Sendmail SMTP relay error but only from some ISPs

Hi People,

I have a very strange error (well to me it is strange anyway).

We have a problem sending email via our domain which is hosted remotely on a dedicated server (which we are responsible for maintaining) but it only happens in specific situations.

To simplify the story, here is the setup:

A laptop roaming and using an internet connections at can send and receive email. It sends email using our dedicated server’s SMTP without a problem.

A desktop in the office connected to cannot send an email using our server’s SMTP, it receives an error like this : “550 5.7.1 <>… Relaying denied”.

Of course, the desktop can send email using the SMTP servers of

The dedicated server is running Fedora 5, Sendmail and GPL Virtualmin installed as a module in Webmin.

One strange symptom is that the desktop can send and email using our dedicated server SMTP provided it is destined for an email address at

The only common denominator seems to be who are telling us that there are no blocked ports or anything else.

Has anybody got any ideas ?

I would greatly appreciate a clue or two.

Mail client errors are not useful in troubleshooting mail problems. We need to see the maillog entry (or entries) that occur when you attempt to send mail.

Yeah, on Fedora, I believe the email log would be in /var/log/maillog.

That’d be really handy in being able to resolve this. But a few additional thoughts:

  1. If someone is trying to send an email via your SMTP server, and receiving “relay access denied” – make double-sure that “Authenticate Outgoing SMTP” is chosen in their desktop client. That’s frequently not a default.

  2. You say you have Fedora 5. That’s really old :slight_smile: I believe support for it would have stopped roughly two years ago. I hope you have an alternate way of obtaining and applying security fixes :wink: You might consider a distro like CentOS, which is supported for 5 years – as well as supported by the Virtualmin installer, which makes installing and configuring easy as pie! (and I like pie)

  3. Since Virtualmin didn’t setup Postfix, we might need to see your /etc/postfix/ too, that may offer some clues.

Thanks to you both for taking the trouble to think about and reply to my headache. :o)

Your posts re the logs caused me to take another delve into and a closer look.

Here is a copy of the lines which I found :
([XXX.XXX.XXX.XXX] is the IP of the senders connection of course)

Jun 3 14:26:44 ns sendmail[17714]: n53DQiOi017714: from=<>, size=371, class=0, nrcpts=1, msgid=<>, proto=ESMTP, daemon=MTA, relay=[XXX.XXX.XXX.XXX]

Jun 3 14:27:12 ns sendmail[17780]: n53DRCWX017780: ruleset=check_rcpt, arg1=<>, relay=[XXX.XXX.XXX.XXX], reject=550 5.7.1 <>… Relaying denied. IP name lookup failed [XXX.XXX.XXX.XXX]

Jun 3 14:27:14 ns sendmail[17780]: n53DRCWX017780: from=<>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=[XXX.XXX.XXX.XXX]

The "IP name lookup failed [XXX.XXX.XXX.XXX]" part kinda looks a likely suspect to me. Again, I could be wrong but …

If that is doing a reverse lookup to see if the IP number "" is the same as the IP the email came from. That could be the answer.

Does that sound likely ?

Or am I still as thick as two short planks ?

Thanks for reading.

Hmm, I wonder if there’s some form of DNS issue going on.

For example, if you log in and type:


Do you receive a series of IP addresses for Google?

Next, if you type (again, from on your server):

dig mx

Does the resulting IP address point to your server?

If not, your system could think it needs to send the email elsewhere, potentially causing the error you saw.

If that is doing a reverse lookup to see if the IP number "" is the same as the IP the email came from. That could be the answer.

Does that sound likely ?

The reverse lookup does not need to match. In some cases it does need to exist, which in your case it does not (that’s the error here; not matching doesn’t even come into play in that log…it simply doesn’t resolve at all).

I don’t know if that’s why your server is rejecting the mail, but you could try fixing that problem first.

Thanks Eric,

I hope I haven’t confused things.

Did you mean "dig mx" because the problem is with our user sending email and it is refused at our server.

Assuming that to be I did a "dig mx" and this is what I got :

[root@ns /]# dig mx

; <<>> DiG 9.3.4 <<>> mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 8110
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0



;; Query time: 39 msec
;; WHEN: Thu Jun 4 15:23:54 2009
;; MSG SIZE rcvd: 55

Thanks again for your time.

Also, Eric, I agree with you, this OS is a little old, unfortunately I am stuck with it for a while longer yet. :o(

I have also tried with "Authenticate Outgoing SMTP" set and unset but it made no difference.

And, Postfix does not seem to be set up on this box. I am scared to try to install it now in case it doesn’t import Sendmail “stuff” properly afterwards.

Thanks Joe,

I have set up a reverse for the domain on another ISP connection so it won’t match but at least it will be set up.

That seems to be delayed waiting for the great slow web. ;o)

I will update when it looks like it is done.

Thanks again.

Yeah, don’t install Postfix. Eric was just wanting to know what your configuration looks like. Sendmail is fine, too, and there’s no reason to change at this late stage in the game for this tired old server. :wink:

When you move to a new server (presumably running a longer lived OS, like CentOS) you can switch to Postfix, if you like (it’s a bit easier to comprehend, troubleshoot, and configure, and it’s also a bit faster and has a better security history).

Yeah, when I had said that, I didn’t realize it was Sendmail you were using (I thought it was a manually configured Postfix – yes, you had said it was Sendmail, but I was silly and overlooked that :slight_smile:

As Joe said, I wouldn’t really recommend setting that up on this server, but perhaps on your next one.

OK, well thanks for trying guys.

Seems like we have run out of suggestions here. I really need to get this sorted so any thoughts where I can turn now ?


That will teach me to be so quick posting a reply so early in the morning.

Before moving on I will of course test later today in case the reverse lookup has solved it.

I thought we were just getting started. You never gave us any more logs to go on after you fixed your reverse resolution problem, did you? We gotta see logs, man!


That was fast.

I will be back later when I have done some tests. Glad to know that you are still on the case. I got the impression it was over. Deep apologies. :o)

We’re on the case until it is solved. Just like Huey, Louie and Dewey. But we needs the evidence.

I was thinking this was more like Larry, Moe, and Curly (especially with my knowledge of Sendmail!)

But regardless, we’re here to help :wink:

Or Groucho, Chico, and Harpo. I want to be Chico!

I’m confused by what I’m seeing here in your example session via telnet. It looks like you’re expecting your server to relay on behalf of a completely unknown sender (you, without authentication).

That would make your mail server the equivalent of a burglar or something (open relays are among the vilest evils on the Internet)…so I don’t think you really want what you tried to work.

Unless, of course, you were connecting from the server itself. Which is an entirely different thing…and when you say, "when remote", it makes me think sending works when you are on the same network as the mail server. Which means your not authenticating, but it allows unauthenticated sending when you are local. All of that is pretty sensible.

So, why not configure your mail client to authenticate to the server? I assume you have saslauthd setup and running to provide SMTP authentication service?

OK, now I feel really stupid !

The telnet session was indeed from my PC and yes, of course it wouldn’t authenticate. I should have realised that. If I do the same from the server, it does work ans the email is sent.

The mail client is set to authenticate, so that should be OK.

Now, saslauthd is another matter. Perhaps we are getting somewhere.

I know nothing of SASL and have done a lot of reading since your post, thanks Joe.

SASL does seem to be set up and running. In Webmin, Dovecot, User and Login Options I find :

"SASL authentication realms" is set to "None"
"Default authentication realm" is set to "Default"
"Authentication methods" is set to "Plain-Text"

I have searched for a method of testing if SASL is working but can only find references to Postfix and as you know, I am using Sendmail.

Can you offer any pearls of wisdom to this Dim Git ?

"When remote" means that the laptop is away from the office and connected via a different ISP. Sorry for confusing the issue.

Many thanks for your patience with me.