| |
| |
| |
|
Page: 1 2
Comments:
<0> hello
<1> jo
<0> ive got emails coming out of my server but cant figure out what user is sending them
<0> how can i find that out?
<0> relay is off
<0> but i have "nobody" sending messages outgoing from localhost
<0> but the maillog doesnt tell me who its coming from
<1> most certainly from apache
<0> how could that be
<1> mail form misuse
<0> mail form as in like a contact page?
<1> for instance
<0> i have nothing on my site like that, that i know of
<1> misconfigured apache as allowing proxy connects?
<1> should then be obvious from access_log
<0> what should i be looking for?
<1> CONNECT
<0> just lots of GET
<0> dont see any CONNECT in my apache access log
<1> are we speaking about just a few mails or m***es of them?
<0> every couple minutes
<0> so yes m***es
<0> going out to random addresses
<1> stop your apache
<1> and see if it stops
<0> i just stopped sendmail instead
<1> the mail log tells indicates where mail originate from
<0> actually it doesnt
<1> ps axuwwww | grep nobody
<0> just httpd
<1> well, then it is clear how mails are submitted
<2> makemap: relay-domains.db: line 2: no RHS for LHS domain.com... any ideas on how I can fix this? or what the error message means?
<3> don't use makemap on relay-domains.
<2> thanks
<3> sure thing.
<2> can I add domains to it without restarting?
<3> you cannot.
<3> i suggest you not use relay-domains, instead use the access map, which you can change without restarting the daemon(s).
<2> ok cool, thanks for the info... what I am trying to do is have sendmail + mailscanner act as an smtp gateway
<3> mailscanner tends to ****.
<2> from the docs I have read I am close, but mail didnt seem to ever be p***ed off to the exchange server. It seems to try and find the user localy instead of just forwarding the mail
<3> then you have the domain in cl*** w, which you should not for relaying.
<3> i.e., remove the domain name from local-host-names.
<2> ok I had it in there. Just removed it. I'll have to wait for the DNS guy tomorrow.
<3> why?
<3> if you've been able to test up to this point, you surely can test the change now.
<2> well currently the MX records point to another IP.. We made a quick change earlier today but switched back when the mails were not relayed.
<2> or forwarded as it is
<3> still you should test now, before you dump it back into production.
<2> I agree, but I cant.. dns guy is a family man and goes to bed early.... the changes wont be in prod till we can have at least limitted succes in testing. I am thinking of setting up my own test enviornment now, to be sure things are ok.
<3> why can't you test without changing dns?
<3> worst case use telnet and do the smtp yourself.
<3> best case use an mua that can be told to use smtp to send a message.
<2> well I need my ISP to recognise the diffrent MX records?
<3> to connect to your local system on port 25 -- why?
<2> hmm I dont know how to test the config via telnet commands
<3> telnet yourname 25, then ehlo test, then mail from:<whatever@here>, then rctp to:<destination@mailbox>, then data, then subject: test, then a blank line, then test, then a period.
<2> let me try
<3> after the period alone you should get either a rejection or an accept (usually the latter). you can then either just disconnect or type quit.
<4> "twkm" at 192.94.73.4 pasted "manual test session" (32 lines, 858B) at http://sial.org/pbot/16024
<3> there's an example of a successful test session.
<2> looking now
<2> hmm, I get user unknown. Do I need to have the same users on the gateway box?
<3> if your rctp to said user unknown then your mta thinks it should know which users are valid, which for sendmail means it thinks it is the final delivery mta (i.e., the domain is in cl*** w or VirtHost).
<3> err, rcpt to
<2> where do I control that? /etc/mail/local-host-names? .. if so, the box is currently accepting mail for a subdoamin of the actual doamin I am trying to send amil to
<2> mailertable contains: doamin.com smtp:[192.168.100.1]
<2> domain... grr spelling
<3> since it is a lie it hardly matters.
<2> how do you mean?
<3> what is accepting the connection? sendmail?
<2> yes endmail
<3> doamin.com vs domain.com. hardly matters since the chances are you are not handling domain.com's mail.
<2> right
<3> okay, so, sendmail thinks that the fqdn of your rcpt to is local, so it wants to validate the mailbox.
<3> do you have a full list of mailboxes on the exchange server?
<2> I have at least a partial list of some known addresses
<3> if you don't have a full list then it is useless to have sendmail validate the mailboxes.
<2> would I be able to test say one mailbox?
<3> so you need to remove the domain from cl*** w or VirtHost, which means take it out of local-host-names.
<3> and restart sendmail.
<3> since it is a domain you are relaying to you need an access map entry for it, e.g., To:domain.com RELAY
<3> at that point sendmail will ignore the mailbox, leaving that to the exchange server to decide. of course that means you'll probably generate piles of backscatter spam.
<2> I was thinking of using milter-ahead
<2> so far it now accepts the mail, but rejects it... loops back to me....
<2> wait on that
<3> do you still have your mailertable entry for the domain?
<2> yes, but I had the wrong IP :(.... restarted and testing again now
<2> HA it works!
<2> wow, thanks man for all the time and help
<3> cool.
<2> I'll try and do a little writeup so in the future maybe someone else can benifit if you dont mind me using the logs that is?
<3> sounds fine.
<2> can I buy you a beer or something?
<3> heh. no.
<3> it's okay. happy to help someone get their stuff working.
<2> not only is it working, but, I learned some things also.
<5> hi guys
<5> need some help with sendmail auth...
<5> http://renich.woralelandia.com/sendmail.mc
<5> it rejects thunderbird... tried SSL, TLS and "none"
<3> dead rat smtp auth is usually trivial to setup.
<3> did you add the user to the sasldb?
<5> I can recieve mail (using dovecot) and auth... but not with this one
<3> will you use sasldb at all?
<5> nope
<3> then remove the two md5 mechanisms from the confAUTH_MECHANISMS.
<5> ok
<3> since you have the p auth option neither login or plain are available until ssl is started. does your ssl work?
<3> you can test it with openssl's s_client, e.g., ''openssl s_client -crlf -connect server:25 -starttls smtp''.
<5> it does... i think
<5> server = renich.woralelandia.com
<3> after you run that command you should be connected to your server, ssl should start and you would see some certificate info displayed.
<5> a lot of output
<3> then type: ehlo test
<3> check for an AUTH response line.
<5> 250-AUTH DIGEST-MD5 CRAM-MD5
<3> i thought you removed those?
<5> umm from TRUST_AUTH_MECH
<5> should I remove from define too?
<3> no, remove them from confAUTH_MECHANISMS
<3> and since that is an mc file change you must regenerate your cf and restart sendmail.
<5> yeah, well, no auth now
<3> even after the openssl command, then you do ehlo test?
<5> yeah
<3> then you don't have anything configured to provide login or plain.
<5> that's the output
<5> ok
<3> check your Sendmail.conf file in your sasl library directory.
<3> it probably specifies saslauthd, which i would guess is not running.
<5> it is running... but no auth is taking place
<3> have you checked your Sendmail.conf file yet?
<5> the path to sendmail.conf is at /usr/share/logwatch/default.conf/services/sendmail.conf
<5> yeah
<3> no.
<3> that's logwatch.
<3> you want /usr/lib/sasl/Sendmail.conf or /usr/lib/sasl2/Sendmail.conf or something like that.
<5> there is no sendmail.conf file in etc
<3> that isn't where the sasl libraries expect it. look in /usr/lib/sasl*/
<5> there is one in /usr/lib/sasl2/
<5> 1 pwcheck_method:saslauthd
<5> saslauthd is running
<5> so, is the answer to run saslp***wd and add p***words for the users?
<3> no.
<3> or rather, if you do that then you can enable the md5 mechanisms again, but only some mua's will be willing to use them.
<5> twkm: what about thunderbird?
<3> i don't know, i don't use it.
<5> ok
<5> well, what now... change Sendmail.conf?
<3> hmm, no.
<3> do you have an saslauthd-checkp***?
Return to
#sendmail
or
Go to some related
logs:
ubuntu+root+password+webmin
#linux
ubuntu libforms-java
#math
when i try to log in to VPN the log in screen goes back
rrdtool +hex value
qmail shows stopped in plesk
python tutorial **kwds
scalix logrotate
#python
|
|