550 5.0.0 Access denied error
Ian Neal
people have tried to email me they get a bounce with a 550 5.0.0. Access
denied error message.
I've added my hostname into my access_db file, done makemap hash and
restarted sendmail but people still keep getting bounce messages.
I can send out without a problem though.
What do I need to do to fix it (without going back to 8.8).
Ian
Per Hedeland
<i...@arlen.demon.co.uk> writes:
>I updated my Redhat 7.0 sendmail to 8.11.6 and since then when external
>people have tried to email me they get a bounce with a 550 5.0.0. Access
>denied error message.
>
>I've added my hostname into my access_db file, done makemap hash and
>restarted sendmail but people still keep getting bounce messages.
Check your log file for *why* they are bounced.
--Per Hedeland
p...@bluetail.com
Floyd
wrote:
>
>I've added my hostname into my access_db file, done makemap hash and
>restarted sendmail but people still keep getting bounce messages.
>
Just a couple possibilites....
What does the line with your hostname look like in the access file?
Does the Right Hand Side say RELAY?
Also, make sure you have a line for
localhost RELAY
and similar ones for any IP addresses on your local netowrk that might
not be resolvable to hostnames. For example:
192.168.1 RELAY
Ian Neal
The log file has the following two lines (or similar) added when it
bounces:
Sep 15 20:43:03 brightwood sendmail[6219]: f8FJh2A06219: tcpwrappers
(finch-punt-12.mail.demon.net, 194.217.242.36) rejection
Sep 15 20:43:04 brightwood sendmail[6219]: NOQUEUE:
finch-punt-12.mail.demon.net [194.217.242.36] did not issue
MAIL/EXPN/VRFY/ETRN during connection to MTA
Ian
Per Hedeland
<i...@arlen.demon.co.uk> writes:
>Per Hedeland wrote:
>>
>> In article <3BA3AA2F...@arlen.demon.co.uk> Ian Neal
>> <i...@arlen.demon.co.uk> writes:
>> >I updated my Redhat 7.0 sendmail to 8.11.6 and since then when external
>> >people have tried to email me they get a bounce with a 550 5.0.0. Access
>> >denied error message.
>> >
>> >I've added my hostname into my access_db file, done makemap hash and
>> >restarted sendmail but people still keep getting bounce messages.
>>
>> Check your log file for *why* they are bounced.
>
>bounces:
So it does give the reason:
>Sep 15 20:43:03 brightwood sendmail[6219]: f8FJh2A06219: tcpwrappers
^^^^^^^^^^^
>(finch-punt-12.mail.demon.net, 194.217.242.36) rejection
^^^^^^^^^
(the other line is just the result of a broken SMTP client being unable
to handle the rejection correctly).
Sendmail can be compiled to use tcpwrappers (via "libwrap"), it's not
the default in a standard build but RedHat seems to think it's a good
idea - I assume you have installed an rpm version. If you want to stick
with this, you need to set up /etc/hosts.allow and/or /etc/hosts.deny as
approriate - the format should be documented in your system's
hosts_access(5) man page, you may also find some information in comments
in the files themselves.
--Per Hedeland
p...@bluetail.com
Ian Neal
Yes that fixed it, thank you very much.
I just wish Redhat would tell users of potential problems when they
update an rpm to include these extra features. The advisory isn't on
their website as yet, latest one is dated 2001-08-09! I've been fiddling
around with access_db files, relay-domains, etc for about 12 hours
trying to fix the problem, plus 120+ emails have bounced and I have no
idea if they were important or not.
Ian
John F Hall
Ian Neal <i...@arlen.demon.co.uk> wrote:
>Per Hedeland wrote:
>> Sendmail can be compiled to use tcpwrappers (via "libwrap"), it's not
>> the default in a standard build but RedHat seems to think it's a good
>> idea - I assume you have installed an rpm version. If you want to stick
>> with this, you need to set up /etc/hosts.allow and/or /etc/hosts.deny as
>> approriate - the format should be documented in your system's
>> hosts_access(5) man page, you may also find some information in comments
>> in the files themselves.
>Yes that fixed it, thank you very much.
Don't forget that if you're filtering IP access for Demon's SMTP the
range you are advised to accept (for present and future punts) is
194.217.242.0/24. (<http://www.demon.net/helpdesk/faq/config.shtml>)
Rather that use tcpwrappers you can use ipchains. I have:
# SMTP from Demon only
ipchains -A netinput -p TCP -s 194.217.242.0/24 --dport 25 -j ACCEPT
--
John F Hall
Bill Vermillion
Ian Neal <i...@arlen.demon.co.uk> wrote:
>Per Hedeland wrote:
>> <i...@arlen.demon.co.uk> writes:
>>
>> >Per Hedeland wrote:
>> Sendmail can be compiled to use tcpwrappers (via "libwrap"), it's
>> not the default in a standard build but RedHat seems to think
>> it's a good idea - I assume you have installed an rpm version. If
>> you want to stick with this, you need to set up /etc/hosts.allow
>> and/or /etc/hosts.deny as approriate - the format should be
>> documented in your system's hosts_access(5) man page, you may
>> also find some information in comments in the files themselves.
>Yes that fixed it, thank you very much.
>I just wish Redhat would tell users of potential problems when they
>update an rpm to include these extra features. The advisory isn't on
>their website as yet,
But the complaints and the work-arounds were on the sendmail.org
site within just a few days. But isn't that the joy of Linux,
something new at every turn :-)
--
Bill Vermillion - bv @ wjv . com
David Freeman
wrote:
>
>Yes that fixed it, thank you very much.
>
>I just wish Redhat would tell users of potential problems when they
>update an rpm to include these extra features. The advisory isn't on
>their website as yet, latest one is dated 2001-08-09! I've been fiddling
>around with access_db files, relay-domains, etc for about 12 hours
>trying to fix the problem, plus 120+ emails have bounced and I have no
>idea if they were important or not.
>
>Ian
Ian,
Could you elaborate on what you had to do to fix this in your
hosts.allow file?