[GLLUG] sendmail puzzle

Ken Smith kens at kensnet.org
Tue Oct 11 13:36:27 UTC 2022 

Marco van Beek via GLLUG wrote:
>
>
> On 10/10/2022 22:54, Ken Smith via GLLUG wrote:
>>
>> I'm trying to sort out a Rocky 8.5 server that has sendmail 
>> installed. (Please don't go on a diversion about how I should tell 
>> the owner to dump sendmail and switch to exim or postfix - save that 
>> for another thread please. )
>>
>> I'm pretty good with sendmail but this problem has me a bit foxed. 
>> I'd value some suggestions of where to look as I think I'm not seeing 
>> the wood for the trees.
>>
>> It will send from addresses in the local network, without auth, 
>> because I have "connect:192.168.123   relay" in the access file - 
>> that being the local LAN.
>>
>> I've tested sasl auth and that is authenticating.
>>
>> Using telnet from an IP off their LAN (over a VPN) I can connect 
>> using TLS (openssl s_client etc etc) and authenticate (perl 
>> -MMIME::Base64 etc etc)  it accepts my credentials and then if I try 
>> to send a message I get "Relaying denied. IP name lookup failed [my 
>> local ip]" The same happens with a test using Thunderbird.
>>
>> If I do the same test from the host that sendmail is on, it works fine.
>>
>> Also if I do the same test from another host on the same LAN it works 
>> fine.
>>
>> Somehow its complaining about the source IP in authenticated sessions 
>> outside the LAN range.
>>
>> In the test from my local LAN (172.16.0.x), over a VPN, the remote 
>> dns can't resolve the reverse dns of my LAN. I've done a similar test 
>> with another sendmail site and remote auth is working fine.
>>
>> Maybe sendmail is doing reverse DNS when it shouldn't be.
>>
>> Suggestions most welcome....
>>
>> Thanks
>>
>> Ken
>>
>>
>>
>>
> Hi,
>
> It might be the difference between a missing entry in a zone file, and 
> a missing zone file. Maybe it is the lookup mechanism that fails, 
> rather than it checking the IP address itself. It might be another 
> rule set that is trying to do a reverse lookup (eg hostname), and it 
> barfs out at that point.
>
> Maybe increase the logging verbosity and check the logs again?
>
> Cheers,
>
> Marco

Thank you - Not sure where my error was but, probably a typo on my 
part.  I reconfigured it from the ground up using the template config 
files I've kept from other setups and its working fine now. Didn't touch 
any thing to do with DNS or /etc/hosts.

All fixed. Yay :-) Ken


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the GLLUG mailing list