Sendmail, mail-looping

A

alexm

Hello,

I'm running sendmail on my SMTP server. And there's a little thing that have been bothering me for quite a while now.

I have a client who sent a e-mail using my SMTP server, however he did a typo in the e-mail adress so it's like following: name@.host.dk

Which can't be sent, as it can't resolve the hostname.

I just get the following errors in my /var/log/maillog:

Code: 
Sep  9 15:44:40 smtp sendmail[13942]: n89Dien2013942: <name@.host.dk>... Invalid host name
Sep  9 15:44:40 smtp sendmail[13942]: n89Dien2013942: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]
Sep  9 15:44:40 smtp sendmail[13943]: n89DieBZ013943: <name@.host.dk>... Invalid host name
Sep  9 15:44:40 smtp sendmail[13943]: n89DieBZ013943: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]
Sep  9 15:44:40 smtp sendmail[13944]: n89DiePe013944: <name@.host.dk>... Invalid host name
Sep  9 15:44:40 smtp sendmail[13944]: n89DiePe013944: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]
Sep  9 15:44:40 smtp sendmail[13945]: n89DieiR013945: <name@.host.dk>... Invalid host name
Sep  9 15:44:40 smtp sendmail[13945]: n89DieiR013945: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]
Sep  9 15:44:40 smtp sendmail[13946]: n89DieL1013946: <name@.host.dk>... Invalid host name
Sep  9 15:44:40 smtp sendmail[13946]: n89DieL1013946: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]
Sep  9 15:44:40 smtp sendmail[13947]: n89DieXs013947: <name@.host.dk>... Invalid host name
Sep  9 15:44:40 smtp sendmail[13947]: n89DieXs013947: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]
Sep  9 15:44:41 smtp sendmail[13948]: n89DifFT013948: <name@.host.dk>... Invalid host name
Sep  9 15:44:41 smtp sendmail[13948]: n89DifFT013948: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]
Sep  9 15:44:46 smtp sendmail[13949]: n89DikJx013949: <name@.host.dk>... Invalid host name
Sep  9 15:44:46 smtp sendmail[13949]: n89DikJx013949: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]
Sep  9 15:44:47 smtp sendmail[13951]: n89Dil1j013951: <name@.host.dk>... Invalid host name
Sep  9 15:44:47 smtp sendmail[13951]: n89Dil1j013951: from=<name@senderhost.dk>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=hidden.relay [xxx.xxx.xxx.xxx]

It just keeps repeating that, I have located several hundred thousands lines like this in my logfiles for the past weeks. I have tried to stop sendmail so I could remove it from the mailqueue, however grepping for the "name@.host.dk" in /var/spool/mqueue, or /var/spool/clientmqueue folder it doesn't locate this queue file. So I am not able to remove this. It doesn't appear in the mailq either.

Any suggestions where this could be located?
 
Try putting this in /etc/mail/access:

Code: 
name@.host.dk     DISCARD

and run 'make' in /etc/mail

Mind you: this is probably 'too late'.

Rest assured: your server is REJECTING any attempt to send mail to this address during the SMTP transaction. In other words: it never makes it to your system, it gets refused at the door. All you see is those refusals, and they're only in your logfiles. It's actually "relay=hidden.relay" that's bottling them all up..
 
Hi,

Thanks for your response.

As you predicted, putting name@.host.dk in access file didn't work.

I have looked on the relay-server which tries to send using the SMTP server (A webserver of mine), and it's not located there - Which just makes it quite a bit more odd.
 
It's not likely that these mails are stuck in the queue on the relay server, because this type of error likely causes a 'hard error' (5xx) (though it doesn't show up in the maillog as such) which would mean that the mails get destroyed or bounced back to the real origin after the unsuccessful delivery attempt. If that real origin doesn't accept the mails either, they will be 'double-blounced to the local postmaster account (check root mailbox) or dropped straight to /dev/null.
 
Hi,

Again, thanks for your time. It's appreciated.

Nothing appears in the maillog of the relayserver, and it just keeps on going on the SMTP servers logfile. I am not able to locate it in the root mailbox on the relay server yet, and as it's been going on for a couple of weeks now I wonder if it will ever stop. Which is why I really want to stop it somehow.
 
alexm said:
Nothing appears in the maillog of the relayserver
Click to expand...

You mean that the server that is trying to relay mail to name@.host.dk through your server is not registering that it is trying to send that mail at all? This is only possible when that server is not sending the mail through its own mail system (localhost:25 etc.) but straight to your relay server's port 25. Check running scripts, cron jobs, /var/log/messages, tcpdump, etc. etc. on the sending server.
 
It's a client using sendmail to send e-mails using a php website. And it's working properly when the e-mail adress is stated correctly.

It's just this, faulty e-mail adress there is no sign of on the relayserver. (I happened to empty out on maillog logfiles on the relayserver a week or so, before I noticed these lines in the maillog on my SMTP server - So I can't look back in there to see what happened.)

There is no traffic on my relayserver to my SMTP server, looking with tcpdump. And as it's send using sendmail by a phpform there is nothing in cron jobs. Nothing appearing in messages aswell.
 
I guess someone should put some input field checking & sanitising on that PHP form a.s.a.p. That's where the source of this problem appears to be.
 
Yes, it does.

However, it's still going strong.. And I'd really like to remove those entries from my logfile.
 
The problem is, there is no more sign of it on the relay server. And it's not located anywhere but in the log files on the SMTP server. Makes it kinda tricky to figure out how to remove this, if it's even possible. :(
 
You'll have to run a tcpdump on the SMTP server to find the source port of the smtp connection, and run a sockstat(1) on that source port on the sending side. That'll be a cat & mouse game (maybe port increments are predicatble). I still think it's a process that's talking SMTP directly. You're not going to solve it here, I'm afraid.
 
You must log in or register to reply here.
Back
Top