Solved

Setting up Sendmail gets returned failed message

Posted on 2008-10-15
24
1,263 Views
Last Modified: 2013-12-06
I am setting up Sendmail on a Redhat 5 virtual box.  Sendmail comes already installed, and I can send mail out to either myself or root.  Email to gmail doesn't arrive but email to my exchange server does.  email needs to come in from another server on the intranet and then get pushed out.  And I need smtp, and sauthlad.  attempting to install the sauslath results in a breaking of sendmail where  mail can be sent manually but goes nowhere.  Out of the proverbial box I can send mail out, but can't seem to touch anything without breaking the whole thing.
I've attached a copy of my sendmail.mc file
divert(-1)dnl

dnl #

dnl # This is the sendmail macro config file for m4. If you make changes to

dnl # /etc/mail/sendmail.mc, you will need to regenerate the

dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is

dnl # installed and then performing a

dnl #

dnl #     make -C /etc/mail

dnl #

include(`/usr/share/sendmail-cf/m4/cf.m4')dnl

VERSIONID(`setup for linux')dnl

OSTYPE(`linux')dnl

dnl #

dnl # Do not advertize sendmail version.

dnl #

dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl

dnl #

dnl # default logging level is 9, you might want to set it higher to

dnl # debug the configuration

dnl #

dnl define(`confLOG_LEVEL', `9')dnl

dnl #

dnl # Uncomment and edit the following line if your outgoing mail needs to

dnl # be sent out through an external mail server:

dnl #

dnl define(`SMART_HOST', `smtp.your.provider')dnl

dnl #

define(`confDEF_USER_ID', ``8:12'')dnl

dnl define(`confAUTO_REBUILD')dnl

define(`confTO_CONNECT', `1m')dnl

define(`confTRY_NULL_MX_LIST', `True')dnl

define(`confDONT_PROBE_INTERFACES', `True')dnl

define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl

define(`ALIAS_FILE', `/etc/aliases')dnl

define(`STATUS_FILE', `/var/log/mail/statistics')dnl

define(`UUCP_MAILER_MAX', `2000000')dnl

define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl

define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl

define(`confAUTH_OPTIONS', `A')dnl

dnl #

dnl # The following allows relaying if the user authenticates, and disallows

dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links

dnl #

dnl define(`confAUTH_OPTIONS', `A p')dnl

dnl #

dnl # PLAIN is the preferred plaintext authentication method and used by

dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do

dnl # use LOGIN. Other mechanisms should be used if the connection is not

dnl # guaranteed secure.

dnl # Please remember that saslauthd needs to be running for AUTH.

dnl #

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PL$

dnl #

dnl # Rudimentary information on creating certificates for sendmail TLS:

dnl #     cd /usr/share/ssl/certs; make sendmail.pem

dnl # Complete usage:

dnl #     make -C /usr/share/ssl/certs usage

dnl #

dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl

dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl

dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl

dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl

dnl #

dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's

dnl # slapd, which requires the file to be readble by group ldap

dnl #

dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl

dnl #

dnl define(`confTO_QUEUEWARN', `4h')dnl

dnl define(`confTO_QUEUERETURN', `5d')dnl

dnl define(`confQUEUE_LA', `12')dnl

dnl define(`confREFUSE_LA', `18')dnl

define(`confTO_IDENT', `0')dnl

dnl FEATURE(delay_checks)dnl

FEATURE(`no_default_msa', `dnl')dnl

FEATURE(`smrsh', `/usr/sbin/smrsh')dnl

FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl

FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl

FEATURE(redirect)dnl

FEATURE(always_add_domain)dnl

FEATURE(use_cw_file)dnl

FEATURE(use_ct_file)dnl

dnl #

dnl # The following limits the number of processes sendmail can fork to accept

dnl # incoming messages or process its message queues to 20.) sendmail refuses

dnl # to accept connections once it has reached its quota of child processes.

dnl #

dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl

dnl #

dnl # Limits the number of new connections per second. This caps the overhead

dnl # incurred due to forking new sendmail processes. May be useful against

dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address

dnl # limit would be useful but is not available as an option at this writing.)

dnl #

dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl

dnl #

dnl # The -t option will retry delivery if e.g. the user runs over his quota.

dnl #

FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl

FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl

FEATURE(`blacklist_recipients')dnl

EXPOSED_USER(`root')dnl

dnl #

dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment

dnl # the following 2 definitions and activate below in the MAILER section the

dnl # cyrusv2 mailer.

dnl #

dnl define(`confLOCAL_MAILER', `cyrusv2')dnl

dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl

dnl #

dnl # The following causes sendmail to only listen on the IPv4 loopback address

dnl # 127.0.0.1 and not on any other network devices. Remove the loopback

dnl # address restriction to accept email from the internet or intranet.

dnl #

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 587 for

dnl # mail from MUAs that authenticate. Roaming users who can't reach their

dnl # preferred sendmail daemon due to port 25 being blocked or redirected find

dnl # this useful.

dnl #

dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

dnl #

dnl # The following causes sendmail to additionally listen to port 465, but

dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed

dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't

dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS

dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps

dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.

dnl #

dnl # For this to work your OpenSSL certificates must be configured.

dnl #

dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

dnl #

dnl # The following causes sendmail to additionally listen on the IPv6 loopback

dnl # device. Remove the loopback address restriction listen to the network.

dnl #

dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl

dnl #

dnl # enable both ipv6 and ipv4 in sendmail:

dnl #

dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')

dnl #

dnl # We strongly recommend not accepting unresolvable domains if you want to

dnl # protect yourself from spam. However, the laptop and users on computers

dnl # that do not have 24x7 DNS do need this.

dnl #

FEATURE(`accept_unresolvable_domains')dnl

dnl #

dnl FEATURE(`relay_based_on_MX')dnl

dnl #

dnl # Also accept email sent to "localhost.localdomain" as local email.

dnl #

LOCAL_DOMAIN(`localhost.localdomain')dnl

dnl #

dnl # The following example makes mail from this host and any additional

dnl # specified domains appear to be sent from mydomain.com

dnl #

dnl MASQUERADE_AS(`mydomain.com')dnl

dnl #

dnl # masquerade not just the headers, but the envelope as well

dnl #

dnl FEATURE(masquerade_envelope)dnl

dnl #

dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well

dnl #

dnl FEATURE(masquerade_entire_domain)dnl

dnl #

dnl MASQUERADE_DOMAIN(localhost)dnl

dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl

dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl

dnl MASQUERADE_DOMAIN(mydomain.lan)dnl

MAILER(smtp)dnl

MAILER(procmail)dnl

dnl MAILER(cyrusv2)dnl

Open in new window

0
Comment
Question by:Illyankesh
  • 12
  • 9
  • 2
  • +1
24 Comments
 
LVL 29

Assisted Solution

by:fosiul01
fosiul01 earned 50 total points
ID: 22725018
Hi
i am not clear few things

"Email to gmail doesn't arrive but email to my exchange server does" = does it mean, you cant send email to gmail. but  if you send email to your exchange server , it comes ?? so is sendmail server and exchange server is in same network ????

"email needs to come in from another server on the intranet and then get pushed out. " what do you mean about this ??

can you describe me, how your sendmail server setup ??
0
 

Author Comment

by:Illyankesh
ID: 22725776
ah my apologies.... when sending email manually /usr/sbin/sendmail root <test  for example I can send it to myself at root, and to my corporate account on an exchange server.  I get these test emails.
When attempting to send a test email to my gmail however the mail never gets to my gmail account.

I have another server on our intranet which will be relaying email to this server, and then hopefully sending it out via smtp.  I'm very new to this.

Sendmail is installed and setup out of the box on this server.  I have commented out the line in the mc file which only listens to the loopback address.

and I am slowly working my way through the confAUTH options.
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726624
You've added some information.  But I think you aren't providing the right information.

Can you describe the mail flow you are trying to achieve?

So far, you've mentioned this server can send internally to exchange, to local accounts (?), and will be acting as a relay.     So where in your mail flow will this reside?  

Right now, it seems that you need to edit line 26:  dnl define(`SMART_HOST', `smtp.your.provider')dnl

To just smtp connect outbound, you need to set smtp.your.provider to the upline host that will deliver mail for you.  (You may or may not need auth settings, but that depends on your upline host  (internally or ISP provider)  )

There are things that you should be careful of.    If you provide a mail flow, I will try to line out some of the biggest possible issues to keep an eye on.

Just in case:  when I say mailflow.   I am meaning,

from accepting externally sent mail to delivery,
accepting internally sent mail to delivery  
(I'd like to know if you have more than one exchange/mail server)  

And the reverse process:  
sending externally destined mail to leaving your network
and sending internally destined mail to internal servers.

And where this sendmail host will fit.


0
 

Author Comment

by:Illyankesh
ID: 22726728
Probably not, but I'll try...

Okay internal machine 192.168.100.210 which has a web interface that generates an email and then sends that mail to the internal address 192.168.100.220.  There are no local accounts at the moment other than the root account, as it is a relay server for one of the services that we provide that sends mail out.  The exchange server I refer to is hosted by appriver.  Out bound mail seems to go fine except for email sent to gmail, ( I am in process of checking other services)

The server does not receive external mail.  Only recieves internal mail from aforementioned server then sends that mail out from there.

in this cluster there is only the one mail server.

Users request a name and email.  This process triggers a mail in on the internal host .210 to send a mail to .220 which is the relay to send the mail out.

I don't know if that helps but that is the best I can do.
0
 

Author Comment

by:Illyankesh
ID: 22726763
so commenting out the dnl define(`SMART_HOST', `smtp.your.provider')dnl
and adding the main host gets a mailer daemon error, mail rejected and not sent, though email sent to root arrives normally not all that shocking.

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726806
yes it does..

So here's how I would describe what you've outlined.

You want to have an internal managed outbound mailserver.  Relaying mail from a known host (web server)

You will need a smart host (either your exchange provider, or your ISP's smtp server.)
Verify if you need to use authentication on the server.  
   Exchange requires extra configuration for it to be used as a mail relay.   If configured, usually configured to use authentication and source IP.
   Your ISP provider should have an SMTP mail server.    

Either one should allow for mail relay

Else, you will need to purchase a relay service.  

My suggestion is either the exchange provider, to reduce spam blocking issues.  Since your dns shoudl already have the approriate MX, SPF, etc records.


0
 

Author Comment

by:Illyankesh
ID: 22726873
Ok, well other than the exchange part....that sounds about right.  I was simply sending email to my work account that is exchange hosted by a third party for testing purposes.  huh, okay thanks....will commence digging
0
 

Author Comment

by:Illyankesh
ID: 22726941
ok, added in the smtp server provided by our registrar, and now cannot send mail out which probably means that the registrars smtp server is different than the one that is actually being used. and or that auth is required.
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726981
So why that works:

Your email address will contact the exchange server directly.  Which accepts mail for your domain, so it works just fine.

What is likely happening with any other email address is that sendmail is looking up the MX record oft he domain you are contacting.  Open the connect to that domain.   The receiving mail server takes the header information and connecting from information to validate that the email is at least as valid as can be.  

on the linux box run the following command.

dig -t any <domainname>  

(if you have an internal DNS server, you may need to change the command to :)
dig @208.67.222.222 -t any <domainname>


Many SMTP servers will validate email is originating from an MX or a spf record.  which is though discovered through DNS.





0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726991
So that's where the smarthost comes in.   basically, you are going to relay email to an SMTP server that trusts the IP/account you connect with.

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726994
and you are running   make -C /etc/mail command after changes right?
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726999
and restarting the sendmail process.
0
Integrate social media with email signatures

Is your company active on social media? Do you also use email signatures? Including social media icons in your email signature is a great way to get fans for free. Let all your email users know you’re on social media quickly and easily, in a single click.

 
LVL 9

Expert Comment

by:chingmd
ID: 22727004
Also, a good place to look for email issues is /var/log/maillog.

0
 

Author Comment

by:Illyankesh
ID: 22727032
on the linux box run the following command.

dig -t any <domainname>  

attached code snippet

I have been running
[root@localhost~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
and then restarting the sendmail process....do I also need to run the make -C /etc/mail?
; <<>> DiG 9.3.4-P1 <<>> -t any apisphere.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38276

;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
 

;; QUESTION SECTION:

;apisphere.com.                 IN      ANY
 

;; ANSWER SECTION:

apisphere.com.          172800  IN      NS      ns20.domaincontrol.com.

apisphere.com.          172800  IN      NS      ns19.domaincontrol.com.
 

;; AUTHORITY SECTION:

apisphere.com.          172800  IN      NS      ns19.domaincontrol.com.

apisphere.com.          172800  IN      NS      ns20.domaincontrol.com.
 

;; ADDITIONAL SECTION:

ns19.domaincontrol.com. 159013  IN      A       216.69.185.10

ns20.domaincontrol.com. 159013  IN      A       208.109.255.10
 

;; Query time: 9 msec

;; SERVER: 72.3.128.240#53(72.3.128.240)

;; WHEN: Wed Oct 15 18:55:18 2008

;; MSG SIZE  rcvd: 143

Open in new window

0
 

Author Comment

by:Illyankesh
ID: 22727057
here is some info
Oct 15 18:37:23 localhost sendmail[6744]: m9FNbN7N006744: track.apisphere.com [192.168.100.210] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA

That is from the web interface which is on another server which then forwards to the sendmail server...
 

Oct 15 18:37:28 localhost sendmail[6738]: m9FNarY4006736: to=<greg.ruddy@apisphere.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:35, xdelay=00:00:35, mailer=relay, pri=120326, relay=smtp.secureserver.net, dsn=4.0.0, stat=Deferred: Name server: smtp.secureserver.net: host name lookup failure
 

And that makes me think that I have the wrong smtp server listed in line 26 of the sendmail.mc file

Open in new window

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22728212
OK.   The command you are running to update mail configs should be fine.   I think all that make does is calls that command for all the mc files in /etc/mail.

First the DNS output.   If you change the command dig -t mx <domainname>  You'll get your mail servers.   My apologies on the command, I'm still learning more about dig

Second, the mail log.    You have a dns lookup issue.  DNS lookup fixes should be another question.  My guess is that you haven't setup your resolv.conf file yet.

I did a lookup on smtp.secureserver.net

prompt$ nslookup smtp.secureserver.net

Non-authoritative answer:
smtp.secureserver.net   canonical name = smtp.where.secureserver.net.
Name:   smtp.where.secureserver.net
Address: 208.109.80.149

prompt$ nslookup smtp.secureserver.net

Non-authoritative answer:
smtp.secureserver.net   canonical name = smtp.where.secureserver.net.
Name:   smtp.where.secureserver.net
Address: 64.202.166.12

Looks like a DNS round robin of sorts.   Use the IP address  (either one) instead of the hostname, see if that makes a difference.  



0
 

Author Comment

by:Illyankesh
ID: 22733659
well I tried changing out the sendmail.mc file with the ip addresses and this line... I think that is what you are referring to.  However the ip addresses both returned the error Host not known.

define(`SMART_HOST', `smtp.where.secureserver.net')dnl
dnl define(`SMART_HOST', `smtp.secureserver.net')dnl

I think it is important to not, and I apologize for not being clear earlier is that our exchange server which is hosted by another company is in a separate location than this cluster of servers, and that these servers are in turn hosted by rackspace...

as for the resolv.conf file...that is what we have there... i've added the other machines in this intranet to the /etc/hosts file....
search localdomain
nameserver 72.3.128.240
nameserver 73.3.128.241

nslookup smtp.secureserver.net

Server:         72.3.128.240

Address:        72.3.128.240#53
 

Non-authoritative answer:

smtp.secureserver.net   canonical name = smtp.where.secureserver.net.

Name:   smtp.where.secureserver.net

Address: 208.109.80.149

Open in new window

0
 
LVL 9

Accepted Solution

by:
chingmd earned 400 total points
ID: 22734329
I found this thread.

http://fedoraforum.org/forum/archive/index.php/t-66083.html

It says that you need to change the masquarade as line to a resolvable domain.

Line 160:  dnl MASQUERADE_AS(`mydomain.com')dnl

0
 
LVL 3

Assisted Solution

by:ricardoelena
ricardoelena earned 50 total points
ID: 22736913
One really easy way to configure Sendmail and debug de configuration Files is using Webmin, it shows you all the configuration files and then make de M4 file convertion for you
you can findit here http://www.webmin.com
0
 

Author Comment

by:Illyankesh
ID: 22743853
I'll try the webmin thing I installed it yesterday as a result of a search involving exim as an alternate solution.
by changing the port scheme I've made it so email doesn't send...so I'll flip that back

I tried changing the masquerade_as  but without success.

turns out there is a java script from another internal machine which is generating a mail which is then going over the sendmail server...however it is complaining about a certificate is there a way to shut ssl off?
Since it is an internal box.. does it need authentication?
0
 
LVL 3

Expert Comment

by:ricardoelena
ID: 22744867
to shut off that look for these entrys
define(`CERT_DIR', `/etc/mail/certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR`'/cacert.pem')
define(`confSERVER_CERT', `CERT_DIR`'/client.cert.pem')
define(`confSERVER_KEY', `CERT_DIR`'/client.key.pem')
define(`confCLIENT_CERT', `CERT_DIR`'/client.cert.pem')
define(`confCLIENT_KEY', `CERT_DIR`'/client.key.pem')
in your sendmail.mc and remove them, then rebuild your sendmail.cf file (command: m4 sendmail.mc >sendmail.cf)
then restart sendmail
0
 

Author Comment

by:Illyankesh
ID: 22761054
ok, sorry about vanishing over the weekend...

So I got the relay feature up and running and this server is now relaying email from the website which was the original question.

Now, I have ssl turned on, I have a sendmail.pem file in the /etc/pki/tls/certs directory which is where this version of sendmail points to.  Sending email manually out from root goes directly to junk folder in gmail, though the email does successfully make it to my exchange server.  Changing the  define as smart host to the ip address earlier in this thread yields failed to deliver the email.
0
 

Author Comment

by:Illyankesh
ID: 22761078
huh, ok turning on the SSL stuff breaks the internail relay setup....  But then how would I get the email to go out, without automatically being flagged as junk email from the rest of the world?
0
 

Author Closing Comment

by:Illyankesh
ID: 31507987
Thanks guys, for the help and the patience espetially the troubleshooting commands.  I was unclear as to my initial wording of my problem and the like.  And though this was not the total solution the steps presented allowed me to troubleshoot far enough to find the actual problem and solve it.  The remaining questions I have now are different enough to warrant another question separately.  Thanks guys.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

The purpose of this article is to demonstrate how we can use conditional statements using Python.
Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
In this Experts Exchange video Micro Tutorial, I'm going to show how small business owners who use Google Apps can save money by setting up what is called a catch-all email address in their Gmail accounts. By using the catch-all feature, small busin…

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now