[GLLUG] sendmail puzzle

Philip Hands phil at hands.com
Tue Oct 11 16:09:56 UTC 2022

Ken Smith via GLLUG <gllug at mailman.lug.org.uk> writes:

> Marco van Beek via GLLUG wrote:
>> On 10/10/2022 22:54, Ken Smith via GLLUG wrote:
>>> I'm trying to sort out a Rocky 8.5 server that has sendmail 
>>> installed. (Please don't go on a diversion about how I should tell 
>>> the owner to dump sendmail and switch to exim or postfix - save that 
>>> for another thread please. )
>>> I'm pretty good with sendmail but this problem has me a bit foxed. 
>>> I'd value some suggestions of where to look as I think I'm not seeing 
>>> the wood for the trees.
>>> It will send from addresses in the local network, without auth, 
>>> because I have "connect:192.168.123   relay" in the access file - 
>>> that being the local LAN.
>>> I've tested sasl auth and that is authenticating.
>>> Using telnet from an IP off their LAN (over a VPN) I can connect 
>>> using TLS (openssl s_client etc etc) and authenticate (perl 
>>> -MMIME::Base64 etc etc)  it accepts my credentials and then if I try 
>>> to send a message I get "Relaying denied. IP name lookup failed [my 
>>> local ip]" The same happens with a test using Thunderbird.
>>> If I do the same test from the host that sendmail is on, it works fine.
>>> Also if I do the same test from another host on the same LAN it works 
>>> fine.
>>> Somehow its complaining about the source IP in authenticated sessions 
>>> outside the LAN range.
>>> In the test from my local LAN (172.16.0.x), over a VPN, the remote 
>>> dns can't resolve the reverse dns of my LAN. I've done a similar test 
>>> with another sendmail site and remote auth is working fine.
>>> Maybe sendmail is doing reverse DNS when it shouldn't be.
>>> Suggestions most welcome....
>>> Thanks
>>> Ken
>> Hi,
>> It might be the difference between a missing entry in a zone file, and 
>> a missing zone file. Maybe it is the lookup mechanism that fails, 
>> rather than it checking the IP address itself. It might be another 
>> rule set that is trying to do a reverse lookup (eg hostname), and it 
>> barfs out at that point.
>> Maybe increase the logging verbosity and check the logs again?
>> Cheers,
>> Marco
> Thank you - Not sure where my error was but, probably a typo on my 
> part.  I reconfigured it from the ground up using the template config 
> files I've kept from other setups and its working fine now. Didn't touch 
> any thing to do with DNS or /etc/hosts.
> All fixed. Yay :-) Ken


I'd recommend installing etckeeper, which stores your /etc in git, and
will then allow you to do stuff like:

  cd /etc
  git diff '@{last week}'

and immediately see what's different from when the thing in question was

Cheers, Phil.
|)|  Philip Hands  [+44 (0)20 8530 9560]  HANDS.COM Ltd.
|-|  http://www.hands.com/    http://ftp.uk.debian.org/
|(|  Hugo-Klemm-Strasse 34,   21075 Hamburg,    GERMANY
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 832 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20221011/0b7c86f4/attachment.sig>

More information about the GLLUG mailing list