Anda di halaman 1dari 9

SENDMAIL TROUBLE SHOOTING:

Filename

Config line

Purpose sendmail.cf is the primary configuration file for sendmail. Although almost all sendmail configuration options can be set from within this file, because of the inherent risks in editing it, most implementations break most functions out into separate config files. sendmail.cw indicates which domains the server will deliver mail for locally aliases maps unqualified (default domain) mail aliases to a user, multiple users, other aliases, etc.

Update Technique Restart sendmail. Usually automatic.


newaliases

sendmail.cf

sendmail.cw Cw aliases virtusertable

Test Methods
mail -v
Note: The -v (verbose) option only applies to the Berkeley mail executable, not the System V one. If you are running System V or a System V-like operating system (Solaris, for example), the Berkeley mail is often installed in /usr/ucb.

On its own, mail is a fairly modest MTA (mail transfer agent). Its verbose mode (specified with the -v option), however, is a powerful troubleshooting tool. Not only do you see the specific SMTP directives sent to the outgoing mailserver, you see the full output of any error messages it returns. Successful mail delivery looks like this:
ganesha matt ~ % /usr/ucb/mail -v matt@mindflip.com Subject: test test . EOT ganesha matt ~ % matt@mindflip.com... Connecting to mailhost.mindflip.com via relay... 220 arjuna.mindflip.com ESMTP Sendmail 8.9.3/8.9.3; Fri, 6 Apr 2001 04:09:32 GMT >>> EHLO ganesha.mindflip.com 250-arjuna.mindflip.com Hello ganesha.mindflip.com [206.50.17.93], pleased to meet you 250-EXPN

250-VERB 250-8BITMIME 250-SIZE 250-DSN 250-ONEX 250-ETRN 250-XUSR 250 HELP >>> MAIL From: SIZE=79 250 ... Sender ok >>> RCPT To: 250 ... Recipient ok >>> DATA 354 Enter mail, end with "." on a line by itself >>> . 250 EAA29801 Message accepted for delivery matt@mindflip.com... Sent (EAA29801 Message accepted for delivery) Closing connection to mailhost.mindflip.com >>> QUIT 221 arjuna.mindflip.com closing connection

sendmail -bv
sendmail

itself contains some interesting debugging functionality, the most interesting of which is the "verify" mode, specified by -bv. In order for this technique to be helpful, it has to be run from the mailserver itself.
sendmail -bv

results in no message actually being sent, but will tell you how the message would have been delivered (after all aliases and other rewrites). Here are some examples:
arjuna matt ~ % sendmail -bv fred@domain.com fred@domain.com... deliverable: mailer esmtp, host domain.com., user fred@domain.com arjuna matt ~ % sendmail -bv joejones@mindflip.com joejones@mindflip.com... deliverable: mailer local, user joe

Symptoms
Mail Administrator Messages
550 nouser@mail.mindflip.com... Host unknown (Name server: mail.mindflip.com: host not found) o Domain name was misspelled in address. o Domain's MX record points to a nonexistant host. 550 nouser@ganesha.mindflip.com... User unknown o User name was misspelled in address. o An expected alias is misconfigured. o An expected virtuser rewrite is misconfigured. o Mail is being delivered to the wrong host.

554 MX list for unpoetry.org. points back to arjuna.mindflip.com o Domain is missing or misconfigured in sendmail.cw

mail -v errors

Sendmail hostname error


Newsgroups: gmane.linux.distributions.grml.user Date: Thu, 08 Feb 2007 13:37:59 -0800 > I wasn't able to use sendmail recently. I've now track it down that the > hostname that my Sendmail uses is wrong. How can I fix it? > > % /usr/sbin/sendmail -bi > WARNING: local host name (;; connection timed out; no servers could be > reached) is not qualified; see cf/README: WHO AM I? /etc/mail/aliases: > 24 aliases, longest 10 bytes, 233 bytes total

This might seem obvious, but did you make sure your mail server has a PTR record for it's IP? If not, make sure your mail server has a PTR record in DNS and do a dpkg-reconfigure -plow sendmail. Paul Johnson @ursine.ca

ESMTP connection timed out


Newsgroups: comp.mail.sendmail Date: Thu, 25 Jan 2007 06:53:06 +0000 (UTC) >I get the "ESMTP connection timed out" error when trying to send email.

Actually, no, you don't (and there is no such error msg in sendmail).
> $ sendmail -f test@email.addr -v > test@email.addr... Connecting to [127.0.0.1] port 587 via relay... > 220 ;; ESMTP connection timed out; no servers could be reached >Sendmail 8.13.8/8.13.8/Debian-3; Wed, 24 Jan 2007 23:21:21 -0500; (No >UCE/UBE) logging access from: my.host.name(OK)-my.host.name [127.0.0.1] > >>> EHLO my.host.name > 250-;; connection timed out; no servers could be reached Hello >my.host.name [127.0.0.1], pleased to meet you

You seem to be a victim of the same broken "helpfulness" as described in the (apparently misthreaded by google) thread at http://groups.google.com/group/comp.mail.sendmail/browse_frm/thread/7095fe4c3569eed1 i.e. some install script or whatever has "configured" your sendmail with a *host name* of literally " ;; connection timed out; no servers could be reached"! This is actually an error message from the 'dig' command - i.e. the script probably tries to use 'dig' to get the fullyqualified host name, and blindly accepts any output from 'dig'. The slightly different greeting comes from the fact that sendmail inserts the "ESMTP" there as the second word, under the reasonable assumption that the host name is a single word

> >

250 2.0.0 l0P4LLHX023711 Message accepted for delivery test@email.addr... Sent (l0P4LLHX023711 Message accepted for delivery)

So the submission went OK, despite the repeated "error messages".


>In /var/log/mail.log: > > Jan 24 23:21:21 myhost sm-mta[23713]: l0P4LLHX023711: >to=<test@email.addr>, delay=00:00:00, xdelay=00:00:00, mailer=relay, >pri=120408, relay=my.isp.com. [199.x.x.x], dsn=5.0.0, stat=Service >unavailable

This occurs when the MTA relays your message to your smart host - the sender should have received a bounce with a more detailed explanation than "Service unavailable", but it's a good guess that the broken host name makes the remote complain and reject the message, or the whole transaction - e.g. it would result in a syntactically invalid HELO/EHLO command for starters. Per Hedeland @hedeland.org

sendmail hostname config


Newsgroups: comp.mail.sendmail From: vladina...@gmail.com Subject: WARNING: local host name (;; connection timed out; no servers could be reached) is not qualified; see cf/README: WHO AM I? Date: 11 Jan 2007 10:21:00 -0800

I am using Sendmail 8.13.5 on Ubuntu 6.10. I keep getting the following error, and nothing I do seems to be able to fix it. Google has been less than helpful, as has ubuntu's official and nonofficial support forums, and sendmail.org's documentation has been sadly unhelpful. Sendmail, it seems, cannot find the local host name. This is despite it being correctly set in /etc/hosts, in /etc/mail/local-host-names, in DNS, etc. I've verified that DNS works. All other errors have been squashed. When issuing a make all, or a sendmailconfig in /etc/mail, I get the follow error:
WARNING: local host name (;; connection timed out; no servers could be reached) is not qualified; see cf/README: WHO AM I?

The sendmail.org documentation suggests the use of


FEATURE(use_cw_file)

which is already in my .mc It's interesting to note that " ;; connection timed out; no servers could be reached) is not qualified; see cf/README: WHO AM I?" actually shows up in the sendmail.cf in a variety of locations (like $j). Manually editing the .cf (bad, I know) and restarting sendmail seems to have no beneficial effect.

Even our local sendmail guru is confused. Anyone have any other ideas?

sendmail hostname config


[snip] >WARNING: local host name (;; connection timed out; no servers could be >reached) is not qualified; see cf/README: WHO AM I? >The sendmail.org documentation suggests the use of >FEATURE(use_cw_file), >which is already in my .mc

The sendmail documentation referred to by the error message, i.e. the "WHO AM I?" section of the cf/README file, certainly doesn't suggest that, but rather setting confDOMAIN_NAME in the .mc file (which ends up setting $j).
>It's interesting to note that ";; connection timed out; no servers >could >be reached) is not qualified; see cf/README: WHO AM I?" actually shows >up in the sendmail.cf in a variety of locations (like $j).

Wow - I guess the "helpful" Ubuntu people try to generate .mc and/or .cf with some tool, but forgot to check for errors
> Manually editing the .cf (bad, I know)

Well, having that garbage in it is definitely worse!:-)


> and restarting sendmail seems to have no beneficial effect.

Have you checked that the .cf isn't auto-regenerated from a .mc that has the garbage in it when you "restart" - putting such "helpful" stuff in rc scripts seems to be common in Linux distributions. Try to find the .mc file and check/modify it - like cf/README says, normally there is no need to set confDOMAIN_NAME at all. And of course also check that the _.mc_ file doesn't get auto-regenerated with garbage in it! Finally, remeber that there are two .cf (and .mc) files in 8.12 and later, sendmail.cf and submit.cf - you didn't say in what context you got the error message, if it's on direct invocation of sendmail in non-daemon mode, it's coming from submit.cf. Per Hedeland @hedeland.org

Sendmail:Temporary system failure


Situation

Can't send mail. "sendmail -v" reports:

Deferred: 451 4.3.0 Temporary system failure. Please try again later

Conclusion

/etc is world writable in wolvix 1.1.


Solution
chmod 755 /etc/

Symptom
date | sendmail -v $USER root... Connecting to [127.0.0.1] via relay... 220 wolvix.wolvix.org ESMTP Sendmail 8.13.8/8.13.8; Fri, 21 Dec 2007 14:17:34 -0500 >>> EHLO wolvix.wolvix.org 250-wolvix.wolvix.org Hello localhost [127.0.0.1], pleased to meet you 250 ENHANCEDSTATUSCODES >>> MAIL From:<root@wolvix.wolvix.org> 451 4.3.0 Temporary system failure. Please try again later. root... Deferred: 451 4.3.0 Temporary system failure. Please try again later. Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 wolvix.wolvix.org closing connection

Analysis Example: In /var/log/maillog


Dec 21 09:59:10 wolvix sm-mta[10303]: error: safesasl(/etc/sasl2/Sendmail.conf) failed: World writable directory Dec 21 09:59:10 wolvix sm-mta[10304]: starting daemon (8.13.8): SMTP+queueing@00:25:00 Dec 21 09:59:10 wolvix sm-msp-queue[10307]: starting daemon (8.13.8): queueing@00:25:00 Dec 21 10:03:28 wolvix sendmail[10330]: lBLF3S7q010330: from=root, size=29, class=0, nrcpts=1, msgid=<200712211503.lBLF3S7q010330@wolvix.wolvix.org>, relay=root@localhost Dec 21 10:03:28 wolvix sm-mta[10331]: lBLF3SJ0010331: SYSERR(root): hash map "access": unsafe map file /etc/mail/access.db: World writable directory Dec 21 10:03:28 wolvix sm-mta[10331]: ruleset=check_relay, arg1=localhost, arg2=127.0.0.1, relay=localhost [127.0.0.1], reject=451 4.3.0 Temporary system failure. Please try again later. -rw-r----- 1 root root 12288 2006-02-01 15:11 /etc/mail/access.db drwxr-xr-x 2 root root 41 2007-12-19 10:58 /etc/mail/ drwxrwxrwx 97 root root 4096 2007-12-21 14:16 /etc/

Ok, so the "Temporary system failure" is due to "World writable directory". But /etc/mail/ is not world writable?! The /etc/ is. Fix it and try again:
chmod 755 /etc/ $ date | sendmail -v $USER root... Connecting to [127.0.0.1] via relay...

220 wolvix.wolvix.org ESMTP Sendmail 8.13.8/8.13.8; Fri, 21 Dec 2007 14:27:12 -0500 >>> EHLO wolvix.wolvix.org 250-wolvix.wolvix.org Hello localhost [127.0.0.1], pleased to meet you 250-ENHANCEDSTATUSCODES 250-PIPELINING 250-8BITMIME 250-SIZE 250-DSN 250-ETRN 250-AUTH DIGEST-MD5 CRAM-MD5 250-DELIVERBY 250 HELP >>> MAIL From:<root@wolvix.wolvix.org> SIZE=29 AUTH=root@wolvix.wolvix.org 250 2.1.0 <root@wolvix.wolvix.org>... Sender ok >>> RCPT To:<root@wolvix.wolvix.org> >>> DATA 250 2.1.5 <root@wolvix.wolvix.org>... Recipient ok 354 Enter mail, end with "." on a line by itself >>> . 250 2.0.0 lBLJRCWp006160 Message accepted for delivery root... Sent (lBLJRCWp006160 Message accepted for delivery) Closing connection to [127.0.0.1] >>> QUIT 221 2.0.0 wolvix.wolvix.org closing connection

Problem solved. documented on: 2007.12.21

Configure Sendmail SSL encryption for sending and receiving email


Q. How do I configure Sendmail email server to use SSL encryption for sending/receiving email? I have already obtained or received the required valid SSL certificate. It is stored in /etc/mail/ssl directory as follows: SSL Keys and Certification files => /etc/mail/ssl/sendmail.pem => /etc/mail/ssl/ca-bundle.crt Now how do I configure sendmail for SSL under Fedora Core or RHEL or Cent OS? A. Sendmail is a mail transfer agent (MTA) and you need a valid SSL certificate on the server. Sendmail remains the most popular MTA on the Internet, although this is probably fading. Its popularity is due in part to its position as the standard MTA under most variants of the Unix operating system.

Sendmail can be configured to encrypt email via the secure socket layer (SSL) when you want to send and receives emails. Open sendmail configuration file /etc/mail/sendmail.mc using text editor such as vi:
# vi /etc/mail/sendmail.mc

Now append/modify following directives:


define(`confCACERT_PATH',`/etc/mail/ssl/certs') define(`confCACERT',`/etc/mail/ssl/ca-bundle.crt') define(`confSERVER_CERT',`/etc/mail/ssl/sendmail.pem') define(`confSERVER_KEY',`/etc/mail/ssl/sendmail.pem')

And make sure port is set to smtps (secure smtp i.e. port 465):
DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

Restart sendmail and secure pop3s/imaps


Type the following commands to restart sendmail and related services:
# # # # /etc/init.d/sendmail restart chkconfig pop3s on chkconfig imaps on /etc/init.d/xinetd restart

pop3s and imaps will start from xinetd

How do I generate certificates locally for testing purpose only?


If you don't have certificates you can generates certificates locally on Cent OS/RHEL/Fedora Core. Type the following commands:
# cd /usr/share/ssl/certs # make sendmail.pem

Now open sendmail /etc/mail/sendmail.mc config file and append/modify directives as follows:
define(`confCACERT_PATH',`/usr/share/ssl/certs') define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt') define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem') define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem') DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl

Restart sendmail as discussed above.

root@bb mail]# m4 sendmail.mc > sendmail.cf m4:sendmail.mc:10: cannot open `/usr/share/sendmail-cf/m4/cf.m4': No such file or directory

The solution was to install the sendmail-cf package

yum install sendmail-cf

Sendmail masquerade outgoing email address


by nixCraft on November 2, 2006 17 comments Last updated November 2, 2006 If you just need an outgoing email from web server use sendmail. But what is masquerading? With the help of masquerading your outgoing email appers from user@cyberciti.biz instead of realunixuser@server01.cyberciti.biz. This will also hide your internal user name or host name from rest of the world. So this feature rewrites the hostname in the address of outgoing mail. This is also used when you have centralized mail server i.e. mail hub.

Sendmail masquerading configuration


Open your sendmail config file /etc/mail/sendmail.mc:
# vi /etc/mail/sendmail.mc

Append/add/modify the lines as follows:


MASQUERADE_AS(cyberciti.biz)dnl FEATURE(masquerade_envelope)dnl FEATURE(masquerade_entire_domain)dnl MASQUERADE_DOMAIN(cyberciti.biz)dnl

Save and close the file. Replace domain name cyberciti.biz with your actual domain name. Update and restat sendmail server:
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf # /etc/init.d/sendmail restart

https://access.redhat.com/knowledge/docs/enUS/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2-email-mta-sendmail.html