Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1381
  • Last Modified:

How do I configure DNS and qmail to send email on second ip / domain?

Hi all,

This is my first ever post. I hope you can help - I've been searching the web for days now.

I am having the problem that many of my emails from a simple local PHP mail() command are not being successfully received:

Remote host said: 550-Verification failed for <anonymous@localhost.localdomain>
550-Unrouteable address
550 Sender verify failed

When I run a SMTP test on MXToolbox, it says: Warning - Reverse DNS does not match SMTP Banner

I can verify that my host has set the reverse DNS and this is proven via a ptr lookup too.

The server situation - Plesk with qmail. Two IP address / two websites.

The second IP address (i.e. not the primary IP) is the one that I need to send emails from the website. I assume this may have something to do with it?

I have tried to set the TXT record of this domain to include ip4:IP-Address-of-first-ip.

I imagine, I'm missing something basic? I'm afraid my knowledge is fairly limited - hence being on here.

Any assistance would be very much appreciated.

Thank you,

D
0
djp120
Asked:
djp120
  • 5
  • 2
  • 2
1 Solution
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Firstly djp120, welcome to EE!

You have unwittingly asked two questions -- or rather, you unknowingly have two separate problems.

The latter may in fact be the easiest to repair -- asking QMail to use a specific IP address on outbound mail -- and in fact, QMail is probably more powerful than you'll need in this respect.

First, a little background so you'll understand a little of the why and how:
QMail was written in 1995 by a guy who thought UNIX's sendmail was an atrocity and an affront to all that UNIX hoped to be... and he was right. Still, the gifted systems programmer that he was, once he "solved" the e-mail server problem, he got bored and moved on to other things. As a result, the "latest" QMail (version 1.03) hasn't been upgraded or touched in many MANY years. What has changed is the number of 3rd-party "tweaks" and "add-ons" that work with QMail.

By far, the most common set of those "tweaks" became a single package called NetQMail -- the overall stability of NetQMail is similarly demonstrated by its version number -- 1.06 -- which dates to 2007.

The point of the above is that QMail is not a single program with a single company (or person) behind it. It's more like a Linux distribution -- a collaborative effort with nearly as many implementation choices as there are Linux versions. As a result, what I suggest below SHOULD work for you, as it is common for the appropriate patches to have been installed... BUT it is possible that they will not... it depends on how YOUR QMail was built.

The QMail configuration folder is usually located at /var/qmail/control, and there is a common QMail patch that supports an assignment of outgoing IP addresses on a per-domain-name basis. The file name (you'll need to create it) is outgoingips and the format of the file is a line-by-line declaration of domain:IP

So, if you have 3 domains, and 3 IP addresses (each domain assigned to an IP), your file contents would look like:

domain1.com:1.1.1.1
domain2.com:2.2.2.2
domain3.com:3.3.3.3

I will mention 1 thing here: CAVEAT EMPTOR -- getting "tricky" with IP addresses and domain names is mostly going to get your QMail configuration convoluted and difficult to administer -- especially if someone has to come in AFTER you leave! Consider that far fewer than 1% of Internet users ever check the mail headers to see what the "real" name of the MTA was on any given message. So what if all of domain2.com's and domain3.com's messages say they came from an MTA named "mail.domain1.com" -- virtually no-one will care!

OK -- now on to the FIRST problem -- your PHP script isn't using the mail() function properly (or your php.ini isn't setup properly). The QMail program is complaining about:
 1) there is no "sent from" address, so anonymous is assumed -- and it is invalid, so far as QMail is concerned, and
 2) the send-to address is not valid -- although it may simply be missing -- either way, QMail can't determine where it's going

Hopefully this'll get you through to the next questions!

Regards,

Dan
IT4SOHO
0
 
djp120Author Commented:
Hi Dan,

I think that may have done it - thank you! Essentially, I was hosting the site on another server, copied it to a new one and thought it would continue to work.

I have simply added '-f sales@mydomain.com' to the 5th parameter of mail function.

This started sending the email, but the next problem I just changed was the line feeds in the header, to change \r\n to just \n.

I have yet to add the outgoingips part - it works so tempted to leave it. - What do you think?

Thanks again (I now have another problem but will post that separately),

Dan
0
 
djp120Author Commented:
Superb and thorough answer - great stuff. It is very much appreciated!!
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
nociSoftware EngineerCommented:

Remote host said: 550-Verification failed for <anonymous@localhost.localdomain>
550-Unrouteable address
550 Sender verify failed

This tells you that the REMOTE host tried to verify the sender address by connecting to the node localhost.localdomain (ie. back to itself) and asking if the anonymous mailbox is a valid name.

If the remote server doesn't have an anonymous mailbox (username etc.) then the check will fail.
If sender verify is used then you need to specify a valid sender for the server involved.

If this is your server then you either need to disable send verification for mail though 127.0.0.1 (or all).
Or you need create an anonymous maildrop on your systems, so sender verify does work.
0
 
djp120Author Commented:
I do apologise, how do I disable send verification? It's an Ubuntu/Plesk server with qmail.

Thank you.
0
 
nociSoftware EngineerCommented:
qmail is mostly configured with control files, so if you can place a file in the qmail config (.../control/ ) directory you can control qmail.
(That depends on how plesk operates, i have no plesk knowledge).

You should be able to disable sender verification by inserting the hostname/ipaddresss in the rcpthosts control file.
(That would allow all from addresses from that system).
If restrictions on domains are used: (This assumes the qmail patch from http://www.fehcom.de/qmail/mav/README.mav is used.) you can enter lines in the mailfromrules control file.
0
 
djp120Author Commented:
Thanks noci,

It runs plesk, but I have access to edit such files. I've just ran:

cat /var/qmail/control/rcpthosts

and the domains are in there. No Ip addresses though. I imagine Plesk added these automatically on creation of the domain/email.
0
 
Daniel McAllisterPresident, IT4SOHO, LLCCommented:
Hmmmm... I guess remote depends on which log file you're looking at -- I was assuming we were looking at the PHP script's log file, not the local qmail-send logfile.

In the former case, I stand by my statement that there was simply no "from" address listed, and so chkuser stalled the message send process.

You CAN get around that by modifying the file /etc/tcprules.d/tcp.smtp -- and make an entry like:
127.0.0.1:allow,RELAYCLIENT="",SENDER_NOCHECK="1"

Which says that for messages sent from the localhost (127.0.0.1), you always allow relaying and you don't check for sender validity.
Of course, that's no guarantee the recipient MTA will accept your message -- I know that if you send a message from "anonymous@localhost.localdomain" to my mailserver (on a public IP address), you'll be marked as SPAM and deleted (no error message back -- just deleted).

But I thought djp120 said it was working now...

Dan
IT4SOHO

PS: If you make the above change, you'll need to recompile the tcprules (usually with a command like qmailcitl cdb)
0
 
djp120Author Commented:
It is working, I think i'll leave it alone know, but thank you all for your help...It is very much appreciated.

D
0

Featured Post

Lessons on Wi-Fi & Recommendations on KRACK

Simplicity and security can be a difficult  balance for any business to tackle. Join us on December 6th for a look at your company's biggest security gap. We will also address the most recent attack, "KRACK" and provide recommendations on how to secure your Wi-Fi network today!

  • 5
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now