Solved

Problem with Sendmail

Posted on 2004-09-09
7
1,642 Views
Last Modified: 2012-05-05
Hi experts.

I Have the following problem:

I have a server with MailScanner 4.31 (with sendmail integrated). We are hosting a domain named EDELCARIBE.COM. The users of this domain live at panamá and they've been having troubles with they're mails. They cannot send mail through my server, the message they get is the following:

The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'bmendieta@repinterpma.com'. Subject 'Fw: Oferta en Firme', Account: 'Julio Artuz Eurolatina', Server: 'mail.edelcaribe.com', Protocol: SMTP, Server Response: '550 5.7.1 <bmendieta@repinterpma.com>... Relaying denied. IP name possibly forged [200.75.219.128]', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79

I have the domain in /etc/hosts, /et/mail/relay-domains, in access db... i have enabled all sendmail features to relay using access db, etc. Here's my sendmail.mc file:

divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.your.provider')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(access_db)dnl
FEATURE(relay_entire_domain)dnl
dnl FEATURE(`relay_hosts_only')dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl #       a kernel patch
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

i Executed m4 but nothing, the message still appears. The cand receive but they cannot send.

I don't know what else should i do. A month ago, that domain was updated and i have checked my named.conf and my zones and everything seems to be ok. I don't know if a domain trouble because it resolves. The first name server is 63.245.101.9 and the second DNS is 63.245.101.4.

What can it be??. i don't know what to do.

thanks.
0
Comment
Question by:rbraym
  • 4
  • 2
7 Comments
 

Expert Comment

by:mmajere
ID: 12020320
__________________________________________________________________________________________________________________________________________
"The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'bmendieta@repinterpma.com'. Subject 'Fw: Oferta en Firme', Account: 'Julio Artuz Eurolatina', Server: 'mail.edelcaribe.com', Protocol: SMTP, Server Response: '550 5.7.1 <bmendieta@repinterpma.com>... Relaying denied. IP name possibly forged [200.75.219.128]', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79"
__________________________________________________________________________________________________________________________________________
Unless I am missing something this tells you what you need to know.  Inside the access.db you need to allow 200.75..219.128 to relay through your mail server.   You can do this with the following entries from insecure to secure


cableonda.net       RELAY    # this allows anyone from cableonda.net to relay through your server, but requires little intervention on your part
200.75.219        RELAY       # This allows anyone on the 200.75.219 subnet to relay through your server.
200.75.219.128  RELAY       # This allows the client to relay through your server, but since he is on cable-modem unless he has a static ip this will change every few days.

There are several options to get around this method such as smtp authentication or poprelay, but this will work for a quick fix.  

Good luck.  
0
 

Author Comment

by:rbraym
ID: 12020547
Ok  mmajere.   Actually, i already had cableonda.net RELAY in access db.. as you said that ip address change because is not a static ip and they're different.. the only part i see that  stands is 200.75, the rest change. I don't think it's a good solution.

What options do you think i can use??..

Thanks a lot.
0
 

Author Comment

by:rbraym
ID: 12020560
Another question, what can i do so sendmail can relay domains and not ip adresses??

Thanks
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 

Accepted Solution

by:
mmajere earned 100 total points
ID: 12021319
http://poprelay.sourceforge.net/  This the option i use.  Easy to implement and a small footprint
0
 

Author Comment

by:rbraym
ID: 12021372
Ok, i will try it..

Thanks for your option.

0
 
LVL 40

Expert Comment

by:jlevie
ID: 12021392
With dynamic external IP's another good solution is to enable SMTP AUTH (see http://www.sendmail.org/~ca/email/auth.html)
They your users simply configure their mail client for SMTP authentication and suppy a valid password and they'll be allowed
to relay, safely.
0
 

Author Comment

by:rbraym
ID: 12021460
Thanks jlevie for your help..
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
linux dns for internal resolve 2 49
Exploits in Kali Linux 4 221
Error when calling SSH command 20 101
Linux on a Dell PowerEdge 720 3 103
I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now