danielkirk
asked on
Sendmail does not deliver when email comes from an external server
Hi there,
I've had my servers setup for years, and working well. But I've recently been making some dns and other changes (like trying to install milter), and now I've run into a strange problem.
It's a Fedora Core something server running the latest sendmail and bind.
my /etc/aliases/file contains an entry like:
editor: myemail@myisp.com
If I send an email from the problematic server eg
> echo hello | mail editor@problemserver.com
then the email gets delivered to myemail@myisp.com (as you would expect).
However, if the email comes from an external source, eg I send an email to editor@problemserver.com from my PC, then the email does not get delivered. In fact there is not even an entry recorded in /var/log/mail (nor in /var/log/*), not an error message to be found.
Does anyone have a suggestion for me to look into?
thanks
I've had my servers setup for years, and working well. But I've recently been making some dns and other changes (like trying to install milter), and now I've run into a strange problem.
It's a Fedora Core something server running the latest sendmail and bind.
my /etc/aliases/file contains an entry like:
editor: myemail@myisp.com
If I send an email from the problematic server eg
> echo hello | mail editor@problemserver.com
then the email gets delivered to myemail@myisp.com (as you would expect).
However, if the email comes from an external source, eg I send an email to editor@problemserver.com from my PC, then the email does not get delivered. In fact there is not even an entry recorded in /var/log/mail (nor in /var/log/*), not an error message to be found.
Does anyone have a suggestion for me to look into?
thanks
arrkerr1024
When you send an email to problemserver.com it doesn't make an smtp connection to problemserver.com, it looks up the MX records for problemserver.com and sends the mail there. So check your MX records... assuming a top-level domain as in your example.
ASKER
okay here's an example of one of the zone files:
;
; Zone file for toptipper.com
;
$TTL 3D
@ IN SOA ns0.kirkyonline.com. webmaster.toptipper.com. (
2008020103
8H
2H
4W
1D )
;
NS ns0.kirkyonline.com. ; Inet Address of name server
NS ns1.kirkyonline.com. ; Inet Address of name server
MX 10 mail.toptipper.com. ; Primary Mail Exchanger
;
;toptipper.com. IN TXT "v=spf1 ip4:207.228.252.8 ip4:207.228.252.47 ip4:207.228.252.194 ip4:66.36.238.10 ip4:66.36.238.69 include:iinet.net.au include:bigpond.com ~all"
localhost A 207.228.252.47
ns0 A 207.228.252.47
ns1 A 207.228.252.194
www A 207.228.252.47
mail A 207.228.252.47
Does that give you any more info?
regards
;
; Zone file for toptipper.com
;
$TTL 3D
@ IN SOA ns0.kirkyonline.com. webmaster.toptipper.com. (
2008020103
8H
2H
4W
1D )
;
NS ns0.kirkyonline.com. ; Inet Address of name server
NS ns1.kirkyonline.com. ; Inet Address of name server
MX 10 mail.toptipper.com. ; Primary Mail Exchanger
;
;toptipper.com. IN TXT "v=spf1 ip4:207.228.252.8 ip4:207.228.252.47 ip4:207.228.252.194 ip4:66.36.238.10 ip4:66.36.238.69 include:iinet.net.au include:bigpond.com ~all"
localhost A 207.228.252.47
ns0 A 207.228.252.47
ns1 A 207.228.252.194
www A 207.228.252.47
mail A 207.228.252.47
Does that give you any more info?
regards
ASKER
If it helps, here's my named.conf file. I think the only changes I was making was with the "recursion yes;" which I think might be back to the way they were when the configuration was working (yes i've restarted named and yes i know i should have backed up the file before making changes)
[root@kirkyonline danielk]# cat /etc/named.conf
//
// named.caching-nameserver.c
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sampl
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dum
statistics-file "/var/named/data/named_sta
memstatistics-file "/var/named/data/named_mem
recursion yes;
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones"
};
[root@kirkyonline danielk]# cat /etc/named.conf
//
// named.caching-nameserver.c
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sampl
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
listen-on port 53 { 127.0.0.1; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
dump-file "/var/named/data/cache_dum
statistics-file "/var/named/data/named_sta
memstatistics-file "/var/named/data/named_mem
recursion yes;
query-source port 53;
query-source-v6 port 53;
allow-query { localhost; };
};
logging {
channel default_debug {
file "data/named.run";
severity dynamic;
};
};
view localhost_resolver {
match-clients { localhost; };
match-destinations { localhost; };
recursion yes;
include "/etc/named.rfc1912.zones"
};
ok, so when you send mail to you@toptipper.com it will make the connection to mail.toptipper.com (207.228.252.47). From your machine see if you can "telnet mail.toptipper.com smtp". It should open up a connection, and you could say "ehlo test" and it'll say hi back. If not, you've got a firewall in the way or sendmail isn't listening on the right interface.
Try that and we'll take it from there.
BTW, I hope that wasn't your whole named.conf... because you domains aren't in there (it never loads your toptipper.com zone file).
Try that and we'll take it from there.
BTW, I hope that wasn't your whole named.conf... because you domains aren't in there (it never loads your toptipper.com zone file).
ASKER
no i can't telnet to mail.toptipper.com smtp from anywhere - even from the same server (where I can send mail via the mail command as shown above) I get a connection refused message. I've got a feeling we're going off the beaten track here, I think the server is configured not to allow any form of telnet and there have been no changes to the firewall recently so its unlikely this is the source of the problem (but of course I could be wrong).
named.conf includes /etc/named.rfc1912.zones..
named.conf includes /etc/named.rfc1912.zones..
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
here are some commands i've run:
[root@kirkyonline mqueue]# pgrep -fl sendmail
8669 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
8693 sendmail: accepting connections
8694 sendmail: ./m111axX4031904 couldletter.com.: user open
[root@kirkyonline mqueue]# netstat -nlp|grep sendmail
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8693/sendmail: acce
[root@kirkyonline mqueue]# /etc/init.d/iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[danielk@toptipper-new ~]$ telnet mail.toptipper.com smtp
Trying 207.228.252.47...
telnet: connect to address 207.228.252.47: Connection refused
telnet: Unable to connect to remote host: Connection refused
[danielk@toptipper-new ~]$ echo hello | mail editor@sportspunter.com
mail is not delivered, and nothing shows in sendmail log on mail server
(that's from another server)
[root@kirkyonline mqueue]# telnet mail.toptipper.com smtp
Trying 207.228.252.47...
telnet: connect to address 207.228.252.47: Connection refused
telnet: Unable to connect to remote host: Connection refused
[root@kirkyonline mqueue]# echo hello | mail editor@toptipper.com
The email gets through
(thats' from the same server sendmail is running on)
The mail log shows:
Feb 1 05:51:33 kirkyonline sendmail[9080]: m115pXdI009080: from=root, size=32, class=0, nrcpts=1, msgid=<200802010551.m115pX
Feb 1 05:51:33 kirkyonline sendmail[9081]: m115pX6F009081: from=<root@kirkyonline.kir
Feb 1 05:51:33 kirkyonline sendmail[9080]: m115pXdI009080: to=editor@toptipper.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30032, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m115pX6F009081 Message accepted for delivery)
Feb 1 05:51:36 kirkyonline sendmail[9082]: m115pX6F009081: to=dkirk@iinet.net.au, ctladdr=<root@kirkyonline.
[root@kirkyonline mqueue]# pgrep -fl sendmail
8669 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
8693 sendmail: accepting connections
8694 sendmail: ./m111axX4031904 couldletter.com.: user open
[root@kirkyonline mqueue]# netstat -nlp|grep sendmail
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 8693/sendmail: acce
[root@kirkyonline mqueue]# /etc/init.d/iptables stop
Flushing firewall rules: [ OK ]
Setting chains to policy ACCEPT: filter [ OK ]
Unloading iptables modules: [ OK ]
[danielk@toptipper-new ~]$ telnet mail.toptipper.com smtp
Trying 207.228.252.47...
telnet: connect to address 207.228.252.47: Connection refused
telnet: Unable to connect to remote host: Connection refused
[danielk@toptipper-new ~]$ echo hello | mail editor@sportspunter.com
mail is not delivered, and nothing shows in sendmail log on mail server
(that's from another server)
[root@kirkyonline mqueue]# telnet mail.toptipper.com smtp
Trying 207.228.252.47...
telnet: connect to address 207.228.252.47: Connection refused
telnet: Unable to connect to remote host: Connection refused
[root@kirkyonline mqueue]# echo hello | mail editor@toptipper.com
The email gets through
(thats' from the same server sendmail is running on)
The mail log shows:
Feb 1 05:51:33 kirkyonline sendmail[9080]: m115pXdI009080: from=root, size=32, class=0, nrcpts=1, msgid=<200802010551.m115pX
Feb 1 05:51:33 kirkyonline sendmail[9081]: m115pX6F009081: from=<root@kirkyonline.kir
Feb 1 05:51:33 kirkyonline sendmail[9080]: m115pXdI009080: to=editor@toptipper.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30032, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m115pX6F009081 Message accepted for delivery)
Feb 1 05:51:36 kirkyonline sendmail[9082]: m115pX6F009081: to=dkirk@iinet.net.au, ctladdr=<root@kirkyonline.
ASKER
perhaps i shoudl have read your comment from the bottom up.
I removed DaemonPortOptions to not have "Addr=127.0.0.1"
and it is working again
Can you just explain what that command does and why it now works?
thanks
I removed DaemonPortOptions to not have "Addr=127.0.0.1"
and it is working again
Can you just explain what that command does and why it now works?
thanks
Sure. In the old releases of RedHat sendmail was installed and, by default, listened on all addresses. This mean that a new system was potentially a spam relay. To help resolve that issue by default sendmail only listens for connections on its loopback interface, so you can only use sendmail from the local machine.
The Addr= line in the DaemonPortOptions tells sendmail to only listen on a given address. 127.0.0.1 is the ip on the loopback interface - it is a reserved IP on all systems, and is only used to connect to yourself - it isn't routable.
The DamonPortOptions contains any number of options to onfnigure the daemon... if you had many interfaces on your machine (one IP on a vlan, one on some public network, one on some private, etc...) you could specify which ones to use, or you could specify an alternate port, etc...
Glad it works now!!!
The Addr= line in the DaemonPortOptions tells sendmail to only listen on a given address. 127.0.0.1 is the ip on the loopback interface - it is a reserved IP on all systems, and is only used to connect to yourself - it isn't routable.
The DamonPortOptions contains any number of options to onfnigure the daemon... if you had many interfaces on your machine (one IP on a vlan, one on some public network, one on some private, etc...) you could specify which ones to use, or you could specify an alternate port, etc...
Glad it works now!!!
I think that the question is solved - I posed the last comment as a clarification, but the last comment by the poster was that the issue was solved.
Forced accept.
modus_operandi
EE Moderator
modus_operandi
EE Moderator
ASKER
i don't get it, i clicked on 'this is the solution' and awarded points for a previous post. It's a bit silly to have to do it again just because we have a little post-solution discussion?
ASKER
I've just checked my email and it looks like I got given the points. I'm sure it asked me who should get them and I selected arrkerr!?!?