Sendmail

[kornbread]

I have a server that uses sendmail /etc/mail/sendmail.mc

I changed to the lookback IP and still get no relay denied on my outlook on the same network. Our gateway is 192.168.1.1
I use a local IP 192.168.1.3 which goes to 64.122.185.26
Also, I'm hosting a domain with that IP ?

Help?

 

[thedaver]

I don't DO sendmail, but you may want to consider posting any configuration files or log files that would help someone else diagnose your situation.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[RhythmAce]

Hosting a mail server and web server on the same ip is no problem since they use different ports. I'm having a problem with your question however. If you set sendmail to look at the loopback device, it will not look at eth0 for requests. That line in sendmail.mc that looks like this:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

needs to be commented out, or deleted altogether. If you ain't too hip on doing that, then just replace 127.0.0.1 with 192.168.1.3. Don't forget that any time you edit sendmail.mc, you need to rebuild the sendmail.cf file. This is done by calling the m4 macro compiler like this:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

you will also need to restart sendmail:

/etc/rc.d/init.d/sendmail restart

 

[kornbread]

divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl # make -C /etc/mail
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for Red Hat Linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `11')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST',`smtp.integra.net')
dnl #
define(`confDEF_USER_ID',``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl #
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH.
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl # cd /usr/share/ssl/certs; make sendmail.pem
dnl # Complete usage:
dnl # make -C /usr/share/ssl/certs usage
dnl #
dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept
dnl # incoming messages or process its message queues to 12.) sendmail refuses
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', 12)dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead
dnl # incurred due to forking new sendmail processes. May be useful against
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', 3)dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl #
dnl #
dnl #
dnl #
DAEMON_OPTIONS(`Port=25smtp,Addr=192.168.1.3, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=25smtp,Addr=0.0.0.0, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl #
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl #
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
dnl MASQUERADE_AS(`columbiabody.com')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
dnl FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @columbiabody.com, but @*.columbiabody.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(columbiabody.com)dnl
dnl MASQUERADE_DOMAIN(columbiabody.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

 

[RhythmAce]

Uncoment these two lines by deleting the 'dnl' in front of them.

dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

Then you need to have saslauthd start ab bootup. This sets up smtpauth on your server. The other way is to add domains or email addresses to access but this could create an open relay that spammers love to seek out and exploit. Once you have smtpauth setup, you need to configure your mail client (outlook) to send user name and password when sending mail through your server. Clicl on Tools>Accounts then hightlight the account you use for this server. Then click on Properties. Click the servers tab then down where it says "My server requires authentication, check the box then click the Settings button. Choose "Use same settings as my incoming mail server. Save everything and you should be all set. Nobody will be able to send mail through your server with out a username/password These are the same as you linux user accounts.

 

[kornbread]

Man, the more people I talk to I get the feeling sendmail
is dying MTA? Let's try Postfix!

 

[RhythmAce]

Who told you that? Liberals? If this is true, then why do all the other mail servers try to pretend to be sendmail? I don't think it will be going away soon. However, there are those who will never require all the power of sendmail so spending a lot of time trying to learn it will be a waste of time. For those who just need a simple server with modest needs, then postfix and qmail are very good servers.

 

[kornbread]

oh hell no! I've been using sendmail for years.
I use Red Hat ES 4. The current MTA I use is sendmail.
Did something change with the recent release?
My access file has the following:
127.0.0.1 RELAY
localhost RELAY
localhost.localdomain RELAY

my map to the WAN is 192.168.1.3 instead of the default loopaddress and changed that in the sendmail.mc file
I'm lost?

 

[thedaver]

OT:

RhythmAce:

For those who just need a simple server with modest needs, then postfix and qmail are very good servers.

We've known each other too long for me to accept your bait to defend qmail. However, your defense of sendmail is admirable. The International Society for the Preservation of the Telegraph will be calling you shortly to sign you up. They need your kind of dedication!

j.k.
D.

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[RhythmAce]

That's all that should be in your access file. It is assumed that the server will not spam itself. ;-) I may be misunderstanding your problem. What do you mean by "my map to WAN"? Sendmail only needs to know the ip of your network device (eth0). Your network however, needs to know the address of the gateway/router i.e. 192.168.1.1. The router is the only thing that needs to know the WAN ip address and address of the dns servers. Your /etc/resolv.conf should have the ip of your router. If it was working in the past, then these should already be set correctly. You mentioned a new release. If your system uses something like up2date, the sendmail.cf file may not be compatible. Look for a file called /etc/mail/sendmail.mc.rpm-new or similar. Then edit that and rebuild using m4. Sorry for all the confusion but I just thought that you were having a problem getting a new install to relay mail. Just as an aftor thought, any domains that will be using the server should be in /etc/mail/local-host-names.

 

[RhythmAce]

We've known each other too long for me to accept your bait to defend qmail. However, your defense of sendmail is admirable. The International Society for the Preservation of the Telegraph will be calling you shortly to sign you up. They need your kind of dedication!

As a staunch sendmail conservative and a defender of the Red Hat way of life, I cannot stand by and let the dark side shmooze my people into thinking there is a simpler easier way. You lure them with your bells and whistles and the next thing you know, they're taking their first real steps on the road to the depths of degradation. ;-)

 

[thedaver]

LOL!

D.E.R. Management - IT Project Management Consulting

http://www.dermanagement.com/

 

[kornbread]

Thanks for the posts I'll give this a try.