Sendmail: stat=Deferred: Operation timed out with [127.0.0.1]

Hi Guys,

I have recently discovered that sendmail is not able to send mail out of my server.

Looking at /var/log/maillog I can see that it is trying, but it is timing out:

Code:
Live Server	 from=www	 size=219	 class=0	 nrcpts=1	 msgid=<201202081242.q18Cgw15058253@domain.com.au>			 relay=www@localhost	
Live Server	 to=address@mail.com	 ctladdr=www (80/80)	 delay=00:01:16	 xdelay=00:01:16	 mailer=relay	 pri=30219	 relay=[127.0.0.1] [127.0.0.1]	 dsn=4.0.0	 stat=Deferred: Operation timed out with [127.0.0.1]

I have a server at home which works fine, comparing the /usr/local/etc/php.ini and /etc/mail/sendmail.cf shows nothing different between them in the mail settings.

Code:
Home Server	 from=<www@domain.net>	 size=478	 class=0	 nrcpts=1	 msgid=<201202081256.q18CuUZn027418@domain.net>	 proto=ESMTP	 daemon=Daemon0	 relay=localhost [127.0.0.1]	
Home Server	 to=address@mail.com	 ctladdr=www (80/80)	 delay=00:00:00	 xdelay=00:00:00	 mailer=relay	 pri=30217	 relay=[127.0.0.1] [127.0.0.1]	 dsn=2.0.0	 stat=Sent (q18CuU1R027419 Message accepted for delivery)



I am using FreeBSD 8.1, the webserver is a jailed server, and I am using IPFW. I think I have confirmed that it is not IPFW by stopping it and running the test.

The test consists of creating a page as below and browsing to it, it should automatically send an email to the specified address:

Code:
<?php

    $send_html_messages = "no";
    $adminmail="sender@mail.com"; //change to your adminmail
   $useremail="address@mail.com"; //change to your own personal mail
    $subject = "subject test";
    $content = "test content";
        $xheaders = "From: " . $adminmail . " <" . $adminmail . ">\n";
        $xheaders .= "X-Sender: <" . $adminmail . ">\n";
        $xheaders .= "X-Mailer: PHP\n"; // mailer
        $xheaders .= "X-Priority: 6\n"; // Urgent message!
        if ($send_html_messages == "yes") {
                $xheaders .= "Content-Type: text/html; charset=iso-8859-1\n"; // Mime type
        }
        mail("$useremail","$subject","$content",$xheaders);
?>


Could anyone please suggest some other options to trouble shoot this?

Thanks :)
 
Thanks SirDice! I did not know that but why then do I get a response from 127.0.0.1 when I ping localhost?

That doesn't mean I can't do it though does it? The simplest thing I can think of is to change the sendmail config to use the local ip as the relay instead of localhost, or am I way off track? I have never had to setup sendmail before.

Or do I need to route the mail through the host somehow?
 
I have found this guide HERE, but it is 9 years old. How accurate is it?


You need to run a sendmail MSP process in the jail, and modify the
configuration so that it submits the message to your main server
(presumably in your host environment, although it could live in
another jail) via it's external IP address.

Try this, in the jail:

# cd /etc/mail
# cp freebsd.submit.mc submit.mc
# vi submit.mc

here, change the last line from

FEATURE(`msp', `[127.0.0.1]')dnl

to

FEATURE(`msp', `[smtp.example.com]', `MSA')dnl

Obviously, you want to replace 'smtp.example.com' with the hostname of
your mailserver -- or it's IP address. You need the [square brackets]
as they stop sendmail trying to look up MXes in the DNS and instead
deliver straight to the named machine. Now rebuild the .cf and
install it:

# make
# make install

In /etc/rc.conf in the jail set the following so that only the
sendmail MSP process gets started:

sendmail_enable="NO"
sendmail_msp_queue_enable="YES"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"

and you can start sendmail up from within /etc/mail by:

# make restart

Oh, and make sure port 587 on the mail server isn't firewalled off
from the jail environment...

The problem is that the loopback interface isn't really shared between
jail and host environment -- a daemon listening on 127.0.0.1 in the
host won't pick up connections to 127.0.0.1 in the jail, which is
exactly how the MSP tries to communicate with the MTA process.

[Edit:] I notice some of the paths have changed, and I expect I will find some other cosmetic things. But in principle it should work yeh?
 
I have completed the steps and confirmed sendmail is running on the host and mqueue is on the webserver:

Host
Code:
[/etc/mail]# /etc/rc.d/sendmail status
sendmail is running as pid 68419.
sendmail_submit is running as pid 68419.
sendmail_clientmqueue is running as pid 68422.

Webserver
Code:
[/etc/mail]# /etc/rc.d/sendmail onestatus
sendmail is not running.
sendmail_clientmqueue is running as pid 68446.

Does this look like what should be expected?

I have used the hosts ip address in submit.mc, but it is still timing out.

This is my firewall entry:
Code:
$IPF 200 allow all from x.x.x.3 to x.x.x.2 587
 
I have noticed that the relay in the jailed servers' 'from' log is: 'relay=www@localhost' but the: 'to' log reports: Operation timed out with x.x.x.2.

Should I be changing the relay address anywhere other than in submit.mc?
 
I have decided to try useing the ISP's relay instead 'mail.domain.com', just to test which side the error may lay on.

This gets me a little bit further, but now I get this error:

Code:
to=postmaster, delay=00:00:05, xdelay=00:00:05, mailer=relay, pri=32551, relay=mail.domain.com. [x.x.x.1], dsn=5.0.0, stat=Service unavailable

I assume this is because I need to configure the permissions, am I correct?
 
Lots of updates and changes in the meantime :)

The last message tries to email the postmaster on that mail relay. It's possible this is blocked by a spam filter at the ISP.

What you could do is configure sendmail correctly on the host and have the jails submit their mail there.
 
Thanks for getting back to me. I have been working on this pretty solidly and find most of my previous comments become redundant pretty quickly, but the way I see it is that if someone else has the problem they can at least get some ideas from my fumbling. I am learning though :)

Ideally I would like to get sendmail relaying through the host, but using the ISPs relay is just to get the mail moving so I can take my time sorting it out. I have spoken with the ISP and they said that simply adding the relay address to the sendmail conf should work.


I can confirm that the host can send mail:

Code:
#echo "Test" | mail me@gmail.com

Results in a succesfull delivery.

HOST/var/log/maillog
Code:
Feb  9 06:03:28 HOST sendmail[30426]: q19B3NuN030426: to=xxxxx@gmail.com, ctladdr=admin (1002/1002), delay=00:00:05, xdelay=00:00:05,]
 mailer=relay, pri=30031, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (q19B3S8l030427 Message accepted for delivery)
Feb  9 06:03:29 advoy sm-mta[30429]: STARTTLS=client, relay=gmail-smtp-in.l.google.com., version=TLSv1/SSLv3, verify=FAIL, cipher=RC4-SHA,
 bits=128/128
Feb  9 06:03:29 advoy sm-mta[30429]: q19B3S8l030427: to=<xxxxxxxx@gmail.com>, ctladdr=<admin@HOST.domain.com> (1002/1002), delay=00:00:01,
 xdelay=00:00:01, mailer=esmtp, pri=30356, relay=gmail-smtp-in.l.google.com. [74.125.91.26], dsn=2.0.0, stat=Sent (OK 1328786226
 k8si931734qcy.9)

This is what happens with the same test on the jail using the ISPs relay:

Code:
[/etc/mail]# echo "Test" | mail me@gmail.com
[/etc/mail]# /usr/local/www/apache22/data/dead.letter... Saved message in /usr/local/www/apache22/data/dead.letter

JAIL/var/log/maillog
Code:
Feb  9 11:08:30 JAIL sm-msp-queue[30110]: q1932t6V068411: to=postmaster, delay=08:03:14, xdelay=00:00:33, mailer=relay, pri=2315662,
 relay=mail.JAIL.com. [x.x.x.x], dsn=5.0.0, stat=Service unavailable
Feb  9 11:08:30 JAIL sm-msp-queue[30110]: q1932t6V068411: q19AbkpV030110: return to sender: Service unavailable
Feb  9 11:08:31 JAIL sm-msp-queue[30442]: q1932t7H068411: to=postmaster, delay=08:02:54, xdelay=00:00:04, mailer=relay, pri=2326660,
 relay=mail.JAIL.com. [x.x.x.x], dsn=5.0.0, stat=Service unavailable
Feb  9 11:08:31 JAIL sm-msp-queue[30442]: q1932t7H068411: q19B88oa030442: return to sender: Service unavailable
Feb  9 11:08:34 JAIL sm-msp-queue[30442]: q1932t7H068411: Losing ./qfq1932t7H068411: savemail panic
Feb  9 11:08:34 JAIL sm-msp-queue[30442]: q1932t7H068411: SYSERR(smmsp): savemail: cannot save rejected email anywhere

My rc.conf is as follows:

JAIL: /etc/rc.conf
Code:
sendmail_enable="NO"
sendmail_msp_queue_enable="YES"
sendmail_outbound_enable="NO"
sendmail_submit_enable="NO"

The host is just using the default values so I have no entries.
 
Looking at another test via the php mail form it seems to be sort of working, it appears that the rejection notice was delivered to the postmaster, but it can not identify the user 'www':

JAIL /var/log/maillog
Code:
56]: q1C0Buub085456: from=www, size=219, class=0, nrcpts=1, msgid=<201202120011.q1C0Buub085456@DOMAIN.com>, relay=www@localhost
56]: q1C0Buub085456: to=ME@gmail.com, ctladdr=www (80/80), delay=00:00:02, xdelay=00:00:02, mailer=relay, pri=30219, relay=mail.DOMAIN.com. [216.130.191.1], dsn=5.1.3, stat=User unknown
56]: q1C0Buub085456: q1C0Buuc085456: DSN: User unknown
56]: q1C0Buuc085456: to=www, delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=31243, relay=mail.DOMAIN.com. [x.x.x.x], dsn=5.0.0, stat=Service unavailable
56]: q1C0Buuc085456: q1C0Buud085456: return to sender: Service unavailable
56]: q1C0Buud085456: to=postmaster, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=32267, relay=mail.DOMAIN.com. [x.x.x.x], dsn=2.0.0, stat=Sent (ok 1329006343 qp 67991)

Do I need to map this user to the www on the host via /etc/mail/virtualusertable?
 
I've found a couple more things:

1) The relay my ISP gave me is not open, despite their insistence that it was. I believe this explains the 'user unknown' error.
2) The host will respond to telnet on port 25 locally ie. host#telnet localhost 25, but not from any other location. I tried this with the FW down also.
 
I have gone back to testing with the external relay just so I know that the client is working at least.

This is the result of the test:


Code:
[CMD="[root@webserver /etc/mail]# echo "Test" | sendmail -v me@gmail.com"][/CMD]
me@gmail.com... Connecting to mail.DOMAIN.com. via relay...
220 mail2.HOSTING.net ESMTP
>>> EHLO DOMAIN.com
250-mail2.HOSTING.net
250-PIPELINING
250-8BITMIME
250-SIZE 0
250 AUTH LOGIN PLAIN CRAM-MD5
>>> MAIL From:<webserver@DOMAIN.com> SIZE=5
250 ok
>>> RCPT To:<me@gmail.com>
>>> DATA
553 sorry, that domain isn't in my list of allowed rcpthosts (#5.5.3 - chkuser)
503 RCPT first (#5.5.1)
>>> RSET
250 flushed


My interpretation is that it works as a client, but the relay is not open.

Add this to the fact that I know the host can send mail.


So the issue lays somewhere in the middle. Why would traffic from the jail not reach the host? The access file looks correct, I have built it in and restarted. I don't imagine I should need /etc/mail/virtusertable or /etc/mail/local-host-names should I?
 
To relay from your jail through your host you need to add

Code:
jail_IP  RELAY

to /etc/mail/access on your host

To activate the access db entry

# cd /etc/mail
# makemap hash access < access

You may than need to restart sendmail on host
 
lbol said:
To relay from your jail through your host you need to add

Code:
jail_IP  RELAY

to /etc/mail/access on your host

To activate the access db entry

# cd /etc/mail
# makemap hash access < access

You may than need to restart sendmail on host

Thanks Ibol :)

I have tried this but to make the changes I used:

Code:
#make
#make install
#make restart

I have tried your method to be sure :) but to no avail...
 
I've had an idea... how do I set the address that the relay server listens on? I have a feeling it is only listening to 127.0.0.1.

[edit]: I just added the clients ip to /etc/mail/local-host-names and restarted sendmail, this did not help either.
 
I have observed that the host responds to telnet localhost 25 and that the client is not listening at all.

netstat -a gives me this:

Code:
Proto Recv-Q Send-Q  Local Address          Foreign Address       (state)
tcp4       0      0  localhost.DOMAIN.smtp  *.*                    LISTEN

And the relay does not respond to an external request on port 25.
 
In the end I just cleaned up my hosts file and rebuilt sendmail :r

Don't know what this means, but I am getting these in my logs.
Code:
r
Feb 13 04:16:41 webserver sendmail[22892]: My unqualified host name (webserver) unknown; sleeping for retry
Feb 13 04:17:42 webserver sendmail[22892]: unable to qualify my own domain name (webserver) -- using short name

But at least it works now! :D
 
change on /etc/mail/submit.mc

Hi there,

I have the same problem,
then I try to change line on /etc/mail/submit.mc

FEATURE(`msp', `[127.0.0.1]')dnl
to
FEATURE(`msp', `[your_smtp_server_ip/hostname]')dnl


it works
 
linthon said:
Hi there,

I have the same problem,
then I try to change line on /etc/mail/submit.mc

FEATURE(`msp', `[127.0.0.1]')dnl
to
FEATURE(`msp', `[your_smtp_server_ip/hostname]')dnl


it works

Thanks :)

This was already done at some point, but was too long ago to remember any details about when or why... Still there have been no troubles with mail since :)
 
Back
Top