Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Relaying denied, because of localhost setting

18 views
Skip to first unread message

Torsten Scheck

unread,
Apr 6, 2001, 4:24:20 AM4/6/01
to
Hi,

I'm relaying my mail over gmx using sendmail as
client. My small network at home has a domain named
"discworld.de" and my hosts are "rincewind",
"weatherwax", and so on. As long as I'm
using this domain my relaying is denied. After I
did a "hostname localhost.localdomain"
everything works fine.

Now I'm trying to force sendmail to give gmx only
the pseudo "localhost.localdomain". Even a
define(`confDOMAIN_NAME', `localhost.localdomain')
didn't work. Does sendmail do a gethostbyname during
the communication with gmx? With Netscape there
are no problems, as it doesn't seem to care about
domain names.

How can I prevent sendmail from giving away my
domain name?

Many thanks in advance!

Torsten

-----------------------------------------------------

[root@rincewind t]# hostname rincewind.discworld.de
[root@rincewind t]# /usr/sbin/sendmail -v bim...@bigfoot.de
Test 1
bim...@bigfoot.de... Connecting to stratomail.webland.de. via relay...
220 post.webmailer.de ESMTP Sendmail 8.9.3/8.8.7; Mon, 19 Mar 2001
18:12:03 +0100 (MET)
>>> EHLO rincewind.discworld.de
250-post.webmailer.de Hello mnzdi7-213-023-005-016.arcor-ip.net
[213.23.5.16], pleased to meet
you
250-8BITMIME
250-SIZE
250-DSN
250-ONEX
250-ETRN
250-XUSR
250 HELP
>>> MAIL From:<bim...@gmx.de> SIZE=7
250 <bim...@gmx.de>... Sender ok
>>> RCPT To:<bim...@bigfoot.de>
550 <bim...@bigfoot.de>... Relaying denied.
>>> RSET
250 Reset state
/root/dead.letter... Saved message in /root/dead.letter
Closing connection to stratomail.webland.de.
>>> QUIT
221 post.webmailer.de closing connection

-----------------------------------------------------

[root@rincewind t]# hostname localhost.localdomain
[root@rincewind t]# /usr/sbin/sendmail -v bim...@bigfoot.de
Test 2
bim...@bigfoot.de... Connecting to mail.gmx.net. via relay...
220 {mp024-rz3} GMX Mailservices ESMTP
>>> EHLO localhost.localdomain
250-{mp024-rz3} GMX Mailservices
250-AUTH=LOGIN CRAM-MD5 PLAIN
250-AUTH LOGIN CRAM-MD5 PLAIN
250-PIPELINING
250 8BITMIME
>>> AUTH PLAIN fJg5Mdu1Ady5otA1nwBsbgxsc3n4ODm=
235 {mp024-rz3} go ahead
>>> MAIL From:<bim...@gmx.de> AUTH=ro...@localhost.localdomain
250 {mp024-rz3} ok
>>> RCPT To:<bim...@bigfoot.de>
250 {mp024-rz3} ok
>>> DATA
354 go ahead
>>> .
250 {mp024-rz3} ok 985021883 qp 20603
bim...@bigfoot.de... Sent ({mp024-rz3} ok 985021883 qp 20603)
Closing connection to mail.gmx.net.
>>> QUIT
221 {mp024-rz3} GMX Mailservices

-----------------------------------------------------

/etc/mail/sendmail.mc (additional entries wrt RH7-sendmail.mc)

dnl SMTP with Auth RFC 2554
define(`confAUTH_MECHANISMS',`PLAIN')dnl
define(`confDEF_AUTH_INFO',`/etc/mail/default-auth-info')dnl
define(`SMART_HOST',`mail.gmx.net')dnl
dnl Address rewriting
dnl Note that the rewriting rules from the genericstable will not
dnl apply to local mail or to messages you receive from outside.
dnl The mapping is only used if a message leaves your local system
dnl for your ISP's smart host.
FEATURE(`masquerade_envelope')dnl
FEATURE(`genericstable', `hash -o /etc/mail/genericstable')dnl
GENERICS_DOMAIN_FILE(`/etc/mail/genericsdomain')dnl

-----------------------------------------------------

Jason Radford

unread,
Apr 6, 2001, 2:03:57 PM4/6/01
to
Red hat's broken with linuxconf or whatever they are using now. Edit
your /etc/hosts file and take out localhost.localdomain entry, replacing
it with the right values (host/domain names).

-Jason

In article <3ACD7D34...@bigfoot.de>, "Torsten Scheck"

Per Hedeland

unread,
Apr 7, 2001, 12:03:42 PM4/7/01
to
In article <3ACD7D34...@bigfoot.de> Torsten Scheck

<sch...@bigfoot.de> writes:
>I'm relaying my mail over gmx using sendmail as
>client. My small network at home has a domain named
>"discworld.de" and my hosts are "rincewind",
>"weatherwax", and so on. As long as I'm
>using this domain my relaying is denied. After I
>did a "hostname localhost.localdomain"
>everything works fine.

If an MTA pays attention to the e-mail sender address or the HELO
argument when deciding whether to allow relaying, it's pretty broken,
and an easy victim for the relay spammers. However your transcripts
don't show any indication of this, in fact they show no indication of
anything at all, as they are to two different hosts:

>bim...@bigfoot.de... Connecting to stratomail.webland.de. via relay...

^^^^^^^^^^^^^^^^^^^^^

> >>> MAIL From:<bim...@gmx.de> SIZE=7
>250 <bim...@gmx.de>... Sender ok
> >>> RCPT To:<bim...@bigfoot.de>
>550 <bim...@bigfoot.de>... Relaying denied.

So stratomail.webland.de doesn't allow you to relay through them - do
you have any reason to think that they should?

>bim...@bigfoot.de... Connecting to mail.gmx.net. via relay...

^^^^^^^^^^^^

>220 {mp024-rz3} GMX Mailservices ESMTP
> >>> EHLO localhost.localdomain
>250-{mp024-rz3} GMX Mailservices
>250-AUTH=LOGIN CRAM-MD5 PLAIN
>250-AUTH LOGIN CRAM-MD5 PLAIN
>250-PIPELINING
>250 8BITMIME
> >>> AUTH PLAIN fJg5Mdu1Ady5otA1nwBsbgxsc3n4ODm=
>235 {mp024-rz3} go ahead
> >>> MAIL From:<bim...@gmx.de> AUTH=ro...@localhost.localdomain
>250 {mp024-rz3} ok
> >>> RCPT To:<bim...@bigfoot.de>
>250 {mp024-rz3} ok

So mail.gmx.net allowed relaying, but you have no indication that this
was due to the localhost.localdomain stuff - in all likelihood it
wasn't, rather that part was totally ignored, and the relaying was
allowed because your IP address was in a range that mail.gmx.net allowed
relaying for. (Though I think I've seen mention in this group that GMX
requires sender addresses to use @gmx.de.)

Good rule when debugging: Change only one thing at a time.:-)

--Per Hedeland
p...@bluetail.com

Torsten Scheck

unread,
Apr 9, 2001, 2:43:01 AM4/9/01
to
Thank you for your explicite answer.

Unfortunately I only changed one thing. And that was
the hostname issue. In both cases I had the same
sendmail.mc/cf using mail.gmx.net as smarthost.
When sendmail connects to this smarthost, gmx seems
to mediate a hostname-dependent mail server. And that's
my problem. How can I force sendmail to pretend being
the localhost.localdomain?

I don't understand how gmx can get my hostname at all.
I could understand if gmx uses a ip-dependent mail server,
then there was no problem, as I always had my isp's
dynamic ip. But sendmail seems to give my hostname to
gmx even before the normal smtp conversation (EHLO).

Here's my /etc/hosts, but I think it's no so relevant,
as I'm just using sendmail as a client.

127.0.0.1
localhost.localdomain
localhost
192.168.0.1
rincewind.discworld.de
rincewind
r
192.168.0.2
weatherwax.discworld.de
weatherwax
w
192.168.0.11
chest1.discworld.de
chest1
c1
192.168.0.12
chest2.discworld.de
chest2
c2
192.168.0.13
chest3.discworld.de
chest3
c3

Still wondering...

Torsten

Per Hedeland

unread,
Apr 9, 2001, 6:51:32 PM4/9/01
to
In article <3AD159F5...@bigfoot.de> Torsten Scheck

<sch...@bigfoot.de> writes:
>Unfortunately I only changed one thing. And that was
>the hostname issue. In both cases I had the same
>sendmail.mc/cf using mail.gmx.net as smarthost.
>When sendmail connects to this smarthost, gmx seems
>to mediate a hostname-dependent mail server.

The message you quoted:

>>> bim...@bigfoot.de... Connecting to stratomail.webland.de. via relay...

- is printed by sendmail before it initiates the connection - there's no
way gmx can affect that except by having an MX record for mail.gmx.net
(assuming that you have actually defined that as SMART_HOST, which I
seriously doubt) pointing to stratomail.webland.de. That they would have
such an MX record seems unlikely, to say the least, and at least looking
from the "outside" there are no MX records at all for mail.gmx.net.

> And that's
>my problem. How can I force sendmail to pretend being
>the localhost.localdomain?

That is no solution, the problem is that your sendmail is connecting to
the wrong host, what you need to figure out is the reason for that. I'm
sorry, but what you're describing makes no sense at all, I can't think
of any way that it could happen other than a totally messed up
configuration. Did you build sendmail.cf from a .mc file, or have you
been trying to hand-edit it? If the latter, do the former now. You can
also run

sendmail -bv -d21.2,8.8 bim...@bigfoot.de

to see the logic of DNS lookups and address resolution.

--Per Hedeland
p...@bluetail.com

Torsten Scheck

unread,
Apr 10, 2001, 2:55:46 AM4/10/01
to
Per Hedeland wrote:

...

> That is no solution, the problem is that your sendmail is connecting to
> the wrong host, what you need to figure out is the reason for that. I'm
> sorry, but what you're describing makes no sense at all, I can't think
> of any way that it could happen other than a totally messed up

I know that it makes no sense at all. I only added smarthost,
SMTP with Auth, and genericstable entries to the original RH7
sendmail.mc and converted that to a .cf. The next thing I'll do
will be a minimal RH7-sendmail.mc change (only adding the
smarthost), and trying on some computers in different networks
if this "localhost-dependent wrong-host-connection" will
always happen. (A successful mail delivery won't happen in this
case because of the missing auth and genericstable entries, but
I'll see to which host I'm connected.) If I can force this
behaviour I'll post again, so you can also observe this miracle,
if you want to. I'll also contact gmx. They should know what
they are doing. I hope I really only messed up my configuration,
as I'm not believing in computer miracles. :-)

Thank you Per.

Torsten


Torsten Scheck

unread,
Apr 10, 2001, 11:15:52 AM4/10/01
to
Some further issues, I found out:

On every RedHat7 system I could force the strange
discworld-behavior. (Remember: I'm using the domain
discworld.de just for fun for my little network at
home. I'm using internet-by-call with kppp to
connect, and everything the internet should know,
should be my isp's dynamic ip.)

Add this line to /etc/mail/sendmail.mc


define(`SMART_HOST',`mail.gmx.net')dnl

Build sendmail.cf, copy to /etc/sendmail.cf
Restart sendmail
Do a "localhost rincewind.discworld.de"
Then:


[root@rincewind t]# /usr/sbin/sendmail -v bim...@bigfoot.de
Test 1

[Ctrl-D]


bim...@bigfoot.de... Connecting to stratomail.webland.de.
via relay...

With whois I found out that there is an mx entry in the
original discworld.de dns:

nsentry: *.discworld.de IN MX 10 stratomail.webland.de

I tried another distribution (Conectiva Linux) and there
was no problem! What's wrong with the RH7 configuration?
Why is sendmail using my pseudo-hostname? How can I force
sendmail to use the smarthost rather than this mx entry?

Torsten


bash-2.04$ whois discwo...@whois.denic.de
[whois.denic.de]
...
domain: discworld.de
descr: Michael Wilhelm Hilgert
descr: Erthaler Str. 24
descr: D-55218 Ingelheim
descr: Germany
admin-c: MWH5-RIPE
tech-c: MS1736-RIPE
zone-c: HX1-RIPE
nsentry: discworld.de IN A 192.67.198.6
nsentry: www.discworld.de IN A 192.67.198.6
nsentry: discworld.de IN MX 10 stratomail.webland.de
nsentry: *.discworld.de IN MX 10 stratomail.webland.de
status: connect
changed: lastc...@denic.de 19991005
source: DENIC

Per Hedeland

unread,
Apr 10, 2001, 4:45:17 PM4/10/01
to
In article <3AD323A8...@bigfoot.de> Torsten Scheck

<sch...@bigfoot.de> writes:
>
>Add this line to /etc/mail/sendmail.mc
> define(`SMART_HOST',`mail.gmx.net')dnl
>Build sendmail.cf, copy to /etc/sendmail.cf
>Restart sendmail
>Do a "localhost rincewind.discworld.de"
>Then:
>[root@rincewind t]# /usr/sbin/sendmail -v bim...@bigfoot.de
>Test 1
>[Ctrl-D]
>bim...@bigfoot.de... Connecting to stratomail.webland.de.
>via relay...
>
>With whois I found out that there is an mx entry in the
>original discworld.de dns:
>
>nsentry: *.discworld.de IN MX 10 stratomail.webland.de

Bingo!:-) There is plenty of advice in the sendmail docs that say "don't
use a wildcard MX record in your domain" - I guess it might be extended
to say "don't use someone else's domain that has a wildcard MX record in
it".:-) Seriously, you can't just use any old domain belonging to
someone else for your home network, it's guaranteed to leak sooner or
later and cause problems - but anyway here's what's happening:

1. Something in the RH7 setup takes the domain-part of your hostname as
your default domain for DNS lookups etc (not unreasonable per se), i.e.
when your hostname is rincewind.discworld.de it assumes that your domain
is discworld.de.

2. When sendmail is going to send to the SMART_HOST, it does an MX
lookup on the SMART_HOST name, as I wrote before. Current standard
resolver rules is to first try the name as-is, then with the default
domain appended (and possibly some further variants if explicitly
requested with a "search" directive in reslov.conf).

3. mail.gmx.net gets looked up, but it doesn't have any MX records, so
next mail.gmx.net.discworld.de is tried - and matches the wildcard MX
for *.discworld.de, telling sendmail to connect to stratomail.webland.de!

The workaround is what I wrote earlier, to disable MX lookups for the
SMART_HOST, by giving it as:

define(`SMART_HOST',`[mail.gmx.net]')

--Per Hedeland
p...@bluetail.com

Torsten Scheck

unread,
Apr 11, 2001, 3:32:30 AM4/11/01
to
Per Hedeland wrote:

> The workaround is what I wrote earlier, to disable MX lookups for the
> SMART_HOST, by giving it as:
>
> define(`SMART_HOST',`[mail.gmx.net]')

Whoo-hoo! It works.
Now I can go on getting to know sendmail and
all the related network stuff. I really got
stuck with this problem.
Thank you, Per. IOU.

Torsten

0 new messages