• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1706
  • Last Modified:

Sendmail: Unable to relay

Hey Gang,

Don't really know sendmail to save my life.  Here's the issue...

uname -a = SunOS server1 5.9 Generic_112233-11 sun4u sparc SUNW,Sun-Fire-480R

-If I try to send an email (mailx) from server1 to root (itself)...it fails. (See below).

-If I try to send an email (mailx) from server1 to root@server1 OR root@server1.domain.com OR root@localhost...they all fail.

-If I ping serverTWO, it succeeds with the correct IP (it is resolving fine.)

-BUT if I send a mail to "root@serverTWO" OR "root@serverTWO.domain.com"...it fails.

-IF I send an email to "me@mymail.com" from server1...it SUCCEEDS.

THE FOLLOWING IS what I get out of the saved mail at /var/spool/clientmqueue when it fails.  I notice that this message says it was from recipient ROOT@LOCALHOST, whereas all my other servers always put the recipient as "ROOT@SERVERNAME.DOMAIN.COM".  Could this be a name resolution issue?
*****************************************
cat dfj43LO2H0008651
This is a MIME-encapsulated message

--j43LO2H0008651.1115155442/server1.domain.com

The original message was received at Tue, 3 May 2005 14:24:02 -0700 (PDT)
from root@localhost

   ----- The following addresses had permanent fatal errors -----
root
    (reason: 550 5.7.1 Unable to relay for root@server1.domain.com)
    (expanded from: root)

   ----- Transcript of session follows -----
... while talking to mailhost:
>>> DATA
<<< 550 5.7.1 Unable to relay for root@server1.domain.com
550 5.1.1 root... User unknown
<<< 554 5.5.2 No valid recipients

--j43LO2H0008651.1115155442/server1.domain.com
Content-Type: message/delivery-status

Reporting-MTA: dns; server1.domain.com
Arrival-Date: Tue, 3 May 2005 14:24:02 -0700 (PDT)

Final-Recipient: RFC822; root@server1.domain.com
Action: failed
Status: 5.7.1
Remote-MTA: DNS; mailhost
Diagnostic-Code: SMTP; 550 5.7.1 Unable to relay for root@server1.domain.com
Last-Attempt-Date: Tue, 3 May 2005 14:24:02 -0700 (PDT)

--j43LO2H0008651.1115155442/server1.domain.com
Content-Type: message/rfc822

Return-Path: <root>
Received: (from root@localhost)
        by server1.domain.com (8.12.10+Sun/8.12.10/Submit) id j43LO2Gx008651
        for root; Tue, 3 May 2005 14:24:02 -0700 (PDT)
Date: Tue, 3 May 2005 14:24:02 -0700 (PDT)
From: Super-User <root>
Message-Id: <200505032124.j43LO2Gx008651@server1.domain.com>
To: root
Subject: test from server1 to root

tes
*************************

Thanks!
M
0
Mike R.
Asked:
Mike R.
  • 10
  • 3
  • 3
2 Solutions
 
Mike R.Author Commented:
P.S.  None of my mail aliases are working either.  including the ones that go to functioning address...

I.E. (from /etc/aliases)
admin: me@mymail.com

...If I send an email to me@mymail.com, it succeeds...
...BUT if I send an email to "admin"...it fails as above.

Thanks!
M
0
 
Mike R.Author Commented:
P.P.S.

Here are the errors when I try to send to an alias...
... while talking to mailhost:
>>> DATA
<<< 550 5.7.1 Unable to relay for admin@server1.domain.com
550 5.1.1 admin... User unknown
<<< 554 5.5.2 No valid recipients
0
 
PsiCopCommented:
This may have been better-asked in the Sendmail TA (http://www.experts-exchange.com/Networking/Email_Groupware/Sendmail/), but let's see what we can do.

Telnet to localhost port 25 - what banner is displayed?
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Mike R.Author Commented:
Thankd for the help.  We can move the post if you think it necessary.
If I attempt to telnet to port 25 I get...

telnet: Unable to connect to remote host: Connection refused
0
 
PsiCopCommented:
That means that sendmail isn't running. If it was, you'd get sendmail's banner.

As root, type entering --> /etc/init.d/sendmail start

What happens? What is the result if you telnet to Port 25 on the localhost now?
0
 
Mike R.Author Commented:
When I do a "ps -ef | grep send" I get the following...

    root  3265     1  0   Apr 13 ?        0:00 /usr/lib/sendmail -q15m
   smmsp  3263     1  0   Apr 13 ?        0:00 /usr/lib/sendmail -Ac -q15m
    root 10308  1184  0 12:04:46 pts/18   0:00 grep -i send

After doing an "/etc/init.d/sendmail stop" and an "/etc/init.d/sendmail start" I get the same response to a telnet of

telnet: Unable to connect to remote host: Connection refused

Sendmail is running, 'cause I CAN send out from the box to me@mymail.com...but I am wondering if port 25 is not active for some reason.  It looks correct in "/etc/services" as ...
smtp            25/tcp          mail

...and there is nothing in /etc/inetd.conf (but I don't think there should be.)

BUT all my others servers that work DO respond to a telnet to port 25.  

How do we check that port 25 is on and active?

Thanks!
M
0
 
PsiCopCommented:
No, sendmail is not launched as part of the TCP/IP protocol daemon (inetd), and hence does not appear in inetd.conf.

It should be listed in /etc/services just like it is.

I think that you are not telnetting to PORT 25. Your command line should look like this --> # telnet localhost 25

If you do not specify port 25, then telnet will use its default, port 23. You must specify the port.

When you telnet to port 25, a correctly-configured sendmail wil respond with a banner. The fact that the Mail Submission Agent (MSA) component is running as an unprivledged user (smmsp) is a good sign.
0
 
Mike R.Author Commented:
I understand.  I am actually telnetting to port 25 using just the command above (excpet using the servername, not localhost.)

I CAN telnet to server1 on the regular telnet port (using JUST command telnet, OR "telnet server1 23")...HOWEVER, I cannot get in using the command "telnet server1 25".  Thats when I get the above error.

I CAN telnet to all my other servers on port 25, which ARE working with the command "telnet <servername> 25".

So I am still thinking something is amiss with port 25.

I inherited this box, so I am womdering if some well meaning admin locked out port 25 thinking he was securing the system. Is there a way to enab;e/disable port 25 specifically?

Thanks!
M
0
 
neteducationCommented:
this task:

root  3265     1  0   Apr 13 ?        0:00 /usr/lib/sendmail -q15m

would be the one that should be listening on port 25, however as it seems it is not. This can have two reasons: Eigther sendmail was reconfigured so that it does not liste, or some sort of firewall/hardening forbids the connect.

What you could try is to run

pfiles <pid_of_that_sendmailprocess>, i.e.

pfiles 3265

in the above example. If it is listening on port 25 it sould output (among other things) something like
 4: S_IFSOCK mode:0666 dev:275,0 ino:37934 uid:0 gid:0 size:0
      O_RDWR|O_NONBLOCK
        sockname: AF_INET6 ::  port: 25

if this is the case, but you cannot connect, then some firewall/hardening forbids the connect. If this is NOT the case, then sendmail is not configured to listen there. copy your /etc/mail/subsidiary.cf to /etc/mail/sendmail.cf and edit the line that starts with DS to point to your real mailserver.
0
 
Mike R.Author Commented:
OK...were on to something.  I did the pfiles, and did NOT see anything about port 25 (see actual output below).

Here's part of the conundrum.

REMEMBER, I CAN send mail out to my real email address of "me@myemail.com"...
I JUST CANNOT send mail from the LOCAL box TO the LOCAL box (I.E. [mailx -s "test" root] fails.)

If I check the "/etc/mail/sendmail.cf" I see the lines...
# "Smart" relay host (may be null)
DSmailhost$?m.$m$.

...and when I do an nslookup mailhost or a "ping -s mailhost" it comes up with the CORRECT mail server.

Do I still need to change the "DS" line?  And, if so, HOW?

OR...is this a config problem with the mailhost server?

Thanks!
M


*********************
Command outputs
*********************

 root @ server1 | /root >
ksh # ps -ef | grep sendmail
   smmsp 10575     1  0   May 04 ?        0:00 /usr/lib/sendmail -Ac -q15m
    root 13360 23066  0 17:06:42 pts/109  0:00 grep sendmail
   smmsp  3263     1  0   Apr 13 ?        0:00 /usr/lib/sendmail -Ac -q15m
    root 10573     1  0   May 04 ?        0:00 /usr/lib/sendmail -q15m

 root @ server1 | /root >
ksh # pfiles 10575
10575:  /usr/lib/sendmail -Ac -q15m
  Current rlimit: 1024 file descriptors
   0: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_RDONLY
   1: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_WRONLY
   2: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_WRONLY
   3: S_IFDOOR mode:0444 dev:291,0 ino:10101 uid:0 gid:0 size:0
      O_RDONLY|O_LARGEFILE FD_CLOEXEC  door to nscd[542]
   4: S_IFCHR mode:0000 dev:85,0 ino:39307 uid:0 gid:0 rdev:41,2043
      O_RDONLY
   5: S_IFCHR mode:0666 dev:85,0 ino:3415 uid:0 gid:3 rdev:21,0
      O_WRONLY FD_CLOEXEC

 root @ server1 | /root >
ksh # pfiles 3263
3263:   /usr/lib/sendmail -Ac -q15m
  Current rlimit: 1024 file descriptors
   0: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_RDONLY
   1: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_WRONLY
   2: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_WRONLY
   3: S_IFDOOR mode:0444 dev:291,0 ino:10101 uid:0 gid:0 size:0
      O_RDONLY|O_LARGEFILE FD_CLOEXEC  door to nscd[542]
   4: S_IFCHR mode:0000 dev:85,0 ino:34886 uid:0 gid:0 rdev:41,1137
      O_RDONLY
   5: S_IFCHR mode:0000 dev:85,0 ino:32397 uid:0 gid:0 rdev:41,1270
      O_RDWR FD_CLOEXEC
   6: S_IFCHR mode:0666 dev:85,0 ino:3415 uid:0 gid:3 rdev:21,0
      O_WRONLY FD_CLOEXEC

 root @ server1 | /root >
ksh # pfiles 10573
10573:  /usr/lib/sendmail -q15m
  Current rlimit: 1024 file descriptors
   0: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_RDONLY
   1: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_WRONLY
   2: S_IFCHR mode:0666 dev:85,0 ino:3419 uid:0 gid:3 rdev:13,2
      O_WRONLY
   3: S_IFDOOR mode:0444 dev:291,0 ino:10101 uid:0 gid:0 size:0
      O_RDONLY|O_LARGEFILE FD_CLOEXEC  door to nscd[542]
   4: S_IFCHR mode:0000 dev:85,0 ino:39905 uid:0 gid:0 rdev:41,1489
      O_RDONLY
   5: S_IFCHR mode:0666 dev:85,0 ino:3415 uid:0 gid:3 rdev:21,0
      O_WRONLY FD_CLOEXEC

0
 
neteducationCommented:
ok, your DS-line looks fine but I suppose some other chages have been made to your sendmail.cf

Instead of going through each of the parameters seperatly, let's try the following:

cp /etc/mail/sendmail.cf /etc/mail/sendmail.cf.bak
cp /etc/mail/subsidiary.cf /etc/mail/sendmail.cf
/etc/init.d/sendmail stop
/etc/init.d/sendmail start

then let's see again if you can listen on port 25
0
 
Mike R.Author Commented:
Rats.  unfortunately...no go.  I coped the subsidiary.cf over sendmail.cf, stopped and started, and same errors all around.  See below...

 root @ server1 | /etc/mail >
ksh # cp -p sendmail.cf sendmail.cf.5.5.05.MPR

 root @ server1 | /etc/mail >
ksh # cp -p subsidiary.cf sendmail.cf

 root @ server1 | /etc/mail >
ksh # /etc/init.d/sendmail stop

 root @ server1 | /etc/mail >
ksh # /etc/init.d/sendmail start

 root @ server1 | /etc/mail >
ksh # telnet server1 25
Trying 158.114.24.190...
telnet: Unable to connect to remote host: Connection refused

 root @ server1 | /etc/mail >
ksh # mailx -s "test" root < /etc/hosts

 root @ server1 | /etc/mail >
ksh # May  5 18:15:42 server1 sendmail[20717]: [ID 801593 mail.alert] j461FgxZ020717: Losing ./qfj461FgxZ020717: savemail panic

 root @ server1 | /etc/mail >
ksh # mail
No mail.

Thanks...what should I try next :-)
M

0
 
neteducationCommented:
Hmm... ok, maybe some other process (such as the firewall/hardening thing) could block port 25, and sendmail can therefore not connect to it.

if you do a

 netstat -an | grep 25

is there a line that says

      *.25                 *.*                0      0 49152      0 LISTEN

or something similar ?

if so, try the following script:

for i in `ls /proc`
do
echo $i
pfiles $i | grep port | grep 25
done

The Number right above the line that reads something like
        sockname: AF_INET6 ::  port: 25
is the process id that "sits" on port 25


If nobody is sitting on port 25, then this is getting really interesting. You should copy over the subsidiary.cf from some other machine to your problem-machine then (and overwrite sendmail.cf with it)... maybe this hardening tool did also change the subsidiary.cf-template. But I rather think that some other process is blocking port 25.

you can also check the output of netstat -an and see what the state in TCP: IPv4, local address *.* is. It should be "IDLE". If it is "LISTEN" then some sort of firewall is running.
0
 
Mike R.Author Commented:
OK...this is sucking :-)

ksh # netstat -an | grep LISTEN | grep 25
      *.2555               *.*                0      0 49152      0 LISTEN
      *.35125              *.*                0      0 49152      0 LISTEN

So I FTP'd the sendmail.cf from one of the working machines over to server1, and restarted sendmail with "/etc/init.d/sendmail" stop/start...but no luck.  Same errors (see below.)  I notice there is a "main.cf" in "/etc/mail" as well.  Could one of those be the issue?

ERRORS*********************
 root @ server1 | /etc/mail >
ksh # mailx -s "test" root
test
EOT

 root @ server1 | /etc/mail >
ksh # May  6 10:39:55 server1 sendmail[19508]: [ID 801593 mail.alert] j46HdtKY019508: Losing ./qfj46HdtKY019508: savemail panic

 root @ server1 | /etc/mail >
ksh # netstat -rn | grep LISTEN | grep 25

 root @ server1 | /etc/mail >
ksh # mail
No mail.
0
 
Mike R.Author Commented:
Here's another interesting tidbit.  

On the working servers, the relay agent is set to local host...but on the "bad" servers, it is ALSO set to the external mail server.

How do I change the relay agent?

Thanks!
M
0
 
Mike R.Author Commented:
Screw it...backburnered to death :-)

Points to everyone who answered :-)
M
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 10
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now