sendmail configure problem

noir911 · 04-22-2006, 03:12 AM

I been trying to configure my sendmail. Looks like (from /var/log/maillog) the mail has been sent to the outside world BUT it gets queued in the mailq. And doesn't go outside. It is not a firewall problem as I tried stopping my firewall. However,

netstat -nl | grep 25 shows

Code:

tcp 0 0 172.16.20.45.25  172.16.20.1.3345 ESTABLISHED

172.16.20.1.3345 is my router/ gateway address. It should be LISTENING to *.* instead of "172.16.20.1.3345". Also, sometimes it shows nothing! However, a nmap scan on the local IP shows the port is open.

"ps auxwww | grep sendmail" shows sendmail is running and accepting connections.

My domain is hosted with Dyndns (non-paid) and dyndns wild-card is ON.
My "sendmail -d0.1" output is

Code:

short domain name = mydomain
canonical domain name = $w.dyndns.org
subdomain name = dyndns.org
node name = testbox (name of the local PC)

I have also configured access and relay-domains tables properly.

However, I sent a test mail to Google and in /var/log/messages I can see that it tries to relay using username@mydomain.dyndns.org with Stat=Sent. It then tries to relay using google's mailserver until it gives up trying. And the Status show Deferred. Should I relay using localhost?

Here's my MX part of BIND

Code:

                IN MX 5 testbox.mydomain.dyndns.org.
testbox         IN A    172.16.20.2
mail            IN CNAME testbox.mydomain.dyndns.org.

I can telnet to port 25 just fine from the local network. For example, telnet domain.dyndns.org 25 gives the banner.

Is this a problem with my Bind or sendmail or dyndns?!

Sendmail Version: 8.13.4
BIND Version: 9.3.1
OS: OpenBSD3.8

zaichik · 04-22-2006, 06:19 AM

Quote:

It then tries to relay using google's mailserver until it gives up trying.

It doesn't sound like any kind of DNS problem on your end; your mail server seems to have found the target mail server.

What message does it generate when it "gives up trying"? Is your ISP blocking port 25, as so many do these days? See if you can telnet successfully to port 25 on a remote host.

Otherwise, more verbosity from the mail logs would probably help.

noir911 · 04-22-2006, 06:41 AM

Ok, unblocking the ports on my ISP end has solved the problem. Thanks!

However, looks like sendmail need a bit more tweak. The outgoing mail's header shows the private IP address and says "maybe forged". Also it says "xxx.xxx.xxx.xxx (Public IP) neither permitted nor denied by best guess record for domain of user1@domain.dyndns.org).

Also..netstat doesn't show that it's listening on port 25. However, both nmap and "lsof -Pni | grep 25" confirms that it is!

Any kind of help on these would be much appreciated.

Thanks!

zaichik · 04-23-2006, 12:07 PM

I think I'd have a better shot at this if I saw the full Internet headers in context. Any chance you could post them, while changing the names to protect the innocent?

Quote:

"xxx.xxx.xxx.xxx (Public IP) neither permitted nor denied by best guess record for domain of user1@domain.dyndns.org"

That bit sounds like it was added by the remote SMTP server, because it was unable to locate an MX record for your domain. I could be wrong, but that is what "best guess record" sounds like to me.