?
Solved

Fedora Core and Sendmail Config

Posted on 2005-02-24
30
Medium Priority
?
20,011 Views
Last Modified: 2013-12-17
I have sendmail and dovecot running I got to the point that it all works fine on our internal network send receive etc.

But I can not telnet to the server on port 25 or 143 from an outside server. Thought it may be a firelwall conflict so took the firewall down all together but still does not work

Any ideas???
0
Comment
Question by:athera
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 18
  • 8
  • 4
30 Comments
 
LVL 34

Expert Comment

by:PsiCop
ID: 13395173
Sounds more like a network than a sendmail issue. Does your FC server on which sendmail is installed have a public IP address, or is it behind NAT?

If its behind NAT, then you need to enable port-forwarding on the NAT.
0
 
LVL 2

Author Comment

by:athera
ID: 13395488
The server has a public IP address and I can ssh to it, from outside, no problem but no telnet to port 25. By the way httpd works fine
0
 
LVL 2

Author Comment

by:athera
ID: 13395578
PsiCop
Also on the same network I have sendmail running fine on a box that isrunning  RedHat Linux not Fedora and it seems that the sendmail.mc is slightly different so I didn't attemt to move it over.
Nicholas
0
Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

 
LVL 34

Expert Comment

by:PsiCop
ID: 13395788
It is possible in the sendmail.mc to have the daemon bind to a port other than 25. I don't have a sendmail reference handy to look up the specific macro. Can you do a portscan against the box and see what ports are listening? Or use netstat to see what ports are bound?

Also, if the box has TCPWrappers, and they are not configured properly with regards to the network, then the TCP Port 25 traffic may dropped before it reaches sendmail.
0
 
LVL 2

Author Comment

by:athera
ID: 13395880
As far as TCPWrappers goes I added a line in host.allow
sendmail: ALL

As far as netstat goes ya I can do that but I can't make heads or tails from the output. I see dovecot 3 times but not sendmail.

Now how do I do a portscan??
0
 
LVL 2

Author Comment

by:athera
ID: 13396398
here is this (not sure if it helps)
[root@www nicholas]# nmap localhost

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-02-24 14:58 EST
Interesting ports on www.athera.com (127.0.0.1):
(The 1652 ports scanned but not shown below are in state: closed)
PORT    STATE SERVICE
22/tcp  open  ssh
25/tcp  open  smtp
80/tcp  open  http
111/tcp open  rpcbind
143/tcp open  imap
443/tcp open  https
631/tcp open  ipp
993/tcp open  imaps

Nmap run completed -- 1 IP address (1 host up) scanned in 0.363 seconds
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13396587
nmap = portscan

Well, *something* is bound to port 25. What is dovecote?
0
 
LVL 2

Author Comment

by:athera
ID: 13396940
(nmap = portscan) LOL

Dovecot is what I am using for IMAP

Well SMTP is bound on port 25 cause when I telnet from any box inside our network sendmail works fine
0
 
LVL 40

Expert Comment

by:jlevie
ID: 13398788
If you can telnet to the server on port 25 from another machine on your inside network, but not from the Internet, you need to look at what your gateway router/firewall config allows.
0
 
LVL 2

Author Comment

by:athera
ID: 13398811
jlevie

I actually took the firewall down for now  no gateway/router restrictions
0
 
LVL 40

Expert Comment

by:jlevie
ID: 13403206
So your Internet gateway router now doesn't have any firewall rules active, correct?

Is your local network behind a NAT'ing gateway router? That would mean that hosts on the local network use private IP's (from 10/8, 172.16/12, or 192.168/16)? If you are on a private network you need to configure the gateway router to port forward SMTP traffic to your mail server.

If your local network uses routable IP's and you are certain that there are no firewalls between the mail server and the Internet you need to ask your service provider if they block inbound connections on 25/TCP.
0
 
LVL 2

Author Comment

by:athera
ID: 13404227
jlevie

Don't even go there, I have half a class 'c' ( 0-127 ) 128 IPs I control the router I had several sendmail servers run before still do.
I know the problem is in that box. So is has to be something I am overseeing in the config files.

This is my first time with Fedora Core by the way. All my other mail servers where on RedHat 6-7-8.

I hope this is helfull.

nicholas
0
 
LVL 34

Expert Comment

by:PsiCop
ID: 13404367
If that's the case, then I'm back to thinking its something with TCPWrappers. Since its host-specific, its gotta be something in that host's TCP/IP protocol stack. Is it possible for you to turn off TCPWrappers and use straight inetd - mainly to try to pinpoint?
0
 
LVL 2

Author Comment

by:athera
ID: 13404460
jlevie

Also...
you should know this is an fresh install on a new Dell box. Everything else seems to work fine.
sendmail and dovecot work fine internally also.

There must be something in that box either FC or sendmail that prohibits the connection to an outside network.

nicholas
0
 
LVL 2

Author Comment

by:athera
ID: 13404484
Have the TCPWrappers changed in FC
I put
sendmail:ALL in the hosts.allow file

but it din't help
0
 
LVL 40

Expert Comment

by:jlevie
ID: 13404515
Okay, so we can be pretty sure that inbound SMTP connection can reach the FC3 box if the other servers are accessible.

To make sure "we are on the same page" I'd like to verify that you can telnet to this box from another node on the local network on the SMTP port, correct?

When you removed the localhost only restriction in /etc/mail/sendmail.mc did you comment out:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

or edit that line. The correct thing to do is to comment it out.

Does /etc/hosts.allow and/or /etc/hosts.deny contain any restrictions?

Does 'iptables -L' show:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
 
Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
 
Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Have you verified that the correct netmask and default route is set on this machine?
0
 
LVL 2

Author Comment

by:athera
ID: 13404622
just did an ifconfig
both eth0 and eth0:1 have the right info
Mask:255.255.255.128
and the correct broadcast address

I comment the magic line out did not edit it

Nothing in /etc/hosts.deny

How do I do this (    Does 'iptables -L' show:    )
0
 
LVL 2

Author Comment

by:athera
ID: 13404721
OK I know what the problem is
now
I have to figure out how to fix it

when I was looking at the ifconfig results I notice that eth0 has an extra line

 inet6 addr: fe80::211:11ff:fecb:d2f6/64 Scope:Link

so I tryed connecting to the IP that is assinged to eth0 not to eth0:1 that I was going to before and sendmail worked.

so now what??

0
 
LVL 2

Author Comment

by:athera
ID: 13404764
I guess the right thing to do is figure out how to configure eth0:1 properly

the way I do it now is by putting the following lines in the rc.local file

/sbin/ifconfig eth0:1 00.00.202.94
/sbin/ifconfig eth0:1 broadcast 00.00.202.127
/sbin/ifconfig eth0:1 netmask 255.255.255.128
/sbin/route add -host 00.00.202.94 dev eth0:1


 any ideas

0
 
LVL 40

Expert Comment

by:jlevie
ID: 13405437
Are you actually using an IP of 0.0.202.94, or is that just an obfuscated IP from your netblock?

You don't need to bring the IP up via commands in rc.local. If you create /etc/sysconfig/network-scripts/ifcfg-eth0:1 containing:

DEVICE=eth0:1
BOOTPROTO=static
BROADCAST=x.x.202.127
IPADDR=x.x.202.94
NETMASK=255.255.255.128
NETWORK=x.x.202.0
ONBOOT=yes
TYPE=Ethernet

/etc/init.d/network will bring up the sub-interface automatically.
0
 
LVL 2

Author Comment

by:athera
ID: 13405687
ya I put 00 so my boss doesn't have a freak out

OK so do I create a new file in   /etc/sysconfig/network-scripts/ifcfg-eth0:xx

for each eth0:1,eth0:2,eth0:3,.... etc....
???
nicholas
0
 
LVL 40

Expert Comment

by:jlevie
ID: 13405789
Yes.
0
 
LVL 2

Author Comment

by:athera
ID: 13420959
Hi jlevie

I was thinking that it has to be something within the sendmail.mc that prohibits it from binding due to the IP address misconfiguration.

I am saying that cause both httpd and sshd have no problem on both address.

Any thoughts???
0
 
LVL 40

Expert Comment

by:jlevie
ID: 13423343
It almost sounds like you edited rather than commented out the localhost IP restriction in sendmail.mc. What does 'grep DAEMON_OPTIONS /etc/mail/sendmail.mc' show?
0
 
LVL 2

Author Comment

by:athera
ID: 13428902
j--

here u go

[root@www nicholas]# grep DAEMON_OPTIONS /etc/mail/sendmail.mc
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
[root@www nicholas]#
0
 
LVL 40

Accepted Solution

by:
jlevie earned 800 total points
ID: 13431054
Well, that's certainly correct.

Sendmail only binds to IP's if they configured when Sendmail starts. If you bring up an IP in rc.local that will happen well after Sendmail started and could be a cause. The fix would be to move the interface config to /etc/sysconfig/network-scripts/ifcfg-eth0:1 since the boot process will then have the interface configured before Sendmail starts. If that wasn't the case you can restart sendmail (/sbin/service sendmail restart) to have it scan the interfaces.
0
 
LVL 2

Author Comment

by:athera
ID: 13431203
j--

u are correct I tryed adding eth0:2 your way and works fine.

I can get mail from anywhere now.

However I still have a problem sending not sure why still looking in the mailog

0
 
LVL 2

Author Comment

by:athera
ID: 13432472
from the maillog looked like an authentication problem
so I turned off the "pass required" on the client and that works
in sendmail .mc I used to put and I did here too last week when I started on this

TRUST_AUTH_MECH (`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS',`LOGIN PLAIN')dnl

so why is it relaying without password

any thoughts???
0
 
LVL 40

Expert Comment

by:jlevie
ID: 13433243
To do SMTP AUTH in the general case you should have:

define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH (`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS',`LOGIN PLAIN')dnl

in your sendmail.mc and have "pwcheck_method:saslauthd" in /usr/lib/sasl2/Sendmail.conf. Also you'll need the saslauthd daemon running (chkconfig saslauthd on). You can start the daemon with '/sbin/service saslauthd start' without having to reboot.

Without knowing what's currently enabled in sendmail.mc, what's in /etc/mail/access, and where your client is in relation to the Sendmail server it is hard to say why it relayed mail.
0
 
LVL 2

Author Comment

by:athera
ID: 13435485
j--

to keep with the scope of this forum I will close this q. and start a new one
"FC sendmail will not send mail"

it will be cleaner that way

Thanks for help so far
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Import PST to Exchange using Power Shell new-mailboximportrequest command, you can simply import the PST file into Exchange mailbox or archived. To know How to import PST into Exchange  2013 read the complete article.
As tax season makes its return, so does the increase in cyber crime and tax refund phishing that comes with it
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question