Solved

Sendmail problems to certain domains &  How can i watch Sendmail's  negotiations in real time

Posted on 2009-07-15
33
771 Views
Last Modified: 2013-12-18
I am using sendmail to relay voicemail messages from Asterisk.  I am currently only able to relay to gmail.com recipents.  

I have a PTR record setup to point to my static ip address, as mail.mydomain.com ...

I am not getting any bounced messages to the "serveremail" address I specify in Asterisk.  I have tested with sending to yahoo, comcast, and gmail, and so far only gmail recipients are getting the e-mails.  As I said before, I am not getting any bounce messages.

Sendmail is only used for outgonig messages, as all of my incoming messages are handled elsewhere, with MX records completely separate from anything to do with this IP address.

Any ideas?

And how can I watch what sendmail is doing in realtime?  I would like to see the responses it gets as it tries to relay to other mail servers.  



0
Comment
Question by:jkockler
  • 17
  • 9
  • 7
33 Comments
 
LVL 25

Expert Comment

by:Ron M
ID: 24860366
I know exactly what is happening....

You are using a "fake" domain name in the sender address....
Example... Your mail came from   Asterisk@somewhere.com  ...from the IP address 208.80.xxx.xxx   ....then Yahoo does a reverse lookup on "mail.somewhere.com"....  and it points to a different IP address...   Yahoo rejects the mail, because the sender is "masquerading" as someone else.

Now if there were a domain actually registered on the public IP address that you send your mail from, then a reverse lookup of mail.somwhere.com, would be correct...and your mail would be delivered.  G-mail may be more relaxed than some of the other mail servers you mentioned.

This is called reverse lookup, and most providers use it to filter the majority of spam....over half the spam on the internet comes from spambots that send e-mail for domains that sometimes don't even exist.

Configure the logging for sendmail.
http://docs.hp.com/en/B2355-90685/ch04s11.html#ceecefji
0
 
LVL 4

Author Comment

by:jkockler
ID: 24860537
Good thought, but the IP address that I am sending from DOES have a reverse lookup of my sending domain.... I had my Internet provider put it in yesterday.  Google Apps hosts my incoming mail but their MX records in the DNS for my domain name should not be effecting it...

For example, if you do a reverse DNS lookup on the static IP address that Asterisk is sending from, it will match the domain name Asterisk is using in the "serveremail" field in voicemail.conf ..

Ping - a "my static IP"
returns ----- mail.mydomain.com

So there is something else going on here.  Possibly because my reverse zone or PTR record is showing "mail.mydomain.com" and not just  "mydomain.com"  ???

0
 
LVL 25

Expert Comment

by:Ron M
ID: 24860674
....yes but externally.... what IP address is resolved from   mail.yourdomain.com   ?

0
 
LVL 4

Author Comment

by:jkockler
ID: 24860772
My Static IP, the same one Asterisk is sitting behind.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24860924
What information does your log give you:

grep -i <example of destination> /var/log/maillog?
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24860948
If that's the case, then we definitely need to check the logs....
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861146
I am seeing a few errors in the logs.... Here is one that appears to be quite popular to the Samsung domain..

"Sender address rejected: MX or A record not found"


--- would I need an MX record if I am only sending, and what A record is it looking for?  I have an A record for mail.mydomain.com, as well as the reverse entry that points to the same.  
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861184
I am also seeing this one to comcast:

relay=mx1b.comcast.net. [76.96.62.116], dsn=5.0.0, stat=Service unavailable
Jul 14 21:33:08 LINUX1 sendmail[28633]: n6F1X7f0028631: n6F1X8f0028633: DSN: Service unavailable
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24861288
If you just recently added the Host and MX records, it might take a while to update in public dns servers.

The A record would be "Mail"...a host record.

To check your MX record..go here:  http://www.mxtoolbox.com/index.aspx
type mail.yourdomainname.com   hit enter...

0
 
LVL 4

Author Comment

by:jkockler
ID: 24861299
And yahoo appears to be accepting the mail, but it never ends up in my Yahoo email box or spam folder... Here is the log that appears to be showing yahoo is accepting for delivery

Jul 15 12:39:29 LINUX1 sendmail[32128]: n6FGdTKF032128: to="Jim" <jkockler@yahoo.com>, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=37864, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n6FGdTw0032133 Message accepted for delivery)

Jul 15 12:39:41 LINUX1 sendmail[32138]: n6FGdTw0032133: to=<jkockler@yahoo.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:12, xdelay=00:00:12, mailer=esmtp, pri=127997, relay=a.mx.mail.yahoo.com. [67.195.168.31], dsn=2.0.0, stat=Sent (ok dirdel)
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861317
xuserx,  The Mx records are setup through google because they host my incoming mail.  So when I go to the mxtoolbox , it shows the google MX records.   However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits.

I do not think the MX should be a factor because I am only sending not receiving.  
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24861325
root@localhost.localdomain  <<< is that what is actually being sent  as "sender" ??
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24861335
"However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits."

Where is that hosted ? Google ?... or internally ?
0
 
LVL 28

Accepted Solution

by:
Jan Springer earned 500 total points
ID: 24861344
Your mail server should have matching forward and inverse DNS:

asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com.

Set sendmail to listen on the public IP for which you have DNS configured.

Use 'masquerade' in your sendmail.mc (sendmail.cf) to put the public domain name in the outgoing mail.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861354
root@localhost.localdomain  <<< is that what is actually being sent  as "sender" ??

--- How would I check??  

-- I have Asterisk set to send as "myemailaddress@mydomain.com" and when the messages arrive at my Gmail, they are NOT root@localhost.localdomain ... They are what I set it to in Asterisk, but I am thinking that sendmail has a spot somewhere that it needs to be changed as well, I think the Asterisk "serveremail" setting is more of a "reply to address" than an actual sender domain name....  
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861382
"However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits."

Where is that hosted ? Google ?... or internally ?


--- My A records, and MX records are hosted through Godaddy ...

-- My PTR or reverse DNS zones are hosted through Comcast, as the ISP servers are the ones that provide the reverse DNS to mail servers.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 4

Author Comment

by:jkockler
ID: 24861402
_jesper_:
Your mail server should have matching forward and inverse DNS:

asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com.

Set sendmail to listen on the public IP for which you have DNS configured.

Use 'masquerade' in your sendmail.mc (sendmail.cf) to put the public domain name in the outgoing mail.


-----  
asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com

Yes, the above is what is showing when you do a reverse lookup, and the ISP confirmed it.

I have not however set anything in sendmail.mc ... I will try that now.
0
 
LVL 25

Expert Comment

by:Ron M
ID: 24861417
I think Jesper is on to something there.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861475
in the sendmail.mc .. what is the "dnl" before each line?  is that commenting out the line or something that I should leave alone when setting the masquerade?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24861715
'dnl'  at the beginning of a line is a comment character
'dnl' at the end of the line is required.

So,

MASQUERADE_AS(`domain.com')dnl

is how it should read.  If you do not copy/paste, be sure that the first quote in front of the domain name is a back tick.  Change `domain.com' to your actual domain name.

make -C /etc/mail

service sendmail reload
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861927
is that the only line I need to modify?  There are more than a few masquerade lines ... Yahoo is now accepting after changing the MASQUERADE_AS(`domain.com')dnl , but comcast and a couple others are still rejecting..

the log is still showing localhost.localdomain.com

I check my sendmail.cf and "root" still showing as class E, and localhost as class "w" .. How can I get "mail.mydomain.com" to show as class E?  It is currently showing as class 'M' .. I think that would fix it, no?
0
 
LVL 4

Author Comment

by:jkockler
ID: 24861992
Now I am getting messages in the log about relay connection refused by 127.0.0.1 ???  Why is the local host refusing?  very odd.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862074
Well the connection refused is fixed, I had spaces in the sendmail.mc that was screwing it up .. .but root@localhost.com is still showing all over the logs...
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24862104
Your /etc/mail/access -- change 192.168.1 to the netblock of the server:

localhost.localdomain       RELAY
localhost                        RELAY
127.0.0.1                       RELAY
192.168.1                      RELAY

makemap hash access < access

And, have sendmail only listen on the 'public' IP -- changing 192.168.1.1 to the actual IP address:

DAEMON_OPTIONS(`Port=smtp,Addr=192.168.1.1, Name=MTA')dnl

make -C /etc/mail

service sendmail reload
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862146
Do i need to have sendmail listen on the public IP , if I am only sending mail from the local machine that it is on?  I am not looking to receive mail.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24862167
More sendmail.mc stuff:

FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24862206
Also,

Do you have root as an exposed user in your sendmail.mc/cf?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24862228
If you are sending email from a machine to another mail server, I would recommend it.

That way, the listening IP and DNS all match.
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862229
Also,

Do you have root as an exposed user in your sendmail.mc/cf?

--- i dont know ... where is that?  In the cf ,, I see root specified as class E ..
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862337
after I did the steps above,  I started to receive this message:

Jul 15 14:12:52 LINUX1 sendmail[1850]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Cannot assign requested address
Jul 15 14:12:52 LINUX1 sendmail[1850]: daemon MTA: problem creating SMTP socket
Jul 15 14:12:52 LINUX1 sendmail[1850]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting


I really dont think I need to make all those relay changes and the public IP change.. I think all I need is to get the "locahost" and root@localhost out of the logs.... The remaining servers that are rejecting, are referring to those lines... and root and local host are still appearing as E class in the sendmail.mc
0
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 500 total points
ID: 24862356
/etc/mail/sendmail.cf -> C{E}root
/etc/mail/sendmail.mc -> dnl in front of exposed user

Yes, this is why emails are leaving as 'root@localhost'
0
 
LVL 4

Author Comment

by:jkockler
ID: 24862464
Brilliant!!  Yes!!!

Samsung & Comcast are now accepting !!!!

This was the final nail "/etc/mail/sendmail.mc -> dnl in front of exposed user"

Thanks for all the hep jesper!
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 24862564
No problem.  Glad to hear that everything is working.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Suggested Solutions

Microsoft has released various new features which are capable of handling various tasks. One of these tasks is ‘Migration from pop3 to Exchange Server’. Pop3 data stores various data along mailboxes like contacts, tasks, etc. So, it becomes the need…
The purpose of this article is to demonstrate how we can use conditional statements using Python.
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now