Re: sendmail not working for relaying messages

[Rick Stevens <rstevens@xxxxxxxxxxxxxxx>]

Janu Sundaram wrote:
>     Hello,
>
>     I am trying to setup Outlook Express (email client to setup mail
>     accounts) , when I try to send mails outside my domain like
>     @mydomain.com <http://mydomain.com> ie to yahoo or gmail or hotmail,
>     I get this error message
>
>     "The message could not be sent because one of the recipients was>
>     rejected by the server. The rejected e-mail address was
>     'janu@xxxxxxxxxx <mailto:janu@xxxxxxxxxx>'. Subject 'test',
>     Account:'mail.relate24seven.com <http://mail.relate24seven.com><
>     http://mail.relate24seven.com>> ',> Server: '65.103.191.30
>     <http://65.103.191.30> < http://65.103.191.30>', Protocol: SMTP,
>     Server> Response: '550 5.7.1> <janu@xxxxxxxxxx
>     <mailto:janu@xxxxxxxxxx>>... Relaying denied', Port: 25,
>     Secure(SSL): No,> Server Error: 550, Error Number: 0x800CCC79.
>
>
> When I use pine on the server , I can send mails to everyone and recieve 
> from everyone.
>
>     I can send mails to @relate24seven.com <http://relate24seven.com> in
>     OE .If this is an OE problem , then I have the same problem with
>     Thunderbird mail client too ; while sending emails it prompts fro
>     password I type in the same password as used for incoming mail
>     server which is the same as the outgoing one , and it does not work
>
>       The following is the iptable file output :
>     # Firewall configuration written by system-config-securitylevel
>     # Manual customization of this file is not recommended.
>     *filter
>     :INPUT ACCEPT [0:0]
>     :FORWARD ACCEPT [0:0]
>     :OUTPUT ACCEPT [0:0]
>     :RH-Firewall-1-INPUT - [0:0]
>     -A INPUT -j RH-Firewall-1-INPUT
>     -A FORWARD -j RH-Firewall-1-INPUT
>     -A RH-Firewall-1-INPUT -i lo -j ACCEPT
>     -A RH-Firewall-1-INPUT -p icmp --icmp-type any -j ACCEPT
>     -A RH-Firewall-1-INPUT -p 50 -j ACCEPT
>     -A RH-Firewall-1-INPUT -p 51 -j ACCEPT
>     -A RH-Firewall-1-INPUT -p udp --dport 5353 -d 224.0.0.251
>     <http://224.0.0.251> -j ACCEPT
>     -A RH-Firewall-1-INPUT -p udp -m udp --dport 631 -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 80
>     -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
>     443 -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 21
>     -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 22
>     -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 23
>     -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 25
>     -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
>     110 -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
>     143 -j ACCEPT
>     -A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport
>     5901 -j ACCEPT
>     -A RH-Firewall-1-INPUT -j REJECT --reject-with icmp-host-prohibited
>     COMMIT
>
>     When I try to do nmap localhost it shows this :
>
>     PORT      STATE SERVICE
>     21/tcp    open  ftp
>     22/tcp    open  ssh
>     25/tcp    open  smtp
>     80/tcp    open  http
>     110/tcp   open  pop3
>     111/tcp   open  rpcbind
>     113/tcp   open  auth
>     143/tcp   open  imap
>     443/tcp   open  https
>     631/tcp   open  ipp
>     3306/tcp  open  mysql
>     5900/tcp  open  vnc
>     10000/tcp open  snet-sensor-mgmt
>
>     But when I try nmap 65.103.191.30 <http://65.103.191.30>, it shows
>     this :
>     (The 1658 ports scanned but not shown below are in state: closed)
>     PORT   STATE SERVICE
>     23/tcp open  telnet
>     80/tcp open  http
>
>
>
> The following is the maillog output :
> May  4 11:08:10 relate24seven sendmail[7908]: j44I89Gq007908: 
> ruleset=check_rcpt, arg1=<janu@xxxxxxxxxx <mailto:janu@xxxxxxxxxx>>, 
> relay=nhpsde.heritage.unm.edu <http://nhpsde.heritage.unm.edu> 
> [64.106.114.26 <http://64.106.114.26>], reject=550 5.7.1 
> <janu@xxxxxxxxxx <mailto:janu@xxxxxxxxxx>>... Relaying denied
>
> May  4 11:08:10 relate24seven sendmail[7908]: j44I89Gr007908: 
> ruleset=check_rcpt, arg1=<josh@xxxxxxxxxxxxx 
> <mailto:josh@xxxxxxxxxxxxx>>, relay=nhpsde.heritage.unm.edu 
> <http://nhpsde.heritage.unm.edu> [64.106.114.26 <http://64.106.114.26>], 
> reject=550 5.7.1 <josh@xxxxxxxxxxxxx <mailto:josh@xxxxxxxxxxxxx>>... 
> Relaying denied
>  
>
>     Any help with this?

Relay is denied by default.  If you're sending from some specific 
machines, you can edit /etc/mail/access and add lines such as:

	Connect:www.xxx.yyy.zzz		RELAY

replacing www.xxx.yyy.zzz with the IP address of the sending machine.
Restart sendmail after editing the file:

	service sendmail restart

Sendmail will allow relay ONLY from those machines.  You can also enter
the domain names of the machines into /etc/mail/relay-domains, but
that's a bit less secure.
----------------------------------------------------------------------
- Rick Stevens, Senior Systems Engineer     rstevens@xxxxxxxxxxxxxxx -
- VitalStream, Inc.                       http://www.vitalstream.com -
-                                                                    -
-          Consciousness: that annoying time between naps.           -
----------------------------------------------------------------------