Issue with relay servers 1

[pvenkt14]

Hi,

I am new to sendmail. I am having a problem with relay on sendmail server.

The sendmail was configured on Redhat ES 4. And smtp and pop3 services are working fine. When the users are sending mails from office network (192.168.2.0 which is routed through WAN IP) they are able to send and recieve mails. But when the users are trying to sendmails from outside network they are not able to use smtp service.

But users are able to download mails from mailboxes.

I checked the /etc/mai/access file and it looks like

[root@localhost mail]# more access
# Check the /usr/share/doc/sendmail/README.cf file for a description
# of the format of this file. (search for access_db in that file)
# The /usr/share/doc/sendmail/README.cf is part of the sendmail-doc
# package.
#
# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
example4.com RELAY
example3.com RELAY
example2.com RELAY
example1.com RELAY
74.1.84.185 (static IP or WAN IP) RELAY
192.168.2 RELAY

I am seeing these kind of relay errors in maillog when i am trying to sendmails from outside network.

Nov 26 13:05:59 localhost sendmail[13351]: kAQJ5wEk013351: ruleset=check_rcpt, arg1=<pvenkat14@gmail.com>, relay=cpe-76-185-203-35.tx.res.rr.com [76.185.203.35], reject=550 5.7.1 <pvenkat14@gmail.com>... Relaying denied. Proper authentication required.
Nov 27 17:56:42 localhost sendmail[21439]: kARNufVd021439: from=<pvenkat14@gmail.com>, size=1349, class=0, nrcpts=1, msgid=<fd4450230611271616v68cf1d46n1a9a696906ed236@mail.gmail.com>, proto=ESMTP, daemon=MTA, relay=wr-out-0506.google.com [64.233.184.237]
Nov 27 17:57:02 localhost sendmail[21450]: kARNv2pO021450: ruleset=check_rcpt, arg1=<pvenkat14@gmail.com>, relay=pool-71-97-40-133.dfw.dsl-w.verizon.net [71.97.40.133], reject=550 5.7.1 <pvenkat14@gmail.com>... Relaying denied. Proper authentication required.

Please suggest me what i have to do to make sure users can be able to use smtp service from outside also.

And it would be appreciated if any body can send a good cookbook or documentation on sendmail configuration for beginers.

Thanks and Regards
Venkat

 

[RhythmAce]

First off, if you were my kid, I'd give you a good thump on the noggin. Relaying the way you are will set your server up as an open relay. All a spammer has to do is spoof a domain that you say is ok to relay. I will set you wise in a minute but for the time being I'll try to fill you in on what's happening. These errors are smtp errors. When you set a domain up for relaying, the server doesn't authenticate the mail. It checks to see if it is in the list of domains or addresses to relay and if there's a match, it sends the mail on. Two things can cause your mail to be rejected. Either the smtp server does see the domain in the list or your smtp server requires authentication. If it's not seeing your domain in the list it is because you have not built access.db. This is the actual file that sendmail reads. If you have not built the db file since editing access, then issue this command:

makemap hash /etc/mail/access.db < /etc/mail/access

Your paths may be different. This is my guess but the other reason could be the the smtp server requires authentication. If you are using smtpauth such as saslauthd, then you need to configure your mail client to send your user name and password. If you are using Outlook for example, click on Tools then Accounts. Highlight the accuont you use to connect to this server the click on Properties. Click on the Servers tab. Down at the bottom in the Outgoing Mail Server section, You will see a box that says This server requires authentication. Check that box. Then click on the settings button. Choose the option that say "Use same settings as incoming server". Outlook will now send authentication when accessing the smtp server. By default only pop3 server requires authenticaion. SMTP authentication is the way to go so if you would like to setup your server to use it, let me know and I will show you how it is done. It is very simple and should only take a few minutes.