Newsgroups: comp.mail.misc,comp.mail.sendmail Date: Fri, 31 Jan 2003 21:41:04 GMT
The Sendmail program is a very widely used Mail Transport Agent (MTA). MTAs send mail from one machine to another.
If you ever need to reconfigure Sendmail, you will also need to have the sendmail.cf package installed. If you need documentation on Sendmail, you can install the sendmail-doc package.
Newsgroups: comp.mail.misc,comp.mail.sendmail Date: Fri, 31 Jan 2003 21:41:04 GMT
This is a monthly FAQ posting regarding the mail server test site: http://www.email-test.com On this site you can perform the following tests.
x Open Relay Check if SMTP servers are open relay. x MX Lookup Lookup MX records for a domain. x Check Delivery Test delivery via SMTP to a POP account. x Host Bugs Display a list of known bugs with a SMTP or POP server. x Reverse Lookup Check reverse lookup and aliases for hosts. x SMTP Extensions Test for supported SMTP extensions.
This is a free service, use and enjoy :-)
Sponsored by http://surgemail.com
> This is a monthly FAQ posting regarding the mail server > test site: > http://www.email-test.com[] [...]
Initiating server query …
Looking up IP address for domain: www.email-test.com
The IP address for the domain is: 216.65.3.228
Connecting to the server on standard HTTP port: 80
The port is closed, so our connection attempt was refused.
Query complete.
Newsgroups: comp.mail.misc Date: Wed, 25 Feb 2004 16:06:53 +0000 (UTC)
> Where can I find explanations on how to define/delete mail aliases > for incoming emails. I.e., I want to define alias1, alias2, etc > all point to my own real email, and delete them afterward sometime > later.
man aliases man /etc/aliases
> I am thinking that it might be a good way to guard against some dubious sites > that insist my giving away my email address.
Perhaps, but you'll need more than a few aliases to effectively combat UCE.
Sahil Tandon
# # Aliases in this file will NOT be expanded in the header from # Mail, but WILL be visible over networks or from /bin/mail. # # >>>>>>>>>> The program "newaliases" must be run after # >> NOTE >> this file is updated for any changes to # >>>>>>>>>> show through to sendmail. # # Basic system aliases -- these MUST be present. mailer-daemon: postmaster postmaster: root # General redirections for pseudo accounts. bin: root [...] ingres: root system: root toor: root manager: root dumper: root abuse: root mailman: postmaster mailman-owner: mailman newsadm: news newsadmin: news usenet: news ftpadm: ftp [...] # Person who should get root's mail #root: marc
This file describes user ID aliases used by sendmail. The file resides as /etc/aliases and is formatted as a series of lines of the form
name: addr_1, addr_2, addr_3, . . .
This is only the raw data file; the actual aliasing information is placed into a binary format in the file /etc/aliases.db using the program newaliases(1). A newaliases command should be executed each time the aliases file is changed for the change to take effect.
http://www.linuxarkivet.se/mlists/debian-user/0201/msg00665.html
To: debian-user(a)lists.debian.org Date: Fri, 4 Jan 2002
> > And it _still_ generates the X-Authentication-Warning. I don't get it. > > Add this to /etc/mail/submit.mc and rebuild submit.cf (via make, or by > hand): > FEATURE(`use_ct_file')dnl # trusted users
Hm, I've got this line in my sendmail.mc which should do the same, no? I guess it's time that I post my sendmail.mc. Please don't flame me for it.
owie:~# dpkg -s sendmail | grep -i version Version: 8.12.1-2
divert(-1) # # This file is used to configure sendmail for use with Debian systems. # divert(0) define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/sendmail.cf/m4/cf.m4')dnl VERSIONID(`@(#)sendmail.mc 8.9.3-21 (Debian) 20000309') OSTYPE(`debian')dnl DOMAIN(`debian-mta')dnl define(`confSAFE_FILE_ENV', `/')dnl LOCAL_CONFIG define(`SMART_HOST', `SMTP:smtp.int.radiomaranon.org.pe')dnl MASQUERADE_AS(radiomaranon.org.pe)dnl FEATURE(masquerade_envelope)dnl FEATURE(always_add_domain)dnl Cwowie.int.radiomaranon.org.pe CGowie.int.radiomaranon.org.pe FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(`nouucp', `reject')dnl dnl define hosts we relay for FEATURE(`access_db')dnl dnl FEATURE(`genericstable', `hash -o /etc/mail/genericstable.db')dnl dnl FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl FEATURE(accept_unresolvable_domains) FEATURE(nocanonify)dnl define(`confSERVICE_SWITCH_FILE',/etc/mail/service.switch)dnl define(`confBIND_OPTS',`-AAONLY -DNSRCH -DEFNAMES')dnl dnl see 'man resolver' define(`confDONT_PROBE_INTERFACES', `True')dnl define(`SMTP_MAILER_FLAGS',`e')dnl define(`confTO_QUEUEWARN', `2d')dnl dnl define(`confDIAL_DELAY', `0')dnl define(`confCON_EXPENSIVE', `True')dnl define(`confPRIVACY_FLAGS', `needmailhelo,novrfy,noexpn,noreceipts,noverb')dnl MAILER_DEFINITIONS MAILER(local)dnl MAILER(smtp)dnl MAILER(procmail)dnl
divert(-1)dnl #----------------------------------------------------------------------------- # $Sendmail: ./submit.mc.in,v 8.12.0 2001/05/29 12:00:00 cowboy Exp $ # # Copyright (c) 2000-2001 Richard Nelson. All Rights Reserved. # # Generated automatically from submit.mc.in by configure. # # submit.mc prototype config file for building Sendmail 8.12.1 # # Note: the .in file supports 8.7.0 - 8.12.0, but the generated # file is customized to the version noted above. # # This file is used to configure Sendmail for use with Debian systems. # # If you modify this file, you will have to regenerate /etc/mail/submit.cf # by running this file through the m4 preprocessor via one of the following: # * `sendmailconfig` # * `make` # * `m4 /etc/mail/submit.mc > /etc/mail/submit.cf` # The first two options are preferred as they will also update other files # that depend upon the contents of this file. # # The best documentation for this .mc file is: # /usr/share/doc/sendmail-doc/cf.README.gz # #----------------------------------------------------------------------------- divert(0)dnl # # Copyright (c) 2000-2001 Richard Nelson. All Rights Reserved. # # This file is used to configure Sendmail for use with Debian systems. # define(`_USE_ETC_MAIL_')dnl include(`/usr/share/sendmail/sendmail.cf/m4/cf.m4')dnl VERSIONID(`$Id: submit.mc, v 8.12.1-2 2001-10-10 13:35:53 cowboy Exp $') OSTYPE(`debian')dnl DOMAIN(`debian-msp')dnl dnl # dnl #--------------------------------------------------------------------- dnl # Masquerading information, if needed, should go here dnl # You likely will not need this, as the MTA will do it dnl #--------------------------------------------------------------------- dnl MASQUERADE_AS()dnl dnl FEATURE(`masquerade_envelope')dnl dnl # dnl #--------------------------------------------------------------------- dnl # The real reason we're here: the FEATURE(msp) dnl #--------------------------------------------------------------------- FEATURE(`msp', `[127.0.0.1]', `MSA')dnl dnl # dnl #--------------------------------------------------------------------- dnl # Some minor cleanup from FEATURE(msp) dnl #--------------------------------------------------------------------- define(`confRUN_AS_USER', `mail')dnl define(`confTRUSTED_USER', `confRUN_AS_USER')dnl dnl # dnl #---------------------------------------------------------------------
Thanks, Andy.
Note: no respond.
> Hm, I've got this line in my sendmail.mc which should do the same, no?
No!!!
T
documented on: 2006.07.18
http://www.redhat.com/archives/psyche-list/2002-December/msg00573.html
To: "'psyche-list redhat com'" <psyche-list redhat com> Date: Sat, 7 Dec 2002 10:13:12 -0600
> I added a username to /etc/mail/trusted-users, next added > define(`confCT_FILE', `-o /etc/mail/trusted-users') to > sendmail.mc, then did m4 /etc/mail/sendmail.mc > > /etc/mail/sendmail.cf and restarted sendmail. > > Yet, if I send out an email with evolution 1.2 I still see in the > headers of the recipient's email the warning: > X-Authentication-Warning: > myhost: user set sender to some_other_email_address using -f
I don't think you need the above "define" if your .mc file already has FEATURE (use_ct_file)dnl
The use_ct_file feature will add the proper tags in your .cf file for the use of the trusted users file.
> In /etc/mail/sendmail.cf I see: > ##################### > # Trusted users # > ##################### > > # this is equivalent to setting class "t" > Ft-o /etc/mail/trusted-users > Troot > Tdaemon > Tuucp
If you add the use_ct_file feature as shown above, then the reulting sendmail.cf file will contain…
##################### # Trusted users # #####################
# this is equivalent to setting class "t" Ft/etc/mail/trusted-users Troot Tdaemon Tuucp
Note the difference in the trusted users line.
BTW: It's the -o thats incorrect. should be
define(`confCT_FILE', `/etc/mail/trusted-users')
Steve Cowles
I'm behind a gateway that is not up all the time. I setup my box using static local IP, so whenever the gateway is up, I'm ready to surf.
However, I notice that whenever the gateway is not up, my sendmail is extremely slow, a
date | /usr/sbin/sendmail -v $USER
takes over 40 seconds to deliver — about 30 seconds for these first two ling to show up:
tong... Connecting to localhost.localdomain. via relay... 220 localhost.localdomain ESMTP Sendmail 8.12.5/8.12.5; Fri, 14 Mar 2003 12:42:32 -0500
Further more,
date | /usr/sbin/sendmail -v -f sender@some.domain.org $USER
takes much more longer:
[...]
Tong
From faq:
http://www.sendmail.org/faq/faq.txt
Q3.12 — Why do connections to the SMTP port take such a long time?
set the IDENT timeout to zero:
-#O Timeout.ident=5s +O Timeout.ident=0
Tong
Newsgroups: comp.os.linux.misc Date: Thu, 6 Mar 2003 20:44:14 +0000 (UTC)
: Pardon me for lack of detail here but I just had a frantic : call from a customer who did the Redhat updates and sendmail : immediately stopped working.
: I sshed in quickly and immediately found that if I used : sendmail -C/etc/mail/sendmail.cf everything was fine.
: A quick ls -lut showed that sendmail by default was looking : at /etc/mail/submit.cf
: I quickly made a copy of that and then overwrote it with : his sendmail.cf and all was fine again.
: I'm off to Google to see if there is any reason he or I : should have expected that..
: But even if it is documented in 30 point type, someone else : will surely miss it as he did, so this post can't hurt..
And the explanation is: http://www.sendmail.org/~ca/email/doc8.12/SECURITY
I'm still not clear on just how one should write a proper mc for the submit.cf but I'll look into that later..
tony
> I'm still not clear on just how one should write a proper mc for the > submit.cf > but I'll look into that later.. >
The default submit.mc is supposed to work for almost everyone. My system has two ports, and has a different name for each port.
One is on the Internet and has one IP address. The other is on my LAN and has, of course, another IP address. By default, sendmail picks the wrong one, so I made my submit.mc look like this:
divert(-1) # # Copyright (c) 2001, 2002 Sendmail, Inc. and its suppliers. # All rights reserved. # # By using this file, you agree to the terms and conditions set # forth in the LICENSE file which can be found at the top level of # the sendmail distribution. # # # # This is the prototype file for a set-group-ID sm-msp sendmail that # acts as a initial mail submission program. # divert(0)dnl VERSIONID(`$Id: submit.mc,v 8.6.2.4 2002/12/29 03:54:34 ca Exp $') define(`confCF_VERSION', `Submit')dnl define(`__OSTYPE__',`')dnl dirty hack to keep proto.m4 from complaining define(`_USE_DECNET_SYNTAX_', `1')dnl support DECnet define(`confTIME_ZONE', `USE_TZ')dnl define(`confDONT_INIT_GROUPS', `True')dnl dnl dnl ADDED BY JDBEYER (31.8), (31.10.20) <---<<< define(`confDOMAIN_NAME', `my.internet.domain') <---<<< dnl dnl If you use IPv6 only, change [127.0.0.1] to [IPv6:::1] FEATURE(`msp', `[127.0.0.1]')dnl
As you can see, it does not take much. The file is quite simple.
Jean-David Beyer
: As you can see, it does not take much. The file is quite simple.
Yes, it is: but if you are used to sendmail running with one cf file, and haven't yet read about this new submit.cf, sendmail suddenly breaking is unexpected.
I haven't yet had the time to go back and see why this broke (it's an internal machine so I'm not particularly antsy about it), but it was quite a surprise to me :-)
I don't use sendmail a lot - most of my people run qmail (and actually so does this guy except for some internal machines) so I'm a bit behind on it. Not that I'm any great qmail guru either!
I don't like sendmail very much - not because of technical reasons; just that .mc/.cf stuff. More often than not, when I run into a sendmail issue, I find that somebody has added stuff to .cf manually, which means I can't use the .mc to add things without breaking things. And of course .mc files are only a little bit more comprehensible than raw .cf files to start with. Actually, in some ways they are LESS comprehensible: when someone has manually modified .cf, getting .mc to produce the desired output by reverse engineering is at least annoying.
That's the typical headache: I have something where I'd like to just add something to .mc and generate a new .cf. So I do so, but now a bunch of stuff doesn't work (because someone did the .cf manually or edited it) so it's line by line examination to see what they were trying to get done. It's not hard to lookup .mc stuff in the bat book, but the other way around is not so easy. I've got one of those going on now: we just wanted to add the genericstable feature, but it ended up with upgrades and confusion and I'm not sure we're all there even yet.
Oh well. Lesson learned: sendmail now uses two .cf files. Goody - two places to reverse engineer when somebody mucks with them :-)
tony
> I don't like sendmail very much - not because of technical reasons; > just that .mc/.cf stuff. More often than not, when I run into a > sendmail issue, I find that somebody has added stuff to .cf manually, > which means I can't use the .mc to add things without breaking > things.
I infer you are a consultant called in when someone has screwed up their system (at least some of the time). Because otherwise, you would either know what is in the .cf file and why it is there, or you would have put all your changes into the .mc file file in the first place. Other than the simplicity (relatively speaking) of the .mc file, I find it handy because a new release can change the .cf file in ways I do not understand and I have to rethink everything. But the stuff I put in my .mc file is a relatively minor change from the default one. So when I install a new version of sendmail, I can be pretty sure that making a new .cf file from the .mc one will get me pretty much what I need. Of course, I do read the READMEs and stuff first (at least skim them).
> And of course .mc files are only a little bit more comprehensible > than raw .cf files to start with. Actually, in some ways they are > LESS comprehensible: when someone has manually modified .cf, getting > .mc to produce the desired output by reverse engineering is at least > annoying.
The nearest I got to modifying a .cf file was when I was sending stuff (smart host) to my ISP's MTA (also sendmail, it happens). Well I have two machines on a LAN, and I did not want to bother sending up to my ISP and back, so I wanted some rules to notice when sending to my other machine and go direct through the LAN. Nowdays, there may be better ways to do this, but I found I could just stick:
dnl Allow hosts on LAN to skip smart host. (4.3.3.7) LOCAL_NET_CONFIG R$* < @ $* .$m. > $* $#smtp $@ $2.$m $: $1 < @ $2.$m > $3
into the .mc file to get the sendmail.cf to say this:
# figure out what should stay in our local mail system R$* < @ $* .$m. > $* $#smtp $@ $2.$m $: $1 < @ $2.$m > $3
With tricks like that, I no longer have had to diddle the .cf file directly, though my needs are modest. (BTW, I no longer need smart host, so I guess I could take this out.)
Jean-David Beyer
> I'm still having trouble with that guys files. I got submit.mc > to make a submit.cf now that works OK as long as the queue files are 777. > Setgid is correct on the sendmail binary, group ownerships etc on the > queues were correct, but it just is not working. Obviously I'm > missing something (not that I've had time to read everything carefully > yet of course).
[...]
There's really no need to change the default submit.{mc|cf} since it's only used when operating sendmail in a non-daemon mode from the localhost. If the customer's previous sendmail.cf file was from an 8.12.x then you don't even need to rebuild that. Just verify permissions on the installation as follows.
sendmail must be a set-group-ID (default group: smmsp, recommended gid: 25) program to allow for queueing mail in a group-writable directory. Two .cf files are required: sendmail.cf for the daemon and submit.cf for the submission program. The following permissions should be used: -r-xr-sr-x root smmsp ... /PATH/TO/sendmail drwxrwx--- smmsp smmsp ... /var/spool/clientmqueue drwx------ root wheel ... /var/spool/mqueue -r--r--r-- root wheel ... /etc/mail/sendmail.cf -r--r--r-- root wheel ... /etc/mail/submit.cf
Then start the daemon with a command such as:
/usr/sbin/sendmail -L sm-mta -bd -q15m
in the init script for a 15-minute queue flush daemon.
tony
Newsgroups: comp.mail.misc Date: Sun, 23 Mar 2003 23:37:48 GMT
I can see 45 mails in my local sendmail queue. All with error host map: lookup (nankai.edu.cn): deferred)
But when I do 'dig nankai.edu.cn' I get the result instantly. How can I tell sendmail to try again?
The closest command I found in man page is 'sendmail -q'. but that doesn't seems to be working… please help.
Sendmail will retry at intervals automatically. There may be a problem actually reaching the host though. Trying host -t MX nankai.edu.cn I see:
vgw.nankai.edu.cn nankai.edu.cn
Try telnet vgw.nankai.edu.cn 25… can you connect? If you can't, mail won't go. Also try the other one.
By the way, if you haven't dedicated yourself to sendmail yet maybe consider postfix as an alternative. I find it much easier to configure, and it doesn't have a major root vulnerability discovered every year. (In fact, it has an excellent security track record). If you have an old sendmail install, you're waiting to be rooted.
Jem Berkes
> But when I do 'dig nankai.edu.cn' I get the result instantly. How > can I tell sendmail to try again?
Does your system support IPv6?
sendmail -bt -d0.13 </dev/null | grep NETINET6
If it does, look for WorkAroundBrokenAAAA in doc/op/op.* and cf/README.
Claus ABmann
> I disabled the IPv6 on my system. But the sendmail can support it: > Do I still need that work around?
Yes.
> > If it does, look for WorkAroundBrokenAAAA in > > doc/op/op.* and cf/README.
> Is it available somewhere on the web? I looked into the rpm that > comes with RH8 -- doesn't have it.
http://www.sendmail.org/~ca/email/doc8.12/op.html
Claus ABmann
> The closest command I found in man page is 'sendmail -q'. but that > doesn't seems to be working... please help.
What is reported when you "push" the messages in verbose mode with DNS tracking turned on ?
sendmail -Am -v -d8.20 -qRnankai.edu.cn
Andrzej Filip
> > What is reported when you "push" the messages in verbose mode with > > DNS tracking turned on ? > > % sendmail -Am -v -d8.20 -qRcentercomp.com > > Running /var/spool/mqueue/h2P1mQV4009198 (sequence 1 of 1) > dns_getcanonname(yahoo.com, trymx=1) > dns_getcanonname: trying yahoo.com. (AAAA) > NO: errno=0, h_errno=4 > dns_getcanonname: trying yahoo.com. (A) > YES > dns_getcanonname: yahoo.com > dns_getcanonname(centercomp.com, trymx=1) > dns_getcanonname: trying centercomp.com. (AAAA) > NO: errno=110, h_errno=2 > centercomp.com: Name server timeout > <...@centercomp.com>... Transient parse error -- message queued for > future delivery > > What does the above mean (my from is set to yahoo)?
By default sendmail checks domain names in envelope ("MAIL FROM:", "RCPTO TO:") and headers in DNS. Sendmail tries to get AAAA records (IPv6) too. Some broken DNS servers give bad and missleading answers to queries about AAAA records.
Add WorkAroundBrokenAAAA to ResolverOptions in sendmail.cf.
The problem has been discussed a few times in news:comp.mail.sendmail - search the group archive http://www.polbox.com/a/anfi/sendmail/B4UAsk-Sendmail.html#OLD Searching old postings.
<quote file="RELEASE_NOTES"> New ResolverOptions setting: WorkAroundBrokenAAAA. When attempting to canonify a hostname, some broken nameservers will return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. If you want to excuse this behavior, use this new flag. Suggested by Chris Foote of SE Network Access and Mark Roth of the University of Illinois at Urbana-Champaign. </quote>
The ResolverOptions (I) option allows you to tweak name server options. The command line takes a series of flags as documented in resolver(3) (with the leading RES_ deleted). Each can be preceded by an optional + or - . For example, the line
O ResolverOptions=+AAONLY -DNSRCH
turns on the AAONLY (accept authoritative answers only) and turns off the DNSRCH (search the domain path) options. Most resolver libraries default DNSRCH, DEFNAMES, and RECURSE flags on and all others off. If NETINET6 is enabled, most libraries default to USE_INET6 as well. You can also include HasWildcardMX to specify that there is a wildcard MX record matching your domain; this turns off MX matching when canonifying names, which can lead to inappropriate canonifications. Use WorkAroundBrokenAAAA when faced with a broken nameserver that returns SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups during hostname canonification. Notice: it might be necessary to apply the same (or similar) options to submit.cf too.
ResolverOptions=options
Set resolver options. Values can be set using `flag and cleared using flag; the flags can be debug , aaonly , usevc , primary , igntc , recurse , defnames , stayopen , use_inet6 , or dnsrch . The string HasWildcardMX (without a ` or ) can be specified to turn off matching against MX records when doing name canonifications. The string WorkAroundBrokenAAAA (without a + or -) can be specified to work around some broken nameservers which return SERVFAIL (a temporary failure) on T_AAAA (IPv6) lookups. Notice: it might be necessary to apply the same (or similar) options to submit.cf too.
% sendmail -Am -v -d8.20 -qRnankai.edu.cn _res.options = 12c3, HasWildcardMX = 0
Running /var/spool/mqueue/h2P2UkV4009517 (sequence 1 of 1)
dns_getcanonname(yahoo.com, trymx=1)
dns_getcanonname: trying yahoo.com. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying yahoo.com. (A)
YES
dns_getcanonname: yahoo.com
dns_getcanonname(nankai.edu.cn, trymx=1)
dns_getcanonname: trying nankai.edu.cn. (AAAA)
NO: errno=110, h_errno=2
dns_getcanonname: trying nankai.edu.cn. (A)
YES
dns_getcanonname: nankai.edu.cn
getmxrr(nankai.edu.cn., droplocalhost=1)
<...@nankai.edu.cn>... Connecting to vgw.nankai.edu.cn. via esmtp...
220 ESMTP ready [64.231.230.149/unknown]
>>> EHLO localhost.localdomain
250-AUTH=LOGIN PLAIN
250-AUTH LOGIN PLAIN
250-PIPELINING
250 8BITMIME
>>> MAIL From:<suntong...
Newsgroups: comp.os.linux.help,comp.os.linux.questions,comp.os.linux.networking,comp.os.linux.misc,comp.os.linux.redhat Date: Mon, 24 Mar 2003 15:42:23 -0700
> >>> MAIL From:<jhaefner@bnr233.bnr.usu.edu> > 550 5.0.0 Access denied > /home/jhaefner/dead.letter... Saved message in /home/jhaefner/dead.letter > Closing connection to [127.0.0.1] > >>> QUIT > 221 2.0.0 closing connection > > Any ideas where the "Access denied" is coming from?
edit /etc/mail/sendmail.mc
comment out the line that reads:
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
then:
"m4 /etc/mail/sendmail.mc > /etc/sendmail.cf"
Do this as root.
jeff
Make sure these two lines are in your sendmail.cf
O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA O DaemonPortOptions=Port=smtp,Addr=<yourIP>, NAME=MTA
This will allow localhost delivery and the IP of the NIC card receiving connections. Once you update this in sendmail.cf run
/etc/init.d/sendmail restart
ken k
Newsgroups: comp.mail.sendmail Date: 2001-05-18 22:18:00 PST
I'm trying to figure out how to set up sendmail to be a simple (Redhat 7.1 Linux) mailserver for my home network (192.168.0.x), with the mailserver machine also being the firewall.
When I log into the mailserver machine, I can connection to the port 25 via "telnet localhost smtp" just fine, BUT anything else, such as "telnet public_ip smtp", where public_ip is the public IP address of the machine, always gets me a connection refused.
A "netstat -tl" gets me:
Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State ... tcp 0 0 coldresist.com:smtp *:* LISTEN ... You have new mail in /var/spool/mail/gerald
which suggests to me that something is listening, but somehow on only one IP address. What is the matter here? I'd appreciate it very much if someone can point me in the right direction.
I should probably make mention of the fact that I don't think it's my firewall, as even if I disable the firewall and allow everything through, I still get connection refused when trying to connect to the machine with anything other than "telnet localhost smtp". Sendmail just seems to be not listening on any other IP address. Can this be possible?
I would very much appreciate any help that anyone can give.
>"telnet localhost smtp" just fine, BUT anything else, such as "telnet >public_ip smtp", where public_ip is the public IP address of the machine, >always gets me a connection refused.
http://www.sendmail.org/faq/section5.html#5.3.3
Neil W Rickert
Date: December 4, 2002
Several vendors have changed the way that sendmail is run. They decided that most people need a client-only version of sendmail. So it is listening only on the localhost interface. Check the system documentation on how to change your .mc file. Here is a partial table of where some vendors ship their sendmail configuration hierarchy:
sendmail distribution ./cf
Solaris /usr/lib/mail
Red Hat 6.2 /usr/lib/sendmail-cf
Red Hat 7 /usr/share/sendmail-cf
Slackware 7.1 /usr/src/sendmail/cf
But you should check for yourself on your own system. When in doubt, do a find for "proto.m4", then go up the tree one level. When you find the .mc file, look for the string "DAEMON_OPTIONS" and for the comment lines near that string.
See also 5.3.1.3 for discussion about this problem as it relates specifically to Red Hat 7.1 and later.
Date: May 3, 2001 Updated: June 11, 2001 Updated: December 4, 2002
Red Hat, like some other vendors, changed the way that sendmail is run. (See 4.22 for a more general discussion of this problem.) They decided that most people need a client-only version of sendmail. So it is listening only on the localhost interface. Check the RH documentation on how to change that:
Make sure that you have installed the "sendmail-cf" package on your system — it should be on your install media.
Then check the file "sendmail.mc" (probably in "/etc/mail"). Look for the string "DAEMON_OPTIONS" and for the comment lines near that string.
Also note that Red Hat 7.1 and later build sendmail with tcpwrapper support, and provide a hosts.deny file that rejects all external mail. The sendmail:ALL addition to hosts.allow fixes this.
endmail-cf - The files needed to reconfigure Sendmail.
Without it:
% m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf /etc/mail/sendmail.mc:10: m4: Cannot open /usr/share/sendmail-cf/m4/cf.m4: No such file or directory
Tong
documented on: 2004.02.24 Tue
edit /etc/mail/sendmail.cf
comment out the DaemonPortOptions line as:
#O DaemonPortOptions=Port=smtp,Addr=127.0.0.1, Name=MTA
service sendmail restart
telnet localhost smtp
ifconfig
then
telnet my_public_ip smtp
In a remote system,
telnet my_public_ip smtp
The most important step is to ensure the Mail transfer services is properly defined in your domain's DNS.
dig my_public_ip MX
Tong
documented on: 2004.02.24 Tue
Newsgroups: comp.mail.misc Date: Wed, 25 Feb 2004 17:04:26 +0000 (UTC)
> Do I need to setup the DNS MX record in order to receive email?
In your case, no.
> Seems to me the DNS MX record is to refer to some other machines. I > just have a single RedHat Linux box, there is no other mail > servers I can refer to. When I set the DNS MX record to my own dns > name, I get "mail loops back" error:
http://www.brandonhutchinson.com/mail_loops_back_to_me.html
> Do I need to setup the DNS MX record in order to receive email? > > Seems to me the DNS MX record is to refer to some other machines. I > just have a single RedHat Linux box, there is no other mail > servers I can refer to. When I set the DNS MX record to my own dns > name, I get "mail loops back" error
You should have an MX record, but you can kludge by with an A record.
Regardless, you must configure your server to recognize its local domains, otherwise it will just go on looking for somewhere else to forward its mail.
Thor
> Oh, thanks, that solved the mystery problem. This is the first > time that I use no-ip.com to give my Linux a permanent DNS name. > Previously I set my host name to an arbitrary name. Now it's > working fine. > > Do my permanent DNS name and the host name I give to my box have > to agree on each other, in order to get the email?
Yes, set my host name and get the same error as before again.
Tong
> I fixed my DNS MX problem, and renamed my box to the FQDN solved > the problem. > > However, new problem occurs. My httpd won't start: > > ------------------- > [Fri Feb 27 09:06:06 2004] [alert] (22002)Name or service not known: mod_unique_id: unable to find IPv4 address of "myip.myhost.net" > Configuration Failed! > ------------------- > > And as the aftermath, the squid won't start either. > > Why don't I get the same error when using an arbitrary name > for my box? What is the real difference?
Oh, I changed host name via redhat-config-network, which apparently does not do all the necessary jobs.
The hostname in /etc/hosts was left unchanged by redhat-config-network.
Tong
Newsgroups: comp.mail.misc Date: Wed, 26 Feb 2003 18:27:55 -0800
> I have setup a smtp server to push outbound mail to our external relay. > I need to have all internal info removed from the headers. > Presently it is showing internal client name and ip. > How do i remove this? > Using sendmail 8.11 [...] > Received: from bm2.nasc.inter.net ([10.0.0.204]) > by app6.nasc.inter.net with esmtp (Exim 3.34 #1) > id 18o5ej-0007gH-00 > for test@recipient.net; Wed, 26 Feb 2003 12:47:45 -0500
with your excerpt above, you can understand the value of each of the several macros in use and choose your modified structure.
In 8.12.6 for instance, the structure is:
[$?sfrom $s $.$?_($?s$|from $.$_)
$.$?{auth_type}(authenticated)
$.by $j ($v/$Z)$?r with $r$. id $i$?u
for $u; $|; $.$b]
To make a long story short, you can hide the internals with a line in your *.mc file such as:
define(`confRECEIVED_HEADER', `internal info suppressed')dnl
but you would not want to use this on your MX machine of record to the outside world. Understand please that removing such information may make it difficult for you to debug internal problems later, and is an example of "security by obscurity" which simply doesn't work.
tony
http://www.redhat.com/archives/fedora-legacy-list/2006-March/msg00227.html
To: Discussion of the Fedora Legacy Project Date: Sun, 26 Mar 2006
> *** ERROR: FEATURE() should be before MAILER() > *** ERROR: FEATURE() should be before MAILER() > *** ERROR: FEATURE() should be before MAILER()
Yeah, I got that on a bunch of machines. Just updated my sendmail.mc to move the FEATURE macros up above the MAILER macros, as it suggests.
Michal Jaegermann
> > Yeah, I got that on a bunch of machines. Just updated my sendmail.mc > > to move the FEATURE macros up above the MAILER macros, as it suggests. > > > Checking my FEATURE macros in the sendmail.mc, all of them are above the > MAILER macros ie. the MAILER macros are the last two lines of the file.
Strange. Anytime I saw this error/warning, it was because I really did have FEATURE after MAILER… Used to be okay I guess, and now it isn't.
> No sure why it produced those errors.
Only reason I can think of it is was processing some other file than the one you are refering to…
Eric Rostetter
http://www.linuxforums.org/forum/debian-linux-help/29820-need-help-sendmail-8-13-4-1-a.html
I have problem with configuring sendmail 8.13.4-1 on debian woody. When I run " sendmailconfig " and after configuration, it gives with the following error
sendmail.cf sendmail.cf.errors server:/etc/mail# less sendmail.cf.errors *** ERROR: FEATURE() should be before MAILER() *** ERROR: FEATURE() should be before MAILER() *** ERROR: FEATURE() should be before MAILER() *** FEATURE(smrsh) must occur before MAILER(local) *** ERROR: MAILER(local) already included *** ERROR: MAILER(smtp) already included
I do not know why. I would appreciate for any help or tips to read sendmail configure from scratch in debian.
ko_thu 04-21-2005
This is a common problem with the Debian package of Sendmail, the error results from a badly formed sendmail.cf file generated by Debian's sendmailconfig script.
In sendmail's configuration files, a requirement is that local mailer programs such as procmail must be specified last after rulesets such as masquarading and so on.
I'm quite sure that Debian is aware of it. I don't see how they could miss something like that. However, it seems they have not fixed it as of yet. This is very odd because it is a long standing problem - over 1 year. Debian normally fixes such things quickly.
The best thing to do is either one of three things:
Complain to the Debian maintainer to fix it.
Rewrite the sendmailconfig script to fix this problem.
Install your own version of sendmail.
I chose 3 because I have a custom sendmail setup for one of the ISPs I do work for. You really dont even have to recompile sendmail - just replace the sendmail.cf file with one that is properly formatted.
If you are familiar with sendmail and m4, this isn't a big deal, but if you aren't it can be really scary.
If anyone needs help with this, just send me a note at via the board or to tj at kewlness.net.
Good luck, T.J. 2006-07-17
Just move the mailer definitions part in sendmail.mc after all FEATURE() definitions will do. Eg:
$ diff -wu1 /etc/mail/sendmail.mc~ /etc/mail/sendmail.mc --- /etc/mail/sendmail.mc~ 2006-07-17 18:02:25.000000000 +0200 +++ /etc/mail/sendmail.mc 2006-07-17 18:24:36.000000000 +0200 @@ -95,7 +95,2 @@ dnl # -dnl # Default Mailer setup -MAILER_DEFINITIONS -MAILER(`local')dnl -MAILER(`smtp')dnl - dnl # Masquerading options @@ -105,2 +100,7 @@ FEATURE(`masquerade_envelope')dnl +dnl # Default Mailer setup +MAILER_DEFINITIONS +MAILER(`local')dnl +MAILER(`smtp')dnl + include(`/etc/mail/tls/starttls.m4')dnl
T
documented on: 2006.07.17
This message is obsolete.
for authwarnings, do not disable it, since there is a better way doing it
for hiding local info, the attempt failed.
*References*: confRECEIVED_HEADER
Sendmail Installation and Operation Guide
http://www.cotse.com/Sendmail/op.html http://uwsg.ucs.indiana.edu/usail/mail/op/
Version 8.70, For Sendmail Version 8.7
maintained by the Sendmail Consortium
/etc/sendmail.cf
from
O PrivacyOptions=authwarnings
to
O PrivacyOptions=noexpn,novrfy,noreceipts,needmailhelo
PrivacyOptions=opt,opt,…
[p] Set the privacy options. ``Privacy'' is really a misnomer; many of these are just a way of insisting on stricter adherence to the SMTP protocol. The options can be selected from:
public Allow open access needmailhelo Insist on HELO or EHLO command before MAIL needexpnhelo Insist on HELO or EHLO command before EXPN noexpn Disallow EXPN entirely needvrfyhelo Insist on HELO or EHLO command before VRFY novrfy Disallow VRFY entirely restrictmailq Restrict mailq command restrictqrun Restrict -q command line flag noreceipts Don't return success DSNs goaway Disallow essentially all SMTP status queries authwarnings Put X-Authentication-Warning: headers in messages
The goaway pseudo-flag sets all flags except restrictmailq and restrictqrun. If mailq is restricted, only people in the same group as the queue directory can print the queue. If queue runs are restricted, only root and the owner of the queue directory can run the queue. Authentication Warnings add warnings about various conditions that may indicate attempts to spoof the mail system, such as using an non-standard queue directory.
PostmasterCopy=postmaster
[P] If set, copies of error messages will be sent to the named postmaster. Only the header of the failed message is sent. Since most errors are user problems, this is probably not a good idea on large sites, and arguably contains all sorts of privacy violations, but it seems to be popular with certain operating systems vendors. Defaults to no postmaster copies.