Sendmail problem

ilnli · 05-13-2014, 02:43 PM

Hi,

I'm running Centos 5.7 with the following version of sendmail:

sendmail-cf-8.13.8-8.1.el5_7
sendmail-8.13.8-8.1.el5_7

However recently I noticed that my server stopped sending me emails and then after looking at the log file, I found an unknown relay server which was being used (i.e., mx.b-io.co.):

Code:

May 13 20:37:34 myserverhostname sendmail[17075]: STARTTLS=client, relay=mx.b-io.co., version=TLSv1/SSLv3, verify=FAIL, cipher=AES256-SHA, bits=256/256
May 13 20:37:34 myserverhostname sendmail[17075]: s4DJbYCF017074: to=info@mydomain, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30731, relay=mx.b-io.co. [23.21.240.230], dsn=2.0.0, stat=Sent (OK (BF0C1661-70AB-47AF-A02F-9C412FA98805.1))

This is not the relay server that I have in sendmail.cf file, I cannot find why my server is using mx.b-io.co. as a relay and when that changed I've checked all the configuration files and can't find that hostname anywhere but still don't understand why sendmail is using that, does that mean my server is hacked? how can I track down this issue further and how can I fix the relay issue?

Please help!

Thanks in advance

MensaWater · 05-13-2014, 02:54 PM

Are you sure the sendmail that is running is using the /etc/mail/sendmail.cf? (That is have you checked to see if possibly the one running isn't the one you think is running.)

Other things can setup different relays. Do you have any *.db files in /etc/mail (e.g smarttable.db).

I mention smarttable because if it is enabled it allows you to use different relays based on the sender domain. (We use smarttable here to direct some email via our MS Exchange relay but for one domain we relay via a separate sendmail server.)

Look in your /usr/share/sendmail-cf directory holds the m4 files for features. The sendmail.mc file (usually in /etc/mail) determines which features are enabled.

This site talks both about smarttable and mailertable that deal with relays:
http://jmaimon.com/sendmail/anfi.homeunix.net/sendmail/

ilnli · 05-13-2014, 03:14 PM

Hi MensaWater,

Thanks for your reply.

I don't have any smarttable file, so I think I'm not using that:

Code:

root@myserver mail]# find /etc/ | grep -y smarttables
[root@myserver mail]#

I've these feature enabled in sendmail:

Code:

# cat /etc/mail/sendmail.mc  | grep -vy "^dnl"
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

and this is the relay in sendmail.cf:

Code:

# grep "^DS" /etc/mail/sendmail.cf
DSsmtp.ultrahosting.com

Your help will be very much appreciated.

Thank you again,

ilnli · 05-13-2014, 03:17 PM

Also I think the sendmail I'm running is using the config file from /etc:

Code:

[root@myserver mail]## strace -e open -f service sendmail restart 2>&1 | grep sendmail
[pid 26222] open("/etc/init.d/sendmail", O_RDONLY|O_LARGEFILE) = 3
[pid 26222] open("/etc/sysconfig/sendmail", O_RDONLY|O_LARGEFILE) = 3
Shutting down sendmail: [pid 26222] open("/var/run/sendmail.pid", O_RDONLY|O_LARGEFILE) = 3
Starting sendmail: Process 26234 attached
[pid 26240] open("/etc/mail/sendmail.cf", O_RDONLY) = 3
[pid 26244] open("/etc/mail/sendmail.cf", O_RDONLY) = 3
[pid 26245] open("/var/run/sendmail.pid", O_WRONLY|O_CREAT|O_EXCL, 0600) = 5
[pid 26247] open("/var/lock/subsys/sendmail", O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK|O_LARGEFILE, 0666) = 0

ilnli · 05-13-2014, 03:23 PM

Also, I've noticed, even if I stop sendmail and try to send mail using:

# mail myemail@myserver -s subject
test
.

I still get the following message recorded in /var/log/maillog file is that normal? is my mail client logging that message?

May 13 21:21:37 myserver sendmail[32745]: s4DKLbDn032745: from=root, size=46, class=0, nrcpts=1, msgid=<201405132021.s4DKLbDn032745@myserver>, relay=root@localhost
May 13 21:21:37 myserver sendmail[32745]: s4DKLbDn032745: to=myemail@myserver, ctladdr=root (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30046, relay=[127.0.0.1] [127.0.0.1], dsn=4.0.0, stat=Deferred: Connection refused by [127.0.0.1]

unSpawn · 05-13-2014, 06:29 PM

Closed as not compromised / duplicate effort, see https://www.linuxquestions.org/quest...ts-4175504891/ or https://www.linuxquestions.org/quest...5/#post5170309 .