "apparently local mail" that isn't an account on the web server.
0
 
compinfoAuthor Commented:
From these discussions, here's what I was able to do:

1.  Add define(`LUSER_RELAY', `mail.mywebsite.com')dnl to /etc/sendmail.mc (using VI)
2.  Stop and start the sendmail (/etc/rc2.d/S88sendmail stop ; /etc/rc2.d/S88sendmail start)
3.  Deleted entry from the /etc/hosts file that stated:  55.55.55.2 mail.mywebserver.com (becuase it wasn't needed).

So far, this also did not work.  Am I missing anything?  Thanks!

0
 
GnsCommented:
Earlier you've stated you had
192.168.16.3    mail    mail.mywebsite.com
in /etc/hosts... You'll need something like that, so that you can find your way from webserver->exchange. If you allow ping between DMZ and trusted, you should test that you can ping it.

Also note you need a step 2a that converts the m4 macro file /etc/sendmail.mc into a working /etc/sendmail.cf (the latter is the only file that sendmail reads). I'm sure Jim has all details on how to go about that step (isn't there a makefile somewhere for that express purpose?).

-- Glenn
0
 
compinfoAuthor Commented:
Also,  I noticed that I know have:

/etc/sendmail.cf
/etc/sendmail.mc

And:

/etc/mail/sendmail.cf
/etc/mail/sendmail.mc

Which copy should I work with??
0
 
compinfoAuthor Commented:
In the /etc/mail directory, I have these files:

access          local-host-names  sendmail.mc         virtusertable
access.db       mailertable       statistics.rpmsave  virtusertable.db
domaintable     mailertable.db    submit.cf
domaintable.db  Makefile          submit.mc
helpfile        sendmail.cf       trusted-users


0
 
GnsCommented:
if you do
ls -l /etc/sendmail.cf /etc/sendmail.mc /etc/mail/sendmail.cf /etc/mail/sendmail.mc
I'm guessing you'll see that the ones in /etc are symbolic links to the ones in /etc/mail ... And I'm further guessing that in /etc/mail you have a makefile (or Makefile) that will help you create a new sendmail.cf from sendmail.mc ... perhaps by just tyoping "cd /ect/mail;make" or somesuch (Jim will know this;).

-- Glenn
0
 
GnsCommented:
Ah, crossing posts (again)... No need to guess about Makefile:-).

-- Glenn
0
 
compinfoAuthor Commented:
does not look like symbolic links here:

-rw-r--r--    1 root     root            0 Sep  9 11:40 /etc/mail/sendmail.cf
-rw-r--r--    1 root     root         6146 Sep  9 11:25 /etc/mail/sendmail.mc
-rw-r--r--    1 root     root            1 Sep  8 11:38 /etc/sendmail.cf
-rw-r--r--    1 root     root           86 Sep  9 10:46 /etc/sendmail.mc
0
 
jlevieCommented:
On an RHEL 3.0 system there should not be a /etc/sendmail.cf or /etc/sendmail.mc. RedHat finally got smart and followed the Sendmail.org default of the stuff being in /etc/mail (except for the aliases file). And, unless its been modified, the sendmail init script will execute /etc/mail/Makefile which will rebuild /etc/mail/sendmail.cf if /etc/mail/sendmail.mc is newer.

From your last comment I'd say that you have an error in /etc/mail/sendmail.mc since /etc/mail/sendmail.cf is of zero length. To easily see what the error is execute:

cd /etc/mail
m4 sendmail.mc >sendmail.cf
0
 
compinfoAuthor Commented:
yes, here's the error I get:

sendmail.mc:10: m4: Cannot open /usr/share/sendmail-cf/m4/cf.m4: No such file or directory


I do have the /usr/share directory, but there's not a /usr/share/sendmail-cf/m4/cf.m4 directory, do I need to make one?
0
 
jlevieCommented:
That means that you haven't installed the sendmail-cf package. Since the system is registered with up2date the easy fix would be to do 'up2date -i sendmail.cf'.
0
 
compinfoAuthor Commented:
ok, I updated:

up2date sendmail
up2date sendmail.cf

both OK.

_____

I restarted sendmail and got this:

[root@www rc2.d]# /etc/rc2.d/S80sendmail stop
Shutting down sendmail:                                    [  OK  ]
Shutting down sm-client:                                   [FAILED]

and -

[root@www rc2.d]# /etc/rc2.d/S80sendmail start
Starting sendmail:                                         [  OK  ]
Starting sm-client:                                        [  OK  ]
______________________



0
 
compinfoAuthor Commented:
I tried my email out again, this time, again, I email a message to john@mywebsite.com and one to mary@yahoo.com.  Mary got her email, John did not.

Is there another /etc/hosts file somewhere else?  I also checked with this again:

220 www.mywebsite.com ESMTP Sendmail 8.12.11/8.12.11; Thu, 9 Sep 2004 16:44:54 -0400
HELO mail.mywebsite.com
250 www.mywebsite.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
HELO www.mywebsite.com
250 www.mywebsite.com Hello localhost.localdomain [127.0.0.1], pleased to meet you
HELO mywebsite.com
250 www.mywebsite.com Hello localhost.localdomain [127.0.0.1], pleased to meet you

*****************

Shouldn't it say for HELO mail.mywebsite.com, something like 250 mail.mywebsite.com and show the internal IP address (192.168.16.3)??


0
 
jlevieCommented:
Oops, I had a typo... That should have been 'up2date -i sendmail-cf' and it should tell you that it is installing the sendmail-cf package.

An update of sendmail, and there is one that might have been installed if you haven't run up2date in a while, would have installed a new sendmail.cf & sendmail.mc. So sendmail would have started up okay, but not with a sendmail.cf built from your modified sendmail.mc. Check the files in /etc/mail...
0
 
jlevieCommented:
> Shouldn't it say for HELO mail.mywebsite.com, something like 250 mail.mywebsite.com and show the
> internal IP address (192.168.16.3)??

Only if you went to the exchange server and executed the 'telnet www.mywebsite.com 25' from there. If you execute the telnet command on the mail server itself (telnet localhost 25) it will always report the connection as coming from localhost.

See my comment before your last one, please.
0
 
compinfoAuthor Commented:
Yes, I actually had the typo too, I did in fact up2date both sendmail and sendmail-cf, then stopped and started sendmail.

I'm assuming that:
/etc/rc2.d/S80sendmail stop

will stop sendmail, including sendmail-cf.  So, I'll try again tomorrow morning with a clear head...

I'd like to run a packet sniffer on it to see what is happening when mail is sent...

0
 
jlevieCommented:
sendmail-cf is not something that runs, but rather it is data that's used when building a sendmail.cf from a sendmail.mc file. So you need to verify that the change you made to /etc/mail/sendmail.mc is still in the file and that /etc/mail/sendmail.cf has a later timestamp. If sendmail was updated by up2date you change may not be there and you'll need to put it back in the file, execute the m4 command, and restart sendmail.
0
 
GnsCommented:
Um, compinfo... When you tested to send mail to john@mywebsite.com there shou've been _something_ about it put in mail logfile. Could you quote that to us? And did you define the firewall rule so that you can perform "telnet <ip-address of exchange server> 25" on the webserver?

-- Glenn
0
 
GnsCommented:
Oh, and thanks Jim for contributing your vast sendmail knowhow.

-- Glenn
0
 
compinfoAuthor Commented:
GNS:

Yes, I have a huge maillog file, filled with the following entry:

Sep 10 09:09:07 www sendmail[12161]: i85Jd5KT015067: to=<tsmith@mywebsite.com>, ctladdr=<apache@www.mywebsite.com> (48/48), delay=4+17:30:02, xdelay=00:00:00, mailer=esmtp, pri=10470537, relay=mail.mywebsite.com., dsn=4.0.0, stat=Deferred: Connection refused by mail.mywebsite.com.

0
 
jlevieCommented:
Connection refused by mail.mywebsite.com

Which indicates that the problem is either with your firewall not permitting an SMTP connection to mail.mywebsite.com or with mail server.

On the linux machine try a 'telnet mail.mywebsite.com 25' and see if you get an SMTP welcome banner. You'll be able to verify that the Linux box is using the private because telnet will tell you what IP it is connecting to. Remember that the IP has to be the private IP, not the public Internet IP.
0
 
GnsCommented:
Exactly. Couldn't have saidf it better... (and in part already did:-).
Thank you compinfo for sharing that crucial bit of info.

If it is the firewall rules giving you grief, remember that you need two SMTP rules, one for the regular thing between internet<->exchange, and one between DMZ<->exchange (or if you like from webserver<->exchange... and you might make it unidirectional from DMZ -> echange too). Is your FB set as a drop-in "transparent" firewall or a routed config? (For Jim, this is either proxyarp "semi-bridging", or traditional routed configuration)... Easy way to know is if all interfaces share the same IP address (and have the public network adress as a "related network") or have separate addresses.

-- Glenn
0
 
compinfoAuthor Commented:
JLEVIE:

Ok, from the linux (webserver) box, I *CAN* telenet to both the private IP address (192.168.16.3) and the DNS name (mail.mywebserver.com) and get a banner indicating the exchange box.

GNS:  

This FB is configured in drop-in mode.  I'm also working with Watchgaurd tech support on this issue and they seem to think it's from the linux webserver!  I am in the process of getting packet sniffing on both the trusted and the optional interfaces to show them what is going on.  I think once I get the trusted packet sniffing complete, we'll know a litt bit more about what is going on here.  Incidently, the optional packet sniffing has produced the "Connection Refused" log entry too.

Furthermore,  the public IP address is configured at the firewall level and NAT'd to the exchange mail server (55.55.55.3 --> 192.168.16.3).

Thanks to you BOTH for staying with me through this problem.  It is an interesting one!
0
 
GnsCommented:
The question is _why_ would the exchange server refuse the webserver connection...
Could you simulate a mail transfer session like this:

# telnet mail.mywebserver.com 25
EHLO www.mywebsite.com
MAIL FROM: <root@www.mywebsite.com>
RCPT TO: <john@mywebsite.com>
DATA
From: root@www.mywebsite.com
To: john@mywebsite.com
Subject: "test"

This is a testmessage.... Terminated by a "." by itself on a line (just below this one:-)...
.
QUIT
#

Does this work? If not, where does it fail?

-- Glenn
0
 
GnsCommented:
Oh, and did you configure an SMTP proxy or filter?

-- Glenn
0
 
compinfoAuthor Commented:
GNS:

Ok, Here's what I got (telnetting from the linux webserver to the microsoft exchange server):

[root@www root]# telnet mail.mywebsite.com 25
Trying 192.168.16.3...
Connected to mail.mywebsite.com (192.168.16.3).
Escape character is '^]'.
220 mywebsite.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.0 ready at  Mon, 13 Sep 2004 10:00:33 -0400

(When I did EHLO www.mywebsite.com, I got the following:)

EHLO mywebsite.com
250- mywebsite.com Hello [55.55.55.2]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK

MAIL FROM: <root@www.mywebsite.com>
250 2.1.0 root@www.mywebsite.com....Sender OK
RCPT TO: <jsmith@mywebsite.com>
250 2.1.5 jsmith@mywebsite.com
DATA
354 Start mail input; end with <CRLF>.<CRLF>
From: root@www.mywebsite.com
To: jsmith@mywebsite.com
Subject: "test"

This is a test message
.
250 2.6.0 <S04SBSvOIxJ2gWG6yhv00000653@mywebsite.com> Queued mail for delivery
QUIT
***********************

Proxy Services:

I have the following SERVICES configured on the firewall:

SMTP:  
INCOMING enabled and allowed from ANY to OPTIONAL
OUTGOING enabled and allowed from OPTIONAL and TRUSTED to ANY

SMTP SBS_2003:
INCOMING enabled and allowed from ANY to (55.55.55.3 -> 192.168.16.3)
OUTGOING enabled and allowed from ANY to ANY
 
***************************
0
 
compinfoAuthor Commented:
Oh!  And BTW, the test email DID SEND SUCCESSFULLY from the test above...
0
 
GnsCommented:
Ok, splendid... Now we should focus on what _doesn't work_ instead:-). (Btw, I'd do the OUTGOING a bit more specific (I'm allergic to "Any" specifications:-), but (obviously) that works, so no real need to munge it).

Hum, so for some reason the LUSER_RELAY don't seem to do what it should.
I might be intollerably dense, but how is the sendmail at www.mywebsite.com to understand that recipients in "mywebsite.com" are "semi-local recipients"....? I'm leaning towards you trying to set a SMART_HOST instead of the LUSER_RELAY, just to see what gives.

-- Glenn
0
 
jlevieCommented:
Okay... That says that mail can be sent to if the Sendmail config is correct. I'd like to see what you currently have in /etc/hosts, /etc/mail/local-host-names, what 'hostname' returns, and what 'grep LUSER_RELAY /etc/mail/sendmail.mc' returns.
0
 
compinfoAuthor Commented:
BTW:  service sendmail restart  (restarts sendmail on RH ES 3) ;-)
0
 
compinfoAuthor Commented:
GLENN:

Well, I've tried both LUSER and SMART (Red Hat Tech support recommended to start with SMART and comment out LUSER).  Then restarted sendmail, still no go!

JLEVIE:

/etc/hosts:

# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1       localhost.localdomain   localhost
192.168.16.3   mail.mywebsite.com

/etc/mail/local-hosts-names = empty, no entries.

Grep gives:

define('LUSER_RELAY', 'mail.mywebsite.com.com')dnl

* I just noticed the xtra '.com' above, is that a typo?




0
 
jlevieCommented:
With that error in the define() and nothing in local-host-names and mail sent to an address like tsmith@mywebsite.com, I think Sendmail is using what an MX lookup for the domain returns. That would be the outside IP and you can't connect to it.

Since this box is a web server and since that implies a static IP and a hostname within mydomain (perhaps www.mywebsite.com) there should be an entry in /etc/hosts for that name/IP. Without it it's hard to say what Sendmail "thinks" its domain is.  And of course 'hostname' should also return that same name. Even when that's been attended to one should have all of the names/domains in /etc/mail/local-host-names that this system is known by so that Sendmail can unambiguously determine what it is supposed to handle mail for. In this case that means that the file should contain at least:

localhost.localdomain
localdomain
www.mywebsite.com
mywebsite.com

And sendmail.mc needs to contain:

define('LUSER_RELAY', 'mail.mywebsite.com')dnl
0
 
GnsCommented:
> is that a typo?
Yes compinfo, as implied (if not expressly stated) by Jim.

> mywebsite.com
Jim, why do you insist on this? The webservers sendmail is _not_ responsible for that domain, the exchange server is... True, the LUSER_RELAY will not work without it, but I see it as ... "intentionally wrong":-). As I would do things, the webserver shouldn't be sending mails directly to the internet at all, but rather relay all non-local nails through the exchange server, thus making it easier to apply corpotate mailing policies and restrictions.
Oh well, i guess one can make it any way one wants:-)

-- Glenn
0
 
jlevieCommented:
> Jim, why do you insist on this? The webservers sendmail is _not_ responsible for that domain

If the host name of the machine is in the mywebsite.com domain, or the reverse lookup of one of the IP's that sendmail binds to points to that name Sendmail will presume that it is the mail server for the domain. It is possible to set up a web server in a completely different domain and have that hiddent from sendmail, but the usual config will wind with Sendmail thinking that it is the mail server for the domain. In that case SMART_HOST won't work because it only forwards non-local mail. The solution is to remove any doubt as to what domains Sendmail serves by listing all of them in local-host-names and use LUSER_RELAY
0
 
GnsCommented:
Ok. I'll willingly defer to your expertise here (since I've left the sendmail sphere since a wile back:-). Sounds a bit stupid, or at least "overoptimistic" on endmails part.

-- Glenn
0
 
compinfoAuthor Commented:
Hey, I just want this stuff to work!!!  :)
0
 
jlevieCommented:
It will, I promise... It's just a matter of getting the system and Sendmail config into the correct form.

Have you adjusted things to match my earlier comment?
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 28
  • 24
  • 15
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now