?
Solved

Sendmail problems to certain domains &  How can i watch Sendmail's  negotiations in real time

Posted on 2009-07-15
33
Medium Priority
?
815 Views
Last Modified: 2013-12-18
I am using sendmail to relay voicemail messages from Asterisk.  I am currently only able to relay to gmail.com recipents.  

I have a PTR record setup to point to my static ip address, as mail.mydomain.com ...

I am not getting any bounced messages to the "serveremail" address I specify in Asterisk.  I have tested with sending to yahoo, comcast, and gmail, and so far only gmail recipients are getting the e-mails.  As I said before, I am not getting any bounce messages.

Sendmail is only used for outgonig messages, as all of my incoming messages are handled elsewhere, with MX records completely separate from anything to do with this IP address.

Any ideas?

And how can I watch what sendmail is doing in realtime?  I would like to see the responses it gets as it tries to relay to other mail servers.  



0
Comment
Question by:jkockler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 17
  • 9
  • 7
33 Comments
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24860366
I know exactly what is happening....

You are using a "fake" domain name in the sender address....
Example... Your mail came from   Asterisk@somewhere.com  ...from the IP address 208.80.xxx.xxx   ....then Yahoo does a reverse lookup on "mail.somewhere.com"....  and it points to a different IP address...   Yahoo rejects the mail, because the sender is "masquerading" as someone else.

Now if there were a domain actually registered on the public IP address that you send your mail from, then a reverse lookup of mail.somwhere.com, would be correct...and your mail would be delivered.  G-mail may be more relaxed than some of the other mail servers you mentioned.

This is called reverse lookup, and most providers use it to filter the majority of spam....over half the spam on the internet comes from spambots that send e-mail for domains that sometimes don't even exist.

Configure the logging for sendmail.
http://docs.hp.com/en/B2355-90685/ch04s11.html#ceecefji
0
 
LVL 4

Author Comment

by:jkockler
ID: 24860537
Good thought, but the IP address that I am sending from DOES have a reverse lookup of my sending domain.... I had my Internet provider put it in yesterday.  Google Apps hosts my incoming mail but their MX records in the DNS for my domain name should not be effecting it...

For example, if you do a reverse DNS lookup on the static IP address that Asterisk is sending from, it will match the domain name Asterisk is using in the "serveremail" field in voicemail.conf ..

Ping - a "my static IP"
returns ----- mail.mydomain.com

So there is something else going on here.  Possibly because my reverse zone or PTR record is showing "mail.mydomain.com" and not just  "mydomain.com"  ???

0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24860674
....yes but externally.... what IP address is resolved from   mail.yourdomain.com   ?

0
Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

 
LVL 4

Author Comment

by:jkockler
ID: 24860772
My Static IP, the same one Asterisk is sitting behind.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24860924
What information does your log give you:

grep -i <example of destination> /var/log/maillog?
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24860948
If that's the case, then we definitely need to check the logs....
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861146
I am seeing a few errors in the logs.... Here is one that appears to be quite popular to the Samsung domain..

"Sender address rejected: MX or A record not found"


--- would I need an MX record if I am only sending, and what A record is it looking for?  I have an A record for mail.mydomain.com, as well as the reverse entry that points to the same.  
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861184
I am also seeing this one to comcast:

relay=mx1b.comcast.net. [76.96.62.116], dsn=5.0.0, stat=Service unavailable
Jul 14 21:33:08 LINUX1 sendmail[28633]: n6F1X7f0028631: n6F1X8f0028633: DSN: Service unavailable
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24861288
If you just recently added the Host and MX records, it might take a while to update in public dns servers.

The A record would be "Mail"...a host record.

To check your MX record..go here:  http://www.mxtoolbox.com/index.aspx
type mail.yourdomainname.com   hit enter...

0
 
LVL 4

Author Comment

by:jkockler
ID: 24861299
And yahoo appears to be accepting the mail, but it never ends up in my Yahoo email box or spam folder... Here is the log that appears to be showing yahoo is accepting for delivery

Jul 15 12:39:29 LINUX1 sendmail[32128]: n6FGdTKF032128: to="Jim" <jkockler@yahoo.com>, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=37864, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n6FGdTw0032133 Message accepted for delivery)

Jul 15 12:39:41 LINUX1 sendmail[32138]: n6FGdTw0032133: to=<jkockler@yahoo.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:12, xdelay=00:00:12, mailer=esmtp, pri=127997, relay=a.mx.mail.yahoo.com. [67.195.168.31], dsn=2.0.0, stat=Sent (ok dirdel)
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861317
xuserx,  The Mx records are setup through google because they host my incoming mail.  So when I go to the mxtoolbox , it shows the google MX records.   However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits.

I do not think the MX should be a factor because I am only sending not receiving.  
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24861325
root@localhost.localdomain  <<< is that what is actually being sent  as "sender" ??
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24861335
"However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits."

Where is that hosted ? Google ?... or internally ?
0
 
LVL 29

Accepted Solution

by:
Jan Springer earned 2000 total points
ID: 24861344
Your mail server should have matching forward and inverse DNS:

asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com.

Set sendmail to listen on the public IP for which you have DNS configured.

Use 'masquerade' in your sendmail.mc (sendmail.cf) to put the public domain name in the outgoing mail.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861354
root@localhost.localdomain  <<< is that what is actually being sent  as "sender" ??

--- How would I check??  

-- I have Asterisk set to send as "myemailaddress@mydomain.com" and when the messages arrive at my Gmail, they are NOT root@localhost.localdomain ... They are what I set it to in Asterisk, but I am thinking that sendmail has a spot somewhere that it needs to be changed as well, I think the Asterisk "serveremail" setting is more of a "reply to address" than an actual sender domain name....  
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861382
"However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits."

Where is that hosted ? Google ?... or internally ?


--- My A records, and MX records are hosted through Godaddy ...

-- My PTR or reverse DNS zones are hosted through Comcast, as the ISP servers are the ones that provide the reverse DNS to mail servers.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861402
_jesper_:
Your mail server should have matching forward and inverse DNS:

asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com.

Set sendmail to listen on the public IP for which you have DNS configured.

Use 'masquerade' in your sendmail.mc (sendmail.cf) to put the public domain name in the outgoing mail.


-----  
asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com

Yes, the above is what is showing when you do a reverse lookup, and the ISP confirmed it.

I have not however set anything in sendmail.mc ... I will try that now.
0
 
LVL 25

Expert Comment

by:Ron Malmstead
ID: 24861417
I think Jesper is on to something there.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861475
in the sendmail.mc .. what is the "dnl" before each line?  is that commenting out the line or something that I should leave alone when setting the masquerade?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24861715
'dnl'  at the beginning of a line is a comment character
'dnl' at the end of the line is required.

So,

MASQUERADE_AS(`domain.com')dnl

is how it should read.  If you do not copy/paste, be sure that the first quote in front of the domain name is a back tick.  Change `domain.com' to your actual domain name.

make -C /etc/mail

service sendmail reload
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861927
is that the only line I need to modify?  There are more than a few masquerade lines ... Yahoo is now accepting after changing the MASQUERADE_AS(`domain.com')dnl , but comcast and a couple others are still rejecting..

the log is still showing localhost.localdomain.com

I check my sendmail.cf and "root" still showing as class E, and localhost as class "w" .. How can I get "mail.mydomain.com" to show as class E?  It is currently showing as class 'M' .. I think that would fix it, no?
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861992
Now I am getting messages in the log about relay connection refused by 127.0.0.1 ???  Why is the local host refusing?  very odd.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862074
Well the connection refused is fixed, I had spaces in the sendmail.mc that was screwing it up .. .but root@localhost.com is still showing all over the logs...
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24862104
Your /etc/mail/access -- change 192.168.1 to the netblock of the server:

localhost.localdomain       RELAY
localhost                        RELAY
127.0.0.1                       RELAY
192.168.1                      RELAY

makemap hash access < access

And, have sendmail only listen on the 'public' IP -- changing 192.168.1.1 to the actual IP address:

DAEMON_OPTIONS(`Port=smtp,Addr=192.168.1.1, Name=MTA')dnl

make -C /etc/mail

service sendmail reload
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862146
Do i need to have sendmail listen on the public IP , if I am only sending mail from the local machine that it is on?  I am not looking to receive mail.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24862167
More sendmail.mc stuff:

FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24862206
Also,

Do you have root as an exposed user in your sendmail.mc/cf?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24862228
If you are sending email from a machine to another mail server, I would recommend it.

That way, the listening IP and DNS all match.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862229
Also,

Do you have root as an exposed user in your sendmail.mc/cf?

--- i dont know ... where is that?  In the cf ,, I see root specified as class E ..
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862337
after I did the steps above,  I started to receive this message:

Jul 15 14:12:52 LINUX1 sendmail[1850]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Cannot assign requested address
Jul 15 14:12:52 LINUX1 sendmail[1850]: daemon MTA: problem creating SMTP socket
Jul 15 14:12:52 LINUX1 sendmail[1850]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting


I really dont think I need to make all those relay changes and the public IP change.. I think all I need is to get the "locahost" and root@localhost out of the logs.... The remaining servers that are rejecting, are referring to those lines... and root and local host are still appearing as E class in the sendmail.mc
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 2000 total points
ID: 24862356
/etc/mail/sendmail.cf -> C{E}root
/etc/mail/sendmail.mc -> dnl in front of exposed user

Yes, this is why emails are leaving as 'root@localhost'
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862464
Brilliant!!  Yes!!!

Samsung & Comcast are now accepting !!!!

This was the final nail "/etc/mail/sendmail.mc -> dnl in front of exposed user"

Thanks for all the hep jesper!
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 24862564
No problem.  Glad to hear that everything is working.
0

Featured Post

WordPress Tutorial 1: Installation & Setup

WordPress is a very popular option for running your web site and can be used to get your content online quickly for the world to see. This guide will walk you through installing the WordPress server software and the initial setup process.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This process describes the steps required to Import and Export data from and to .pst files using Exchange 2010. We can use these steps to export data from a user to a .pst file, import data back to the same or a different user, or even import data t…
Fine Tune your automatic Updates for Ubuntu / Debian
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…
Suggested Courses
Course of the Month8 days, 2 hours left to enroll

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question