Solved

howto configure sendmail for local LAN mail delivery

Posted on 2013-06-02
5
493 Views
Last Modified: 2013-10-30
I have an office LAN with a linux server acting as the domain mail server for spam and virus filtering, and then forwarding messages to a Windows Exchange smart host for delivery to domain workstations. The Windows host is also the LAN DHCP server and DNS server.

The Linux host has 2 NICs, one connected to the local LAN and one connected to the Internet. The local LAN is a Windows domain: hprs.local. The public domain is ohprs.org. The Linux hostname is webserver. Therefore, it can be reached from the internet as webserver.ohprs.org and from the LAN as webserver.hprs.local.

This setup has all worked fine for some time.

The Problem: I have added another linux host to the LAN whose hostname is ohprsstorage. I want to set up its email to only send messages to webserver.hprs.local. That is, I don't want it to have to do any DNS lookups outside the hprs.local domain. It will never send email directly to the Internet and, in fact, will never receive any email.

Even though this seems like a simple idea, I've done something wrong. Delivery to the recipient takes 20 or so minutes, even hours. The sendmail.mc on ohprsstorage is:

     1  include(`../m4/cf.m4')
     2  VERSIONID(`default setup for Slackware Linux')dnl
     3  OSTYPE(`linux')dnl
     4  define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
     5  define(`SMART_HOST',`webserver')dnl
     6  define(`confTO_IDENT', `0')dnl
     7  FEATURE(`use_cw_file')dnl
     8  FEATURE(`use_ct_file')dnl
     9  FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
    10  FEATURE(`lookupdotdomain')dnl
    11  FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
    12  FEATURE(`always_add_domain')dnl
    13  FEATURE(`redirect')dnl
    14  EXPOSED_USER(`root')dnl
    15  LOCAL_DOMAIN(`localhost.localdomain')dnl
    16  MAILER(local)dnl
    17  MAILER(smtp)dnl
    18  MAILER(procmail)dnl

Open in new window


(I probably don't need lines 7-10) Doing nothing other than setting up the /etc/sendmail.cf on ohprsstorage and sending a message from root@ohprsstorage to mfoley@webserver gives me a relaying denied message on webserver; probably because it thinks it is being asked to relay to some strange host: webserver.hprs.local.

To attempt to fix this, I've tried adding the following line to the webserver host's /etc/mail/local-host-names:

webserver.hprs.local

This gives the following in /etc/log/maillog:

Jun  3 01:15:02 webserver sm-mta[26512]: r535F2QZ026512: from=<root@OHPRSstorage.hprs.local>, size=702, class=0, nrcpts=1, msgid=<201306030514.r535EtfY017338@OHPRSstorage.hprs.local>, proto=ESMTP, daemon=MTA, relay=ohprsstorage.hprs.local [192.168.0.50]
Jun  3 01:15:02 webserver sm-mta[26512]: r535F2QZ026512: Milter add: rcpt: allmail@webserver.ohprs.org
Jun  3 01:17:02 webserver sm-mta[26515]: r535F2QZ026512: timeout waiting for input from local during Draining Input
Jun  3 01:22:22 webserver sm-mta[26515]: r535F2QZ026512: to=<mfoley@webserver.hprs.local>, delay=00:07:20, xdelay=00:07:20, mailer=local, pri=60991, dsn=2.0.0, stat=Sent
Jun  3 01:22:22 webserver sm-mta[26515]: r535F2QZ026512: to=/var/spool/mail/allmail, ctladdr=allmail@webserver.ohprs.org (2/0), delay=00:07:20, xdelay=00:00:00, mailer=*file*, pri=60991, dsn=2.0.0, stat=Sent

Open in new window


The mail does get delivered, but as you can see there is a 7 minute delay from the time the message was sent until it was received in the user's mailbox, even though it is supposed to be delivering on the local LAN and the boxes are 10 feet apart! This was the most recent test. Many messages take 20 minutes or more and some have taken hours to deliver.

Some minutes after the above (and after local user delivery) I saw the following in the maillog:

Jun  3 01:26:21 webserver sm-mta[27423]: STARTTLS=server, relay=mail.ohprs.org [192.168.0.2], version=TLSv1/SSLv3, verify=FAIL, cipher=AES128-SHA, bits=128/128
Jun  3 01:26:21 webserver sm-mta[27423]: r535QL7e027423: from=<root@OHPRSstorage.hprs.local>, size=3292, class=0, nrcpts=1, msgid=<201306030510.r535A4qt017320@OHPRSstorage.hprs.local>, bodytype=7BIT, proto=ESMTP, daemon=MTA, relay=mail.ohprs.org [192.168.0.2]

Open in new window


I'm not 100% sure this is related, but I didn't send a subsequent message from ohprsstorage. This pair of messages appears to indicate that the from ohprsstorage message is being forwarded to webserver's smart host (182.168.0.2). Perhaps that has something to do with the delay?

The following are the headers for this message:

From root@OHPRSstorage.hprs.local  Mon Jun  3 01:15:02 2013
Return-Path: <root@OHPRSstorage.hprs.local>
Received: from OHPRSstorage.hprs.local (ohprsstorage.hprs.local [192.168.0.50])
        by webserver.ohprs.org (8.14.4/8.14.4) with ESMTP id r535F2QZ026512
        (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO)
        for <mfoley@webserver.hprs.local>; Mon, 3 Jun 2013 01:15:02 -0400
Received: from OHPRSstorage.hprs.local (localhost [127.0.0.1])
        by OHPRSstorage.hprs.local (8.14.4/8.14.4) with ESMTP id r535EtCm017339
        for <mfoley@webserver.hprs.local>; Mon, 3 Jun 2013 01:14:55 -0400
Received: (from root@localhost)
        by OHPRSstorage.hprs.local (8.14.4/8.14.4/Submit) id r535EtfY017338
        for mfoley@webserver; Mon, 3 Jun 2013 01:14:55 -0400
From: root@OHPRSstorage.hprs.local
Message-Id: <201306030514.r535EtfY017338@OHPRSstorage.hprs.local>
Date: Mon, 03 Jun 2013 01:14:55 -0400
To: mfoley@webserver.hprs.local
Subject: test E
User-Agent: Heirloom mailx 12.4 7/29/08
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

from ohprsstorage
1:14

Open in new window


As an added wrinkle, with the "webserver.hprs.local" line in /etc/local-host-names, mail from the Internet to user@webserver.ohprs.org doesn't get delivered. Adding "webserver.ohprs.org" to /etc/local-host-names doesn't help.

I'm very confused. I thought this would be simple. Can anyone tell me what I'm doing wrong?
0
Comment
Question by:jmarkfoley
  • 3
5 Comments
 
LVL 36

Assisted Solution

by:ArneLovius
ArneLovius earned 250 total points
Comment Utility
I'd usually use the full internal hostname of the the "smarthost" rather than the shortname

To remove DNS from the equation, by all means put an entry in /etc/hosts , but make sure that hosts is checked before DNS...
0
 
LVL 13

Assisted Solution

by:Sandy
Sandy earned 250 total points
Comment Utility
go to line no. 25 comment the line by putting dnl<space>#<space>

service sendmail restart

try sending local mail
0
 
LVL 1

Author Comment

by:jmarkfoley
Comment Utility
Sorry for the delay in response. I've had a few digital-nightmares to deal with in the meantime ...

Sandeep_Agarwal_:  > go to line no. 25 comment the line by putting dnl<space>#<space>

I know about commenting the .mc file, but I don't have a line 25 in my example. To which line are you referring?

ArneLovius: I've reconstructed my sendmail.mc file and DNS stuff as shown below. As I stated, I have a Windows SBS domain: hprs.local and the linux hosts use the domain controller mail.hprs.local aka 192.168.0.2 as the DHCP server. The domain controller is also the DNS server for the domain.

The linux host 'OHPRSstorage' only needs to deliver mail within the domain/LAN and sepcifically, to an account on the 'webserver' host. It is configured as a NAS device, so it doesn't even have to receive mail. This host does not have 'named' running and uses the domain controller to get the DHCP IP address. OHPRSstorage's sendmail.mc is now:

include(`../m4/cf.m4')
VERSIONID(`default setup for Slackware Linux')dnl
OSTYPE(`linux')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`SMART_HOST',`webserver.hprs.local')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Open in new window


ArneLovius, notice that the smart host is now the FQDN.

/etc/hosts is:
127.0.0.1               OHPRSstorage.hprs.local OHPRSstorage

/etc/HOSTNAME is:
OHPRSstorage.hprs.local

The linux host 'webserver' is the mail server for the domain, and the "smart host" to which OHPRSstorage forwards mail.

/etc/mail/local-host-names:
webserver.hprs.local
webserver.ohprs.org

/etc/mail/access:
ohprsstorage.hprs.local   RELAY

I don't know if these settings are all needed, but mail sent from root@OHPRSstorage to a local user on webserver does get delivered, but there is a big time-delay issue. In two recent tests I have a 9 minute and 43 minute delay respectively. Why? This is mail received for local delivery. It should be immediate. I must have something configured wrong. Why do I get the "timeout waiting for input from local during Draining Input" messages? That seems like the heart of the problem.

Example 1:

Jun 12 14:58:46 webserver sm-mta[27808]: STARTTLS=server, relay=ohprsstorage.hprs.local [192.168.0.47], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jun 12 14:58:46 webserver sm-mta[27808]: r5CIwkGF027808: from=<root@OHPRSstorage.hprs.local>, size=780, class=0, nrcpts=1, msgid=<201306121858.r5CIwjx0002989@OHPRSstorage.hprs.local>, proto=ESMTP, daemon=MTA, relay=ohprsstorage.hprs.local [192.168.0.47]
Jun 12 14:58:46 webserver sm-mta[27808]: r5CIwkGF027808: Milter add: rcpt: allmail@webserver.ohprs.org
Jun 12 15:00:46 webserver sm-mta[27811]: r5CIwkGF027808: timeout waiting for input from local during Draining Input
Jun 12 15:05:03 webserver sm-mta[29011]: r5CIwkGF027808: timeout waiting for input from local during Draining Input
Jun 12 15:08:14 webserver sm-mta[29011]: r5CIwkGF027808: to=<mfoley@webserver.hprs.local>, delay=00:09:28, xdelay=00:05:12, mailer=local, pri=151070, dsn=2.0.0, stat=Sent
Jun 12 15:08:14 webserver sm-mta[29011]: r5CIwkGF027808: to=/var/spool/mail/allmail, ctladdr=allmail@webserver.ohprs.org (2/0), delay=00:09:28, xdelay=00:00:00, mailer=*file*, pri=151070, dsn=2.0.0, stat=Sent

Open in new window


Example 2:

Jun 12 15:33:43 webserver sm-mta[4033]: STARTTLS=server, relay=ohprsstorage.hprs.local [192.168.0.47], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
Jun 12 15:33:44 webserver sm-mta[4033]: r5CJXhGQ004033: from=<root@OHPRSstorage.hprs.local>, size=738, class=0, nrcpts=1, msgid=<201306121933.r5CJXgp4003016@OHPRSstorage.hprs.local>, proto=ESMTP, daemon=MTA, relay=ohprsstorage.hprs.local [192.168.0.47]
Jun 12 15:33:44 webserver sm-mta[4033]: r5CJXhGQ004033: Milter add: rcpt: allmail@webserver.ohprs.org
Jun 12 15:35:44 webserver sm-mta[4036]: r5CJXhGQ004033: timeout waiting for input from local during Draining Input
Jun 12 15:39:08 webserver sm-mta[4935]: r5CJXhGQ004033: timeout waiting for input from local during Draining Input
Jun 12 15:44:35 webserver sm-mta[6074]: r5CJXhGQ004033: timeout waiting for input from local during Draining Input
Jun 12 16:16:43 webserver sm-mta[6074]: r5CJXhGQ004033: to=<mfoley@webserver.hprs.local>, delay=00:43:00, xdelay=00:34:08, mailer=local, pri=151028, dsn=2.0.0, stat=Sent
Jun 12 16:16:43 webserver sm-mta[6074]: r5CJXhGQ004033: to=/var/spool/mail/allmail, ctladdr=allmail@webserver.ohprs.org (2/0), delay=00:43:00, xdelay=00:00:00, mailer=*file*, pri=151028, dsn=2.0.0, stat=Sent

Open in new window

0
 
LVL 1

Accepted Solution

by:
jmarkfoley earned 0 total points
Comment Utility
Here's my solution:

I added an A record for webserver.ohprs.org = 192.168.0.3 to the SBS 2008 domain server. Then I added ohprsstorage to /etc/mail/access.db:

ohprsstorage.hprs.local RELAY
ohprsstorage RELAY

And, added the following line to /etc/mail/mailertable:

ohprsstorage.hprs.local         smtp:ohprsstorage.hprs.local

That seemed to do the trick.
0
 
LVL 1

Author Closing Comment

by:jmarkfoley
Comment Utility
I figured it out
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Workplace bullying has increased with the use of email and social media. Retain evidence of this with email archiving to protect your employees.
In this video we show how to create an Address List in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Organization >> Ad…
The video tutorial explains the basics of the Exchange server Database Availability groups. The components of this video include: 1. Automatic Failover 2. Failover Clustering 3. Active Manager

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now