Solved

sendmail not accepting outside connections

Posted on 2009-07-05
3
823 Views
Last Modified: 2013-12-18
Sendmail absolutely refuses to accept connections from outside the network. The standard answer, dnl the DAEMON_OPTIONS line does not work. Everything looks perfect, but it just does not work.

System is Centos 5 (64 bit), using SNAT. For fun, I downloaded postfix. It works, so there is no firewall issue. I would be happy to use postfix, but I can't seem to get it to work with MailScanner.  
0
Comment
Question by:wbblythe
  • 2
3 Comments
 
LVL 26

Expert Comment

by:jar3817
Comment Utility
How about you post your /etc/mail/sendmail.mc file. Also the output of "/bin/netstat -l"
0
 

Author Comment

by:wbblythe
Comment Utility
1. Original problem solved. It was actually mailscanner, not sendmail. I could always receive mail from outside, l just could not connect from outside with a mail client.

2. The last problem I have to resolve is that I am getting "relaying denied" when trying to send from the network to outside the network.

3. I can relay from outside from the outside domain I added in the spam control area with webmin.

4. /etc/mail/sendmail.mc file

divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl #     make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 20.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl # fix for connections-wbb
    dnl #DAEMON_OPTIONS(`Port=25,Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl #DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl #DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
dnl #LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`mydomain.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
define(`confDOMAIN_NAME',`$w.domain.com')

5. > /bin/netstat -l
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address               Foreign Address             State      
tcp        0      0 *:dnp                       *:*                         LISTEN      
tcp        0      0 inetserv00.autoteamdel:2208 *:*                         LISTEN      
tcp        0      0 *:netbios-ssn               *:*                         LISTEN      
tcp        0      0 *:pop3                      *:*                         LISTEN      
tcp        0      0 inetserv00.auto:dyna-access *:*                         LISTEN      
tcp        0      0 inetserv00.autoteamdela:783 *:*                         LISTEN      
tcp        0      0 *:imap                      *:*                         LISTEN      
tcp        0      0 *:943                       *:*                         LISTEN      
tcp        0      0 *:sunrpc                    *:*                         LISTEN      
tcp        0      0 *:ndmp                      *:*                         LISTEN      
tcp        0      0 mail.autoteamdelawar:domain *:*                         LISTEN      
tcp        0      0 inetserv00.autoteamd:domain *:*                         LISTEN      
tcp        0      0 inetserv00.autoteamd:domain *:*                         LISTEN      
tcp        0      0 inetserv00.autoteamdela:ipp *:*                         LISTEN      
tcp        0      0 *:squid                     *:*                         LISTEN      
tcp        0      0 *:smtp                      *:*                         LISTEN      
tcp        0      0 inetserv00.autoteamdel:rndc *:*                         LISTEN      
tcp        0      0 *:microsoft-ds              *:*                         LISTEN      
tcp        0      0 inetserv00.autoteamdel:2207 *:*                         LISTEN      
tcp        0      0 *:ssh                       *:*                         LISTEN      
tcp        0      0 localhost6.localdomain:rndc *:*                         LISTEN      
udp        0      0 *:54021                     *:*                                    
udp        0      0 inetserv00.a:netbios-ns     *:*                                    
udp        0      0 mail.autotea:netbios-ns     *:*                                    
udp        0      0 *:netbios-ns                *:*                                    
udp        0      0 inetserv00.:netbios-dgm     *:*                                    
udp        0      0 mail.autote:netbios-dgm     *:*                                    
udp        0      0 *:netbios-dgm               *:*                                    
udp        0      0 *:ndmp                      *:*                                    
udp        0      0 *:dnp                       *:*                                    
udp        0      0 *:937                       *:*                                    
udp        0      0 *:940                       *:*                                    
udp        0      0 mail.autoteamdel:domain     *:*                                    
udp        0      0 inetserv00.autot:domain     *:*                                    
udp        0      0 inetserv00.autot:domain     *:*                                    
udp        0      0 *:icpv2                     *:*                                    
udp        0      0 *:44098                     *:*                                    
udp        0      0 *:57060                     *:*                                    
udp        0      0 *:mdns                      *:*                                    
udp        0      0 *:sunrpc                    *:*                                    
udp        0      0 *:ipp                       *:*                                    
udp        0      0 mail.autoteamdelawa:ntp     *:*                                    
udp        0      0 inetserv00.autoteam:ntp     *:*                                    
udp        0      0 inetserv00.autoteam:ntp     *:*                                    
udp        0      0 *:ntp                       *:*                                    
udp        0      0 *:36150                     *:*                                    
udp        0      0 *:52695                     *:*                                    
udp        0      0 *:mdns                      *:*                                    
udp        0      0 fe80::224:21ff:fe28:329:ntp *:*                                    
udp        0      0 fe80::2e0:4cff:fe16:ntp     *:*                                    
udp        0      0 localhost6.localdomain6:ntp *:*                                    
udp        0      0 *:ntp                       *:*                                    
Active UNIX domain sockets (only servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  2      [ ACC ]     STREAM     LISTENING     9733   /tmp/.font-unix/fs7100
unix  2      [ ACC ]     STREAM     LISTENING     12428  /tmp/.gdm_socket
unix  2      [ ACC ]     STREAM     LISTENING     9034   /var/run/clamav/clamd.sock
unix  2      [ ACC ]     STREAM     LISTENING     12759  /tmp/.X11-unix/X0
unix  2      [ ACC ]     STREAM     LISTENING     11869  @/tmp/fam-root-
unix  2      [ ACC ]     STREAM     LISTENING     13244  /tmp/ssh-rJjheo3948/agent.3948
unix  2      [ ACC ]     STREAM     LISTENING     13302  /tmp/orbit-root/linc-fb0-0-32e7fc228c5cb
unix  2      [ ACC ]     STREAM     LISTENING     13311  /tmp/orbit-root/linc-f6c-0-5094ca28a7d42
unix  2      [ ACC ]     STREAM     LISTENING     13477  /tmp/.ICE-unix/3948
unix  2      [ ACC ]     STREAM     LISTENING     13281  @/tmp/dbus-sTw6WVoCFU
unix  2      [ ACC ]     STREAM     LISTENING     13486  /tmp/keyring-FFTYxs/socket
unix  2      [ ACC ]     STREAM     LISTENING     13505  /tmp/orbit-root/linc-fb5-0-31cbece237614
unix  2      [ ACC ]     STREAM     LISTENING     13560  /tmp/orbit-root/linc-fc4-0-7cc5e66b8d46f
unix  2      [ ACC ]     STREAM     LISTENING     13603  /tmp/orbit-root/linc-fc8-0-31cbece29a830
unix  2      [ ACC ]     STREAM     LISTENING     13625  /tmp/orbit-root/linc-fca-0-31cbece29bef0
unix  2      [ ACC ]     STREAM     LISTENING     13656  /tmp/orbit-root/linc-fd1-0-5cf58c6d9e654
unix  2      [ ACC ]     STREAM     LISTENING     14159  /tmp/mapping-root
unix  2      [ ACC ]     STREAM     LISTENING     13664  /tmp/orbit-root/linc-fcc-0-31cbece29edf0
unix  2      [ ACC ]     STREAM     LISTENING     13721  /tmp/orbit-root/linc-fdf-0-25bc469bc10d1
unix  2      [ ACC ]     STREAM     LISTENING     13926  /tmp/orbit-root/linc-fd3-0-31cbeced8497
unix  2      [ ACC ]     STREAM     LISTENING     13948  /tmp/orbit-root/linc-fda-0-31cbecedb892
unix  2      [ ACC ]     STREAM     LISTENING     13977  /tmp/orbit-root/linc-fe4-0-19cf624a1401d
unix  2      [ ACC ]     STREAM     LISTENING     13999  /tmp/orbit-root/linc-fce-0-3285b8af62574
unix  2      [ ACC ]     STREAM     LISTENING     14030  /tmp/orbit-root/linc-fe6-0-2c1e0e0615b91
unix  2      [ ACC ]     STREAM     LISTENING     14057  /tmp/orbit-root/linc-1001-0-5cb9fd552084e
unix  2      [ ACC ]     STREAM     LISTENING     14109  /tmp/orbit-root/linc-1009-0-5cb9fd5588028
unix  2      [ ACC ]     STREAM     LISTENING     14122  /tmp/orbit-root/linc-100b-0-5cb9fd55897e0
unix  2      [ ACC ]     STREAM     LISTENING     14234  /tmp/orbit-root/linc-1016-0-794b1d415a5c8
unix  2      [ ACC ]     STREAM     LISTENING     14350  /tmp/orbit-root/linc-1020-0-663d4c3459975
unix  2      [ ACC ]     STREAM     LISTENING     9990   @/var/run/hald/dbus-7HTOTYsBQN
unix  2      [ ACC ]     STREAM     LISTENING     7934   /var/run/audispd_events
unix  2      [ ACC ]     STREAM     LISTENING     9557   /dev/gpmctl
unix  2      [ ACC ]     STREAM     LISTENING     8454   /var/run/dbus/system_bus_socket
unix  2      [ ACC ]     STREAM     LISTENING     8525   /var/run/sdp
unix  2      [ ACC ]     STREAM     LISTENING     8630   /var/run/pcscd.comm
unix  2      [ ACC ]     STREAM     LISTENING     8755   /var/run/acpid.socket
unix  2      [ ACC ]     STREAM     LISTENING     8871   /var/run/cups/cups.sock
unix  2      [ ACC ]     STREAM     LISTENING     9068   /var/run/dovecot/dict-server
unix  2      [ ACC ]     STREAM     LISTENING     9991   @/var/run/hald/dbus-WGWGdrEzl1
unix  2      [ ACC ]     STREAM     LISTENING     9952   /var/run/avahi-daemon/socket
unix  2      [ ACC ]     STREAM     LISTENING     9078   /var/run/dovecot/login/default
unix  2      [ ACC ]     STREAM     LISTENING     9083   /var/run/dovecot/auth-worker.3231

0
 
LVL 26

Accepted Solution

by:
jar3817 earned 500 total points
Comment Utility
Glad your original problem is solved.

"The last problem I have to resolve is that I am getting "relaying denied" when trying to send from the network to outside the network."

You can fix this by editing your /etc/mail/access file. Add a line like:

192.168      RELAY

Tweak it to fit your IP ranges. Then just rebuild the access db and restart sendmail:

cd /etc/mail && make && /etc/rc.d/init.d/sendmail restart
0

Featured Post

Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

Join & Write a Comment

Microsoft Outlook is not just an email client but it is full featured Personal Information Manager. But sometimes Outlook gets disconnected and you simply can’t access it. What steps can you perform before calling IT support? In this article we will…
Automapping, a wonderful feature with Exchange 2010 (SP2 onwards I believe), allows additional/Shared mailboxes that a user has access to be automatically mapped on Outlook client, simplifying the process by adding them while Outlook launches. Ho…
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now