/etc/mail/relay-domains in sendmail 8.12.8
Robert
I've upgraded to 8.12.8 and I've a problem with relaying.
In /etc/mail/access I specified IP addresses which may relay,
but /etc/mail/relay-domains permits me to which domains they
can relay, which is not what I wanted. I understand it is default
feature, but how to switch it off ? I can not add to relay-domains
file every domain to which my users will want send emails...
Can you help me ?
Robert
Sebastian Jaenicke
[..]
Ehrm../etc/mail/relay-domains is for your domains, i.e. put
your customers domains into it and not those they're going to
send to.
--
Sebastian Jaenicke Disce aut discede!
whois pgpkey-18AC0BE4 -h whois.ripe.net|perl -ne's-^certif: +--&&print'
Andrzej Filip
Entries in /etc/mail/access alone should be sufficient for allowing relay from
IP addresses on "trusted LAN".
Have you recompiled access map using makemap ?
BTW if you want to allow relaying for users using "third party" dialup (e.g.
TPSA in Poland) then take a look at http://www.sendmail.org/~ca/email/roaming.html
If it does not solve your problem than post:
* the relevant log enries (from= and to= lines)
* the relevant access lines
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
*Random epigram* :
If you analyse anything, you destroy it.
-- Arthur Miller
Robert
> Ehrm../etc/mail/relay-domains is for your domains, i.e. put
> your customers domains into it and not those they're going to
> send to.
I thought so, but now it works in this way - when I want to relay an email,
I've to add destination email address to the /etc/mail/relay-domains.
All my customers domains are there already.
> Entries in /etc/mail/access alone should be sufficient for allowing relay
> from IP addresses on "trusted LAN".
What is "trusted LAN" and how it is defined ? In my case I (and all users)
send emails from known IP addresses which are included in /etc/mail/access
since sendmail 8.11. These IP addresses in fact are _public_ internet
addresses assigned for several remote offices.
> Have you recompiled access map using makemap ?
Yes, every time when I restart sendmail.
> If it does not solve your problem than post:
> * the relevant log enries (from= and to= lines)
> * the relevant access lines
Until yesterday it was:
Mar 11 15:53:34 tester sendmail[16304]: h2BErYqF016304: ruleset=check_rcpt,
arg1=<beton[at]interia.pl>, relay=operator [213.17.a.b], reject=550 5.7.1
<beton[at]interia.pl>... Relaying denied
Mar 11 15:53:34 tester sendmail[16304]: h2BErYqF016304:
from=<tes...@xxxxx.pl>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA,
relay=operator [213.17.a.b]
But now (after I recompiled sendmail to get SMTP AUTH feature following
http://www.jonfullmer.com/smtpauth/, BTW with no success), it is:
Mar 13 16:21:12 tester sendmail[11762]: h2DFLBPB011762: ruleset=check_rcpt,
arg1=<beton[at]interia.pl>, relay=robert [213.17.x.y], reject=550 5.7.1
<beton[at]interia.pl>... Relaying denied. Proper authentication required.
Mar 13 16:21:12 tester sendmail[11762]: h2DFLBPB011762:
from=<tes...@xxxxx.pl>, size=0, class=0, nrcpts=1, proto=SMTP,
daemon=MTA, relay=robert [213.17.x.y]
operator [213.17.a.b] and robert [213.17.x.y] are included in
/etc/mail/access:
213.17.a.b RELAY
213.17.x.y RELAY
These emails are relayed at once after adding interia.pl domain to
the /etc/mail/relay-domains file (but interia.pl is not one of my domains,
it is destination email address domain where I have my test account).
I use tes...@xxxxx.pl "from address" which is added to
/etc/mail/relay-domains file, where xxxxx.pl is one of my
domains added to the /etc/mail/local-host-names.
Any idea ?
Regards,
Robert
Andrzej Filip
>>Ehrm../etc/mail/relay-domains is for your domains, i.e. put
>>your customers domains into it and not those they're going to
>>send to.
>
>
> I thought so, but now it works in this way - when I want to relay an email,
> I've to add destination email address to the /etc/mail/relay-domains.
> All my customers domains are there already.
>
>
>>Entries in /etc/mail/access alone should be sufficient for allowing relay
>>from IP addresses on "trusted LAN".
> What is "trusted LAN" and how it is defined ? In my case I (and all users)
> send emails from known IP addresses which are included in /etc/mail/access
> since sendmail 8.11. These IP addresses in fact are _public_ internet
> addresses assigned for several remote offices.
Replace "trused LAN" by "authentication via IP address of the connecting host" :)
Test 1:
check if sendmail sees the access entries:
echo "/map access 213.17.a.b" | sendmail -bt
echo "/map access 213.17.x.y" | sendmail -bt
--
Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
*Random epigram* :
Tomorrow's computers some time next month.
-- DEC
Robert
> Test 1:
> check if sendmail sees the access entries:
> echo "/map access 213.17.a.b" | sendmail -bt
> echo "/map access 213.17.x.y" | sendmail -bt
>
> --
> Andrzej [pl>en: Andrew] Adam Filip http://www.polbox.com/a/anfi/
> *Random epigram* :
> Tomorrow's computers some time next month.
> -- DEC
Thank you for help, it solve my problem:
Map named "access" not found
after adding FEATURE(`access_db')dnl
new sendmail see what old sendmail already saw.
BTW, my statement:
> > Have you recompiled access map using makemap ?
> Yes, every time when I restart sendmail.
wasn't true because new rc script has construction:
# if test -x /usr/bin/make -a -f /etc/mail/Makefile ; then
# make -C /etc/mail -s
# else
which (of course without -s) each time did only:
make: Entering directory `/etc/mail'
make: Nothing to be done for `all'.
make: Leaving directory `/etc/mail'
Best regards,
Robert