Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I am running sendmail on Red Hat 8. Even if I open the firewall completely, users can only receive email but cannot send email. I thought that the access.db file was enabled by default in RH8. Anyway, I added entries based on IP numbers for the valid users in the /etc/mail/access file and then did a ...
makefile hash /etc/mail/access.db < /etc/mail/access
to create a new access.db. Restarted sendmail but still the same problem.
Yes, I know that RH configures sendmail to deny relaying. That is fine. But if I add a specific subnet to the access.db database then sendmail should respect that and allow relaying for users within that subnet. But it is not.
As for adding net blocks, thanks but this is too generic. In theory sounds great but doesn't work in practise. As mentioned above I have already added a net block (subnet) to the access.db file. Still in test phase but cannot go production until this problem is sorted out. I convinced management to go with Linux over Windows servers and would like this all to go smoothly.
Maybe some more info would help...
I have a multihomed Linux firewall with 3 NICs. One for the Internet connection, 1 for the DMZ which uses real IP numbers and is where the sendmail server is (amongst other servers), and one is for the office LAN which is using NAT and DHCP. Is there any issue for sendmail if the sender is coming from a NAT address? According to the book "Linux Sendmail Administration" by Craig Hunt this is not a problem. Can I somehow view the error messages of just the failed attempts to send? Would this be in /var/log/messages with everything else?
Before you pop a gasket, check with your ISP to see if they're port blocking something, I had the exact same problem setting up a box for a friend on Earthlink before I found out they were blocking 25.... There was basically no way around it, I eventually just had my machine as the MX for their domain... and then after a year they ditched earthlink...
Sorry if I'm coming across a little strong. I'm working in a bit of a pressure cooker environment right now. Apologies.
OK. We have fibre-optic directly coming in and blocks of IP numbers allocated so we are in effect our own ISP. Port 25 is open for the SMTP and port 110 for POP3. I can open the firewall completely to do quick tests (which either eliminates or indicates the firewall as the culprit). So right now the firewall is not blocking SMTP.
The logs were in /var/log/maillog - so thanks for that! Makes it easier for diagnosing the problem.
I am a Linux newbie (long time systems administrator though) so am unsure of the mail -s command. Could you give an example while I consult the man pages for the mail command? Thx.
Ok, first of all you lied to me. Log into a terminal and type this:
mail your@some.address.you.know.works.com < /etc/reslov.conf
There's your proof that *some* users *can* send mail.
Now I'll say it one more time. By default relaying is turned OFF. You do NOT want an open mail relay.
You need to assign a network block that is allowed to relay mail in the Sendmail config file.
A 3 second search on Google yields a file named relay-hosts (probably /etc/relay-hosts). Add IP addresses to that file and try again.
If you choose to ignore this helpful information again, your spam jelly shall be on your own head.
OK. OK. But I never lied knowingly, am certainly not ignoring you, and have no desire to wear spam jelly on my head. LOL
I did the mail command FROM THE SENDMAIL SERVER and it sent it to my work email as root. I'm sure any of the local users that have been setup will send from the server too. So it is just when the mail is sent from the users mail clients (generally Outlook on Windows 2000) that the problem occurs which would imply relaying.
OK. Because I am using Red Hat 8 which comes with a later version of sendmail 8.12.5-7 the relay-hosts file is supposed to be stored in /etc/mail/relay-hosts. I have added the IP address of the client PC, the entire NAT subnet, the domain name to this file and restarted sendmail with a SIGHUP. No improvement. Also this was done before I resorted to posting on the list.
One final point, (don't take offense please), I would like to stay with the access.db database file as the relay-hosts file is really the older style and lacks the fine grain control of the access.db. It really should be one or the other (I'm sure you agree) and I would like to use the access.db over the relay-hosts.
I just found this post looking for something else, and think that I may have an answer:
RH started blocking certain local ports using iptables.
Try typing
# iptables -L
If the response shows a "DROP" for a policy, or port 25 is specified in the response and ACCEPT is not assiciated with it, then you may have to modify your local firewall rules.
This is exactly why I use Slackware.
I may catch a rash for this one, but we have had far fewer Advisories for Slack.
Although, for the end-user, RH may be better, Slackware is the best for running a business.
Also, if this system is in a DMZ, then make sure that there is no GUI, ssh, finger, etc, and user shells are set to /dev/null, (except for the admin's ID).
Also, check for the user "toor" and remove it!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.