I've just had the same problem as you. Upgraded from 6.3 to 7.0 and mail relaying broke, despite having an unchanged relay-domains. Having battled with this for hours and out of a willingness to try ANYTHING I added my internal domain to relay-domains in dot notation -- hey presto it worked. Oh, I also commented out the Privacy line you mentioned to get rid of those messages too ... why is the default behaviour of sendmail now to DNS lookup every bloody system that mail comes in on? This is the last straw .. I have disliked sendmail for some time now because you have you reach sendmail-guru status before you can even start to fiddle with anything that lives outside of rc.config ... time do dump [that] garbage into the bit bucket and learn me some Postfix. John -----Original Message----- From: garry@suse.com [mailto:garry@suse.com]On Behalf Of Garry Smith Sent: 17 January 2001 14:19 To: suse-linux-e@suse.com Cc: suse-linux-security@suse.com; garry.smith@computer.org Subject: [SLE] Re: AW: [suse-security] Why does sendmail deny relaying? Hi, uname -a : Linux homer 2.2.16-SMP #1 SMP Wed Aug 2 20:01:21 GMT 2000 i686 unknown sendmail version: starting daemon (8.10.2): SMTP+queueing@00:30:00 (from mail log) I also have a problem with relaying in sendmail. I would like machines from domain a, b and c to be able to use my mail server (SuSE Linux 7.0 Pro) to send mails to any other domain. Initially I inserted domains a, b,and c into /etc/mail/relay-domains. This allowed me to pass on mails from remote clients to one of the listed domains. Sending a mail to a domain not listed causes the following error to appear in the sender's mail client: An error occurred while sending mail The mail server responded: 5.7.1 ... Relaying denied. IP name lookup failed [x.x.x.x] Please check the message recipients and try again. My log mail log file shows: Jan 17 12:40:08 homer sendmail[18328]: starting daemon (8.10.2): SMTP+queueing@0 0:30:00 Jan 17 12:40:08 homer sendmail[18328]: daemon could not open control socket /var /run/sendmail.control: Group writable directory Jan 17 12:41:23 homer sendmail[18347]: f0HCfML18347: ruleset=check_rcpt, arg1=, relay=[x.x.x.x], reject=550 5.7.1 ... Relaying denied. IP name lookup failed [x.x.x.x] Jan 17 12:41:23 homer sendmail[18347]: f0HCfML18347: from=, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[x.x.x.x] I have since removed the entries for /etc/mail/relay-domains. I have also commented out the sendmail.cf authentification warning entry as described in one on the recent related mails on this. # privacy flags

...

O PrivacyOptions=needmailhelo,novrfy,noexpn,noetrn,noverb

and restarted sendmail

I followed the instructions below and added domains A,B and C to access.db ie: a-sub-domain.a-domain ACCEPT I then ran the Makefile and restarted sendmail. I still get the relay error listed above. The only way I can seem to get round this is if I add domains A,B and C back into /etc/mail/relay-domains file. However, while I can then use my mail server to relay mail to those domains, I cannot relay to other un-listed domains. How can I specify that domains A,B and C are allowed to use my mail server to relay messages to any other domain on the Internet? I must be missing something fundamental here, but can't think what? Many thanks in advance regards Garry Roman Drahtmueller wrote:

...

If you put in access.db 212.121.144.197 ACCEPT

it will work.

Yes, and don't forget to hash the plaintextfile. Use the Makefile that I've put in the attachment. Place it in /etc/mail, go there and type make. Little gift from the 7.1 sendmail package...

...

Philipp

Thanks, Roman. -- - - | Roman Drahtmüller // "Caution: Cape does | SuSE GmbH - Security Phone: // not enable user to fly." | Nürnberg, Germany +49-911-740530 // (Batman Costume warning label) | - -

------------------------------------------------------------------------ Name: Makefile Makefile Type: Plain Text (TEXT/PLAIN) Encoding: BASE64 Description: Makefile for /etc/mail

------------------------------------------------------------------------ --------------------------------------------------------------------- To unsubscribe, e-mail: suse-security-unsubscribe@suse.com For additional commands, e-mail: suse-security-help@suse.com

-- To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com For additional commands send e-mail to suse-linux-e-help@suse.com Also check the FAQ at http://www.suse.com/support/faq