Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to receive mails sent from any address to yugiohjcj@aaa.org in the yugiohjcj local mailbox (yugiohjcj@localhost).
So, I open the port 25/tcp (smtp) with iptables.
Then, I configure sendmail.
Then, I run sendmail.
$ tail -f /var/log/maillog
Mar 30 11:14:55 server sm-mta[2148]: x2UAEsvx002148: ruleset=check_rcpt, arg1=<yugiohjcj@aaa.org>, relay=smtp5-g21.free.fr [212.27.42.5], reject=550 5.7.1 <yugiohjcj@aaa.org>... Relaying denied
Mar 30 11:14:55 server sm-mta[2148]: x2UAEsvx002148: from=<yugiohjcj@bbb.org>, size=670, class=0, nrcpts=0, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=smtp5-g21.free.fr [212.27.42.5]
Is that mtp5-g21.free.fr [212.27.42.5] your sendmail server address?
Since emailing depends on dns, you must setup the MX record of the aaa.ord domain pointing to your server.
If you want to exchange emails just locally, you may add the 2 domains in /etc/mail/local-host-names and restart sendmail
Is that mtp5-g21.free.fr [212.27.42.5] your sendmail server address?
No, mtp5-g21.free.fr [212.27.42.5] is not my sendmail address.
This address depends on the From address used in the mail client.
Example: If I send an e-mail from yugiohjcj@ccc.org (instead of from yugiohjcj@bbb.org) to yugiohjcj@aaa.org, on the server side I can read in the log:
Code:
Mar 31 05:18:31 server sm-mta[4953]: x2V3IU2N004953: ruleset=check_rcpt, arg1=<yugiohjcj@aaa.org>, relay=sonic310-12.consmr.mail.ir2.yahoo.com [77.238.177.33], reject=550 5.7.1 <yugiohjcj@aaa.org>... Relaying denied
Mar 31 05:18:31 server sm-mta[4953]: x2V3IU2N004953: from=<yugiohjcj@ccc.org>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=sonic310-12.consmr.mail.ir2.yahoo.com [77.238.177.33]
Quote:
Originally Posted by bathory
Since emailing depends on dns, you must setup the MX record of the aaa.ord domain pointing to your server.
It was not done.
I am using a DNS service provided by Freenom [1].
I can add an MX record through their web page in "Services > My Domains > Manage Domain > Manage Freenom DNS > Modify Records".
There are 5 fields: Name, Type, TTL, Target and Priority.
If I try: Name: <empty>, Type: MX, TTL: 3600, Target: <the IP address of my server> and Priority: 10 I get the following error: "Error occured: Invalid value in dnsrecord".
If I try: Name: aaa.org, Type: MX, TTL: 3600, Target: <the IP address of my server> and Priority: 10 I get the following error: "Error occured: CNAME records should have a name set!".
So, it seems that I can't do it.
Quote:
Originally Posted by bathory
If you want to exchange emails just locally, you may add the 2 domains in /etc/mail/local-host-names and restart sendmail
There are 5 fields: Name, Type, TTL, Target and Priority.
If I try: Name: <empty>, Type: MX, TTL: 3600, Target: <the IP address of my server> and Priority: 10 I get the following error: "Error occured: Invalid value in dnsrecord".
If I try: Name: aaa.org, Type: MX, TTL: 3600, Target: <the IP address of my server> and Priority: 10 I get the following error: "Error occured: CNAME records should have a name set!".
So, it seems that I can't do it.
The MX record haves the following format:
Code:
aaa.org. MX 10 mailserver.aaa.org.
so you need the FQDN (e.g. mailserver.aaa.org) of your mailserver, not its IP address. But of course the FQDN must resolve to the IP of your server.
so you need the FQDN (e.g. mailserver.aaa.org) of your mailserver, not its IP address. But of course the FQDN must resolve to the IP of your server.
OK, but I think that the web interface of Freenom is not working correctly.
So, I decided to host my own DNS server on my machine so I can configure it easily through the zone file.
I added an MX record.
Here is a part of my zone file:
Code:
$TTL 86400
@ IN SOA ns1.aaa.org. root.aaa.org. (
20190401
28800
14400
3600000
86400
)
IN NS ns1
IN NS ns2
IN NS ns1.aaa.org.
IN NS ns2.aaa.org.
IN MX 10 mail.aaa.org.
mail IN A <the IP address of my server>
ns1 IN A <the IP address of my server>
ns2 IN A <the IP address of my server>
aaa.org. IN A <the IP address of my server>
But even with this configuration, I have the same problem:
Huh? Isn't aaa.org your domain?
The MX stuff above is needed in order to receive mail for aaa.org!
Well, aaa.org is my domain (the one I claimed to Freenom) but it is not what I call my "local" domain (but maybe I am not using the correct words).
I have something that I call the "local" domain corresponding to the machines on my network interface "eth1" 192.168.0.0/24 (it is the private IP address).
I have something that I call the "remote" domain corresponding to the machines on my network interface "eth0" <the IP address of my server>/24 (it is the public IP address).
Well, aaa.org is my domain (the one I claimed to Freenom) but it is not what I call my "local" domain (but maybe I am not using the correct words).
I have something that I call the "local" domain corresponding to the machines on my network interface "eth1" 192.168.0.0/24 (it is the private IP address).
I have something that I call the "remote" domain corresponding to the machines on my network interface "eth0" <the IP address of my server>/24 (it is the public IP address).
I don't get what you mean by that. Is your domain a real one, or one made up?
If I send an email to yugiohjcj@aaa.org, is it going to hit your server?
What do you get if you check your domain here.
I don't get what you mean by that. Is your domain a real one, or one made up?
If I send an email to yugiohjcj@aaa.org, is it going to hit your server?
What do you get if you check your domain here.
bathory: aaa.org is the domain of the Amateur Astronomers Association of New York. It is registered with GoDaddy and its authoritative name servers are at domaincontrol.com. All of its mx records point to google.
YuGiOhJCJ: We certainly understand why you'd want to obfuscate your domain name, but you need to tell us that's what you're doing. The advice given will be different.
If aaa.org is, in fact, your real domain name, then understand that you can't just start up and use a new name server for it...changes must be made at the authoritative name server for the domain.
bathory: The errors look to me like the OP is attempting to deliver the email to the remote servers directly from his server rather than via smtp. I don't speak sendmail, but the "relay not allowed" errors appear to be from free.fr and yahoo.com. Maybe?
YuGiOhJCJ: Please use the site bathory linked to, or whois, to determine the authoritative name server for your actual domain name, then confirm here that that's where you've made the changes. It would be most unusual for the authoritative name servers for your domain to be on your server.
bathory: aaa.org is the domain of the Amateur Astronomers Association of New York. It is registered with GoDaddy and its authoritative name servers are at domaincontrol.com. All of its mx records point to google.
I didn't know there was actually a real aaa.org domain, but anyway I'm sure it was used by OP in order to hide the actual domain (he /she also used bbb.org and ccc.org)
Quote:
bathory: The errors look to me like the OP is attempting to deliver the email to the remote servers directly from his server rather than via smtp. I don't speak sendmail, but the "relay not allowed" errors appear to be from free.fr and yahoo.com. Maybe?
These errors mean that there is email sent from free.fr and yahoo.com to yugiohjcj@aaa.org that is rejected by his/her mailserver, because it's not the MX record of the "aaa.org" domain.
I didn't know there was actually a real aaa.org domain, but anyway I'm sure it was used by OP in order to hide the actual domain (he /she also used bbb.org and ccc.org)
That's what I think, too. My point, to the OP, is that they can't just make up a name server for their domain; they need to use the name server of the domain (the authoritative name server). I know that you know that. So, if they're not going to share the real domain name, they need to at least confirm to us that they are modifying the authoritative name server.
Quote:
Originally Posted by bathory
These errors mean that there is email sent from free.fr and yahoo.com to yugiohjcj@aaa.org that is rejected by his/her mailserver, because it's not the MX record of the "aaa.org" domain.
You are without a doubt the go-to person for this stuff, in my opinion...and I agree.
I got confused by the myriad obfuscations. They do say they're sending To: their domain. My mistake.
I don't get what you mean by that. Is your domain a real one, or one made up?
If I send an email to yugiohjcj@aaa.org, is it going to hit your server?
What do you get if you check your domain here.
If you send an email to yugiohjcj@aaa.org, I will not receive the email because in this forum thread I replaced with "aaa.org" the real domain I claimed to my domain provider (Freenom).
But if you replace "aaa.org" with the real one, yes I will receive it.
I continue to use "aaa.org" here in this forum thead instead of the real one but of course when I test, I use the real one.
For warnings, here is the list:
- Different subnets, WARNING: Not all of your nameservers are in different subnets
- Different autonomous systems, WARNING: Single point of failure
- SOA RETRY, Your SOA RETRY value is: 14400. That is NOT OK
- SOA EXPIRE, Your SOA EXPIRE number is: 3600000. That is NOT OK
For errors, here is the list:
- ERROR: I could not get any A records for www.aaa.org!
But I guess that the most important is the MX category: Everything is "pass" or "info".
- "Your MX records that were reported by your nameservers are: 10 mail.aaa.org <the public IP address of my server>"
Just to try to clarify what I said about "local" domain and "remote" domain, I mean that I already had a private domain that I never claimed to my domain provider.
This private domain was just used locally in my private network to give a name to the machines on my local network.
I run a DNS server since many years but it is only a private service running on the local network interface (the one with the private IP address).
Now, I claimed a domain "aaa.org" to my domain provider and my DNS server is available on the remote network interface (the one with the public IP address).
So, I am using this new "aaa.org" domain for "remote" access to my server but I am still using the old domain for "local" access to my server.
Maybe you will understand better what I mean if I provide this configuration file:
Code:
$ cat /etc/named.conf
// /etc/named.conf
// Options
options {
// Bind directory
directory "/var/named";
forward first;
forwarders {
// ISP DNS
//212.27.40.240;
//212.27.40.241;
// Google DNS
// 8.8.8.8;
// OpenNIC DNS
193.183.98.66;
};
};
// Zones
zone "." IN {
type hint;
file "named.ca";
};
zone "lll.org" IN {
type master;
file "lll.org/lll.org.zone";
allow-update { none; };
};
zone "0.168.192.in-addr.arpa" IN {
type master;
file "lll.org/lll.org-rev.zone";
allow-update { none; };
};
zone "aaa.org" IN {
type master;
file "aaa.org/aaa.org.zone";
allow-update { none; };
};
Anyway, I still have a "Relaying denied" error message in the sendmail log when I send an email to yugiohjcj@aaa.org.
I would like to accept it and receive it in my local mailbox yugiohjcj@localhost.
Just to try to clarify what I said about "local" domain and "remote" domain, I mean that I already had a private domain that I never claimed to my domain provider.
This private domain was just used locally in my private network to give a name to the machines on my local network.
I run a DNS server since many years but it is only a private service running on the local network interface (the one with the private IP address).
Now, I claimed a domain "aaa.org" to my domain provider and my DNS server is available on the remote network interface (the one with the public IP address).
So, I am using this new "aaa.org" domain for "remote" access to my server but I am still using the old domain for "local" access to my server.
Maybe you will understand better what I mean if I provide this configuration file:
<-snip->
Anyway, I still have a "Relaying denied" error message in the sendmail log when I send an email to yugiohjcj@aaa.org.
I would like to accept it and receive it in my local mailbox yugiohjcj@localhost.
I cannot get exactly what you mean in the lines above, but I guess that you want to send emails inside your LAN to e.g. yugiohjcj@aaa.org where yugiohjcj@aaa.org is the user yugiohjcj in the local box.
If that's the case, then you need to add a MX RR in the dns you're running locally pointing to your box and of course make sure that other hosts in your LAN are using this same dns as a resolver.
I cannot get exactly what you mean in the lines above, but I guess that you want to send emails inside your LAN to e.g. yugiohjcj@aaa.org where yugiohjcj@aaa.org is the user yugiohjcj in the local box.
If that's the case, then you need to add a MX RR in the dns you're running locally pointing to your box and of course make sure that other hosts in your LAN are using this same dns as a resolver.
No, I just want to send e-mail from addresses like john.doe@aol.com or john.doe@yahoo.com to yugiohjcj@aaa.org.
The domain aaa.org is a domain that I got on Freenom.
But when I check the logs on my sendmail server, I see "Relaying denied".
Of course, I want to receive the mail somewhere to be able to read it, so I think that a simple solution is to receive it in yugiohjcj@localhost (the mailbox of the user yugiohjcj) on the server itself.
If it works, I will then try to receive it at a better address than yugiohjcj@localhost (because I don't want to connect through SSH to my server to check my mails by running the Mutt program).
Going to try this again:
When you input your domain into https://intodns.com/ Does "Nameserver records returned by the parent servers are:" return the IP address of your server?
No, I just want to send e-mail from addresses like john.doe@aol.com or john.doe@yahoo.com to yugiohjcj@aaa.org.
The domain aaa.org is a domain that I got on Freenom.
But when I check the logs on my sendmail server, I see "Relaying denied".
So to make it clear:
When you send an email from e.g. john.doe@aol.com to yugiohjcj@aaa.org (a user at your real domain), it arrives to your server and it responds with a "Relaying denied".
In this case, you should follow the advise in my 1st answer to your thread, put your domain name in the file /etc/mail/local-host-names and restart sendmail.
Running the following command should tell you if the user is local, or not:
Going to try this again:
When you input your domain into https://intodns.com/ Does "Nameserver records returned by the parent servers are:" return the IP address of your server?
Yes, its public IP address.
Quote:
Originally Posted by bathory
In this case, you should follow the advise in my 1st answer to your thread, put your domain name in the file /etc/mail/local-host-names and restart sendmail.
OK so sendmail will not use the /etc/mail/local-host-names file if I do not change the sendmail.mc configuration file content.
Indeed, I need to add the "use_cw_file" feature.
Here is my new sendmail.mc file:
$ cat /etc/mail/local-host-names
# names of hosts for which we receive email
aaa.org
localhost
Now, through a mail client (Mozilla Thunderbird), I send an e-mail from yugiohjcj@bbb.org to yugiohjcj@aaa.org.
On the server side, I can read in the log:
Code:
Apr 7 10:47:48 server sm-mta[28831]: x378lm8M028831: <yugiohjcj@aaa.org>... User unknown
Apr 7 10:47:48 server sm-mta[28831]: x378lm8M028831: from=<yugiohjcj@bbb.org>, size=670, class=0, nrcpts=0, bodytype=8BITMIME, proto=ESMTP, daemon=MTA, relay=smtp5-g21.free.fr [212.27.42.5]
So the error is now "User unknown".
To fix it, I add "yugiohjcj" as a user on my server:
Now, through a mail client (Mozilla Thunderbird), I send an e-mail from yugiohjcj@bbb.org to yugiohjcj@aaa.org.
On the server side, I can read in the log:
It works!
I can now login through SSH to my server as the "yugiohjcj" user and check my mails through a mail client like Mutt.
So, we can say that the original problem on this forum thread is fixed.
However, now I would like instead of receiving the mail directly on the local mailbox on the server to transfer it to an other mailbox for example bob@aol.com or bob@yahoo.com.
To do that, I just need to edit a file in the user home directory: ~/.forward.
Its content is:
Code:
bob@aol.com
It works!
I am receiving the mail in the specified mailbox.
However, now I would like instead of adding an user "yugiohjcj" on the server machine, to configure sendmail so it will accept to receive a mail to yugiohjcj@aaa.org for the user "john" on my server.
To do that, I need to edit a file: /etc/mail/virtusertable.
Its content is:
Code:
yugiohjcj@aaa.org john
After that, I need to create the database from this file:
Code:
makemap hash virtusertable.db < virtusertable
It works!
I am receiving the mail in the john mailbox when it is sent to yugiohjcj@aaa.org.
So, I don't need anymore to add an user.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
