Masqueraded Sendmail (8.13) not sending mail

tsmeed · 03-20-2009, 01:56 AM

After years of dodging the sendmail bullet I've taken one right in the rear...

I'm attempting to setup a sendmail server to be used by our web app to send to clients (external of the organization) but relaying through our existing mail server is not an option.

I basically need to configure the sendmail server to send mail as if it's coming from our main server. I've setup the Masquerading (to the best of my knowledge) and all the tests appear correct like:

# /usr/sbin/sendmail -bt -d0.4
Version 8.13.8
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASLv2 SCANF SOCKETMAP STARTTLS
TCPWRAPPERS USERDB USE_LDAP_INIT
Canonical name: XXX09.XXX.com
UUCP nodename: XX09.XXX.com
a.k.a.: [XX.XX.240.29]

============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = XXX09
(canonical domain name) $j = mail.XXX.com
(subdomain name) $m = XXX.com
(node name) $k = XXX09.XXX.com
========================================================

ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>

--Where XXX is the company name and mail.XXX.com is our mail server.

]# /usr/sbin/sendmail -bt -C/etc/mail/sendmail.cf
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /tryflags HS
> /try esmtp ME
Trying header sender address tsmeed for mailer esmtp
canonify input: ME
Canonify2 input: ME
Canonify2 returns: ME
canonify returns: ME
1 input: ME
1 returns: ME
HdrFromSMTP input: ME
PseudoToReal input: ME
PseudoToReal returns: ME
MasqSMTP input: ME
MasqSMTP returns: ME< @ *LOCAL* >
MasqHdr input: ME< @ *LOCAL* >
MasqHdr returns: ME< @ XXX. com . >
HdrFromSMTP returns: ME< @ XXX. com . >
final input: ME< @ XXX. com . >
final returns: ME@ XXX. com
Rcode = 0, addr = ME@XXX.com

--Where ME is my username

> /tryflags ES
> /try esmtp tsmeed
Trying envelope sender address tsmeed for mailer esmtp
canonify input: ME
Canonify2 input: ME
Canonify2 returns: ME
canonify returns: ME
1 input: ME
1 returns: ME
EnvFromSMTP input: ME
PseudoToReal input: ME
PseudoToReal returns: ME
MasqSMTP input: ME
MasqSMTP returns: ME< @ *LOCAL* >
MasqEnv input: ME< @ *LOCAL* >
MasqHdr input: ME< @ *LOCAL* >
MasqHdr returns: ME< @ XXX. com . >
MasqEnv returns: ME< @ XXX. com . >
EnvFromSMTP returns: ME< @ XXX. com . >
final input: ME< @ XXX. com . >
final returns: ME@ XXX. com
Rcode = 0, addr = me@XXX.com

--Where ME is my username

i've also included the relavent portion of my sendmail.mc :
define(`confDOMAIN_NAME', `mail.XXX.com')
MASQUERADE_AS(XXX.com)dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
FEATURE(masquerade_entire_domain)dnl
dnl #
MASQUERADE_DOMAIN(XXX.com)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl

Here is my email test:

telnet 10.0.240.29 25
Trying 10.0.240.29...
Connected to XXX09.XXX.com (10.0.240.29).
Escape character is '^]'.
220 mail.benecaid.com ESMTP Sendmail 8.13.8/8.13.8; Fri, 20 Mar 2009 02:43:24 -0 400
EHLO hotmail.com
:250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
MAIL FROM:xxx@XXX.COM
250 2.1.0 xxx@XXX.COM... Sender ok
RCPT TO:xxx@HOTMAIL.COM
250 2.1.5 xxx@HOTMAIL.COM... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
TEST.
.
250 2.0.0 n2K6hO3I017913 Message accepted for delivery
QUIT
221 2.0.0 mail.xxx.com closing connection
Connection closed by foreign host.

This transaction results in a "connection refused" by hotmail, however, if I perform the exact same steps on our actual mail server it works. The only difference is that on the mail server the response to EHLO Hotmail.com is different:

220 mail.XXX.com Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready
at Thu, 19 Mar 2009 23:51:05 -0400
EHLO HOTMAIL.COM
250-mail.XXX.com Hello [10.0.240.12]
250-TURN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
MAIL FROM:ME@XXX.COM
501 5.5.4 Invalid Address
MAIL FROM:ME@XXX.COM
250 2.1.0 ME@XXX.COM....Sender OK
RCPT TO:<@HOTMAIL.COM
250 2.1.5 ME@HOTMAIL.COM
DATA
354 Start mail input; end with <CRLF>.<CRLF>
TEST
.
250 2.6.0 <XXX03rM3TbhyF2000000d5@mail.XXX.com> Queued mail for delive
ry
QUIT
221 2.0.0 mail.XXX.com Service closing transmission channel

Connection to host lost.

I'm able to send emails internally to local users on that specific server.

Thank you for all your help.

bathory · 03-20-2009, 03:08 AM

Quote:

This transaction results in a "connection refused" by hotmail, however, if I perform the exact same steps on our actual mail server it works. The only difference is that on the mail server the response to EHLO Hotmail.com is different:

I guess that the (external) IP of your mailserver does not resolve, that is why hotmail is rejecting your mail.

tsmeed · 03-20-2009, 07:32 AM

Quote:

Originally Posted by bathory

I guess that the (external) IP of your mailserver does not resolve, that is why hotmail is rejecting your mail.

The problem is, and correct me if I'm wrong, both machines are behind the same firewall, so when the Hotmail system does a lookup of mail.XXX.com it would resolve to the same external IP of the firewall that our production mail server is using.

I should have included that little piece of info, sorry.

Correct?

bathory · 03-20-2009, 08:01 AM

Hotmail is a bit strange. It uses SPF and other features to validate mails for spam. Have you try any other email service, such as gmail or yahoo.
I guess that in your case this is because the IP of your firewall/router whatever it is, it's resolved to mail.xxx.com that does not match the name of the new mail server you're trying to configure. And also the mx server of your domain is mail.xxx.com

tsmeed · 03-20-2009, 08:54 AM

Quote:

Originally Posted by bathory

Hotmail is a bit strange. It uses SPF and other features to validate mails for spam. Have you try any other email service, such as gmail or yahoo.
I guess that in your case this is because the IP of your firewall/router whatever it is, it's resolved to mail.xxx.com that does not match the name of the new mail server you're trying to configure. And also the mx server of your domain is mail.xxx.com

Exactly, I suspect that the sendmail server is sending it's hostname instead of the mail.XXX.com. My question is how do I fix this... according to DNS it would be the same IP and resolve to the same machine but I suspect the sendmail is sending it's host instead of the specified name (mail.XXX.com)

bathory · 03-20-2009, 09:22 AM

Try to send an email to gmail, or yahoo to see what happens
Also you can try to telnet directly mx1.hotmail.com on port 25 to send an email from your server using as "mail from" the masqueraded address.
It's possible that your emails go directly to junk and you have setup hotmail to delete junk immediately