I have a very strange error (well to me it is strange anyway).
We have a problem sending email via our domain which is hosted remotely on a dedicated server (which we are responsible for maintaining) but it only happens in specific situations.
To simplify the story, here is the setup:
A laptop roaming and using an internet connections at an-isp.com can send and receive email. It sends email using our dedicated server’s SMTP without a problem.
A desktop in the office connected to another-big-isp.com cannot send an email using our server’s SMTP, it receives an error like this : “550 5.7.1 <recipient@somewhere.co.uk>… Relaying denied”.
Of course, the desktop can send email using the SMTP servers of another-big-isp.com.
The dedicated server is running Fedora 5, Sendmail and GPL Virtualmin installed as a module in Webmin.
One strange symptom is that the desktop can send and email using our dedicated server SMTP provided it is destined for an email address at another-big-isp.com.
The only common denominator seems to be another-big-isp.com who are telling us that there are no blocked ports or anything else.
Mail client errors are not useful in troubleshooting mail problems. We need to see the maillog entry (or entries) that occur when you attempt to send mail.
Yeah, on Fedora, I believe the email log would be in /var/log/maillog.
That’d be really handy in being able to resolve this. But a few additional thoughts:
If someone is trying to send an email via your SMTP server, and receiving “relay access denied” – make double-sure that “Authenticate Outgoing SMTP” is chosen in their desktop client. That’s frequently not a default.
You say you have Fedora 5. That’s really old I believe support for it would have stopped roughly two years ago. I hope you have an alternate way of obtaining and applying security fixes You might consider a distro like CentOS, which is supported for 5 years – as well as supported by the Virtualmin installer, which makes installing and configuring easy as pie! (and I like pie)
Since Virtualmin didn’t setup Postfix, we might need to see your /etc/postfix/main.cf too, that may offer some clues.
If that is doing a reverse lookup to see if the IP number "senders-domain.co.uk" is the same as the IP the email came from. That could be the answer.
Does that sound likely ?
The reverse lookup does not need to match. In some cases it does need to exist, which in your case it does not (that’s the error here; not matching doesn’t even come into play in that log…it simply doesn’t resolve at all).
I don’t know if that’s why your server is rejecting the mail, but you could try fixing that problem first.
Also, Eric, I agree with you, this OS is a little old, unfortunately I am stuck with it for a while longer yet. :o(
I have also tried with "Authenticate Outgoing SMTP" set and unset but it made no difference.
And, Postfix does not seem to be set up on this box. I am scared to try to install it now in case it doesn’t import Sendmail “stuff” properly afterwards.
Yeah, don’t install Postfix. Eric was just wanting to know what your configuration looks like. Sendmail is fine, too, and there’s no reason to change at this late stage in the game for this tired old server.
When you move to a new server (presumably running a longer lived OS, like CentOS) you can switch to Postfix, if you like (it’s a bit easier to comprehend, troubleshoot, and configure, and it’s also a bit faster and has a better security history).
Yeah, when I had said that, I didn’t realize it was Sendmail you were using (I thought it was a manually configured Postfix – yes, you had said it was Sendmail, but I was silly and overlooked that
As Joe said, I wouldn’t really recommend setting that up on this server, but perhaps on your next one.
-Eric
I thought we were just getting started. You never gave us any more logs to go on after you fixed your reverse resolution problem, did you? We gotta see logs, man!
I’m confused by what I’m seeing here in your example session via telnet. It looks like you’re expecting your server to relay on behalf of a completely unknown sender (you, without authentication).
That would make your mail server the equivalent of a burglar or something (open relays are among the vilest evils on the Internet)…so I don’t think you really want what you tried to work.
Unless, of course, you were connecting from the server itself. Which is an entirely different thing…and when you say, "when remote", it makes me think sending works when you are on the same network as the mail server. Which means your not authenticating, but it allows unauthenticated sending when you are local. All of that is pretty sensible.
So, why not configure your mail client to authenticate to the server? I assume you have saslauthd setup and running to provide SMTP authentication service?
The telnet session was indeed from my PC and yes, of course it wouldn’t authenticate. I should have realised that. If I do the same from the server, it does work ans the email is sent.
The mail client is set to authenticate, so that should be OK.
Now, saslauthd is another matter. Perhaps we are getting somewhere.
I know nothing of SASL and have done a lot of reading since your post, thanks Joe.
SASL does seem to be set up and running. In Webmin, Dovecot, User and Login Options I find :
"SASL authentication realms" is set to "None"
"Default authentication realm" is set to "Default"
"Authentication methods" is set to "Plain-Text"
I have searched for a method of testing if SASL is working but can only find references to Postfix and as you know, I am using Sendmail.
Can you offer any pearls of wisdom to this Dim Git ?
"When remote" means that the laptop is away from the office and connected via a different ISP. Sorry for confusing the issue.