[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

Sendmail does not deliver when email comes from an external server

Posted on 2008-01-31
14
Medium Priority
?
444 Views
Last Modified: 2013-12-17
Hi there,

I've had my servers setup for years, and working well.  But I've recently been making some dns and other changes (like trying to install milter), and now I've run into a strange problem.

It's a Fedora Core something server running the latest sendmail and bind.

my /etc/aliases/file contains an entry like:

editor: myemail@myisp.com

If I send an email from the problematic server eg

> echo hello | mail editor@problemserver.com

then the email gets delivered to myemail@myisp.com (as you would expect).

However, if the email comes from an external source, eg I send an email to editor@problemserver.com from my PC, then the email does not get delivered.  In fact there is not even an entry recorded in /var/log/mail (nor in /var/log/*), not an error message to be found.

Does anyone have a suggestion for me to look into?

thanks

0
Comment
Question by:danielkirk
  • 7
  • 5
13 Comments
 
LVL 14

Expert Comment

by:arrkerr1024
ID: 20794258
When you send an email to problemserver.com it doesn't make an smtp connection to problemserver.com, it looks up the MX records for problemserver.com and sends the mail there.  So check your MX records... assuming a top-level domain as in your example.
0
 

Author Comment

by:danielkirk
ID: 20794287
okay here's an example of one of the zone files:

;
; Zone file for toptipper.com
;
$TTL 3D
@       IN      SOA     ns0.kirkyonline.com. webmaster.toptipper.com. (
                        2008020103
                        8H
                        2H
                        4W
                        1D )
;
                NS      ns0.kirkyonline.com. ; Inet Address of name server
                NS      ns1.kirkyonline.com. ; Inet Address of name server
                MX      10 mail.toptipper.com. ; Primary Mail Exchanger
;
;toptipper.com. IN TXT "v=spf1 ip4:207.228.252.8 ip4:207.228.252.47 ip4:207.228.252.194 ip4:66.36.238.10 ip4:66.36.238.69 include:iinet.net.au include:bigpond.com ~all"
localhost       A       207.228.252.47
ns0             A       207.228.252.47
ns1             A       207.228.252.194
www             A       207.228.252.47
mail            A       207.228.252.47

Does that give you any more info?

regards
0
 

Author Comment

by:danielkirk
ID: 20794300
If it helps, here's my named.conf file.  I think the only changes I was making was with the "recursion yes;" which I think might be back to the way they were when the configuration was working (yes i've restarted named and yes i know i should have backed up the file before making changes)

[root@kirkyonline danielk]# cat /etc/named.conf

//
// named.caching-nameserver.conf
//
// Provided by Red Hat caching-nameserver package to configure the
// ISC BIND named(8) DNS server as a caching only nameserver
// (as a localhost DNS resolver only).
//
// See /usr/share/doc/bind*/sample/ for example named configuration files.
//
// DO NOT EDIT THIS FILE - use system-config-bind or an editor
// to create named.conf - edits to this file will be lost on
// caching-nameserver package upgrade.
//
options {
        listen-on port 53 { 127.0.0.1; };
        listen-on-v6 port 53 { ::1; };
        directory       "/var/named";
        dump-file       "/var/named/data/cache_dump.db";
        statistics-file "/var/named/data/named_stats.txt";
        memstatistics-file "/var/named/data/named_mem_stats.txt";
        recursion yes;
        query-source    port 53;
        query-source-v6 port 53;
        allow-query     { localhost; };
};
logging {
        channel default_debug {
                file "data/named.run";
                severity dynamic;
        };
};
view localhost_resolver {
        match-clients      { localhost; };
        match-destinations { localhost; };
        recursion yes;
        include "/etc/named.rfc1912.zones";
};
0
The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

 
LVL 14

Expert Comment

by:arrkerr1024
ID: 20794374
ok, so when  you send mail to you@toptipper.com it will make the connection to mail.toptipper.com (207.228.252.47).  From your machine see if you can "telnet mail.toptipper.com smtp".  It should open up a connection, and you could say "ehlo test" and it'll say hi back.  If not, you've got a firewall in the way or sendmail isn't listening on the right interface.

Try that and we'll take it from there.

BTW, I hope that wasn't your whole named.conf... because you domains aren't in there (it never loads your toptipper.com zone file).
0
 

Author Comment

by:danielkirk
ID: 20794404
no i can't telnet to mail.toptipper.com smtp from anywhere - even from the same server (where I can send mail via the mail command as shown above) I get a connection refused message.  I've got a feeling we're going off the beaten track here, I think the server is configured not to allow any form of telnet and there have been no changes to the firewall recently so its unlikely this is the source of the problem (but of course I could be wrong).  

named.conf includes  /etc/named.rfc1912.zones....
0
 
LVL 14

Accepted Solution

by:
arrkerr1024 earned 2000 total points
ID: 20794457
Doing a "telnet mail.toptipper.com smtp" makes a connection to the smtp port of the server.  If it doesn't pick up and say hi then your mail server is either not running, or you have a firewall blocking it.  You're just using the telnet program to make a connection on the smtp port - you aren't telnetting to the telnet port (which no one uses any more anyway) - hopefully that makes sense?  You can actually use telnet to test any un-encrypted service as long as you know the right commands - pop3, imap, smtp, http, etc.  Its very useful.

So ya, make sure sendmail is actually running ("pgrep -fl sendmail" and "netstat -nlp|grep sendmail")and make sure you don't have a local firewall (iptables --list).  You'll see some basic iptables rules even if you aren't firewalled - but I'd try running "/etc/init.d/iptables stop" to bring down the rules just to test.  If the "netstat -nlp|grep sendmail" only shows "127.0.0.1:25" and not "0.0.0.0:25" then your sendmail is only listening on localhost and you need to edit /etc/mail/sendmail.cf and modify you DaemonPortOptions to not have "Addr=127.0.0.1".

Let me/us know what you find.
0
 

Author Comment

by:danielkirk
ID: 20794488
here are some commands i've run:

[root@kirkyonline mqueue]# pgrep -fl sendmail
8669 sendmail: Queue runner@01:00:00 for /var/spool/clientmqueue
8693 sendmail: accepting connections
8694 sendmail: ./m111axX4031904 couldletter.com.: user open

[root@kirkyonline mqueue]# netstat -nlp|grep sendmail
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      8693/sendmail: acce

[root@kirkyonline mqueue]# /etc/init.d/iptables stop
Flushing firewall rules:                                   [  OK  ]
Setting chains to policy ACCEPT: filter                    [  OK  ]
Unloading iptables modules:                                [  OK  ]


[danielk@toptipper-new ~]$ telnet mail.toptipper.com smtp
Trying 207.228.252.47...
telnet: connect to address 207.228.252.47: Connection refused
telnet: Unable to connect to remote host: Connection refused
[danielk@toptipper-new ~]$ echo hello | mail editor@sportspunter.com

mail is not delivered, and nothing shows in sendmail log on mail server
(that's from another server)

[root@kirkyonline mqueue]# telnet mail.toptipper.com smtp
Trying 207.228.252.47...
telnet: connect to address 207.228.252.47: Connection refused
telnet: Unable to connect to remote host: Connection refused

[root@kirkyonline mqueue]# echo hello | mail editor@toptipper.com
The email gets through
(thats' from the same server sendmail is running on)

The mail log shows:
Feb  1 05:51:33 kirkyonline sendmail[9080]: m115pXdI009080: from=root, size=32, class=0, nrcpts=1, msgid=<200802010551.m115pXdI009080@kirkyonline.kirkyonline.com>, relay=root@localhost
Feb  1 05:51:33 kirkyonline sendmail[9081]: m115pX6F009081: from=<root@kirkyonline.kirkyonline.com>, size=344, class=0, nrcpts=1, msgid=<200802010551.m115pXdI009080@kirkyonline.kirkyonline.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb  1 05:51:33 kirkyonline sendmail[9080]: m115pXdI009080: to=editor@toptipper.com, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30032, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m115pX6F009081 Message accepted for delivery)
Feb  1 05:51:36 kirkyonline sendmail[9082]: m115pX6F009081: to=dkirk@iinet.net.au, ctladdr=<root@kirkyonline.kirkyonline.com> (0/0), delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=30585, relay=as-av.iinet.net.au. [203.0.178.180], dsn=2.0.0, stat=Sent (ok:  Message 275706519 accepted)





0
 

Author Comment

by:danielkirk
ID: 20794503
perhaps i shoudl have read your comment from the bottom up.

I removed DaemonPortOptions to not have "Addr=127.0.0.1"

and it is working again

Can you just explain what that command does and why it now works?

thanks
0
 
LVL 14

Expert Comment

by:arrkerr1024
ID: 20795854
Sure.  In the old releases of RedHat sendmail was installed and, by default, listened on all addresses.  This mean that a new system was potentially a spam relay.  To help resolve that issue by default sendmail only listens for connections on its loopback interface, so you can only use sendmail from the local machine.

The Addr= line in the DaemonPortOptions tells sendmail to only listen on a given address.  127.0.0.1 is the ip on the loopback interface - it is a reserved IP on all systems, and is only used to connect to yourself - it isn't routable.

The DamonPortOptions contains any number of options to onfnigure the daemon... if you had many interfaces on your machine (one IP on a vlan, one on some public network, one on some private, etc...) you could specify which ones to use, or you could specify an alternate port, etc...

Glad it works now!!!
0
 
LVL 14

Expert Comment

by:arrkerr1024
ID: 20808093
I think that the question is solved - I posed the last comment as a clarification, but the last comment by the poster was that the issue was solved.
0
 
LVL 1

Expert Comment

by:modus_operandi
ID: 20876813
Forced accept.
modus_operandi
EE Moderator
0
 

Author Comment

by:danielkirk
ID: 20879409
i don't get it, i clicked on 'this is the solution' and awarded points for a previous post.  It's a bit silly to have to do it again just because we have a little post-solution discussion?
0
 

Author Comment

by:danielkirk
ID: 20879436
I've just checked my email and it looks like I got given the points.  I'm sure it asked me who should get them and I selected arrkerr!?!?
0

Featured Post

Receive 1:1 tech help

Solve your biggest tech problems alongside global tech experts with 1:1 help.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This installment of Make It Better gives Media Temple customers the latest news, plugins, and tutorials to make their Grid shared hosting experience that much smoother.
Welcome back to our beginners guide of the popular Unix tool, cron. If you missed part one where we introduced this tool, the link is below. We left off learning how to build a simple script to schedule automatic back ups. Now, we’ll learn how to se…
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager
Suggested Courses
Course of the Month8 days, 18 hours left to enroll

590 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question