setup sendmail

Discuss Applications
Post Reply
User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Basher52 wrote:
Void Main wrote: If you get it set up like I suggest you should be able to authenticate your smtp connection from any IP address and not be restricted to what you list in /etc/mail/access. Any address you put in there will be for unauthenticated relay addresses (you shouldn't need anything more than "localhost/127.0.0.1" in there).
I wonder, does this mean that any IP address will work for getting in?
but in that case, anyone anywhere can try can't they?
Well yes, anyone can "try" but then anyone can "try" if you have it configured to only allow certain IP addresses to relay. You have to have SMTP open to everyone otherwise you won't get any mail from other mail servers.
And I wonder, is it possible to have the public cert only transfered hand to hand and installed on the other PC manually thus making no one at all able to login since they dont have the key.
Actually they can't "log in" because they don't have the user logon information (username/password). The certificate is only to set up the encrypted channel so that the username and password that you authenticate with is never transmitted over the wire (or air) in clear text. The certificate has to be sent by the server so you can verify that it is indeed the server you think it is. I don't know of any way to do what you are asking with the certificate, or why you would want/need to.
UPDATE: I did all these things and I can get an EMail out if i use
'No secure' or TLS, but not SSL
Is that correct or is it SSL I "want"?
I always thought that TLS is better
Yes, TLS is what you want. Sounds like you have it working! Now if you are concerned about security (which it sounds like you are, and you should be) you probably at least want something watching your logs so that you know how many failed authentication attempts there were and where they came from. logwatch does this and is probably already configured to run on your system and send a report to root's mail account. I have all of root's mail sent to my email account so I don't have to log in to see the reports. You can have root's mail redirected to your mailbox by editing /etc/aliases and at the end put something like:

Code: Select all

root: basher52
Or if you want it sent to an outside email address:

Code: Select all

root: basher52@somewhere.com
After editing the file just run the "newaliases" command as root and you'll be all set.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

Basher52 wrote:I was thinking...
Since you Void Main is admin here, I was thinking, you think you could somehow print out all these pages from the database to a sort of manual?
Don't need to be fancy at all, just to get all text on one page and print that...
kinda.
You get what I mean?
Nope it won't work :(
All text within code-tags are pushed to the right too much so alot of text disappears :(

Can you Void Main get this to work? I mean printing the pages?
Otherwise I was thinking if you could like
'select * from xxx where postid = yyy and page = n' or something
I kinda want to save these pages, never know when I need them again

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Basher52 wrote:I kinda want to save these pages, never know when I need them again
I don't delete anything from the database so they'll always be here on the other end of a search. I still have every message ever posted here (except for those I deleted due to my censorship).

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

and here we go again, bumping an old thread lol

I've been reading all this and since it was so long ago I did this I have to check a couple of things with you.
I also did some googling and found something that made me insecure.

In the googling it was mentioned that after changing the sendmail.mc file I need to use a util 'm4' or the 'make' so "compile" it, but you say I don't have to, just do a restart, which one is it? Maybe the restart will do a "compile" of the sendmail.mc file(?)


You also told me to dnl this line

Code: Select all

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
otherwise it would keep listening to localhost instead, but does this mean that it won't do that anymore and don't create any daily mails for the jobs that runs every night?

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

All of the info on here still applies. On Fedora when you do a "sendmail" restart it automatically checks to see if the m4 command was run and run it. You don't have to do a separate step. Other distros you might have to run the m4 command as a separate step. However, this all requires that you have the "sendmail-cf" package installed.

Regarding the 127.0.0.1 line, for security reasons sendmail on Fedora by default is configured to listen only on the loopback (127.0.0.1) address for smtp connectivity. If you intend to run a mail server that should be capable of receiving smtp requests from outside machines then you would comment that line out and restart sendmail and sendmail will then listen on all interfaces, not just the loopback.

You can check that with netstat without commenting out that line you would see port 25 open only on the loopback address:

Code: Select all

# netstat -anp | grep ":25 "
tcp        0      0 127.0.0.1:25                0.0.0.0:*                   LISTEN      2775/sendmail: acce 
With that line commented:

Code: Select all

# netstat -anp | grep ":25 "
tcp        0      0 0.0.0.0:25                0.0.0.0:*                   LISTEN      2775/sendmail: acce 

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

Seems I do this way to rarely, I just can't remember it, or I'm just to old.

- OK about the m4/sendmail-cf package :)
- OK to the loopback address, and I now should have learned to use the netstat thingy

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

I got this thing working now except that #%¤! Relay thing.

this is my /etc/mail/access file

Code: Select all

Connect:localhost.localdomain           RELAY
Connect:localhost                       RELAY
Connect:127.0.0.1                       RELAY
Connect:192.168.67                      RELAY
Connect:82.126.122.58                   RELAY
and in the iptables log I can see that gets through but the maillog is still showing rejected:

Code: Select all

Feb  5 19:45:23 localhost sendmail[13239]: n129cNLS006621: to=<aa.bb@cc.se>, delay=3+09:07:00, xdelay=00:00:00, mailer=esmtp, pri=7876909, relay=mail.cc.se. [213.136.33.1], dsn=4.2.0, stat=Deferred: 450 <admin@tperacing.se>: Sender address rejected: Domain not found
Feb  5 19:45:23 localhost sendmail[13239]: n11LOWeq004912: to=<aa.bb@cc.se>, delay=3+21:20:51, xdelay=00:00:00, mailer=esmtp, pri=8670855, relay=mail.cc.se. [213.136.33.1], dsn=4.2.0, stat=Deferred: 450 <admin@tperacing.se>: Sender address rejected: Domain not found
the: 213.136* is not an IP address that I have

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

It's rejecting the message because you are sending from a domain that doesn't exist:

$ host tperacing.se
Host tperacing.se not found: 3(NXDOMAIN)

$ dig MX tperacing.se

The domain in your from address should be resolvable and have an MX record in DNS or email from it will not be accepted by most everyone.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

hmm, I just checked around and didn't see that, so I tried again and now I got another error... weird

Code: Select all

Feb  5 21:45:00 localhost sendmail[13512]: n15Kj0OK013512: ruleset=check_rcpt, arg1=<basher52@tpetest.servehttp.com>, relay=mx6.bahnhof.se [213.80.101.16], reject=550 5.7.1 <basher52@tpetest.servehttp.com>... Relaying denied
and tpetest.servehttp.com DOES exist since I can use that to browse the page with, and I'm trying to send a mail TO this server not from it.

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

That's a completely different log entry than what you posted in your previous post. It's mx6.bahnhof.se who is denying your message. I think there should be some more log entries associated with that email in your /var/log/maillog.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

crap I missed that :oops:

Code: Select all

Feb  5 21:45:00 localhost sendmail[13512]: n15Kj0OK013512: from=<xx.xx@bahnhof.se>, size=1138, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=mx6.bahnhof.se [213.80.101.16]

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

Why am I not seeing a "To" address?

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

I have no clue, but I got a return email saying it didn't got sent.
check PM for that, but this could be something

Code: Select all

<basher52@tpetest.servehttp.com>: host tpetest.servehttp.com[82.196.123.215]
    said: 550 5.7.1 <basher52@tpetest.servehttp.com>... Relaying denied (in
    reply to RCPT TO command)

User avatar
Void Main
Site Admin
Site Admin
Posts: 5716
Joined: Wed Jan 08, 2003 5:24 am
Location: Tuxville, USA
Contact:

Post by Void Main »

It looks like you are trying to send an email to an email address in your domain (tpetest.servehttp.com) from your domain (tpetest.servehttp.com) but through an outside server (mxf2.bahnhof.se). That would be a relay situation that almost everybody would reject. Do you have your sendmail.mc configured to have mxf2.bahnhof.se be your SMTP server? I think I'm missing something. I almost need a diagram of exactly what you are trying to do and how you have things configured.

User avatar
Basher52
guru
guru
Posts: 928
Joined: Wed Oct 22, 2003 5:57 am
Location: .SE

Post by Basher52 »

well, I use my private email account that lies at bahnhof.se to email the server on tpetest.servehttp.com that is infact on the bahnhof.se network as the server is 15 feet from me.

If I can't do this do I have to use like my gmail account to test it with?
I just want to see if I can get that mail into my Thunderbird email client that I'm trying to use to connect to my server(tpetest) and its dovecot application

oh and I can send from my bahnhof.se email account to myself with no problem and that is even from and to the same server

Post Reply