Prev: Replicating email to a test box
Next: Sendmail + Spamassassin
From: Kai Schaetzl on 29 May 2010 09:08
I use local-host-names for allowing acceptance for local domains. Works
for all domains and has been for umpteen years. Suddenly, with two domains
I put on the server some days ago this doesn't work anymore, only for
these. Or, more exactly, it works when *I* send test mail from remote, but
it doesn't work for mail that the client sent from various locations. The
other clients get a "relaying denied proper authentication needed" error
message. And that is rather weird. Just like the server thinks it's got to
relay the mail somewhere else. And just that this is not the case and it
knows very well that the domain is local. I checked dns (A and MX) with
host to make sure the host gets the correct data and I also did a
purgestat to remove any old information. Also, if for whatever reason, it
gets wrong dns information this should then apply to all incoming
messages, e.g. when I send a message from my network to that network it
should get the same error.
I've been administering sendmail for more than 10 years now and have never
seen such a strange thing happen. Anyone has a clue? Is there some limit
on how many domains you can have in local-host-names?
This is sendmail 8.13 as coming with CentOS 4.

Here are some log excerpts with addresses and hostnames anonymized.

Testmail by me:
May 29 14:13:31 nx05 sendmail[16701]: o4TCDULJ016701:
from=<support(a)example.com>, size=929, class=0, nrcpts=1,
msgid=<0000a901.1d23dba2(a)berlin.example.com>, bodytype=8BITMIME,
proto=ESMTP, daemon=MTA, relay=d01.example.net [100.100.100.100]
May 29 14:13:31 nx05 sendmail[16701]: o4TCDULJ016701: Milter add: header:
X-Greylist: Sender is SPF-compliant, not delayed by milter-greylist
(nx05.example.net [200.200.200.200]); Sat, 29 May 2010 14:13:31 +0200
(CEST)
May 29 14:13:31 nx05 sendmail[16701]: o4TCDULJ016701:
to=<user(a)problem.example.com>, delay=00:00:00, mailer=esmtp, pri=30929,
stat=queued
May 29 14:13:34 nx05 sendmail[16719]: o4TCDULJ016701:
to=<user(a)problem.example.com>, delay=00:00:03, xdelay=00:00:00,
mailer=local, pri=120929, dsn=2.0.0, stat=Sent

Testmail from the client, sent via 1&1:
May 29 14:16:07 nx05 sendmail[19188]: o4TCG7Ep019188: ruleset=check_rcpt,
arg1=<user(a)problem.example.com>, relay=moutng.kundenserver.de
[212.227.17.9], reject=550 5.7.1 <user(a)problem.example.com>... Relaying
denied. Proper authentication required.
May 29 14:16:07 nx05 sendmail[19188]: o4TCG7Ep019188:
from=<user(a)remotedomain.example.com>, size=2320, class=0, nrcpts=0,
proto=ESMTP, daemon=MTA, relay=moutng.kundenserver.de [212.227.17.9]

How's this possible?

Kai
--
Conactive Internet Services, Berlin, Germany

From: Andrzej Adam Filip on 29 May 2010 15:56
Kai Schaetzl <kai(a)mvps.org.invalid> wrote:
> I use local-host-names for allowing acceptance for local domains. Works
> for all domains and has been for umpteen years. Suddenly, with two domains
> I put on the server some days ago this doesn't work anymore, only for
> these. Or, more exactly, it works when *I* send test mail from remote, but
> it doesn't work for mail that the client sent from various locations. The
> other clients get a "relaying denied proper authentication needed" error
> message. And that is rather weird. Just like the server thinks it's got to
> relay the mail somewhere else. And just that this is not the case and it
> knows very well that the domain is local. I checked dns (A and MX) with
> host to make sure the host gets the correct data and I also did a
> purgestat to remove any old information. Also, if for whatever reason, it
> gets wrong dns information this should then apply to all incoming
> messages, e.g. when I send a message from my network to that network it
> should get the same error.
> I've been administering sendmail for more than 10 years now and have never
> seen such a strange thing happen. Anyone has a clue? Is there some limit
> on how many domains you can have in local-host-names?
> This is sendmail 8.13 as coming with CentOS 4.
>
> Here are some log excerpts with addresses and hostnames anonymized.
>
> Testmail by me:
> May 29 14:13:31 nx05 sendmail[16701]: o4TCDULJ016701:
> from=<support(a)example.com>, size=929, class=0, nrcpts=1,
> msgid=<0000a901.1d23dba2(a)berlin.example.com>, bodytype=8BITMIME,
> proto=ESMTP, daemon=MTA, relay=d01.example.net [100.100.100.100]
> May 29 14:13:31 nx05 sendmail[16701]: o4TCDULJ016701: Milter add: header:
> X-Greylist: Sender is SPF-compliant, not delayed by milter-greylist
> (nx05.example.net [200.200.200.200]); Sat, 29 May 2010 14:13:31 +0200
> (CEST)
> May 29 14:13:31 nx05 sendmail[16701]: o4TCDULJ016701:
> to=<user(a)problem.example.com>, delay=00:00:00, mailer=esmtp, pri=30929,
> stat=queued
> May 29 14:13:34 nx05 sendmail[16719]: o4TCDULJ016701:
> to=<user(a)problem.example.com>, delay=00:00:03, xdelay=00:00:00,
> mailer=local, pri=120929, dsn=2.0.0, stat=Sent
>
> Testmail from the client, sent via 1&1:
> May 29 14:16:07 nx05 sendmail[19188]: o4TCG7Ep019188: ruleset=check_rcpt,
> arg1=<user(a)problem.example.com>, relay=moutng.kundenserver.de
> [212.227.17.9], reject=550 5.7.1 <user(a)problem.example.com>... Relaying
> denied. Proper authentication required.
> May 29 14:16:07 nx05 sendmail[19188]: o4TCG7Ep019188:
> from=<user(a)remotedomain.example.com>, size=2320, class=0, nrcpts=0,
> proto=ESMTP, daemon=MTA, relay=moutng.kundenserver.de [212.227.17.9]
>
> How's this possible?

Have you tried to debug check_rcpt rule set?
http://www.sendmail.org/~ca/email/chk-dbg.html#check_rcptdbg

--
http://open-sendmail.sourceforge.net/ http://anfi.homeunix.org/
Veni, vidi, vici. [I came, I saw, I conquered].
-- Gaius Julius Caesar
From: Kai Schaetzl on 30 May 2010 10:50
Andrzej Adam Filip schrieb am Sat, 29 May 2010 21:56:43 +0200:

> Have you tried to debug check_rcpt rule set?
> http://www.sendmail.org/~ca/email/chk-dbg.html#check_rcptdbg

No, and thanks for pointing to this debugging option. It turns out that
later yesterday after writing the dns data again it started working a bit
later. However, I can't see a difference between before and after. Well.
Of course, after it worked it didn't make sense anymore to do the -bt
debugging. I tried nevertheless just for seeing how it works and found
that my bogus helo rule comes in the way, anyway. I tried to supply a helo
with .D{client_helo}, but this didn't change it. So, next time I hit this
problem, I have to remove that feature from the mc/cf files and then try
the check_rcpt debugging. Thanks for the info!

Kai
--
Conactive Internet Services, Berlin, Germany

From: Lew Pitcher on 30 May 2010 18:40

Warning:

Lew Pitcher, who posts to this newsgroup, is a domain thief.

Read the full story at http://www.lewpitcher.ca

 | 
Pages: 1
Prev: Replicating email to a test box
Next: Sendmail + Spamassassin