Reputation: 449
sendmail can not relay email to another server
I installed sendmail on both server1 and server2. They use the same configuration file: sendmail.mc. I can send/receive mails to/from the users on the same server using an email client from my PC. But I can not send email to the users on the other server. For example, I can not send an email to [email protected] from [email protected] using the email client. I've added the ip address of my PC to /etc/mail/access on server1(Connect:zz.zz.zz.zz RELAY) and rebuilt access.db. Looking into /var/log/maillog, sendmail on server1 successfully accepted the mail from the PC but waited for a long time when connecting to server2
Apr 3 07:21:06 server1 sendmail[19771]: v33BKxfr019769: SMTP outgoing connect on server1.xxxxx.com
then timeout:
Apr 3 07:26:06 server1 sendmail[19771]: v33BKxfr019769: timeout waiting for input from server2domain.com. during client greeting
Apr 3 07:26:06 server1 sendmail[19771]: v33BKxfr019769: to=, ctladdr= (501/501), delay=00:05:04, xdelay=00:05:00, mailer=esmtp, pri=121178, relay=server2domain.com. [yy.yy.yy.yy], dsn=4.0.0, stat=Deferred: Connection timed out with server2domain.com.
On server2, the log is:
Apr 3 07:18:02 server2 sendmail[20121]: v33BI2Os020121: assigned id
Apr 3 07:18:02 server2 sendmail[20121]: NOQUEUE: connect from [xx.xx.xx.xx]
Apr 3 07:18:02 server2 sendmail[20121]: AUTH: available mech=ANONYMOUS, allowed mech=EXTERNAL GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
Apr 3 07:18:02 server2 sendmail[20121]: v33BI2Os020121: Milter: no active filter
Apr 3 07:23:02 server2 sendmail[20121]: STARTTLS=server, info: fds=6/4, err=5
Apr 3 07:23:02 server2 sendmail[20121]: STARTTLS=server, error: accept failed=0, SSL_error=5, errno=0, retry=-1, relay=[xx.xx.xx.xx]
Apr 3 07:23:02 server2 sendmail[20121]: v33BI2Os020121: disconnect level 1
Apr 3 07:23:02 server2 sendmail[20121]: v33BI2Os020121: in background, pid=20121
Apr 3 07:23:02 server2 sendmail[20121]: v33BI2Os020121: [xx.xx.xx.xx] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA-SSL
I can successfully send email to server2 on server1 using the openssl command and do not need to input user name/password. The sendmail.mc is:
divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
define(`confDEF_USER_ID', ``8:12'')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
define(`confCRL', `/etc/pki/tls/certs/revoke.crl')
define(`confCLIENT_CERT', `/etc/pki/tls/certs/sendmail.pem')
define(`confCLIENT_KEY', `/etc/pki/tls/certs/sendmail.pem')
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Family=inet, Port=465, Name=MTA-SSL, M=s')dnl
CLIENT_OPTIONS(`Family=inet')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 465')
define(`ESMTP_MAILER_ARGS', `TCP $h 465')
MAILER(smtp)dnl
MAILER(procmail)dnl
Both sendmail listen on port 465. I doubt the problem is related to auth but do not know the reason.
Please help, thank you!
After adopting Andrzej A. Filip's suggestion and removing the two lines in sendmail.mc, the following error occurs in the log on server1:
Apr 3 13:02:25 server sendmail[19927]: v33BKxfr019769: makeconnection (server2domain.com. [yy.yy.yy.yy]) failed: Connection refused by server2domain.com. Apr 3 13:02:25 server sendmail[19927]: v33BKxfr019769: makeconnection (server2domain.com. [yy.yy.yy.yy]) failed: Connection refused by server2domain.com. Apr 3 13:02:25 server sendmail[19927]: v33BKxfr019769: to=, ctladdr= (501/501), delay=05:41:23, xdelay=00:00:01, mailer=esmtp, pri=301178, relay=server2domain.com. [yy.yy.yy.yy], dsn=4.0.0, stat=Deferred: Connection refused by server2domain.com.
There is no message logged on server2.
I think without the two lines, sendmail on server1 will try to connect the server2 via port 25, not the port 465 that sendmail is listening.
Upvotes: 0
Views: 3001
Answers (1)
Reputation: 10903
sendmail and OUTGOING smtps (465) connections
smtps (465) starts SSL session before any SMTP level communications. AFAIR sendmail does not support it natively for outgoing connections.
Remove the following two lines, recompile your sendmail.mc into sendmail.cf, restart or (send signal) HUP your sendmail daemon.
define(`RELAY_MAILER_ARGS', `TCP $h 465')
define(`ESMTP_MAILER_ARGS', `TCP $h 465')
Upvotes: 1
Related Questions
- problems sending emails via smtp
- When sendmail forwards emails, receiving server sometimes gives 'Service not available'
- Relay access denied on sending mail, Other domain outside of network
- DSN: Service unavailable sendmail linux
- How to stop relaying in sendmail 8.14
- Unable to send mail (Mail Relay error), have all settings in SMTP Mail Server
- sendmail not sending subject and message body
- smtp.SendMail cannot send mail to multiple recipent golang
- Sendmail is unable to send letters to the internet (only local mail is being sent)
- send mail is not working