Re: [SLE] Re: AW: [suse-security] Why does sendmail deny relaying?

21 Jan 2001

      Hi John,

I tried the dot notation you mentioned. That's fixed it.
Thanks very much.  As for Postfix, I think you might be right :-)

regards
Garry

john wrote:
...
I've just had the same problem as you.   Upgraded from 6.3 to 7.0 and mail
relaying broke, despite having an unchanged relay-domains.  Having battled
with this for hours and out of a willingness to try ANYTHING I added my
internal domain to relay-domains in dot notation -- hey presto it worked.
Oh, I also commented out the Privacy line you mentioned to get rid of those
messages too ... why is the default behaviour of sendmail now to DNS lookup
every bloody system that mail comes in on?
This is the last straw .. I have disliked sendmail for some time now because
you have you reach sendmail-guru status before you can even start to fiddle
with anything that lives outside of rc.config ... time do dump [that]
garbage into the bit bucket and learn me some Postfix.
John
-----Original Message-----
From: garry@suse.com [mailto:garry@suse.com]On Behalf Of Garry Smith
Sent: 17 January 2001 14:19
To: suse-linux-e@suse.com
Cc: suse-linux-security@suse.com; garry.smith@computer.org
Subject: [SLE] Re: AW: [suse-security] Why does sendmail deny relaying?
Hi,
uname -a : Linux homer 2.2.16-SMP #1 SMP Wed Aug 2 20:01:21 GMT 2000
i686 unknown
sendmail version: starting daemon (8.10.2): SMTP+queueing@00:30:00
(from mail log)
I also have a problem with relaying in sendmail.
I would like machines from domain a, b and c to be able to use my mail
server (SuSE Linux 7.0 Pro) to send mails to any other domain.
Initially I inserted domains a, b,and c into /etc/mail/relay-domains.
This allowed me to pass on mails from remote clients to one of the
listed domains.
Sending a mail to a  domain not listed causes the following error to
appear in the sender's mail client:
An error occurred while sending mail
The mail server responded:
5.7.1 <Garry.Smith@computer.org>... Relaying denied. IP name lookup
failed [x.x.x.x] Please check the message recipients and try again.
My log mail log file shows:
Jan 17 12:40:08 homer sendmail[18328]: starting daemon (8.10.2):
SMTP+queueing@0
0:30:00
Jan 17 12:40:08 homer sendmail[18328]: daemon could not open control
socket /var
/run/sendmail.control: Group writable directory
Jan 17 12:41:23 homer sendmail[18347]: f0HCfML18347: ruleset=check_rcpt,
arg1=<G
arry.Smith@computer.org>, relay=[x.x.x.x], reject=550 5.7.1
<Garry.Smith@
computer.org>... Relaying denied. IP name lookup failed [x.x.x.x]
Jan 17 12:41:23 homer sendmail[18347]: f0HCfML18347:
from=<Garry.Smith@computer.
org>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA,
relay=[x.x.x.x]
I have since removed the entries for /etc/mail/relay-domains.
I have also commented out the sendmail.cf authentification warning entry
as described in one on the recent related mails on this.
# privacy flags
...
...
O PrivacyOptions=needmailhelo,novrfy,noexpn,noetrn,noverb
and restarted sendmail
I followed the instructions below and added domains A,B and C to
access.db ie:
a-sub-domain.a-domain ACCEPT
I then ran the Makefile and restarted sendmail.
I still get the relay error listed above.  The only way I can seem to
get round this is if I add domains A,B and C back into
/etc/mail/relay-domains file.
However, while I can then use my mail server to relay mail to those
domains, I cannot relay to other un-listed domains.
How can I specify that domains A,B and C are allowed to use my mail
server to relay messages to any other domain on the Internet?
I must be missing something fundamental here, but can't think what?
Many thanks in advance
regards
Garry
Roman Drahtmueller wrote:
...
...
If you put in access.db
212.121.144.197 ACCEPT
it will work.
Yes, and don't forget to hash the plaintextfile. Use the Makefile that
I've put in the attachment. Place it in /etc/mail, go there and type make.
Little gift from the 7.1 sendmail package...
...
Philipp
Thanks,
Roman.
--
 -                                                                      -
| Roman Drahtmüller      <draht@suse.de> //          "Caution: Cape does |
  SuSE GmbH - Security           Phone: //       not enable user to fly."
| Nürnberg, Germany     +49-911-740530 // (Batman Costume warning label) |
 -                                                                      -
------------------------------------------------------------------------
                  Name: Makefile
   Makefile       Type: Plain Text (TEXT/PLAIN)
              Encoding: BASE64
           Description: Makefile for /etc/mail
------------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, e-mail: suse-security-unsubscribe@suse.com
For additional commands, e-mail: suse-security-help@suse.com
--
To unsubscribe send e-mail to suse-linux-e-unsubscribe@suse.com
For additional commands send e-mail to suse-linux-e-help@suse.com
Also check the FAQ at http://www.suse.com/support/faq

Garry Smith

tags

participants (1)