Trouble with Sendmail

indyJones

indyJones

Hello, all.

I am new on the forum. This is my frst post. If I have posted in the wrong place, please advise me of my mistake.

I have a brand new FreeBSD 9.0 32-bit vps used primarily as web server. I am running apache 2.2.22 and sendmail 8.14.5. I generally love it. I installed apache "easy as pie", and it is running with SSL and my Perl scripts are sweet. Sendmail is confusing me.

Sometimes email is working - sometimes it is not,
  1. Send a message from the command prompt works good.
  2. Send a message from a Perl script works good.
  3. My own email address is in the virtusertable. The message to confirm this forum registration arrived right away at the gmail address in the virtusertable.
None of the people in my virtuserlist get their mail forwarded to them. I just sent a message from gmail to my address on the server. I DO NOT RECEIVE IT.

Here is the maillog response:

Code: 
Mar 16 00:32:16 rmg4 sm-mta[3941]: q2G4WEOd003939: to=<jones@[redacted].net>, delay=00:00:01, xdelay=00:00:01,\
 mailer=esmtp, pri=31627, relay=gmail-smtp-in.l.google.com. [173.194.68.26], dsn=2.0.0, stat=Sent (OK 1331872336
 h10si1680651qcx.169)

"stat=Sent" Well, OK but not received at my gmail account.

I have been working on this every day for five days now. Trying everything from a dozen forums. I think I must be making progress, but nothing changes.

Can someone puhleeze help me?
Thank you.

Here is my access file:

Code: 
command: #/etc/mail/makemap hash access.db < access
command: #/etc/mail/makemap hash virtusertable < virtusertable
-------------------
from:irs.com            ERROR:"550 Antispam Procedures Fail"
from:google.com         ERROR:"550 No Google Relay"
from:trueemailmarketing.com     ERROR:"550 No Marketing Relays Accepted"
from:TriumphWealthManagement.info       ERROR: "550 No Marketing or Adware Spam Supported"
from:usps.com           ERROR:"550 Antispam Procedures Fail"
from:gorepublican2012.com       ERROR:"550 No Politicians Welcome Here"
from:democrats.org      ERROR:"550 No Politicians Welcome Here"

sendmail.org            OK

## allow local
199.102.76.2            RELAY
localhost.localdomain   RELAY
localhost               RELAY
127.0.0.1               RELAY

Here is my /etc/mail/freeBSD.mc file:
Code: 
command: #make install
----------------------
divert(0)
VERSIONID(`$FreeBSD: release/9.0.0/etc/sendmail/freebsd.mc 223068 2011-06-14 04:33:43Z gshapiro $')
OSTYPE(freebsd6)
DOMAIN(generic)

FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
FEATURE(blacklist_recipients)dnl
FEATURE(local_lmtp)dnl
FEATURE(use_cw_file)dnl
FEATURE(mailertable, `hash -o /etc/mail/mailertable')dnl
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')dnl
FEATURE(`greet_pause', `2000')dnl

FEATURE(`dnsbl', `dnsbl.sorbs.net', `554 Rejected " $&{client_addr} " found in dnsbl.sorbs.net'")dnl
FEATURE(`dnsbl', `sbl-xbl.spamhaus.org', `554 Rejected " $&{client_addr} " found in xbl.spamhaus.org'")dnl
FEATURE(`dnsbl', `list.dsbl.org', `554 Rejected " $&{client_addr} " found in dsbl.org'")dnl
FEATURE(`dnsbl', `bl.spamcop.nsbl-xblet', `544 Rejected " $&{client_addr} " found in spamcop.nsbl'")dnl

define(`confCW_FILE', `-o /etc/mail/local-host-names')dnl

DAEMON_OPTIONS(`Name=IPv4, Family=inet')dnl
DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')dnl
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')dnl
define(`confNO_RCPT_ACTION', `add-to-undisclosed')dnl
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')dnl
define(`confMAX_RCPTS_PER_MESSAGE',10)dnl

MAILER(local)dnl
MAILER(smtp)dnl

After all this, command: #make restart
 
Personally I don't think it's your sendmail that is the problem; it looks fine to me. If gmail accepted the e-mail, then your sendmail is working properly. I think your problem might be the DNS settings of your domain. If your forward and reverse DNS don't match, some spamfilters will complain.

For example, if your domain is blabla.com and the foward DNS is:

Code: 
* IN MX 10 mailserver.blabla.com.
mailserver IN A 10.0.0.1

But the reverse DNS for 10.0.0.1 is webserver.blabla.com, then a lot of spamfilters will simply discard the email because they think you're a spammer.

1) Make sure your forward and reverse DNS match. First check what your reverse DNS is, and then add that to your DNS as MX host (and don't forget the trailing dot after the hostname!)

2) Consider adding an SPF record to your DNS, which defines which mailservers are allowed to send mail for this domain.
Code: 
@ IN TXT v=spf1 a mx -all

3) Test it with someone who has a spamfilter, and is willing to give you feedback or logs on why the mail bounced.

Kind regards,

Ajira.
 
Thank you, Ajira!!
You certainly pointed me in the right direction. I was, indeed, lost.
Now I am seeing many interesting things.

I added the spf record (I had another one already) and did some lookups.
The spf lookup reports "no records found" -- Howcum!?

A reverse dns lookup gives this:
Code: 
199.102.76.2 resolves to "rmg4.x.rootbsd.net"
Top Level Domain: "rootbsd.net"

Yes, my host is "rmg4.x.rootbsd.net". Obviously this is a mistake and must be changed, BUT...
I thought I must use it because I have several name-based virtual hosts. "indyuru" is only one of them. If I change it, how go the other domains get a correct reverse lookup?

Also, a port scan of 199.102.76.2 shows this:
Code: 
53  dns  No connection could be made because the target machine actively refused it 199.102.76.2:53

***********************************
Here are the dns records for indyuru.net:
(all of my virtual hosts are the same except for the domainname)
Code: 
    SOA         ns1.rootbsd.net  admin.rootbsd.net 1331919370
    NS          ns1.rootbsd.net                    86400					
    A           indyuru.net      199.102.76.2      3600
    A           indyuru.net      199.102.76.2      3600
    CNAME       indyuru.net      3600
IN  MX    10    mail.indyuru.net 199.102.76.2
    TXT         mail.indyuru.net "v=spf1 a mx -all" 3600 
    TXT         mail.indyuru.net "v=spf1 include:_spf.google.com ~all" 3600

using the tool at "www.mxtoolbox.com":
Code: 
indyuru.net		SOA	ns1.rootbsd.net 	admin.rootbsd.net 1331919370		86400 (24 hours)
indyuru.net		NS	ns1.rootbsd.net		86400
indyuru.net		NS	ns2.rootbsd.net		86400
mail.indyuru.net 	A	199.102.76.2		3600
indyuru.net		A	199.102.76.2		3600
www.indyuru.net		CNAME	indyuru.net		3600
indyuru.net		MX	mail.indyuru.net  10	3600
mail.indyuru.net	TXT	"v=spf1 a mx -all"	3600 
mail.indyuru.net	TXT	"v=spf1 include:_spf.google.com ~all" 3600
 
indyJones said:
I thought I must use it because I have several name-based virtual hosts. "indyuru" is only one of them. If I change it, how go the other domains get a correct reverse lookup?
Click to expand...

You don't have to. For name-based virtual hosts a forward DNS is all you need.

In your case... if 199.102.76.2 resolves to rmg4.x.rootbsd.net, you simply define that as the MX-host for your domains:

zone-file for indyuru.net :
Code: 
@ IN MX 10 rmg4.x.rootbsd.net.
@ IN TXT "v=spf1 a mx -all"

And then it ought to work.

What happens is.. when your server contacts, for example, mailserver.domain.ext, it will say something along the lines of "Hello, I'm rmg4.x.rootbsd.net! I have mail for user@domain.ext from user@indyuru.net". Then the mailserver can (in a lot of cases, will) do an "SPF check". It will request the TXT record for indyuru.net to see which mailservers are allowed to send mail on behalf of that domain. In this case, it will see that all defined MX hosts are allowed to send mail. So then it will ask what the MX hosts are and it will see that rmg4.x.rootbsd.net is indeed an MX host for indyuru.net; and therefore is allowed to send mail on behalf of that domain. So the mail will pass the SPF check just fine as long as the reverse DNS is used as the MX host; regardless of it being in another domain.
 
Thank you one more time, Ajira!!!

I changed the MX record as you suggested.
The problem is solved and I have learned many things ...again.

Thanks to you and all of the accompanying evidence, I am no longer confused.
~Jones
 
indyJones said:
I want to mark this "solved".
I cannot see how to do it.
Click to expand...
You need to edit the original post. Permission to edit (your own) posts is automatically granted after (if I remember correctly) 10 posts and 10 days of membership.

Fonz
 
You must log in or register to reply here.
Back
Top