Solved

How do I configure DNS and qmail to send email on second ip / domain?

Posted on 2011-02-27
9
1,269 Views
Last Modified: 2013-12-02
Hi all,

This is my first ever post. I hope you can help - I've been searching the web for days now.

I am having the problem that many of my emails from a simple local PHP mail() command are not being successfully received:

Remote host said: 550-Verification failed for <anonymous@localhost.localdomain>
550-Unrouteable address
550 Sender verify failed

When I run a SMTP test on MXToolbox, it says: Warning - Reverse DNS does not match SMTP Banner

I can verify that my host has set the reverse DNS and this is proven via a ptr lookup too.

The server situation - Plesk with qmail. Two IP address / two websites.

The second IP address (i.e. not the primary IP) is the one that I need to send emails from the website. I assume this may have something to do with it?

I have tried to set the TXT record of this domain to include ip4:IP-Address-of-first-ip.

I imagine, I'm missing something basic? I'm afraid my knowledge is fairly limited - hence being on here.

Any assistance would be very much appreciated.

Thank you,

D
0
Comment
Question by:djp120
  • 5
  • 2
  • 2
9 Comments
 
LVL 20

Accepted Solution

by:
Daniel McAllister earned 500 total points
ID: 34997859
Firstly djp120, welcome to EE!

You have unwittingly asked two questions -- or rather, you unknowingly have two separate problems.

The latter may in fact be the easiest to repair -- asking QMail to use a specific IP address on outbound mail -- and in fact, QMail is probably more powerful than you'll need in this respect.

First, a little background so you'll understand a little of the why and how:
QMail was written in 1995 by a guy who thought UNIX's sendmail was an atrocity and an affront to all that UNIX hoped to be... and he was right. Still, the gifted systems programmer that he was, once he "solved" the e-mail server problem, he got bored and moved on to other things. As a result, the "latest" QMail (version 1.03) hasn't been upgraded or touched in many MANY years. What has changed is the number of 3rd-party "tweaks" and "add-ons" that work with QMail.

By far, the most common set of those "tweaks" became a single package called NetQMail -- the overall stability of NetQMail is similarly demonstrated by its version number -- 1.06 -- which dates to 2007.

The point of the above is that QMail is not a single program with a single company (or person) behind it. It's more like a Linux distribution -- a collaborative effort with nearly as many implementation choices as there are Linux versions. As a result, what I suggest below SHOULD work for you, as it is common for the appropriate patches to have been installed... BUT it is possible that they will not... it depends on how YOUR QMail was built.

The QMail configuration folder is usually located at /var/qmail/control, and there is a common QMail patch that supports an assignment of outgoing IP addresses on a per-domain-name basis. The file name (you'll need to create it) is outgoingips and the format of the file is a line-by-line declaration of domain:IP

So, if you have 3 domains, and 3 IP addresses (each domain assigned to an IP), your file contents would look like:

domain1.com:1.1.1.1
domain2.com:2.2.2.2
domain3.com:3.3.3.3

I will mention 1 thing here: CAVEAT EMPTOR -- getting "tricky" with IP addresses and domain names is mostly going to get your QMail configuration convoluted and difficult to administer -- especially if someone has to come in AFTER you leave! Consider that far fewer than 1% of Internet users ever check the mail headers to see what the "real" name of the MTA was on any given message. So what if all of domain2.com's and domain3.com's messages say they came from an MTA named "mail.domain1.com" -- virtually no-one will care!

OK -- now on to the FIRST problem -- your PHP script isn't using the mail() function properly (or your php.ini isn't setup properly). The QMail program is complaining about:
 1) there is no "sent from" address, so anonymous is assumed -- and it is invalid, so far as QMail is concerned, and
 2) the send-to address is not valid -- although it may simply be missing -- either way, QMail can't determine where it's going

Hopefully this'll get you through to the next questions!

Regards,

Dan
IT4SOHO
0
 

Author Comment

by:djp120
ID: 34998083
Hi Dan,

I think that may have done it - thank you! Essentially, I was hosting the site on another server, copied it to a new one and thought it would continue to work.

I have simply added '-f sales@mydomain.com' to the 5th parameter of mail function.

This started sending the email, but the next problem I just changed was the line feeds in the header, to change \r\n to just \n.

I have yet to add the outgoingips part - it works so tempted to leave it. - What do you think?

Thanks again (I now have another problem but will post that separately),

Dan
0
 

Author Closing Comment

by:djp120
ID: 34998091
Superb and thorough answer - great stuff. It is very much appreciated!!
0
 
LVL 39

Expert Comment

by:noci
ID: 34998356

Remote host said: 550-Verification failed for <anonymous@localhost.localdomain>
550-Unrouteable address
550 Sender verify failed

This tells you that the REMOTE host tried to verify the sender address by connecting to the node localhost.localdomain (ie. back to itself) and asking if the anonymous mailbox is a valid name.

If the remote server doesn't have an anonymous mailbox (username etc.) then the check will fail.
If sender verify is used then you need to specify a valid sender for the server involved.

If this is your server then you either need to disable send verification for mail though 127.0.0.1 (or all).
Or you need create an anonymous maildrop on your systems, so sender verify does work.
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 

Author Comment

by:djp120
ID: 34998384
I do apologise, how do I disable send verification? It's an Ubuntu/Plesk server with qmail.

Thank you.
0
 
LVL 39

Expert Comment

by:noci
ID: 34998652
qmail is mostly configured with control files, so if you can place a file in the qmail config (.../control/ ) directory you can control qmail.
(That depends on how plesk operates, i have no plesk knowledge).

You should be able to disable sender verification by inserting the hostname/ipaddresss in the rcpthosts control file.
(That would allow all from addresses from that system).
If restrictions on domains are used: (This assumes the qmail patch from http://www.fehcom.de/qmail/mav/README.mav is used.) you can enter lines in the mailfromrules control file.
0
 

Author Comment

by:djp120
ID: 34998760
Thanks noci,

It runs plesk, but I have access to edit such files. I've just ran:

cat /var/qmail/control/rcpthosts

and the domains are in there. No Ip addresses though. I imagine Plesk added these automatically on creation of the domain/email.
0
 
LVL 20

Expert Comment

by:Daniel McAllister
ID: 34999406
Hmmmm... I guess remote depends on which log file you're looking at -- I was assuming we were looking at the PHP script's log file, not the local qmail-send logfile.

In the former case, I stand by my statement that there was simply no "from" address listed, and so chkuser stalled the message send process.

You CAN get around that by modifying the file /etc/tcprules.d/tcp.smtp -- and make an entry like:
127.0.0.1:allow,RELAYCLIENT="",SENDER_NOCHECK="1"

Which says that for messages sent from the localhost (127.0.0.1), you always allow relaying and you don't check for sender validity.
Of course, that's no guarantee the recipient MTA will accept your message -- I know that if you send a message from "anonymous@localhost.localdomain" to my mailserver (on a public IP address), you'll be marked as SPAM and deleted (no error message back -- just deleted).

But I thought djp120 said it was working now...

Dan
IT4SOHO

PS: If you make the above change, you'll need to recompile the tcprules (usually with a command like qmailcitl cdb)
0
 

Author Comment

by:djp120
ID: 34999441
It is working, I think i'll leave it alone know, but thank you all for your help...It is very much appreciated.

D
0

Featured Post

The problems with reply email signatures

Do you wish that you could place an email signature under a reply? Well, unfortunately, you can't. That great Exchange/Office 365 signature you've created will just appear at the bottom of an email chain. What a pain! Is there really no way to solve this? Well, there might be...

Join & Write a Comment

Suggested Solutions

Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
Resolve Outlook connectivity issues after moving mailbox to new Exchange 2016 server
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
The basic steps you have just learned will be implemented in this video. The basic steps are shown to configure an Exchange DAG in a live working Exchange Server Environment and manage the same (Exchange Server 2010 Software is used in a Windows Ser…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now