?
Solved

FC sendmail will not send mail (relay)

Posted on 2005-03-01
10
Medium Priority
?
683 Views
Last Modified: 2013-12-17
I have sendmail and dovecot IMAP running on Fedora Core I got to the point that I can receive my mail form anywhere and anyone but I can only send to people in the same domain as me also the plain text authentication does not seem to wanna work
0
Comment
Question by:athera
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
10 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 13441344
If you attempt to send a message to a location outside of your local domain what happens? Does the mail just sit in the queue (check the output of mailq)? Is there anything interesting in /var/log/maillog?

Can you open a connection on the SMTP port to an MTA outside of your network, e.g., 'telnet mx1.redhat.com 25'?
0
 
LVL 2

Author Comment

by:athera
ID: 13441850
hi j-

I can only send to people in the same domain as me also the plain text authentication does not seem to wanna work

For some reason I think that this is an authentication  problem.

Because it allows to relay to anyone in the same domain but not ouside with password authentication off.

If I try to send to someone outside it says authentication failed.

If I turn password authentication on it keeps on asking for password over and over.

And yes I can open a connection on the SMTP port to an MTA outside of my network.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 13442059
Can you send mail to an outside address from the server itself (e.g., with the mail command)?

Do you need to have clients outside of the local network relay mail thorugh your server? If the answer to that is no the simple solution is to disable SMTP AUTH in sendmail.mc and add your local network to /etc/mail/access with RELAY privs.

If external clients do need to be able to relay you do need SMTP AUTH. In the simple case your sendmail.mc needs to include:

define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl

and you need to build a new sendmail.cf and restart sendmail. /usr/lib/sasl2/Sendmail.conf needs to contain "pwcheck_method:saslauthd" and the saslauthd service needs to be running.
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 2

Author Comment

by:athera
ID: 13443404
When I first looked at the sendmail.mc last week (plain vanila)
it had
define(`confAUTH_OPTIONS', `A')dnl
I added
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl
so that has been there.

today I checked /usr/lib/sasl2/Sendmail.conf it contains "pwcheck_method:saslauthd"

But when I did a ps aux saslauthd running so I started it and authentication works now BUT still NO SENDY :-(

When I try to send Thunderbird/Netscape Mail respond

An error occured while sending mail. The mail server responded 5.7.1 xxx@yyy.com. Relaying denied. IP (xx.xx.xx.xx) name possibly forged. Make sure your email is correct in the prefs.




0
 
LVL 40

Expert Comment

by:jlevie
ID: 13452000
Did you configure Thunderbird to authenticate to the SMTP server? That's a separate choice from authentication for reading mail.
0
 
LVL 2

Author Comment

by:athera
ID: 13452262
Yes of course
0
 
LVL 40

Accepted Solution

by:
jlevie earned 800 total points
ID: 13453248
Okay, doesn't hurt to ask...

I just set up SMTP AUTH on a FC3 box. What I did was to to edit sendmail.mc and include:

TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnl

and I commented out the line that restricts sendmail to only listen on the localhost IP. Next I built a new sendmail.cf (cd /etc/mail; make) and restarted sendmail (service sendmail restart). Then I checked to be sure that it was offering PLAIN and LOGIN as AUTH methods with:

chimera> telnet 192.168.0.57 25
Trying 192.168.0.57...
Connected to 192.168.0.57.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.13.1/8.13.1; Thu, 3 Mar 2005 14:25:04 -0600
EHLO entropy-free.net
250-localhost.localdomain Hello chimera.dynetics.com [192.168.0.6], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-AUTH LOGIN PLAIN
250-DELIVERBY
250 HELP
QUIT

and it is as evidenced by "250-AUTH LOGIN PLAIN". The next step was to enable saslauthd (service saslauthd start).

using thunderbird I configured it to authenicate to the mail server. On the "Outgoing Server (SMTP) Settings" I made sure that "Use name and password" was checked, the correct login name was filled in and "Use secure connection" was no.

I watched the tail end of /var/log/maillog and attempted a send from thunderbird (which prompted for a password) and saw:

Mar  3 14:32:26 localhost sendmail[5694]: AUTH=server, relay=[192.168.0.57], authid=levie, mech=PLAIN, bits=0
Mar  3 14:32:26 localhost sendmail[5694]: j23KWQE6005694: from=<Jim.Levie@xxxxx.com>, size=370, class=0, nrcpts=1, msgid=<4227745A.5070309@dynetics.com>, proto=ESMTP, daemon=MTA, relay=[192.168.0.57]
Mar  3 14:32:27 localhost sendmail[5696]: j23KWQE6005694: to=<jim@entrophy-free.net>, delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=120370, relay=praetorian.entrophy-free.net. [216.78.168.29], dsn=2.0.0, stat=Sent (j23KWQeB010980 Message accepted for delivery)
 
praetorian.entrophy-free.net isn't on the local network, so it did relay as expected.
0

Featured Post

Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question