|
Cannot receive inbound external emails with Sendmail
Aarrghh, I'm almost in tears!
I have a RH9 installation. The external IP is 81.168.116.142. The internal IP (behind a DrayTek Vigor 2600 router) is 192.168.1.10. The server is called JimWebserver. The server is not running any firewall as it's behind the Draytek. Ports 25 and 80 are forwarded by the firewall NAT. I have a domain (jwillsher.co.uk) which points to the 81.168.116.142 address. Browsing to the website URL works fine. I have a local user account called "test" on the server. If I send an email address FROM my own email (jim@jimwillsher.co.uk) to the test user (test@jwillsher.co.uk) it arrives on the message queue but fails to be delivered to the end user (user "test"). I have configured sendmail (via webmin) on the "local domains" tab to accept email at the jwillsher.co.uk domain. I have also changed the "DAEMON" line to listen on 192.168.1.10 instead of 127.0.0.1 If I look at the message queue via webmin I see the following: host map: lookup (jimwillsher.co.uk): deferred If I manually send the messages via "sendmail -v -q" I get : jimwillsher.co.uk: Name server timeout <jim@jimwillsher.co.uk>... Transient parse error -- message queued for future delivery jimwillsher.co.uk: Name server timeout I have a feeling it's a DNS issue, but I just cannot find out what is wrong. I can ping jimwillsher.co.uk and a "dig" of the MX records shows: dig jimwillsher.co.uk MX ; <<>> DiG 9.2.1 <<>> jimwillsher.co.uk MX ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 65228 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;jimwillsher.co.uk. IN MX ;; ANSWER SECTION: jimwillsher.co.uk. 3600 IN MX 10 mail.jimwillsher.co.uk. ;; Query time: 160 msec ;; SERVER: 212.104.130.9#53(192.168.1.1) ;; WHEN: Sat Feb 7 20:02:46 2004 ;; MSG SIZE rcvd: 56 Pings are always successful: [root@JimWebserver mail]# ping jimwillsher.co.uk PING jimwillsher.co.uk (198.247.173.83) 56(84) bytes of data. 64 bytes from jimwillsher.co.uk (198.247.173.83): icmp_seq=1 ttl=112 time=156 ms 64 bytes from jimwillsher.co.uk (198.247.173.83): icmp_seq=2 ttl=112 time=156 ms but the traceroute always fails: [root@JimWebserver mail]# traceroute jimwillsher.co.uk traceroute to jimwillsher.co.uk (198.247.173.83), 30 hops max, 38 byte packets 1 my.router (192.168.1.1) 0.466 ms 0.452 ms 0.446 ms 2 * * * 3 * * * 4 * * * 5 * * * I have no idea what part the my.router entry is playing, if any. It shows up in my route print: 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 169.254.0.0 * 255.255.0.0 U 0 0 0 eth0 127.0.0.0 * 255.0.0.0 U 0 0 0 lo default my.router 0.0.0.0 UG 0 0 0 eth0 and was added when I manually configured my ethernet card via the ifcfg-eth0 file (again, as a result of postings on the web): [root@JimWebserver mail]# cat /etc/sysconfig/network-scripts/ifcfg-eth0 MTU="" NETMASK=255.255.255.0 BROADCAST="" GATEWAY=192.168.1.1 BOOTPROTO=none IPADDR=192.168.1.10 NETWORK=192.168.1.0 ONBOOT=yes DEVICE=eth0 Can anyone suggest what is wrong? I'm a total Linux newbie, but have tried all the suggestions I can find in these forums, but without any success. I'm soon to lose my marbles! Sorry if this post gives you overload, but I want to give as much information as I can. If I've not mentioned something above then, in general, it's because it's in it's default configuration. i.e. I've not configured anything in procmail, postfix, whatever. Many thanks, Jim |
Solved it!
My /etc/resolv.conf contained: nameservers 192.168.1.1 I have changed this to: nameservers 192.168.1.1 nameservers <first ISP DNS> nameservers <second ISP DNS> and now everthing works! Shame I had to hard-code the DNS numbers though. Oh, and to get email working on the internal and external interfaces I had to change my sendmail file: DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTAInt')dnl DAEMON_OPTIONS(`Port=smtp,Addr=192.168.1.10, Name=MTAExt')dnl and re-run the m4 macro. Happy bunny!:) :) :) |
If you use a static IP, you'll always have to hard-code DNS unless the distro you're using assumes it can use certain TLD DNS servers - I believe the new version of SME is like that.
Apparently your router doesn't provide DNS proxy - some do, some don't. |
Thanks Duplicator. But why would PING work before I made the change (e.g. ping news.bbc.co.uk would resolve and reply) ?
Jim |
I'm not a sendmail guru - but my experience with qmail has tought me that it doesn't always (it being the mail daemon) play by the same rules as everything else.
Example - qmail won't look to your HOSTS file for resolving hostnames. If you want to have a 'special' re-direction, you have to put that information in a special, qmail specific file. Same thing might be the case here with sendmail - it might not be accepting a proxied DNS answer. I can't say for sure since I really don't care for or use sendmail tho. Perhaps someone else can back me up or shoot me down here :D |
Thanks Duplicator.
Seems like not many people like sendmail, preferring qmail. And lots of folk preferred qpopper to ipop3d. I've not found anything wrong with sendmail (now that it's configured!). I personally prefer to run things "out of the box" if at all possible. It makes it less hassle if you want to set up second servers, or reinstall to have a tidy-up, etc. Having said that....I'm using qpopper as I didnt likle the time-delays that ipop3d was giving me! Jim |
Heh. qmail is much more secure, and much easier to work with. I've used it for years now - and haven't had to worry a whole lot about much of anything with it.
if you're intrested, check out www.lifewithqmail.org - it'll walk you thru all of the ins and outs of putting the it in. I'm down to about 5 minutes for a qmail-from-sendmail configuration now - although the first time was a little frustrating :-) |
The order that your machine looks at domains is that it always looks at your machine first. Usually in the hosts file or resolve file. If it isn't there, then it goes outside to the internet to look for DNS resolutions. The other thing I was going to say you already figured out is that you can't remove sendmail from looking at the localhost address. When you do many things won't work correctly. I've not used qmail but have been using sendmail from the start. Once it is configured, I have never has it hickup or flake out. It just runs along quietly doing it's job. One recomendation, now that you have a mail server up and running, I would configure SpamAssassin and get yourself a anti-virus program. Both applications will save you alot of headaches. I use Vexira (Milter version) for anti-virus and SpamAssassin. Also, one thing to do is even though your box is behind a router I would still go through and shut down all unecessary ports. If you have local access always it can be a lifesaver. Using the iptables (firewall already installed) you can also prevent answering any pings. That might help keep any hackers from getting into your system. I can speak from experieince here as I was not diligent enough, left some ports open, and started rejecting spam in the access list. Bad choice. I found out later that when you reject ; the sender gets a message back saying that you rejected. You always want to "drop" not "reject". When you drop, they don't get a message. Anyway, enough ramblings. Good job on figuring it out, now just go through and lock it down. Good luck!
|
Thanks ScooterB (and Duplicator).
I'd like to persist with sendmail if I can, as it seems to do what I need. HOWEVER....I've just had a panicked 45-minutes. I have tried to upgrade from sendmail 8.12.8 to 8.12.11. I got it compiled and made (following notes on the web!) but it refused to start. I kept getting messages about "readcf: map mailertable: class hash not available Redhat" amongst others. My m4 configuration has the lines: FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db') so it's obviously inked to this. But I just cannot seem to get it compiled and running correctly. In the end I've had to reapply the old RPM with a --force - not pleasant! Do you have any advice on how I can get this running? I'm on Redhat 9, and I'm very much a newbie! Jim PS Looked for a suitable RPM but can't find one. |
I don't know if you have a Barnes & Noble close or what you might have available in the UK, but I would try and obtain "Sendmail" 3rd edition by O'Reilly Press. I know you didn't want to hear that. I looked in it after reading your post and it seems that when upgrading (> version 8.12) it gets complicated. The particular section starts on page 56 and ends on 96 with many pages dedicated to changes in the m4 file. I have not done this upgrade so I cannot offer any advice other than getting the manual. I also know that I didn't offer much advice so forgive me in that. It's just I'm a manual nut and would rather read it in a printed book rather than on a website. I do take exception to this forum which has been most helpful and is now my only outside source for help and info. They do a great job! So I wish you luck in this endeavor and repost when you get it working. Good Luck and have fun!
|
Thanks ScooterB. I've had my fingers burnt in this "trial" exercise, but I'm about to install a test server which I cna break to my heart's content.
I wil lget the book, though, as I'm keen to stick with sendmail. I now have it working with proper authentication (outbound) so I'm quite pleased! I *think* it's protected against relaying..... Jim |
Yeppers... this is one of the (many) reasons I DON'T use Sendmail. Too convoluted and complex. It really doesn't have to be this hard!
Anyway, I'm not going to start a sendmail-vs-qmail thread. This certainly isn't the place - best of luck with your problems... looks like you might have just made a whole lot more for yourself, however! |
Thanks Duplicator. Agreed, I hope it doesn't become a "this versus that" debate. I'll stick with sendmail just now and see how I get on with it (now that I've recovered my old version!). But I can always change....
Jim |
| All times are GMT -5. The time now is 01:31 PM. |