[SOLVED] RHEL5 sendmail issues relaying to Exchange

cct · 03-26-2015, 02:44 PM

I am trying to reconfigure sendmail to avoid external mail being blocked by reverse DNS lookups - the machine 'domain; is internal only.
The machine is not connected to the Internet, but links to a smart-host.

e-mail gets delivered fine internally, but any external destination is returned 550 5.7.1 Unable to relay, then flagging the destination e-mail as User unknown. Strangely there is nothing in the smart host or Exchange logs.

I have the following in sendmail.mc

Code:

divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`masquerade_entire_domain')dnl
FEATURE(`masquerade_envelope')dnl
define(`confDOMAIN_NAME', `ukdevinfordb.mycompany.co.uk')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
define(`SMART_HOST', `euexnlb01')dnl
MASQUERADE_AS(`ukdevinfordb.mycompany.co.uk')dnl
MASQUERADE_DOMAIN(`ukdevinfordb.mycompany.co.uk')dnl
MASQUERADE_DOMAIN(localhost)dnl
MASQUERADE_DOMAIN(localhost.localdomain)dnl
MASQUERADE_DOMAIN(ukdevinfordb)dnl
MASQUERADE_DOMAIN(ukdevinfordb.mycompany.europe)dnl

This where mycompany.europe is the internal domain, mycompany.co.uk is a valid domain internally and externally

Any suggestions would be welcome!

BTW I am a developer rather than sysadmin - we currently don't have a Linux admin

--
Chris

alaphoid · 03-26-2015, 02:57 PM

Post what's in your access and mailertable files, and try to provide a better idea of how mail is expected to be flowing. It sounds like you have a sendmail and Exchange server on site, and your sending mail through sendmail, then it's relaying it to exchange due to a smarthost setting, then Exchange will relay it out to public mail servers, is that right?

T3RM1NVT0R · 03-26-2015, 02:59 PM

Welcome to LQ!!!

You have to make sure that your smart host is allowing mycompany.europe emails to be relayed by it. By default smtp servers are not open relay and the simple reason being if they are open relay anyone can user your domain / host to relay their emails. Two things that you have to check:

1. Your sendmail config points to smart host for email relay.
2. Your smart host should accept connection from your sendmail servers for email relay.

cct · 03-26-2015, 03:16 PM

access has:

Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:myothercompany.com RELAY
Connect:mycompany.co.uk RELAY
Connect:anothercompany.com RELAY

mailertable is empty

The SMTP server is well established, and until recently has been working fine from this and many other nodes - VMS, OS/400, HP Unix as well as RHEL. The change is only required as we are seeing more e-mails blocked due to reverse DNS lookups - ie at the other end.

I have been testing through to my personal demon account, which duly rejects. We have a short term workaround by remapping the from domain in our mail filters on the exchange side, but this will be going as we are migrating from exchange to gmail

Prior to my changes, we were getting the external rejection back fine, but I am now at a loss to see where the block is.

Just resent a test and have the following in syslog:

Code:

Mar 26 20:10:15 ukdevinfordb sendmail[21535]: t2QKAFrC021535: from=myusernamec, size=128, class=0, nrcpts=2, msgid=<201503262010.t2QKAFrC021535@ukdevinfordb.mycompany.europe>, relay=myusernamec@localhost
Mar 26 20:10:15 ukdevinfordb sendmail[21536]: t2QKAFqv021536: from=<myusernamec@ukdevinfordb.mycompany.europe>, size=434, class=0, nrcpts=2, msgid=<201503262010.t2QKAFrC021535@ukdevinfordb.mycompany.europe>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Mar 26 20:10:15 ukdevinfordb sendmail[21535]: t2QKAFrC021535: to=chris@myusernamec.demon.co.uk,chris.myusername@myinternalco.com, ctladdr=myusernamec (1001402605/1001390593), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=60128, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (t2QKAFqv021536 Message accepted for delivery)
Mar 26 20:10:15 ukdevinfordb sendmail[21538]: STARTTLS=client, relay=euexnlb01.mycompany.europe., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-MD5, bits=128/128
Mar 26 20:10:20 ukdevinfordb sendmail[21538]: t2QKAFqv021536: to=<chris@myusernamec.demon.co.uk>, ctladdr=<myusernamec@ukdevinfordb.mycompany.europe> (1001402605/1001390593), delay=00:00:05, xdelay=00:00:05, mailer=relay, pri=150434, relay=euexnlb01.mycompany.europe. [10.44.90.81], dsn=5.7.1, stat=User unknown
Mar 26 20:10:21 ukdevinfordb sendmail[21538]: t2QKAFqv021536: to=<chris.myusername@vc-is.com>, ctladdr=<myusernamec@ukdevinfordb.mycompany.europe> (1001402605/1001390593), delay=00:00:06, xdelay=00:00:06, mailer=relay, pri=150434, relay=euexnlb01.mycompany.europe. [10.44.90.81], dsn=2.0.0, stat=Sent (<201503262010.t2QKAFrC021535@ukdevinfordb.mycompany.europe> Queued mail for delivery)
Mar 26 20:10:21 ukdevinfordb sendmail[21538]: t2QKAFqv021536: t2QKALqv021538: DSN: User unknown
Mar 26 20:10:21 ukdevinfordb sendmail[21538]: t2QKALqv021538: to=<myusernamec@ukdevinfordb.mycompany.europe>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=31679, dsn=2.0.0, stat=Sent

--
Chris

T3RM1NVT0R · 03-26-2015, 03:29 PM

You have shared the output from RHEL syslog, what do you see on your smart host at the same time. Do you see the message coming in from RHEL's sendmail. If you don't see the email coming in from RHEL's sendmail then your RHEL machine is not relaying properly to the relay host.

cct · 03-26-2015, 03:35 PM

That's a part of the problem - I don't have access to the smart host, nor to exchange. Our Wintel sysadmin said he couldn't find anything on either.

I will attack him tomorrow, and take a closer look

--
Chris

T3RM1NVT0R · 03-26-2015, 03:38 PM

Yes, you have to coordinate with him to get this issue fixed. You have to do testing wherein you will send email and you have to ask him to check if he can see the email coming in from you machine. If he says yes and the email not going further then he has to diagnose from his end. If he says no he can't see email coming in from your machine then you have to check on why email is not getting relayed correctly to smart host.

cct · 03-27-2015, 12:05 PM

Finally got to the relay logs - and found the host was not set up to relay.

So a few days head-banging was in vain.

Fixed!

T3RM1NVT0R · 03-27-2015, 12:07 PM

Good to hear that. Finally working with Wintel admin paid off

Enjoy Linux!!!