I am running sendmail on Red Hat 8. Even if I open the firewall completely, users can only receive email but cannot send email. I thought that the access.db file was enabled by default in RH8. Anyway, I added entries based on IP numbers for the valid users in the /etc/mail/access file and then did a ...
makefile hash /etc/mail/access.db < /etc/mail/access
to create a new access.db. Restarted sendmail but still the same problem.

Please help!

which users are unable to send? By default RH configures sendmail to deny relaying. This is the way you want it.

You can also add net blocks that are allowed to relay mail. This is what you want if you're running it as a mail server for a small network.

No users can send - they can only receive mail.

Yes, I know that RH configures sendmail to deny relaying. That is fine. But if I add a specific subnet to the access.db database then sendmail should respect that and allow relaying for users within that subnet. But it is not.

As for adding net blocks, thanks but this is too generic. In theory sounds great but doesn't work in practise. As mentioned above I have already added a net block (subnet) to the access.db file. Still in test phase but cannot go production until this problem is sorted out. I convinced management to go with Linux over Windows servers and would like this all to go smoothly.

Maybe some more info would help...

I have a multihomed Linux firewall with 3 NICs. One for the Internet connection, 1 for the DMZ which uses real IP numbers and is where the sendmail server is (amongst other servers), and one is for the office LAN which is using NAT and DHCP. Is there any issue for sendmail if the sender is coming from a NAT address? According to the book "Linux Sendmail Administration" by Craig Hunt this is not a problem. Can I somehow view the error messages of just the failed attempts to send? Would this be in /var/log/messages with everything else?

Before you pop a gasket, check with your ISP to see if they're port blocking something, I had the exact same problem setting up a box for a friend on Earthlink before I found out they were blocking 25.... There was basically no way around it, I eventually just had my machine as the MX for their domain... and then after a year they ditched earthlink...

Cheers,

Finegan

The logs you are looking for are probably in /var/log/mail/info and /var/log/mail/errors. Post what you see, Id like a look myself


Can users send mail from the machine? Using mail -s etc?
Can root?

Sorry if I'm coming across a little strong. I'm working in a bit of a pressure cooker environment right now. Apologies.

OK. We have fibre-optic directly coming in and blocks of IP numbers allocated so we are in effect our own ISP. Port 25 is open for the SMTP and port 110 for POP3. I can open the firewall completely to do quick tests (which either eliminates or indicates the firewall as the culprit). So right now the firewall is not blocking SMTP.

The logs were in /var/log/maillog - so thanks for that! Makes it easier for diagnosing the problem.

I am a Linux newbie (long time systems administrator though) so am unsure of the mail -s command. Could you give an example while I consult the man pages for the mail command? Thx.

rob19

Ok, first of all you lied to me. Log into a terminal and type this:
mail your@some.address.you.know.works.com < /etc/reslov.conf
There's your proof that *some* users *can* send mail.

Now I'll say it one more time. By default relaying is turned OFF. You do NOT want an open mail relay.

You need to assign a network block that is allowed to relay mail in the Sendmail config file.

A 3 second search on Google yields a file named relay-hosts (probably /etc/relay-hosts). Add IP addresses to that file and try again.

If you choose to ignore this helpful information again, your spam jelly shall be on your own head.

OK. OK. But I never lied knowingly, am certainly not ignoring you, and have no desire to wear spam jelly on my head. LOL

I did the mail command FROM THE SENDMAIL SERVER and it sent it to my work email as root. I'm sure any of the local users that have been setup will send from the server too. So it is just when the mail is sent from the users mail clients (generally Outlook on Windows 2000) that the problem occurs which would imply relaying.

OK. Because I am using Red Hat 8 which comes with a later version of sendmail 8.12.5-7 the relay-hosts file is supposed to be stored in /etc/mail/relay-hosts. I have added the IP address of the client PC, the entire NAT subnet, the domain name to this file and restarted sendmail with a SIGHUP. No improvement. Also this was done before I resorted to posting on the list.

One final point, (don't take offense please), I would like to stay with the access.db database file as the relay-hosts file is really the older style and lacks the fine grain control of the access.db. It really should be one or the other (I'm sure you agree) and I would like to use the access.db over the relay-hosts.

Thank you.

I just found this post looking for something else, and think that I may have an answer:

RH started blocking certain local ports using iptables.

Try typing
# iptables -L

If the response shows a "DROP" for a policy, or port 25 is specified in the response and ACCEPT is not assiciated with it, then you may have to modify your local firewall rules.

This is exactly why I use Slackware.
I may catch a rash for this one, but we have had far fewer Advisories for Slack.
Although, for the end-user, RH may be better, Slackware is the best for running a business.

Also, if this system is in a DMZ, then make sure that there is no GUI, ssh, finger, etc, and user shells are set to /dev/null, (except for the admin's ID).
Also, check for the user "toor" and remove it!