rcpthosts problem with qmail

LKWPeter · 08-02-2004, 12:43 PM

Hi,
I have setup a qmail-server and am able to send mail (although it is sometimes rejected or regarded as spam, but to that later), but I am unable to send Mails to my Domain.
Each mail is rejected with the message:

Quote:

Remote host said: 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)

I have already uncommented the one line in /var/qmail/control/rcpthosts, which contained my fqdn, although I do not know, if this a good idea (I was not able to send mail, before I did that).
What else could cause this rcpthosts-problem?

Donboy · 08-02-2004, 03:34 PM

Hey! Welcome to LQ!

It's probably because you're trying to relay mail. Check this out... it may help clear things up...

http://www.palomine.net/qmail/relaying.html

LKWPeter · 08-02-2004, 04:24 PM

Thanks for your reply.
I have read this page, but I think it adresses a different problem.

Quote:

The question takes many different forms, but generally it runs as follows: "When someone tries to send mail through my server, he gets a message that says, 'Sorry, that domain isn't in my list of allowed rcpthosts' and can't send mail. What do I do?"

My problem is, that I cannot send mail to my own domain from anywhere, I do not want other servers than localhost to be able to relay mail.
The file /etc/tcprules.d/tcp.qmail-smtp looks like the following:

Code:

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"
192.168.6.2:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"
:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

I just don't see the mistake...

Donboy · 08-02-2004, 04:34 PM

Hmmmm, that's odd. You're saying the domain is listed in rcpthosts, but yet it says its not.

When weird stuff like this happens, I usually try via telnet to see if everything is working. Try telnetting to your smtp server and see what you get. I recommend trying from the localhost first to be sure that's OK and then try it from another machine not on your network.

[root@falcon root]# telnet 127.0.0.1 25
Trying 127.0.0.1...
Connected to 127.0.0.1.
Escape character is '^]'.
220 hostname.yourdomain.com ESMTP
helo anything
250 hostname.yourdomain.com
mail from: me@mydomain.com
250 ok
rcpt to: user@yourdomain.net
250 ok
data
354 go ahead
something blah,blah blah
.
250 ok 1090602878 qp 13724
quit
221 hostname.yourdomain.com
Connection closed by foreign host.

The helo, mail from, rcpt to, and data commands are commands you input yourself at the command line. When you're done typing the body of your message (like something, blah, blah etc) just put a single dot and hit enter to end the body section. Then type quit and the connection will be closed. Hopefully you should get all positive responses from your smtp server. (Sorry if you knew how to do this... I just like to post it regardless in case somebody doesn't know how.)

You may also want to check to be sure there are no carriage returns in the file. You only want line feeds. Hopefully you have a text editor that will convert these easily, but if not, try doing a vi -b on your rcpthosts file and it should show the returns as ^M at the end of each line. Those need to be gone.

LKWPeter · 08-02-2004, 05:05 PM

I just tried to send mail via telnet, like you have showed, all working well.
But my problem is still receiving mails from outside.
When I send a mail from an external server to my domain, it bounces immediately back with the error-message about allowed rcpthosts.
I also checked the rcpthosts file, and there are no carriage returns in it.

Donboy · 08-02-2004, 08:25 PM

Hmmm, then there must be something else wrong. How about posting the output of /var/qmail/bin/qmail-showctl. This will probalby be quite long, and that's OK. It will show everything you have in regards to your configuration. From this output, you may even be able to spot a config problem yourself.

If you feel the need to censor your domain names, please do it carefully so you will not be posting mistakes. This causes people to chase problems that are not really problems. Better to have your output unedited so that problems are easier to spot.

I suspect the problem is that you do not have your local domain setup properly in control/locals, so qmail believes your local domain is really a remote one.

LKWPeter · 08-03-2004, 11:26 AM

OK, I just replaced my domain with MYDOMAIN but left everything else as it was (including hostnames and dots before the domain name).
Here is the output of /var/qmail/bin/qmail-showctl:

Code:

qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 500.
subdirectory split: 23.
user ids: 200, 201, 202, 0, 203, 204, 205, 206.
group ids: 200, 201.

badmailfrom: (Default.) Any MAIL FROM is allowed.

badrcptto: (Default.) Any RCPT TO is allowed.

morebadrcptto: (Default.) No badrcptto; morebadrcpto is irrelevant.

morebadrcptto.cdb: (Default.) No effect.

bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.

bouncehost: (Default.) Bounce host name is smtp.MYDOMAIN.ath.cx.

concurrencylocal: (Default.) Local concurrency is 10.

concurrencyremote: (Default.) Remote concurrency is 20.

databytes: (Default.) SMTP DATA limit is 0 bytes.

defaultdomain: Default domain name is MYDOMAIN.ath.cx.

defaulthost: (Default.) Default host name is smtp.MYDOMAIN.ath.cx.

doublebouncehost: (Default.) 2B recipient host: smtp.MYDOMAIN.ath.cx.

doublebounceto: (Default.) 2B recipient user: postmaster.

envnoathost: (Default.) Presumed domain name is smtp.MYDOMAIN.ath.cx.

helohost: (Default.) SMTP client HELO host name is smtp.MYDOMAIN.ath.cx.

idhost: (Default.) Message-ID host name is smtp.MYDOMAIN.ath.cx.

localiphost: (Default.) Local IP address becomes smtp.MYDOMAIN.ath.cx.

locals:
Messages for smtp.MYDOMAIN.ath.cx are delivered locally.
Messages for .MYDOMAIN.ath.cx are delivered locally.
Messages for localhost are delivered locally.

me: My name is smtp.MYDOMAIN.ath.cx.

percenthack: (Default.) The percent hack is not allowed.

plusdomain: Plus domain name is ath.cx.

qmqpservers: (Default.) No QMQP servers.

queuelifetime: (Default.) Message lifetime in the queue is 604800 seconds.

rcpthosts:
SMTP clients may send messages to recipients at localhost.
SMTP clients may send messages to recipients at .MYDOMAIN.ath.cx.

morercpthosts: (Default.) No effect.

morercpthosts.cdb: (Default.) No effect.

smtpgreeting: (Default.) SMTP greeting: 220 smtp.MYDOMAIN.ath.cx.

smtproutes: (Default.) No artificial SMTP routes.

timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.

timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.

timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.

virtualdomains: (Default.) No virtual domains.

conf-send: I have no idea what this file does.

clientcert.pem: I have no idea what this file does.

tlshosts: I have no idea what this file does.

defaultdelivery: I have no idea what this file does.

conf-pop3d: I have no idea what this file does.

conf-qmqpd: I have no idea what this file does.

conf-qmtpd: I have no idea what this file does.

servercert.cnf: I have no idea what this file does.

servercert.pem: I have no idea what this file does.

conf-smtpd: I have no idea what this file does.

conf-common: I have no idea what this file does.

rsa512.pem: I have no idea what this file does.

Donboy · 08-03-2004, 07:22 PM

Hmmm, well this is just sort of a stab in the dark here, but one thing looks suspicious, which you have in locals and rcpthosts...

Quote:

.MYDOMAIN.ath.cx

I suspect that beginning period may not be correct. I don't know this for sure, but I say this based solely on the fact that I've never seen it done like this anywhere else before. Usually, I have just seen domains expressed like this...

Quote:

MYDOMAIN.ath.cx

I think you may want to try changing that just to see if that helps any. I also think you may want to try sending mail to somebody at the domain...

Quote:

smtp.MYDOMAIN.ath.cx

and see if that actually works. If it does, then it proves the leading period is your problem.

Also, your domain listed in the plusdomain file looks clipped, like you have only the ending part of the domain in there. It should be MYDOMAIN.ath.cx.

I also don't believe it necessary to have "localhost" in any of those files. I base this only on the fact that I was told this by someone else who is a qmail expert, so I am just taking their word for it.

LKWPeter · 08-04-2004, 09:32 AM

I added .MYDOMAIN.ath.cx and localhost to these files, because I've seen that in a qmail-tutorial.
I have now removed this entrys and also corrected the plusdomain file, but sending mail to my domain and to my host.fqdn still fails with the same error.
Sending mail locally works well, except that I have to send it to user@smtp.MYDOMAIN.ath.cx instead to user@MYDOMAIN.ath.cx.

maxut · 08-04-2004, 09:59 AM

im not an expert.
u can try to reinstall qmail. there is a great qmail step by step instalation guide at www.qmailrocks.org
also there are src.rpms at www.qmailtoaster.com .

Donboy · 08-04-2004, 12:06 PM

Did removing the period work??? Did you test it??? I wasn't suggesting you remove the whole entry... I was suggesting that you remove the leading period before the domain name and test it like that.

I believe your locals file should look like this...

Quote:

smtp.MYDOMAIN.ath.cx
MYDOMAIN.ath.cx

Can you try changing it to these and tell me if it works any better? If it doesn't, what is the error you're getting?

LKWPeter · 08-04-2004, 07:03 PM

Thanks for your replys, I have finally found and solved the problem: I was following a qmail-vpopmail tutorial and did not create a virtual domain (this step seems to be missing in the tutorial).
Now sending and receiving mail works just fine.
Just one question left: Why do some mailservices (e.g. gmx.net) regard all my mail as spam?

Donboy · 08-04-2004, 07:59 PM

Do you have reverse DNS properly setup? This seems to be a common problem and causes mail to be rejected.

Try "dig -x your-ip_address" and see if it shows the FQDN of your server. Sometimes a host will block your IP if these don't match.

Otherwise, you should post the error that you're getting when the message bounces.

LKWPeter · 08-06-2004, 01:15 PM

If I do dig -x my_external_ip , I only get the hostname provided by my ISP (I don't have a static IP and use dyndns for dns).
And my mail is actually not bounced, it is just automatically placed in the Spam/Bulk Folders by some mailservices.

Donboy · 08-06-2004, 01:52 PM

Well, based on what I have learned, some ISPs will check your reverse DNS and see where it's coming from. If you're using a 3rd party (as you are) then they will not be able to do any reverse DNS on you because they have no PTR records setup for your domain. Usually they just do A records and maybe MX and maybe a couple of others, but not usually PTR.

How I got around this problem was by getting a static IP, setting up a firewall on the machines, putting them on the open internet (not behind a router or anything) and then setting up my own DNS on the machines. Then I contacted my ISP and asked them to change my reverse DNS to the FQDN of my servers. So when these other mail servers try to check reverse DNS on me, they are seeing the PTR records my ISP has setup for me.

You may want to go to http://www.dnsreport.com and see what they have to say about your servers. Try to get rid of as many red and yellow flags as you can. After I did this, I was able to send and receive mail and no more rejections or blacklisting.

Other than this, I'm not sure what to tell you. Maybe somebody else here will have more informative ideas.