[NTLUG:Discuss] possibly OT: sendmail config on redhat

Sun Mar 23 14:50:16 CST 2003

MontyS at videopost.com wrote:

>Perhaps I am just dense, but after hammering on this for around 8 hours,
>including surfing google and sendmail.org, I can't get the box to work.
>
>Here are the specs using <rpm -q>:
>
>Kernel:  2.4.18-27.8.0
>Sendmail:  8.12.8-1.80
>Cyrus-sasl:  2.1.10-1
>
I'd recommend that you compile the newest version of Sendmail from 
www.sendmail.org because:  1) RedHat's RPMS are kinda brain-dead in that 
you can't be certain that everything is compiled, 2) The latest Sendmail 
will have some security vulnerabilities fixed, and 3)  Your config files 
will be where you expected them...in sendmail's case, it will see where 
everything was before you installed and keep the same directory scheme.

>Running <sendmail -d0.1 -bv root | grep SASL> returns NETUNIX, NEWDB NIS
>PIPELINING SASL SCANF STARTTLS TCPWRAPPERS
>
>I have the following features on:
>
>Accept_unresolvable_domains
>
I really wouldn't as this just about lets anybody send mail thru your 
system (I think sendmail.org even cautions about not using this).

>Delay_checks
>
Hmm...not sure about this one.

>Relay_mail_from  (which could be bad, so I have read)
>
Can be very bad.  Control relaying through the access file, not this 
feature.

>Access_db
>
Control your relaying through this option.

>Blacklist_recipients
>
Don't worry about this for now until you get sendmail working.

>I have user foo@ in my access file.  Foo is set to relay.
>
Stupid question...Have you run makemap on your access file to create 
your new access.db file?  And then restarted sendmail?

>
>When I try to send an email from an external network to another external
>network, which is the whole idea, I get the following error:  ip name lookup
>failed.
>
This makes me think you haven't run the m4 macro on your config file.mc 
to make the sendmail.cf file that sendmail uses, otherwise sendmail 
would pick up your changes in the sendmail.cf file if they were there.

>I have read that relay_mail_from, accept_unresolvable_domains,
>
I don't think you really want to do these.  You're opening yourself up 
to troubles here.

> and even
>delay_checks would resolve this error.
>
Not sure this is such a good idea either.

>/Sendmail.conf set to pwcheck_method:shadow.
>
>I have also looked in O'Reily's Sendmail book, but I have found no answers,
>and it seems to be written for an older version of sendmail.  (Around 40
>bucks tossed...)
>
I have that book too.  Info in it is not up-to-date, and even as thick 
as it is, they still left a lot out.  Go to www.sendmail.org to get the 
complete documentation....just be certain you're reading the right 
documentation for the right version of sendmail you're using.

>Should I dump sendmail and start over with qmail?  I hate to do that since I
>have invested so much time with sendmail, but I am open to options.
>
I'm debating that myself.  I've been running sendmail for some time and 
haven't had any problems with it, but setting up the configuration to 
start has a steep learning curve.

>BTW:  I have been able to get the box to relay, but when I run the <telnet
>relay-test.mail.abuse.org> test, it comes back as an open relay on one of
>the tests.  Can't have that.
>

Sounds like your access file needs fixing.  The Accept Unresolvable 
Domains options might have something to do with it.  Put only the 
domains and ips allowed to relay using the proper syntax, the use 
'makemap hash'  to create the accessdb file.

Try www.sendmail.org to dig in for the answers...they're there but you 
do have to search (Be very certain that you're reading the Sendmail-8.12 
documentation, and not older Sendmail documentation which comes up more 
readily than the newer documentation (makes me think that sendmail.org 
needs to update the documentation displays on their site.).