Solved

Setting up Sendmail gets returned failed message

Posted on 2008-10-15
24
1,283 Views
Last Modified: 2013-12-06
I am setting up Sendmail on a Redhat 5 virtual box.  Sendmail comes already installed, and I can send mail out to either myself or root.  Email to gmail doesn't arrive but email to my exchange server does.  email needs to come in from another server on the intranet and then get pushed out.  And I need smtp, and sauthlad.  attempting to install the sauslath results in a breaking of sendmail where  mail can be sent manually but goes nowhere.  Out of the proverbial box I can send mail out, but can't seem to touch anything without breaking the whole thing.
I've attached a copy of my sendmail.mc file
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PL$
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 20.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl

Open in new window

0
Comment
Question by:Illyankesh
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 9
  • 2
  • +1
24 Comments
 
LVL 29

Assisted Solution

by:fosiul01
fosiul01 earned 50 total points
ID: 22725018
Hi
i am not clear few things

"Email to gmail doesn't arrive but email to my exchange server does" = does it mean, you cant send email to gmail. but  if you send email to your exchange server , it comes ?? so is sendmail server and exchange server is in same network ????

"email needs to come in from another server on the intranet and then get pushed out. " what do you mean about this ??

can you describe me, how your sendmail server setup ??
0
 

Author Comment

by:Illyankesh
ID: 22725776
ah my apologies.... when sending email manually /usr/sbin/sendmail root <test  for example I can send it to myself at root, and to my corporate account on an exchange server.  I get these test emails.
When attempting to send a test email to my gmail however the mail never gets to my gmail account.

I have another server on our intranet which will be relaying email to this server, and then hopefully sending it out via smtp.  I'm very new to this.

Sendmail is installed and setup out of the box on this server.  I have commented out the line in the mc file which only listens to the loopback address.

and I am slowly working my way through the confAUTH options.
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726624
You've added some information.  But I think you aren't providing the right information.

Can you describe the mail flow you are trying to achieve?

So far, you've mentioned this server can send internally to exchange, to local accounts (?), and will be acting as a relay.     So where in your mail flow will this reside?  

Right now, it seems that you need to edit line 26:  dnl define(`SMART_HOST', `smtp.your.provider')dnl

To just smtp connect outbound, you need to set smtp.your.provider to the upline host that will deliver mail for you.  (You may or may not need auth settings, but that depends on your upline host  (internally or ISP provider)  )

There are things that you should be careful of.    If you provide a mail flow, I will try to line out some of the biggest possible issues to keep an eye on.

Just in case:  when I say mailflow.   I am meaning,

from accepting externally sent mail to delivery,
accepting internally sent mail to delivery  
(I'd like to know if you have more than one exchange/mail server)  

And the reverse process:  
sending externally destined mail to leaving your network
and sending internally destined mail to internal servers.

And where this sendmail host will fit.


0
Salesforce Has Never Been Easier

Improve and reinforce salesforce training & adoption using WalkMe's digital adoption platform. Start saving on costly employee training by creating fast intuitive Walk-Thrus for Salesforce. Claim your Free Account Now

 

Author Comment

by:Illyankesh
ID: 22726728
Probably not, but I'll try...

Okay internal machine 192.168.100.210 which has a web interface that generates an email and then sends that mail to the internal address 192.168.100.220.  There are no local accounts at the moment other than the root account, as it is a relay server for one of the services that we provide that sends mail out.  The exchange server I refer to is hosted by appriver.  Out bound mail seems to go fine except for email sent to gmail, ( I am in process of checking other services)

The server does not receive external mail.  Only recieves internal mail from aforementioned server then sends that mail out from there.

in this cluster there is only the one mail server.

Users request a name and email.  This process triggers a mail in on the internal host .210 to send a mail to .220 which is the relay to send the mail out.

I don't know if that helps but that is the best I can do.
0
 

Author Comment

by:Illyankesh
ID: 22726763
so commenting out the dnl define(`SMART_HOST', `smtp.your.provider')dnl
and adding the main host gets a mailer daemon error, mail rejected and not sent, though email sent to root arrives normally not all that shocking.

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726806
yes it does..

So here's how I would describe what you've outlined.

You want to have an internal managed outbound mailserver.  Relaying mail from a known host (web server)

You will need a smart host (either your exchange provider, or your ISP's smtp server.)
Verify if you need to use authentication on the server.  
   Exchange requires extra configuration for it to be used as a mail relay.   If configured, usually configured to use authentication and source IP.
   Your ISP provider should have an SMTP mail server.    

Either one should allow for mail relay

Else, you will need to purchase a relay service.  

My suggestion is either the exchange provider, to reduce spam blocking issues.  Since your dns shoudl already have the approriate MX, SPF, etc records.


0
 

Author Comment

by:Illyankesh
ID: 22726873
Ok, well other than the exchange part....that sounds about right.  I was simply sending email to my work account that is exchange hosted by a third party for testing purposes.  huh, okay thanks....will commence digging
0
 

Author Comment

by:Illyankesh
ID: 22726941
ok, added in the smtp server provided by our registrar, and now cannot send mail out which probably means that the registrars smtp server is different than the one that is actually being used. and or that auth is required.
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726981
So why that works:

Your email address will contact the exchange server directly.  Which accepts mail for your domain, so it works just fine.

What is likely happening with any other email address is that sendmail is looking up the MX record oft he domain you are contacting.  Open the connect to that domain.   The receiving mail server takes the header information and connecting from information to validate that the email is at least as valid as can be.  

on the linux box run the following command.

dig -t any <domainname>  

(if you have an internal DNS server, you may need to change the command to :)
dig @208.67.222.222 -t any <domainname>


Many SMTP servers will validate email is originating from an MX or a spf record.  which is though discovered through DNS.





0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726991
So that's where the smarthost comes in.   basically, you are going to relay email to an SMTP server that trusts the IP/account you connect with.

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726994
and you are running   make -C /etc/mail command after changes right?
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22726999
and restarting the sendmail process.
0
 
LVL 9

Expert Comment

by:chingmd
ID: 22727004
Also, a good place to look for email issues is /var/log/maillog.

0
 

Author Comment

by:Illyankesh
ID: 22727032
on the linux box run the following command.

dig -t any <domainname>  

attached code snippet

I have been running
[root@localhost~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
and then restarting the sendmail process....do I also need to run the make -C /etc/mail?
; <<>> DiG 9.3.4-P1 <<>> -t any apisphere.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38276
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2
 
;; QUESTION SECTION:
;apisphere.com.                 IN      ANY
 
;; ANSWER SECTION:
apisphere.com.          172800  IN      NS      ns20.domaincontrol.com.
apisphere.com.          172800  IN      NS      ns19.domaincontrol.com.
 
;; AUTHORITY SECTION:
apisphere.com.          172800  IN      NS      ns19.domaincontrol.com.
apisphere.com.          172800  IN      NS      ns20.domaincontrol.com.
 
;; ADDITIONAL SECTION:
ns19.domaincontrol.com. 159013  IN      A       216.69.185.10
ns20.domaincontrol.com. 159013  IN      A       208.109.255.10
 
;; Query time: 9 msec
;; SERVER: 72.3.128.240#53(72.3.128.240)
;; WHEN: Wed Oct 15 18:55:18 2008
;; MSG SIZE  rcvd: 143

Open in new window

0
 

Author Comment

by:Illyankesh
ID: 22727057
here is some info
Oct 15 18:37:23 localhost sendmail[6744]: m9FNbN7N006744: track.apisphere.com [192.168.100.210] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
That is from the web interface which is on another server which then forwards to the sendmail server...
 
Oct 15 18:37:28 localhost sendmail[6738]: m9FNarY4006736: to=<greg.ruddy@apisphere.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:35, xdelay=00:00:35, mailer=relay, pri=120326, relay=smtp.secureserver.net, dsn=4.0.0, stat=Deferred: Name server: smtp.secureserver.net: host name lookup failure
 
And that makes me think that I have the wrong smtp server listed in line 26 of the sendmail.mc file

Open in new window

0
 
LVL 9

Expert Comment

by:chingmd
ID: 22728212
OK.   The command you are running to update mail configs should be fine.   I think all that make does is calls that command for all the mc files in /etc/mail.

First the DNS output.   If you change the command dig -t mx <domainname>  You'll get your mail servers.   My apologies on the command, I'm still learning more about dig

Second, the mail log.    You have a dns lookup issue.  DNS lookup fixes should be another question.  My guess is that you haven't setup your resolv.conf file yet.

I did a lookup on smtp.secureserver.net

prompt$ nslookup smtp.secureserver.net

Non-authoritative answer:
smtp.secureserver.net   canonical name = smtp.where.secureserver.net.
Name:   smtp.where.secureserver.net
Address: 208.109.80.149

prompt$ nslookup smtp.secureserver.net

Non-authoritative answer:
smtp.secureserver.net   canonical name = smtp.where.secureserver.net.
Name:   smtp.where.secureserver.net
Address: 64.202.166.12

Looks like a DNS round robin of sorts.   Use the IP address  (either one) instead of the hostname, see if that makes a difference.  



0
 

Author Comment

by:Illyankesh
ID: 22733659
well I tried changing out the sendmail.mc file with the ip addresses and this line... I think that is what you are referring to.  However the ip addresses both returned the error Host not known.

define(`SMART_HOST', `smtp.where.secureserver.net')dnl
dnl define(`SMART_HOST', `smtp.secureserver.net')dnl

I think it is important to not, and I apologize for not being clear earlier is that our exchange server which is hosted by another company is in a separate location than this cluster of servers, and that these servers are in turn hosted by rackspace...

as for the resolv.conf file...that is what we have there... i've added the other machines in this intranet to the /etc/hosts file....
search localdomain
nameserver 72.3.128.240
nameserver 73.3.128.241

nslookup smtp.secureserver.net
Server:         72.3.128.240
Address:        72.3.128.240#53
 
Non-authoritative answer:
smtp.secureserver.net   canonical name = smtp.where.secureserver.net.
Name:   smtp.where.secureserver.net
Address: 208.109.80.149

Open in new window

0
 
LVL 9

Accepted Solution

by:
chingmd earned 400 total points
ID: 22734329
I found this thread.

http://fedoraforum.org/forum/archive/index.php/t-66083.html

It says that you need to change the masquarade as line to a resolvable domain.

Line 160:  dnl MASQUERADE_AS(`mydomain.com')dnl

0
 
LVL 3

Assisted Solution

by:Ricardo Elena
Ricardo Elena earned 50 total points
ID: 22736913
One really easy way to configure Sendmail and debug de configuration Files is using Webmin, it shows you all the configuration files and then make de M4 file convertion for you
you can findit here http://www.webmin.com
0
 

Author Comment

by:Illyankesh
ID: 22743853
I'll try the webmin thing I installed it yesterday as a result of a search involving exim as an alternate solution.
by changing the port scheme I've made it so email doesn't send...so I'll flip that back

I tried changing the masquerade_as  but without success.

turns out there is a java script from another internal machine which is generating a mail which is then going over the sendmail server...however it is complaining about a certificate is there a way to shut ssl off?
Since it is an internal box.. does it need authentication?
0
 
LVL 3

Expert Comment

by:Ricardo Elena
ID: 22744867
to shut off that look for these entrys
define(`CERT_DIR', `/etc/mail/certs')
define(`confCACERT_PATH', `CERT_DIR')
define(`confCACERT', `CERT_DIR`'/cacert.pem')
define(`confSERVER_CERT', `CERT_DIR`'/client.cert.pem')
define(`confSERVER_KEY', `CERT_DIR`'/client.key.pem')
define(`confCLIENT_CERT', `CERT_DIR`'/client.cert.pem')
define(`confCLIENT_KEY', `CERT_DIR`'/client.key.pem')
in your sendmail.mc and remove them, then rebuild your sendmail.cf file (command: m4 sendmail.mc >sendmail.cf)
then restart sendmail
0
 

Author Comment

by:Illyankesh
ID: 22761054
ok, sorry about vanishing over the weekend...

So I got the relay feature up and running and this server is now relaying email from the website which was the original question.

Now, I have ssl turned on, I have a sendmail.pem file in the /etc/pki/tls/certs directory which is where this version of sendmail points to.  Sending email manually out from root goes directly to junk folder in gmail, though the email does successfully make it to my exchange server.  Changing the  define as smart host to the ip address earlier in this thread yields failed to deliver the email.
0
 

Author Comment

by:Illyankesh
ID: 22761078
huh, ok turning on the SSL stuff breaks the internail relay setup....  But then how would I get the email to go out, without automatically being flagged as junk email from the rest of the world?
0
 

Author Closing Comment

by:Illyankesh
ID: 31507987
Thanks guys, for the help and the patience espetially the troubleshooting commands.  I was unclear as to my initial wording of my problem and the like.  And though this was not the total solution the steps presented allowed me to troubleshoot far enough to find the actual problem and solve it.  The remaining questions I have now are different enough to warrant another question separately.  Thanks guys.
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
How does PHP Storm display on Linux high resolution laptops? 1 91
edit firefox cookie settings via shell script on ubuntu 14? 1 72
Linux 3 59
Enable SPF on IMSVA 6 68
A high-level exploration of how our ever-increasing access to information has changed the way we do our jobs.
Explore the encryption capabilities built into Google Apps and how these features can help you meet privacy policy and regulatory compliance, but are not a full solution. Understand and compare the most popular email encryption services for Google A…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question