RHEL4: Sendmail won't forward email

[nogden]

I am having trouble with sendmail. I'm using RedHat Enterprise ES. My server needs to be able to accept mail for ocsnetwork.net, marysapparel.com, and ogdenscomputers.com. I have never set up sendmail before so I configured it as best as I could based on tutorials on the internet. When I send email to an address that I have configured in sendmail, the email is received on my server fine. If I send an email from my server to an outside address, the email goes through fine but has my local Linux username instead of what I have configured in genericstable. For example, if I log in as root and send an email to nelsonogden(at)gmail.com, I receive the email on my Gmail account, but it appears to have come from root(at)ocsnetwork.net, not admin(at)ocsnetwork.net. This is my first issue, but not the most important.

My main problem is that any email sent to an address on my server that needs to be forwarded to an outside account, won't forward. I never get an error email from the sending account and also don't get any messages on my server. The email also never arrives at the destination account. For example, if I send an email to nogden(at)ocsnetwork.net, I expect it to be redirected to nelsonogden(at)gmail.com. The other two addresses in my virtusertable work fine, but they are not forwarding email to an outside address. My config files are posted below. To keep this post shorter, I removed any lines from my sendmail.mc that were commented out. What should I try next?

My sendmail.mc:

divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID',``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable')dnl
FEATURE(`genericstable',`hash -o /etc/mail/genericstable.db')dnl
FEATURE(`genericstable', `hash /etc/mail/genericstable')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(virtusertable)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`ocsnetwork.net')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

My access:

localhost.localdomain           RELAY
localhost                       RELAY
127.0.0.1                       RELAY
ocsnetwork.net                  RELAY
marysapparel.com                RELAY

My genericstable:

nogden          nogden@ocsnetwork.net
root            admin@ocsnetwork.net

My local-host-names:

ocsnetwork.net
marysapparel.com
ogdenscomputers.com

My virtusertable:

nogden@ocsnetwork.net           nelsonogden@gmail.com
admin@ocsnetwork.net            root
info@marysapparel.com           nelsonogden@gmail.com

This is the entry from maillog from an email sent to info(at)marysapparel.com that should have been redirected but I never received it!

error log:

Dec  2 17:49:43 localhost sendmail[16489]: lB2MnSDH016487: to=<info@marysapparel
.com>, delay=00:00:14, xdelay=00:00:14, mailer=esmtp, pri=121514, relay=gmail-sm
tp-in.l.google.com. [64.233.167.27], dsn=2.0.0, stat=Sent (OK 1196636137 x56si84
5677pyg)

Thanks for your assistance!

 

[RhythmAce]

Looking at your setup tells me that you are on your way to creating an open relay. In order to relay mail through your server would require no more than spoofing your local domains. Here is a copy of sendmail.mc with a couple of lines added. These lines will enable smtp authentication.

divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Copy and paste this over your sendmail.mc file. Now you need to create a new sendmail.cf by using the m4 macro compiler. Issue this command:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Now start saslauthd and have it start at bootup. Open your access file. There should be nothing in there but localhost, localhost.localdomain and 127.0.0.1. Noe issue this command to creat a new access.db:

makemap hash /etc/mail/access.db < /etc/mail/access

There is no need for a genericstable. Now nobody can sendmail through your server unless they have a user name and password on your system. If you have mail only users who do not have regular login shells, then assign their $Home directory to /dev/null and their shell to /sbin/nologin or /bib/false. This will prevent you having all these directories on your system that never get used and gives hackers that many less ways into your system. To setup your POP3 server, you don't have to do any more than start it at boot. RHEL should come with Dovecot installed. This is a great POP3/IMAP server and doesn't require any configuration. At this point you will setup your email client such as outlook the same way you would your isp email account. There should be a box on the smtp (outgoing) server page that says "this server requires authentication. Click on that box then click on the option that says "Use the same info as the POP3 server". That's it.

 

[nogden]

Thanks for the reply. I implemented the changes that you recommended. I'm still having trouble, though. Sendmail still won't forward outside mail to an outside address. Here is the error log after I restarted sendmail and tried to send an email that should have been forwarded:

Dec  3 10:16:13 localhost sendmail[18279]: alias database /etc/aliases rebuilt by nogden

Dec  3 10:16:13 localhost sendmail[18279]: /etc/aliases: 78 aliases, longest 10 bytes, 802 bytes total

Dec  3 10:16:13 localhost sendmail[18284]: starting daemon (8.13.1): SMTP+queueing@01:00:00

Dec  3 10:16:14 localhost sm-msp-queue[18292]: starting daemon (8.13.1): queueing@01:00:00

Dec  3 10:16:40 localhost sendmail[18297]: lB3FGdYR018297: from=<nelsonogden@gmail.com>, size=1532, class=0, nrcpts=1, msgid=<8270f1690712030722x201fb639x5d5211e64aa0d337@mail.gmail.com>, proto=ESMTP, daemon=MTA, relay=py-out-1112.google.com [64.233.166.177]

Dec  3 10:16:59 localhost sendmail[18299]: lB3FGdYR018297: to=<info@marysapparel.com>, delay=00:00:19, xdelay=00:00:19, mailer=esmtp, pri=121532, relay=gmail-smtp-in.l.google.com. [64.233.163.27], dsn=2.0.0, stat=Sent (OK 1196695381 19si15248nzp)

Dec  3 10:55:24 localhost sendmail[18335]: lB3FtN2o018334: forward /root/.forward.ocsnetwork: World writable directory

Dec  3 10:55:24 localhost sendmail[18335]: lB3FtN2o018334: forward /root/.forward: World writable directory

Regarding the world writable directory lines, I have created the .forward and .forward.ocsnetwork directories in /root and have tried different permissions but I still receive those errors. Does this help?

Thanks, Nelson