Sendmail does not deliver when email comes from an external server

Hi there,

I've had my servers setup for years, and working well.  But I've recently been making some dns and other changes (like trying to install milter), and now I've run into a strange problem.

It's a Fedora Core something server running the latest sendmail and bind.

my /etc/aliases/file contains an entry like:

editor: myemail@myisp.com

If I send an email from the problematic server eg

> echo hello | mail editor@problemserver.com

then the email gets delivered to myemail@myisp.com (as you would expect).

However, if the email comes from an external source, eg I send an email to editor@problemserver.com from my PC, then the email does not get delivered.  In fact there is not even an entry recorded in /var/log/mail (nor in /var/log/*), not an error message to be found.

Does anyone have a suggestion for me to look into?

thanks

danielkirkAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arrkerr1024Commented:
When you send an email to problemserver.com it doesn't make an smtp connection to problemserver.com, it looks up the MX records for problemserver.com and sends the mail there.  So check your MX records... assuming a top-level domain as in your example.
0
danielkirkAuthor Commented:
okay here's an example of one of the zone files:

;
; Zone file for toptipper.com
;
$TTL 3D
@       IN      SOA     ns0.kirkyonline.com. webmaster.toptipper.com. (
                        2008020103
                        8H
                        2H
                        4W
                        1D )
;
                NS      ns0.kirkyonline.com. ; Inet Address of name server
                NS      ns1.kirkyonline.com. ; Inet Address of name server
                MX      10 mail.toptipper.com. ; Primary Mail Exchanger
;
;toptipper.com. IN TXT "v=spf1 ip4:207.228.252.8 ip4:207.228.252.47 ip4:207.228.252.194 ip4:66.36.238.10 ip4:66.36.238.69 include:iinet.net.au include:bigpond.com ~all"
localhost       A       207.228.252.47
ns0             A       207.228.252.47
ns1             A       207.228.252.194
www             A       207.228.252.47
mail            A       207.228.252.47

Does that give you any more info?

regards
0
danielkirkAuthor Commented:
If it helps, here's my named.conf file.  I think the only changes I was making was with the "recursion yes;" which I think might be back to the way they were when the configuration was working (yes i've restarted named and yes i know i should have backed up the file before making changes)

[root@kirkyonline danielk]# cat /etc/named.conf

//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion yes;
        query-source    port 53;
        query-source-v6 port 53;
        allow-query     { localhost; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients      { localhost; };
        match-destinations { localhost; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};
0
The Ultimate Tool Kit for Technolgy Solution Provi

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy for valuable how-to assets including sample agreements, checklists, flowcharts, and more!

arrkerr1024Commented:
ok, so when  you send mail to you@toptipper.com it will make the connection to mail.toptipper.com (207.228.252.47).  From your machine see if you can "telnet mail.toptipper.com smtp".  It should open up a connection, and you could say "ehlo test" and it'll say hi back.  If not, you've got a firewall in the way or sendmail isn't listening on the right interface.

Try that and we'll take it from there.

BTW, I hope that wasn't your whole named.conf... because you domains aren't in there (it never loads your toptipper.com zone file).
0
danielkirkAuthor Commented:
no i can't telnet to mail.toptipper.com smtp from anywhere - even from the same server (where I can send mail via the mail command as shown above) I get a connection refused message.  I've got a feeling we're going off the beaten track here, I think the server is configured not to allow any form of telnet and there have been no changes to the firewall recently so its unlikely this is the source of the problem (but of course I could be wrong).  

named.conf includes  /etc/named.rfc1912.zones....
0
arrkerr1024Commented:
Doing a "telnet mail.toptipper.com smtp" makes a connection to the smtp port of the server.  If it doesn't pick up and say hi then your mail server is either not running, or you have a firewall blocking it.  You're just using the telnet program to make a connection on the smtp port - you aren't telnetting to the telnet port (which no one uses any more anyway) - hopefully that makes sense?  You can actually use telnet to test any un-encrypted service as long as you know the right commands - pop3, imap, smtp, http, etc.  Its very useful.

So ya, make sure sendmail is actually running ("pgrep -fl sendmail" and "netstat -nlp|grep sendmail")and make sure you don't have a local firewall (iptables --list).  You'll see some basic iptables rules even if you aren't firewalled - but I'd try running "/etc/init.d/iptables stop" to bring down the rules just to test.  If the "netstat -nlp|grep sendmail" only shows "127.0.0.1:25" and not "0.0.0.0:25" then your sendmail is only listening on localhost and you need to edit /etc/mail/sendmail.cf and modify you DaemonPortOptions to not have "Addr=127.0.0.1".

Let me/us know what you find.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
danielkirkAuthor Commented:
here are some commands i've run:

[root@kirkyonline mqueue]# pgrep -fl sendmail
8669 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
8693 sendmail: accepting connections
8694 sendmail: ./m111axX4031904 couldletter.com.: user open

[root@kirkyonline mqueue]# netstat -nlp|grep sendmail
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      8693/sendmail: acce

[root@kirkyonline mqueue]# /etc/init.d/iptables stop
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]


[danielk@toptipper-new ~]$ telnet mail.toptipper.com smtp
Trying 207.228.252.47...
telnet: connect to address 207.228.252.47: Connection refused
telnet: Unable to connect to remote host: Connection refused
[danielk@toptipper-new ~]$ echo hello | mail editor@sportspunter.com

mail is not delivered, and nothing shows in sendmail log on mail server
(that's from another server)

[root@kirkyonline mqueue]# telnet mail.toptipper.com smtp
Trying 207.228.252.47...
telnet: connect to address 207.228.252.47: Connection refused
telnet: Unable to connect to remote host: Connection refused

[root@kirkyonline mqueue]# echo hello | mail editor@toptipper.com
The email gets through
(thats' from the same server sendmail is running on)

The mail log shows:
Feb  1 05:51:33 kirkyonline sendmail[9080]: m115pXdI009080: from=root, size=32, class=0, nrcpts=1, msgid=<200802010551.m115pXdI009080@kirkyonline.kirkyonline.com>, relay=root@localhost
Feb  1 05:51:33 kirkyonline sendmail[9081]: m115pX6F009081: from=<root@kirkyonline.kirkyonline.com>, size=344, class=0, nrcpts=1, msgid=<200802010551.m115pXdI009080@kirkyonline.kirkyonline.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb  1 05:51:33 kirkyonline sendmail[9080]: m115pXdI009080: to=editor@toptipper.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30032, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m115pX6F009081 Message accepted for delivery)
Feb  1 05:51:36 kirkyonline sendmail[9082]: m115pX6F009081: to=dkirk@iinet.net.au, ctladdr=<root@kirkyonline.kirkyonline.com> (0/0), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30585, relay=as-av.iinet.net.au. [203.0.178.180], dsn=2.0.0, stat=Sent (ok:  Message 275706519 accepted)





0
danielkirkAuthor Commented:
perhaps i shoudl have read your comment from the bottom up.

I removed DaemonPortOptions to not have "Addr=127.0.0.1"

and it is working again

Can you just explain what that command does and why it now works?

thanks
0
arrkerr1024Commented:
Sure.  In the old releases of RedHat sendmail was installed and, by default, listened on all addresses.  This mean that a new system was potentially a spam relay.  To help resolve that issue by default sendmail only listens for connections on its loopback interface, so you can only use sendmail from the local machine.

The Addr= line in the DaemonPortOptions tells sendmail to only listen on a given address.  127.0.0.1 is the ip on the loopback interface - it is a reserved IP on all systems, and is only used to connect to yourself - it isn't routable.

The DamonPortOptions contains any number of options to onfnigure the daemon... if you had many interfaces on your machine (one IP on a vlan, one on some public network, one on some private, etc...) you could specify which ones to use, or you could specify an alternate port, etc...

Glad it works now!!!
0
arrkerr1024Commented:
I think that the question is solved - I posed the last comment as a clarification, but the last comment by the poster was that the issue was solved.
0
modus_operandiCommented:
Forced accept.
modus_operandi
EE Moderator
0
danielkirkAuthor Commented:
i don't get it, i clicked on 'this is the solution' and awarded points for a previous post.  It's a bit silly to have to do it again just because we have a little post-solution discussion?
0
danielkirkAuthor Commented:
I've just checked my email and it looks like I got given the points.  I'm sure it asked me who should get them and I selected arrkerr!?!?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.