Sendmail problems to certain domains & How can i watch Sendmail's negotiations in real time

I am using sendmail to relay voicemail messages from Asterisk.  I am currently only able to relay to gmail.com recipents.  

I have a PTR record setup to point to my static ip address, as mail.mydomain.com ...

I am not getting any bounced messages to the "serveremail" address I specify in Asterisk.  I have tested with sending to yahoo, comcast, and gmail, and so far only gmail recipients are getting the e-mails.  As I said before, I am not getting any bounce messages.

Sendmail is only used for outgonig messages, as all of my incoming messages are handled elsewhere, with MX records completely separate from anything to do with this IP address.

Any ideas?

And how can I watch what sendmail is doing in realtime?  I would like to see the responses it gets as it tries to relay to other mail servers.  



LVL 4
jkocklerAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Ron MalmsteadInformation Services ManagerCommented:
I know exactly what is happening....

You are using a "fake" domain name in the sender address....
Example... Your mail came from   Asterisk@somewhere.com  ...from the IP address 208.80.xxx.xxx   ....then Yahoo does a reverse lookup on "mail.somewhere.com"....  and it points to a different IP address...   Yahoo rejects the mail, because the sender is "masquerading" as someone else.

Now if there were a domain actually registered on the public IP address that you send your mail from, then a reverse lookup of mail.somwhere.com, would be correct...and your mail would be delivered.  G-mail may be more relaxed than some of the other mail servers you mentioned.

This is called reverse lookup, and most providers use it to filter the majority of spam....over half the spam on the internet comes from spambots that send e-mail for domains that sometimes don't even exist.

Configure the logging for sendmail.
http://docs.hp.com/en/B2355-90685/ch04s11.html#ceecefji
0
jkocklerAuthor Commented:
Good thought, but the IP address that I am sending from DOES have a reverse lookup of my sending domain.... I had my Internet provider put it in yesterday.  Google Apps hosts my incoming mail but their MX records in the DNS for my domain name should not be effecting it...

For example, if you do a reverse DNS lookup on the static IP address that Asterisk is sending from, it will match the domain name Asterisk is using in the "serveremail" field in voicemail.conf ..

Ping - a "my static IP"
returns ----- mail.mydomain.com

So there is something else going on here.  Possibly because my reverse zone or PTR record is showing "mail.mydomain.com" and not just  "mydomain.com"  ???

0
Ron MalmsteadInformation Services ManagerCommented:
....yes but externally.... what IP address is resolved from   mail.yourdomain.com   ?

0
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

jkocklerAuthor Commented:
My Static IP, the same one Asterisk is sitting behind.
0
Jan SpringerCommented:
What information does your log give you:

grep -i <example of destination> /var/log/maillog?
0
Ron MalmsteadInformation Services ManagerCommented:
If that's the case, then we definitely need to check the logs....
0
jkocklerAuthor Commented:
I am seeing a few errors in the logs.... Here is one that appears to be quite popular to the Samsung domain..

"Sender address rejected: MX or A record not found"


--- would I need an MX record if I am only sending, and what A record is it looking for?  I have an A record for mail.mydomain.com, as well as the reverse entry that points to the same.  
0
jkocklerAuthor Commented:
I am also seeing this one to comcast:

relay=mx1b.comcast.net. [76.96.62.116], dsn=5.0.0, stat=Service unavailable
Jul 14 21:33:08 LINUX1 sendmail[28633]: n6F1X7f0028631: n6F1X8f0028633: DSN: Service unavailable
0
Ron MalmsteadInformation Services ManagerCommented:
If you just recently added the Host and MX records, it might take a while to update in public dns servers.

The A record would be "Mail"...a host record.

To check your MX record..go here:  http://www.mxtoolbox.com/index.aspx
type mail.yourdomainname.com   hit enter...

0
jkocklerAuthor Commented:
And yahoo appears to be accepting the mail, but it never ends up in my Yahoo email box or spam folder... Here is the log that appears to be showing yahoo is accepting for delivery

Jul 15 12:39:29 LINUX1 sendmail[32128]: n6FGdTKF032128: to="Jim" <jkockler@yahoo.com>, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=37864, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n6FGdTw0032133 Message accepted for delivery)

Jul 15 12:39:41 LINUX1 sendmail[32138]: n6FGdTw0032133: to=<jkockler@yahoo.com>, ctladdr=<root@localhost.localdomain> (0/0), delay=00:00:12, xdelay=00:00:12, mailer=esmtp, pri=127997, relay=a.mx.mail.yahoo.com. [67.195.168.31], dsn=2.0.0, stat=Sent (ok dirdel)
0
jkocklerAuthor Commented:
xuserx,  The Mx records are setup through google because they host my incoming mail.  So when I go to the mxtoolbox , it shows the google MX records.   However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits.

I do not think the MX should be a factor because I am only sending not receiving.  
0
Ron MalmsteadInformation Services ManagerCommented:
root@localhost.localdomain  <<< is that what is actually being sent  as "sender" ??
0
Ron MalmsteadInformation Services ManagerCommented:
"However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits."

Where is that hosted ? Google ?... or internally ?
0
Jan SpringerCommented:
Your mail server should have matching forward and inverse DNS:

asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com.

Set sendmail to listen on the public IP for which you have DNS configured.

Use 'masquerade' in your sendmail.mc (sendmail.cf) to put the public domain name in the outgoing mail.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
jkocklerAuthor Commented:
root@localhost.localdomain  <<< is that what is actually being sent  as "sender" ??

--- How would I check??  

-- I have Asterisk set to send as "myemailaddress@mydomain.com" and when the messages arrive at my Gmail, they are NOT root@localhost.localdomain ... They are what I set it to in Asterisk, but I am thinking that sendmail has a spot somewhere that it needs to be changed as well, I think the Asterisk "serveremail" setting is more of a "reply to address" than an actual sender domain name....  
0
jkocklerAuthor Commented:
"However I do have an A record, and a reverse zone pointing mail.mydomain.com to my static IP address where Asterisk sits."

Where is that hosted ? Google ?... or internally ?


--- My A records, and MX records are hosted through Godaddy ...

-- My PTR or reverse DNS zones are hosted through Comcast, as the ISP servers are the ones that provide the reverse DNS to mail servers.
0
jkocklerAuthor Commented:
_jesper_:
Your mail server should have matching forward and inverse DNS:

asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com.

Set sendmail to listen on the public IP for which you have DNS configured.

Use 'masquerade' in your sendmail.mc (sendmail.cf) to put the public domain name in the outgoing mail.


-----  
asterisk.domain.com.        -> 192.168.1.1
1.1.168.192.in-addr.arpa. ->  asterisk.domain.com

Yes, the above is what is showing when you do a reverse lookup, and the ISP confirmed it.

I have not however set anything in sendmail.mc ... I will try that now.
0
Ron MalmsteadInformation Services ManagerCommented:
I think Jesper is on to something there.
0
jkocklerAuthor Commented:
in the sendmail.mc .. what is the "dnl" before each line?  is that commenting out the line or something that I should leave alone when setting the masquerade?
0
Jan SpringerCommented:
'dnl'  at the beginning of a line is a comment character
'dnl' at the end of the line is required.

So,

MASQUERADE_AS(`domain.com')dnl

is how it should read.  If you do not copy/paste, be sure that the first quote in front of the domain name is a back tick.  Change `domain.com' to your actual domain name.

make -C /etc/mail

service sendmail reload
0
jkocklerAuthor Commented:
is that the only line I need to modify?  There are more than a few masquerade lines ... Yahoo is now accepting after changing the MASQUERADE_AS(`domain.com')dnl , but comcast and a couple others are still rejecting..

the log is still showing localhost.localdomain.com

I check my sendmail.cf and "root" still showing as class E, and localhost as class "w" .. How can I get "mail.mydomain.com" to show as class E?  It is currently showing as class 'M' .. I think that would fix it, no?
0
jkocklerAuthor Commented:
Now I am getting messages in the log about relay connection refused by 127.0.0.1 ???  Why is the local host refusing?  very odd.
0
jkocklerAuthor Commented:
Well the connection refused is fixed, I had spaces in the sendmail.mc that was screwing it up .. .but root@localhost.com is still showing all over the logs...
0
Jan SpringerCommented:
Your /etc/mail/access -- change 192.168.1 to the netblock of the server:

localhost.localdomain       RELAY
localhost                        RELAY
127.0.0.1                       RELAY
192.168.1                      RELAY

makemap hash access < access

And, have sendmail only listen on the 'public' IP -- changing 192.168.1.1 to the actual IP address:

DAEMON_OPTIONS(`Port=smtp,Addr=192.168.1.1, Name=MTA')dnl

make -C /etc/mail

service sendmail reload
0
jkocklerAuthor Commented:
Do i need to have sendmail listen on the public IP , if I am only sending mail from the local machine that it is on?  I am not looking to receive mail.
0
Jan SpringerCommented:
More sendmail.mc stuff:

FEATURE(masquerade_envelope)dnl
FEATURE(masquerade_entire_domain)dnl
0
Jan SpringerCommented:
Also,

Do you have root as an exposed user in your sendmail.mc/cf?
0
Jan SpringerCommented:
If you are sending email from a machine to another mail server, I would recommend it.

That way, the listening IP and DNS all match.
0
jkocklerAuthor Commented:
Also,

Do you have root as an exposed user in your sendmail.mc/cf?

--- i dont know ... where is that?  In the cf ,, I see root specified as class E ..
0
jkocklerAuthor Commented:
after I did the steps above,  I started to receive this message:

Jul 15 14:12:52 LINUX1 sendmail[1850]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: cannot bind: Cannot assign requested address
Jul 15 14:12:52 LINUX1 sendmail[1850]: daemon MTA: problem creating SMTP socket
Jul 15 14:12:52 LINUX1 sendmail[1850]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon MTA: server SMTP socket wedged: exiting


I really dont think I need to make all those relay changes and the public IP change.. I think all I need is to get the "locahost" and root@localhost out of the logs.... The remaining servers that are rejecting, are referring to those lines... and root and local host are still appearing as E class in the sendmail.mc
0
Jan SpringerCommented:
/etc/mail/sendmail.cf -> C{E}root
/etc/mail/sendmail.mc -> dnl in front of exposed user

Yes, this is why emails are leaving as 'root@localhost'
0
jkocklerAuthor Commented:
Brilliant!!  Yes!!!

Samsung & Comcast are now accepting !!!!

This was the final nail "/etc/mail/sendmail.mc -> dnl in front of exposed user"

Thanks for all the hep jesper!
0
Jan SpringerCommented:
No problem.  Glad to hear that everything is working.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Email Servers

From novice to tech pro — start learning today.