setup sendmail

Discuss Applications
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Feb 12, 2009 7:15 am

Who runs 164.9.196.5 which is the server you seem to be pointing to?

If that's a microsoft DNS server they probably just need to restart the DNS service. If that fixes the problem tell them to get rid of that hokey Microsoft bull hockey.
Last edited by Void Main on Thu Feb 12, 2009 7:17 am, edited 1 time in total.

User avatar
Basher52
guru
guru
Posts: 923
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Thu Feb 12, 2009 7:17 am

Can't really say since all data in and out goes through Stockholm and I'm not placed there, but I'm gonna tell the admin here where I am.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Thu Feb 12, 2009 7:24 am

This sort of thing is notorious on that garbage Microsoft DNS. They couldn't do a network service right if their life depended on it. They never should have been allowed to provide ANY network infrastructure services. They've screwed up every networking service/protocol they've ever touched.

User avatar
Basher52
guru
guru
Posts: 923
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Thu Feb 12, 2009 7:26 am

I agree :)
and even more and more lately. I've seen services that seems to be running but they have just stopped working and a restart will fix it.

I was just up to the local admin but he wasn't there :(
Think he's gone for the day.

User avatar
Basher52
guru
guru
Posts: 923
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Tue Feb 17, 2009 10:11 am

weird but now this pops up here

Code: Select all

Feb 17 17:05:18 localhost sendmail[27896]: n1HG5DRj027896: Authentication-Warning: localhost.localdomain: apache set sender to admin@xenonlyse.se using -f
Feb 17 17:05:19 localhost sendmail[27896]: n1HG5DRj027896: from=admin@xenonlyse.se, size=29385, class=0, nrcpts=1, msgid=<6284b2ba610345d7813ef17b97c99951@xenontest.hopto.org>, relay=apache@localhost
Feb 17 17:05:19 localhost sendmail[27899]: n1HG5Jva027899: from=<admin@xenonlyse.se>, size=29586, class=0, nrcpts=1, msgid=<6284b2ba610345d7813ef17b97c99951@xenontest.hopto.org>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb 17 17:05:19 localhost sendmail[27896]: n1HG5DRj027896: to=basher52@gmail.com, ctladdr=admin@xenonlyse.se (48/48), delay=00:00:06, xdelay=00:00:00, mailer=relay, pri=59385, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n1HG5Jva027899 Message accepted for delivery)
Feb 17 17:05:19 localhost sendmail[27902]: n1HG5J84027902: Authentication-Warning: localhost.localdomain: apache set sender to basher52@gmail.com using -f
Feb 17 17:05:19 localhost sendmail[27902]: n1HG5J84027902: from=basher52@gmail.com, size=29144, class=0, nrcpts=1, msgid=<dd1407425f723a13a18ee371d1ad9353@xenontest.hopto.org>, relay=apache@localhost
Feb 17 17:05:19 localhost sendmail[27903]: n1HG5Jdj027903: from=<basher52@gmail.com>, size=29345, class=0, nrcpts=1, msgid=<dd1407425f723a13a18ee371d1ad9353@xenontest.hopto.org>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb 17 17:05:19 localhost sendmail[27902]: n1HG5J84027902: to=admin@xenonlyse.se, ctladdr=basher52@gmail.com (48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=59144, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n1HG5Jdj027903 Message accepted for delivery)
Feb 17 17:05:20 localhost sendmail[27904]: n1HG5Jdj027903: to=<admin@xenonlyse.se>, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=59553, dsn=2.0.0, stat=Sent
Feb 17 17:05:21 localhost sendmail[27901]: n1HG5Jva027899: to=<basher52@gmail.com>, ctladdr=<admin@xenonlyse.se> (501/501), delay=00:00:02, xdelay=00:00:02, mailer=esmtp, pri=149586, relay=gmail-smtp-in.l.google.com. [209.85.129.27], dsn=2.0.0, stat=Sent (OK 1234886504 35si9941010fkt.23)
If I try this to gmail it ends up on spam and hotmail wont even poke it with a 10 foot pole.
I can see a warning about localhost.localdomain and I tried all last night to find the problem to this but no luck.

This is my sendmail.mc file and as you see I got the MASQUERADE_AS put on but still nothing. I even tried to use the MASQUERADE_DOMAIN thing with no luck.

Code: Select all

[root@webserver mail]# more /etc/mail/sendmail.mc 
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     /etc/mail/make
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl # 
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH. 
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     cd /etc/pki/tls/certs; make sendmail.pem
dnl # Complete usage:
dnl #     make -C /etc/pki/tls/certs usage
dnl #
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept 
dnl # incoming messages or process its message queues to 20.) sendmail refuses 
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead 
dnl # incurred due to forking new sendmail processes. May be useful against 
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address 
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl # 
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl # 
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
MASQUERADE_AS(`xenonlyse.se')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
dnl MASQUERADE_DOMAIN('xenonlyse.se')dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
[root@webserver mail]# 

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Feb 17, 2009 11:30 am

Earlier in this thread I mentioned several lines of config for the masquerade (see post dated 07 Feb 2009 05:42 pm). It doesn't look like you added all of those config options to your configuration. I'm not saying that will solve your problem but it might.

It might also be very helpful to see their reject message.

This is not a dynamic IP address is it? Most of these sites will reject you right off with no questions asked if you're coming from a dynamic IP block.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Feb 17, 2009 12:40 pm

It also looks like your IP is blacklisted here:

http://cbl.abuseat.org/lookup.cgi?ip=82.196.123.215

That may be why you are getting rejected. You can get more information and request to be removed from the blacklist at that page.

It's also showing as blacklisted here but only because it's in the database in the first link I posted above:

http://www.spamhaus.org/query/bl?ip=82.196.123.215

Another blacklist lookup tool:

http://www.mxtoolbox.com/blacklists.aspx

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Feb 17, 2009 12:51 pm

Looks like they have you blocked because your server is responding with "localhost.localdomain":
telnet 82.196.123.215 25
Trying 82.196.123.215...
ehlo Connected to 82.196.123.215.
Escape character is '^]'.
220 localhost.localdomain ESMTP Sendmail 8.14.3/8.14.3; Tue, 17 Feb 2009 19:47:30 +0100
ehlo test
250-localhost.localdomain Hello xxxx.xxx.xxx [xx.xx.xx.xx], pleased to meet you
250-ENHANCEDSTATUSCODES
250-PIPELINING
250-8BITMIME
250-SIZE
250-DSN
250-ETRN
250-DELIVERBY
250 HELP
quit
You'll have to fix that and then tell them to take you off your block list. See this for some hints:

http://cbl.abuseat.org/hostname.html

User avatar
Basher52
guru
guru
Posts: 923
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Tue Feb 17, 2009 1:08 pm

I've added those lines and it started to work :)
but not for long lol
as you said telia.com that I used for testing didnt agree with my "blocklisted IP address"

but ill read that last link and see what I can do :)

User avatar
Basher52
guru
guru
Posts: 923
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Tue Feb 17, 2009 2:47 pm

This fixed all localhost things :)
This was a very good page, thx

But this can't be it for just them to "letting me" unblocked even though everything seems OK.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Feb 17, 2009 6:34 pm

Have you followed the directions on this page and requested they remove your IP from their list?

http://cbl.abuseat.org/removeX.cgi?ip=82.196.123.215

User avatar
Basher52
guru
guru
Posts: 923
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Tue Feb 17, 2009 10:54 pm

no not that one but the other one, didnt know that you can send your own name

User avatar
Basher52
guru
guru
Posts: 923
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Tue Feb 24, 2009 3:24 pm


User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main » Tue Feb 24, 2009 4:48 pm

I almost posted the dnsstuff.com link as they used to have some very nice free tools but it looks like they are not free anymore.

User avatar
Basher52
guru
guru
Posts: 923
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 » Wed Feb 25, 2009 12:50 am

The link I put in here works and that was free.

anyhow, why do I still get blacklisted from telia.com :(

maillog:

Code: Select all

Feb 24 22:52:24 webserver sendmail[3546]: n1OLqOmg003546: Authentication-Warning: webserver.xenonlyse.se: apache set sender to adm@xenonlyse.se using -f
Feb 24 22:52:24 webserver sendmail[3546]: n1OLqOmg003546: from=adm@xenonlyse.se, size=286779, class=0, nrcpts=1, msgid=<7dee0a82a159538b93a0a1a65f1250cf@xenonlyse.se>, relay=apache@localhost
Feb 24 22:52:24 webserver sendmail[3547]: n1OLqOKf003547: from=<adm@xenonlyse.se>, size=286982, class=0, nrcpts=1, msgid=<7dee0a82a159538b93a0a1a65f1250cf@xenonlyse.se>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb 24 22:52:24 webserver sendmail[3546]: n1OLqOmg003546: to=aaaa@telia.com, ctladdr=adm@xenonlyse.se (48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=316779, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n1OLqOKf003547 Message accepted for delivery)
Feb 24 22:52:25 webserver sendmail[3549]: n1OLqOKf003547: to=<aaaa@telia.com>, ctladdr=<adm@xenonlyse.se> (501/501), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=406982, relay=mail.telia.com. [81.228.8.84], dsn=5.0.0, stat=Service unavailable
Feb 24 22:52:25 webserver sendmail[3549]: n1OLqOKf003547: n1OLqPKf003549: DSN: Service unavailable
Feb 24 22:52:25 webserver sendmail[3550]: n1OLqPQ5003550: Authentication-Warning: webserver.xenonlyse.se: apache set sender to aaaa@telia.com using -f
Feb 24 22:52:25 webserver sendmail[3550]: n1OLqPQ5003550: from=aaaa@telia.com, size=286538, class=0, nrcpts=1, msgid=<c7177aae076f5a969ecf54704701ecf8@xenonlyse.se>, relay=apache@localhost
Feb 24 22:52:25 webserver sendmail[3549]: n1OLqPKf003549: to=<adm@xenonlyse.se>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=318217, dsn=2.0.0, stat=Sent
Feb 24 22:52:25 webserver sendmail[3552]: n1OLqPf8003552: from=<aaaa@telia.com>, size=286741, class=0, nrcpts=1, msgid=<c7177aae076f5a969ecf54704701ecf8@xenonlyse.se>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Feb 24 22:52:25 webserver sendmail[3550]: n1OLqPQ5003550: to=adm@xenonlyse.se, ctladdr=aaaa@telia.com (48/48), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=316538, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (n1OLqPf8003552 Message accepted for delivery)
Feb 24 22:52:26 webserver sendmail[3553]: n1OLqPf8003552: to=<adm@xenonlyse.se>, delay=00:00:01, xdelay=00:00:01, mailer=local, pri=316951, dsn=2.0.0, stat=Sent

sendmail.mc
notice all the quotation marks. some are these: '
and some are : ´ or `
so which ones should I use? I don't get any errors when restarting sendmail. I'm gonna try with the leading ` and the ending ' and see if that has any better result

Code: Select all

[root@webserver ~]# more /etc/mail/sendmail.mc
divert(-1)dnl
dnl #
dnl # This is the sendmail macro config file for m4. If you make changes to
dnl # /etc/mail/sendmail.mc, you will need to regenerate the
dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is
dnl # installed and then performing a
dnl #
dnl #     /etc/mail/make
dnl #
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`setup for linux')dnl
OSTYPE(`linux')dnl
dnl #
dnl # Do not advertize sendmail version.
dnl #
dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl
dnl #
dnl # default logging level is 9, you might want to set it higher to
dnl # debug the configuration
dnl #
dnl define(`confLOG_LEVEL', `9')dnl
dnl #
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
dnl define(`SMART_HOST', `smtp.your.provider')dnl
dnl #
define(`confDEF_USER_ID', ``8:12'')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
dnl #
dnl # The following allows relaying if the user authenticates, and disallows
dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
dnl #
dnl define(`confAUTH_OPTIONS', `A p')dnl
dnl # 
dnl # PLAIN is the preferred plaintext authentication method and used by
dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do
dnl # use LOGIN. Other mechanisms should be used if the connection is not
dnl # guaranteed secure.
dnl # Please remember that saslauthd needs to be running for AUTH. 
dnl #
dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl #
dnl # Rudimentary information on creating certificates for sendmail TLS:
dnl #     cd /etc/pki/tls/certs; make sendmail.pem
dnl # Complete usage:
dnl #     make -C /etc/pki/tls/certs usage
dnl #
dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl
dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl
dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl
dnl #
dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's
dnl # slapd, which requires the file to be readble by group ldap
dnl #
dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl
dnl #
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
define(`confTO_IDENT', `0')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
dnl #
dnl # The following limits the number of processes sendmail can fork to accept 
dnl # incoming messages or process its message queues to 20.) sendmail refuses 
dnl # to accept connections once it has reached its quota of child processes.
dnl #
dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl
dnl #
dnl # Limits the number of new connections per second. This caps the overhead 
dnl # incurred due to forking new sendmail processes. May be useful against 
dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address 
dnl # limit would be useful but is not available as an option at this writing.)
dnl #
dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl
dnl #
dnl # The -t option will retry delivery if e.g. the user runs over his quota.
dnl #
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl #
dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment
dnl # the following 2 definitions and activate below in the MAILER section the
dnl # cyrusv2 mailer.
dnl #
dnl define(`confLOCAL_MAILER', `cyrusv2')dnl
dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl
dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or redirected find
dnl # this useful.
dnl #
dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
dnl #
dnl # The following causes sendmail to additionally listen to port 465, but
dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed
dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't
dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS
dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps
dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1.
dnl #
dnl # For this to work your OpenSSL certificates must be configured.
dnl #
dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
dnl #
dnl # The following causes sendmail to additionally listen on the IPv6 loopback
dnl # device. Remove the loopback address restriction listen to the network.
dnl #
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
dnl #
dnl # enable both ipv6 and ipv4 in sendmail:
dnl #
dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6')
dnl #
dnl # We strongly recommend not accepting unresolvable domains if you want to
dnl # protect yourself from spam. However, the laptop and users on computers
dnl # that do not have 24x7 DNS do need this.
dnl #
FEATURE(`accept_unresolvable_domains')dnl
dnl #
dnl FEATURE(`relay_based_on_MX')dnl
dnl # 
dnl # Also accept email sent to "localhost.localdomain" as local email.
dnl # 
LOCAL_DOMAIN(`localhost.localdomain')dnl
dnl #
dnl # The following example makes mail from this host and any additional
dnl # specified domains appear to be sent from mydomain.com
dnl #
MASQUERADE_AS(`xenonlyse.se.')dnl
dnl #
dnl # masquerade not just the headers, but the envelope as well
dnl #
FEATURE(masquerade_envelope)dnl
dnl #
dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well
dnl #
dnl FEATURE(masquerade_entire_domain)dnl
dnl #
dnl MASQUERADE_DOMAIN(localhost)dnl
dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
MASQUERADE_DOMAIN('xenonlyse.se.')dnl
dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
dnl MAILER(cyrusv2)dnl
FEATURE('always_add_domain')dnl
FEATURE(`masquerade_entire_domain')
FEATURE(`masquerade_envelope')
FEATURE(`allmasquerade')
[root@webserver ~]# 
The answer I get in a return email from the account at telia.com is that it's blacklisted. It shows something about 'original message was received.... from localhost.localdomain' and I wonder if it's this that makes it blacklisted.

When checking CBL I get this: IP Address 82.196.123.215 is not currently listed in the CBL.

Code: Select all

& 1
Message  1:
From MAILER-DAEMON  Wed Feb 25 07:50:56 2009
Return-Path: <MAILER-DAEMON>
Date: Wed, 25 Feb 2009 07:50:55 +0100
From: Mail Delivery Subsystem <MAILER-DAEMON>
To: <adm@xenonlyse.se>
Content-Type: multipart/report; report-type=delivery-status;
        boundary="n1P6otiH021000.1235544655/webserver.xenonlyse.se"
Subject: Returned mail: see transcript for details
Auto-Submitted: auto-generated (failure)
Status: R

Part 1:

The original message was received at Wed, 25 Feb 2009 07:50:55 +0100
from localhost.localdomain [127.0.0.1]

   ----- The following addresses had permanent fatal errors -----
<xxxx@telia.com>
    (reason: 550 mail not accepted from blacklisted IP address [82.196.123.215])

   ----- Transcript of session follows -----
... while talking to mail.telia.com.:
>>> MAIL From:<adm@xenonlyse.se> SIZE=29617 BODY=8BITMIME
<<< 550 mail not accepted from blacklisted IP address [82.196.123.215]
554 5.0.0 Service unavailable

Part 2:
Content-Type: message/delivery-status


Part 3:
Content-Type: message/rfc822

From adm@xenonlyse.se Wed Feb 25 07:50:55 2009
Return-Path: <adm@xenonlyse.se>
X-Authentication-Warning: webserver.xenonlyse.se: apache set sender to adm@xenonlyse.se using -f
To: xxxx@telia.com
Subject: Xenonlyse Order - 18
Date: Wed, 25 Feb 2009 07:50:55 +0100
From: XenonLyse <adm@xenonlyse.se>
X-Priority: 3
X-Mailer: PHPMailer [version 1.73]
Content-Type: multipart/related;
        type="text/html";
        boundary="b1_d0ba127df186e779da472df6dd5cf400"


Part 3.1:
Content-Type: multipart/alternative;
        boundary="b2_d0ba127df186e779da472df6dd5cf400"

Content-Type: text/plain; charset = "utf-8"


Tack för att du har handlat hos oss. Din orderinformation följer.

Order
------------------------------------------------------------------------
Ordernummer: 18
Orderdatum:   Wednesday, 25 February 2009
Orderstatus: Pending

Kundinformation
--------------------

Epost:    xxxx@telia.com
Betalningsinformation
--------------------

Företagsnamn:    AB Racing
Titel:    Herr
Förnamn:    Per
Efternamn:    Testsson
Mellannamn:    
Adressrad 1:    HemmaVägen 133C
Adressrad 2:    
Stad:    BORLÄNGE
Postnummer:    78100
Land:    SWE
Stat/Provins/Region:    -
Telefonnummer:    0243-12345
Mobil:    
Fax:    


Levereras till
-------

Egen adressbenämning:    -default-
Företagsnamn:    AB Racing
Förnamn:    Per
Efternamn:    Testsson
Mellannamn:    
Adressrad 1:    HemmaVägen 133C
Adressrad 2:    
Stad:    BORLÄNGE
Postnummer:    78100
Land:    SWE
Stat/Provins/Region:    -
Telefonnummer:    0243-12345
Mobil:    
Fax:    

I've also been checking: http://www.sendmail.org/m4/anti_spam.html
Can it be that telia.com don't like the user name 'admin'?

Post Reply