Link to home
Start Free TrialLog in
Avatar of uknet80
uknet80

asked on

Google tried to deliver your message, but it was rejected by the server for the recipient

Dear expert,

My Linux sever doesn't send emails out, the error message I am getting from gmail is:

Google tried to deliver your message, but it was rejected by the server for the recipient domain outbounds10.obsmtp.com by outbounds10.obsmtp.com. [74.125.244.12].

After checking Linux maillog, I sofrom email is @localhost.localdomain.  before it was the machine name with the domain which was Linux.mydomain.com.  but it is changed to default.  see attachment.

How can I solve this please
maillog.txt
Avatar of John
John
Flag of Canada image

Do you have a Reverse Lookup for your server?  When you send mail, the recipient will often look back to see if you are alive and proper (Reverse Lookup). If it cannot find you, it considers the mail to be spam and does not deliver.

Ask your ISP to implement Reverse Lookup. They have to do it.

... Thinkpads_User
Avatar of uknet80
uknet80

ASKER

I have never had this before, that is for almost a year, and never had problem.
as I mentioned above.  something changed within the server.
"After checking Linux maillog, the @Linux.mydomain.com has changed to @localhost.localdomain.
First off... this is not the exact issue due to which your message was might rejected by google. .

Can you please paste the bounce back message or the mail headers from google so i can see and suggest something here...

To change this domain name you can simply configure MASQUERADE domain name in sendmail.

TY/SA
Avatar of uknet80

ASKER

please check the attachment, I am using SMTP Relay.  which authenticate a single user google account.

please ignore the log I sent previously and look at the attachment document.
maillog.txt
STARTTLS=client: file /etc/mail/certs/sendmail.pem unsafe: Group readable file

check the permission of this file must be 400


TY/SA
Avatar of uknet80

ASKER

the file wasn't even available, it is now
-rw-r--r-- 1 root root 2144 Jan 27 15:40 sendmail.pem

still having same issue.  check updated attachment
maillog.txt
Avatar of uknet80

ASKER

this was solved,

check this link:

http://alexcline.net/2011/03/22/fix-from-address-rootlocalhost-localdomain-in-sendmail/

the error message changed to

return to sender: Service unavailable


Jan 27 15:55:59 abc-koha sendmail[13636]: STARTTLS=client, relay=smtp.gmail.com, version=TLSv1/SSLv3, verify=OK, cipher=RC4-SHA, bits=128/128
Jan 27 15:56:00 abc-koha sendmail[13636]: s0RCtrao013634: to=<user1@abc.edu.iq>, delay=00:00:07, xdelay=00:00:07, mailer=relay, pri=120306, relay=smtp.gmail.com [74.125.25.108], dsn=5.0.0, [b]stat=Service unavailable[/b]
Jan 27 15:56:00 abc-koha sendmail[13636]: s0RCtrao013634: s0RCu0ao013636: DSN: Service unavailable
Jan 27 15:56:00 abc-koha sendmail[13636]: s0RCu0ao013636: to=<root@abc-koha.abc.local>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31532, relay=smtp.gmail.com, dsn=5.0.0, [b]stat=Service unavailable[/b]
Jan 27 15:56:00 abc-koha sendmail[13636]: s0RCu0ao013636: s0RCu0ap013636: return to sender: Service unavailable

Open in new window



?
but this will not cause any issue
either remove TLS or configure correct cacert.

TY/SA
Avatar of uknet80

ASKER

have a look at the log message for the latest error message I am getting
maillog.txt
telnet 74.125.244.12 25

HELO localhost

mail from:a@a.com
rcpt to:b@b.com


paste the output here from your linux machine pls

TY/SA
Avatar of Sudeep Sharma
>>>>telnet 74.125.244.12 25
It should be

telnet smtp.gmail.com 587

SMTP to gmail would not work on port 25.

Further don't mentioned the IP, it might change when you try to email at your time and location.

Also your logs suggests "DSN: Service unavailable" which means that your server is unable to reach smtp.gmail.com or even smtp.gmail.com is rejecting your server's public IP address.

Sudeep
Not abt google..... I was trying to see whether remote server accept the helo or not..
Well if you look at the question again you would realize that the user is actually using gmail as smarthost to send the emails out.
Secondly the IP that you have mentioned belongs to the Postini. Which would though offer the port 25, but user is actually not sending the emails directly to it. So checking whether it is accepting connection or not would not resolve the issue which user is facing.

Sudeep
Agree with what you say Genuis ;) .. i wanted to see whether user is getting any error msg while checking the connection without STARTTLS hence asked to check once.

And yes, he wanted to use SMART_RELAY FOR that i mentioned earlier to configure TLS properly.

TY/SA
Agree with you too AgarwalJI,

But what TLS has to do with the error which user was getting "Google tried to deliver your message, but it was rejected by the server for the recipient domain outbounds10.obsmtp.com by outbounds10.obsmtp.com."

It is simply because Postini is rejecting the emails from the User. Most likely user's email address. In this case what user is using for connecting to the gmail.com.

User must need to speak with the recipient of the mail as in Postini User's also have ability to have there own whitelist and black list of email addresses.

Thanks,
Sudeep
Avatar of uknet80

ASKER

because I am using SMTP relay, I assume there is no need to TLS, because through the relay I use gmail account to authenticate.  and I have other servers that uses SMTP relay without an issue.

her is the log of the command you sent me:
[root@library auth]# telnet smtp.gmail.com 587
Trying 74.125.129.108...
Connected to smtp.gmail.com (74.125.129.108).
Escape character is '^]'.
220 mx.google.com ESMTP qf7sm101559551pac.14 - gsmtp
HELO localhost
250 mx.google.com at your service
mail from:no-reply@abc.com
530 5.7.0 Must issue a STARTTLS command first. qf7sm101559551pac.14 - gsmtp
rcpt to:no-reply@abc.com
530 5.7.0 Must issue a STARTTLS command first. qf7sm101559551pac.14 - gsmtp

Open in new window

See google requires TLS authentication to be enabled to relay your mails.

250 mx.google.com at your service
mail from:no-reply@abc.com
530 5.7.0 Must issue a STARTTLS command first. qf7sm101559551pac.14 - gsmtp
rcpt to:no-reply@abc.com
530 5.7.0 Must issue a STARTTLS command first. qf7sm101559551pac.14 - gsmtp

TY/SA
Avatar of uknet80

ASKER

Even from the server that already work, after issuing that command, I get same message.

because I use SMTP relay I don't think TLS to be required
then remove use TLS from email client and use simple plain text auth to relay the mails.

TY/SA
Avatar of uknet80

ASKER

would you tell me how to do that, I don't have much experience with Sendmail.

I will provide you with the changes I have done under sendmail:

Following command added to sendmail.mc

FEATURE(`authinfo', `hash /etc/mail/auth/client-info.db')dnl
define(`SMART_HOST', `smtp.gmail.com')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`ESMTP_MAILER_ARGS', `TCP $h 587')dnl

define(`CERT_DIR', `/etc/mail/certs')dnl
define(`confCACERT_PATH', `CERT_DIR')dnl
define(`confCACERT', `CERT_DIR/ca-bundle.crt')dnl
define(`confCRL', `CERT_DIR/ca-bundle.crt')dnl
define(`confSERVER_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confSERVER_KEY', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_CERT', `CERT_DIR/sendmail.pem')dnl
define(`confCLIENT_KEY', `CERT_DIR/sendmail.pem')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Open in new window


under /etc/mail/auth/ path there is the authentication gmail username and password:
uthInfo:smtp.gmail.com "U:no-reply" "I:no-reply@abc.com" "P:XXXXXX" "M:PLAIN"
AuthInfo:smtp.gmail.com:587 "U:no-reply" "I:no-reply@abc.com" "XXXXXX" "M:PLAIN"

Open in new window


under /etc/mail/certs there is Generate SSL certificate


what do I need to change?
Avatar of uknet80

ASKER

any update on this please?
ASKER CERTIFIED SOLUTION
Avatar of Sandy
Sandy
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of uknet80

ASKER

Thanks for your support, the issue was permission on the files under /etc/mail/auth/,

chmod 600 filename

thanks