sendmail times out or fails to connect to remote server

S

stevevg

I'm trying to send email from the mail program, via sendmail, but finding it hard to do so, since every server I try to pass an email off to refuses the connection, or times out. Should work:
Code: 
mail ******@sbcglobal.net
  enter subject and body, terminate with CTRL^D.

I get the following in /etc/var/maillog:
Code: 
Apr 15 20:08:07 [myhostname] sendmail[1952]: r3G187tg001952: to=*****@sbcglobal.net, ctladdr=steve (1001/1001), delay=00:00:00,
 xdelay=00:00:00, mailer=relay, pri=30067, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0,
 stat=Sent (r3G1879S001953 Message accepted for delivery)
Apr 15 20:09:35 [myhostname] sm-mta[1955]: r3G1879S001953: to=<******@sbcglobal.net>, ctladdr=<steve@stevevg.com> (1001/1001),
 delay=00:01:28, xdelay=00:01:28, mailer=esmtp, pri=30386,
 relay=mx2.sbcglobal.am0.yahoodns.net. [98.136.217.192], dsn=4.0.0, stat=Deferred: Operation timed out with mx2.sbcglobal.am0.yahoodns.net.
 
This looks more like a network issue than a sendmail problem. Can you ping the destination address?
# ping 98.136.217.192
 
ping(8) is not a reliable way to test connectivity to public servers that offers MTA or other services. Very often they are filtering (wrongly IMO) ICMP completely. Use a combination of net/mtr, traceroute(8) or even tcpdump(8) to see how far the connection actully gets and if anything is returned from the host.
 
ISPs often firewall port 25 for dynamic IP addresses, forcing those people to smarthost through the ISP's mailserver.
 
I can connect to the server on port 25

Code: 
# telnet 98.136.217.192 25                                       ~
Trying 98.136.217.192...
Connected to 98.136.217.192.
Escape character is '^]'.
220 mta1293.sbc.mail.gq1.yahoo.com ESMTP YSmtpProxy service ready
 
What kind of internet connection are we talking about here? If it's PPPoE this could be an MTU problem. The other possibility that comes to my mind is that something in the contents of the messages causes the yahoo mail server to hang up prematurely.
 
That's a symptom. What its cause is is unknown. It could be that yahoo has a content filter that actively blocks any further connections after it has found something it does not like.
 
I think my ISP is blocking port 25 - that's the only thing I can think of. I can ping a whole bunch of different mailservers, but can't telnet to any on port 25.

On @wblock@'s suggestion of smarthosting through my ISP's mailserver: Any security concerns with that? I mean, if I'm using somebody else's mailserver, isn't there a possibility that my ISP can cache my email?
 
Last edited by a moderator:
kpa said:
Your mails will be stored temporarily in their mail queue so if you're concerned about that, don't.
Click to expand...

Theoretically, and hopefully, right? I'm not very good with all this mailserver stuff, but I should think that if you have an email on your machine sitting in a queue at one point in time, it's shouldn't be too hard to save that email off for later viewing, or whatever.

I'm not really concerned about my mail being intercepted, since I don't plan to send out much more than verification emails (you know when you make an account on an website, they send you an email, that sort of thing), but rather am more concerned about the theoretical implications, and really the question is, does the ISP really have the right to block port 25? Isn't that, maybe, a little, unethical?
 
The network is owned by the ISP and you're only "paying rent" to use it so they can set the rules what can or can not be done in their network. No ethics involved IMHO.

The mails that you forward to your ISP using the smart host technique will be always queued, that's how mail servers work. It's very possible that they do monitor the contents of the mails to some degree, at least the headers might be archived for some time. I believe in some countries it is even required by law to do so.
 
kpa said:
The network is owned by the ISP and you're only "paying rent" to use it so they can set the rules what can or can not be done in their network. No ethics involved IMHO.
Click to expand...

Well shoot. Thought I was going to get the chance to call the phone company and huff and puff and blow a little steam to get my way. Still planning to, though. ;)

In the sad case that doesn't work, what's some good documentation on relaying mail through my ISP? I've been trying to avoid that, since it seems a lot harder than just using my own mailserver.
 
Sendmail can do what you want but the documentation requires some degree of expertise to fully understand it.

This is my set up for simple smart host and masquerade:


Code: 
FEATURE(masquerade_envelope)
MASQUERADE_AS(`mydomain.tld')

define(`SMART_HOST', `[mail.myisp.tld]')

This will forward everything to mail.myisp.tld and make everything appear as coming from mydomain.tld instead of the hostname determined by the reverse DNS of the my sending system (username@mydomain.tld instead of username@firewall.mydomain.tld).
 
If you're concerned about privacy, encrypt your mail. Those packets are already going through the ISP, whether you use their mailserver or not.

Smarthosting is actually pretty easy. For sendmail(8), create /etc/mail/hostname.mc, uncomment the SMART_HOST line by removing the dnl, edit to point to your ISP's mail server, then build and install. See /etc/mail/Makefile for specific make(1) targets.
Code: 
define(`SMART_HOST', `your.isp.mail.server')

The ISP ought to be able to give details on the mailserver. Some require login, which is more complicated but doable. The trick is to find someone with the tiniest speck of competence at the ISP.
 
@wblock@, you're forgetting the square brackets around the address in SMART_HOST, without them Sendmail will try to do MX lookup on the name instead of using it literally as the smart host address. Often the MX lookup will give strange results and smart host doesn't work.

Code: 
define(`SMART_HOST', `[your.isp.mail.server]')
 
Last edited by a moderator:
So a phone call confirms that they do in fact block the port. Here's a potential problem: the ISP does not host its own mailserver, but rather uses one from Google. I haven't tried it yet, but won't that mean that I won't be able to connect to the Google mailserver, since I'd have to use port 25 to do so? Or do you use a different port when you're smarthosting?
 
Most of the time they are not needed but if someone sets the MX records like this they are needed:

Code: 
dig mail.inet.fi mx

; <<>> DiG 9.8.3-P1 <<>> mail.inet.fi mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 12190
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 1

;; QUESTION SECTION:
;mail.inet.fi.			IN	MX

;; ANSWER SECTION:
mail.inet.fi.		1786	IN	MX	10 mta.inet.fi.

;; AUTHORITY SECTION:
inet.fi.		1766	IN	NS	ns2-usa.global.sonera.net.
inet.fi.		1766	IN	NS	ns2-fin.global.sonera.fi.
inet.fi.		1766	IN	NS	ns1-fin.global.sonera.fi.
inet.fi.		1766	IN	NS	ns1-swe.global.sonera.se.

;; ADDITIONAL SECTION:
mta.inet.fi.		1771	IN	A	195.156.147.12

;; Query time: 0 msec
;; SERVER: 10.71.13.1#53(10.71.13.1)
;; WHEN: Tue Apr 16 20:13:42 2013
;; MSG SIZE  rcvd: 201

And in this case mta.inet.fi does not accept mail for delivery but mail.inet.fi does.

Normally the MX records for an address like mail.domain.tld should be empty or point to the address itself.
 
I would install sendmail from ports, replacing the base system sendmail with mail/sendmail. Configure it to use the security/sasl2 port for authentication so you can use gmail as smart host with username/password authentication.

Basically the handbook guide adapted to use the port version of sendmail:

http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/smtp-auth.html

Why I would use the port version of sendmail over the base system is that modifying the base system to depend on ports is imo backwards and to be avoided.
 
Step 5 calls for recompiling sendmail using stuff in /usr/src/ - there's nothing in there (I'm on FreeBSD 9). Problem, or is it ok?
 
Ok so if I do the following:
[cmd=]dig fidnet.com mx[/cmd]

And I'm pretty sure that's the proper host - the email address they gave me was me@fidnet.com - I get the following output:

Code: 
;; ANSWER SECTION:
fidnet.com.		43200	IN	MX	20 alt1.aspmx.l.google.com.
fidnet.com.		43200	IN	MX	20 alt2.aspmx.l.google.com.
fidnet.com.		43200	IN	MX	30 aspmx2.googlemail.com.
fidnet.com.		43200	IN	MX	30 aspmx3.googlemail.com.
fidnet.com.		43200	IN	MX	30 aspmx4.googlemail.com.
fidnet.com.		43200	IN	MX	30 aspmx5.googlemail.com.
fidnet.com.		43200	IN	MX	10 aspmx.l.google.com.

(and then some).

So I added the following to my /etc/mail/hostname.mc file:

Code: 
FEATURE(masquerade_envelope)
MASQUERADE_AS(`stevevg.com')
define(`SMART_HOST', `[aspmx.l.google.com]')

And ran [cmd=""]make[/cmd] and then [cmd=""]make install restart[/cmd] (from within the /etc/mail directory, of course), and then tried to run [cmd=""]mail[/cmd].

Aside from the difficulty with sasl, I got the following in /var/log/maillog:

Code: 
Apr 16 13:11:22 steve sm-mta[24009]: r3GIA6xP024007: to=<ADDRESS_I_WANT_TO_SEND_TO_SO_BADLY>, ctladdr=<steve@stevevg.com> (1001/1001), delay=00:01:16, xdelay=00:01:15, mailer=relay, pri=30434, relay=aspmx.l.google.com. [74.125.133.27], dsn=4.0.0, stat=Deferred: Operation timed out with aspmx.l.google.com.
 
You must log in or register to reply here.
Back
Top