[GLLUG] sendmail puzzle

Ken Smith kens at kensnet.org
Mon Oct 10 21:54:17 UTC 2022

I'm trying to sort out a Rocky 8.5 server that has sendmail installed. 
(Please don't go on a diversion about how I should tell the owner to 
dump sendmail and switch to exim or postfix - save that for another 
thread please. )

I'm pretty good with sendmail but this problem has me a bit foxed. I'd 
value some suggestions of where to look as I think I'm not seeing the 
wood for the trees.

It will send from addresses in the local network, without auth, because 
I have "connect:192.168.123   relay" in the access file - that being the 
local LAN.

I've tested sasl auth and that is authenticating.

Using telnet from an IP off their LAN (over a VPN) I can connect using 
TLS (openssl s_client etc etc) and authenticate (perl -MMIME::Base64 etc 
etc)  it accepts my credentials and then if I try to send a message I 
get "Relaying denied. IP name lookup failed [my local ip]" The same 
happens with a test using Thunderbird.

If I do the same test from the host that sendmail is on, it works fine.

Also if I do the same test from another host on the same LAN it works fine.

Somehow its complaining about the source IP in authenticated sessions 
outside the LAN range.

In the test from my local LAN (172.16.0.x), over a VPN, the remote dns 
can't resolve the reverse dns of my LAN. I've done a similar test with 
another sendmail site and remote auth is working fine.

Maybe sendmail is doing reverse DNS when it shouldn't be.

Suggestions most welcome....



This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the GLLUG mailing list