# sendmail relaying denied sending from workstation -- SOLVED

## Moriah

I am setting up a new email server using sendmail.  The old server was too slow and out of date.  I am having a problem when I send email from a workstation on the lan thru the server and that email is destined for an email address out on the internet.  I get in /var/log/messages:

```

Dec  5 14:29:03 eli sm-mta[19741]: jB5JT3JC019741: ruleset=check_rcpt, arg1=<eli@iglou.com>, relay=aaron [192.168.2.2], reject=550 5.7.1 <eli@iglou.com>... Relaying denied

Dec  5 14:29:03 eli sm-mta[19741]: jB5JT3JC019741: from=<rj@elilabs.com>, size=498, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=aaron [192.168.2.2]

Dec  5 14:29:03 eli sm-mta[19741]: jB5JT3JE019741: from=<>, size=2325, class=0, nrcpts=1, msgid=<200512051929.jB5JT3nH002974@ezra.elilabs.com>, proto=ESMTP, daemon=MTA, relay=aaron [192.168.2.2]

```

I have had this problem before, but the last time was when I set up the old server I am now replacing, and that was almost 2 years ago.  I just don't fiddle with sendmail often enough to remember how to do it, so every time it becomes a major research project just to tweak the tiniest little detail.  The O'Reilly Sendmail book has over 1000 pages of wonderful stuff, but its just too much to read thru (again!) just for what I seem to remember is a 1 line tweak.    :Evil or Very Mad: 

My basic setup is a classic 2 layer network with a gateway firewall, then a dmz, then a choke filewall (named aaron in this case, at 192.168.2.2 on the dmz side), then a lan on the back side of the choke.  The lan is addressed 192.168.1.*, and the dmz is addressed 192.168.2.*, with the servers static natted to their external ip addresses by the gateway firewall.

This was all working fine, other than being too slow, until I installed the new machine.  The new machine is using the new 2.6 series kernel, while the old box used the 2.4 kernel.  The sendmail version is also newer on the new machine.

I have already tried putting the same info in the /etc/mail/relay-domains file as was in that file on the old server, but alas, no joy.  I then tried putting the appropriated stuff in the /etc/mail/access file, but still no joy.

Can somebody tell me the magic incantation to get sendmail to relay the stuff listed in /etc/mail/relay-domains  What file do I edit, and how do I rebuild the sendmail.cf file and any thing else before I start sendmail with /etc/init.d/sendmail restart   :Question: Last edited by Moriah on Tue Dec 06, 2005 6:08 am; edited 1 time in total

----------

## papal_authority

So your access file looks similar to this?

```
localhost.localdomain           RELAY

localhost                       RELAY

127.0.0.1                       RELAY

192.168                         RELAY
```

Did you rebuild it with makemap?

----------

## Moriah

My /etc/mail/access files looks like this:

```

localhost.localdomain      RELAY

localhost         RELAY

127.0.0.1         RELAY

192.168.2.2         RELAY

elijah-5.iglou.com      RELAY

66.64.136.202.nw.nuvox.net   RELAY

```

But actually, adding 192.168 would be a good idea.  I did not know if it would take a partial match or not...   :Embarassed: 

That's what I was looking for:  *Quote:*   

> Did you rebuild it with makemap?

 I knew I had to do something to make that file take effect!

Just exactly what does the makemap command look like for the usual gentoo sendmail setup?  My access source file is in /etc/mail/access, but the manpage for makemap says it takes its input from stdin, and wants me to give a bunch of other stuff.  How do I form the command line?

And I thought gentoo's /etc/init.d/sendmail restart would rebuild everything automatically.    :Confused: 

----------

## papal_authority

```
makemap hash /etc/mail/access.db < /etc/mail/access
```

----------

## Moriah

Well, the command worked, but I still got an error.  The following appeared in my inbox after I send an email to an external site:

```
From VM Tue Dec  6 00:44:24 2005

Return-Path: <MAILER-DAEMON>

X-Spam-Checker-Version: SpamAssassin 3.1.0-gr0 (2005-09-13) on eli.elilabs.com

X-Spam-Level: 

X-Spam-Status: No, score=-3.4 required=3.0 tests=ALL_TRUSTED,BAYES_00,

   NO_REAL_NAME autolearn=ham version=3.1.0-gr0

Received: from ezra.elilabs.com (aaron [192.168.2.2])

   by eli.elilabs.com (8.13.4/8.12.11) with ESMTP id jB65hWrw011296

   for <rj@elilabs.com>; Tue, 6 Dec 2005 00:43:32 -0500

Received: from localhost (localhost)

   by ezra.elilabs.com (8.12.11/8.12.11) id jB65hXM4004696;

   Tue, 6 Dec 2005 00:43:33 -0500

Message-Id: <200512060543.jB65hXM4004696@ezra.elilabs.com>

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status;

   boundary="jB65hXM4004696.1133847813/ezra.elilabs.com"

Auto-Submitted: auto-generated (failure)

From: <MAILER-DAEMON@elilabs.com>

To: <rj@elilabs.com>

Subject: Returned mail: see transcript for details

Date: Tue, 6 Dec 2005 00:43:33 -0500

This is a MIME-encapsulated message

--jB65hXM4004696.1133847813/ezra.elilabs.com

The original message was received at Tue, 6 Dec 2005 00:43:32 -0500

from localhost.localdomain [127.0.0.1]

   ----- The following addresses had permanent fatal errors -----

<eli@iglou.com>

    (reason: 550 5.7.1 <eli@iglou.com>... Relaying denied)

   ----- Transcript of session follows -----

... while talking to elilabs.com.:

>>> DATA

<<< 550 5.7.1 <eli@iglou.com>... Relaying denied

550 5.1.1 <eli@iglou.com>... User unknown

<<< 503 5.0.0 Need RCPT (recipient)

--jB65hXM4004696.1133847813/ezra.elilabs.com

Content-Type: message/delivery-status

Reporting-MTA: dns; ezra.elilabs.com

Received-From-MTA: DNS; localhost.localdomain

Arrival-Date: Tue, 6 Dec 2005 00:43:32 -0500

Final-Recipient: RFC822; eli@iglou.com

Action: failed

Status: 5.7.1

Remote-MTA: DNS; elilabs.com

Diagnostic-Code: SMTP; 550 5.7.1 <eli@iglou.com>... Relaying denied

Last-Attempt-Date: Tue, 6 Dec 2005 00:43:33 -0500

--jB65hXM4004696.1133847813/ezra.elilabs.com

Content-Type: message/rfc822

Return-Path: <rj@elilabs.com>

Received: from ezra.elilabs.com (localhost.localdomain [127.0.0.1])

   by ezra.elilabs.com (8.12.11/8.12.11) with ESMTP id jB65hWM4004694

   for <eli@iglou.com>; Tue, 6 Dec 2005 00:43:32 -0500

Received: (from rj@localhost)

   by ezra.elilabs.com (8.12.11/8.12.11/Submit) id jB65hWpR004691;

   Tue, 6 Dec 2005 00:43:32 -0500

From: "Robert J. Brown" <rj@elilabs.com>

MIME-Version: 1.0

Content-Type: text/plain; charset=us-ascii

Content-Transfer-Encoding: 7bit

Message-ID: <17301.9475.946157.418761@ezra.elilabs.com>

Date: Tue, 6 Dec 2005 00:43:31 -0500

To: eli@iglou.com

Subject: more testing

X-Mailer: VM 7.14 under 21.4 (patch 15) "Security Through Obscurity" XEmacs Lucid

better work this time!

--jB65hXM4004696.1133847813/ezra.elilabs.com--
```

And this was written to /var/log/messages:

```
Dec  6 00:43:00 eli sm-mta[11233]: starting daemon (8.13.4): SMTP+queueing@00:30:00

Dec  6 00:43:00 eli sm-cm[11239]: starting daemon (8.13.4): queueing@00:30:00

Dec  6 00:43:32 eli sm-mta[11296]: jB65hWru011296: ruleset=check_rcpt, arg1=<eli@iglou.com>, relay=aaron [192.168.2.2], reject=550 5.7.1 <eli@iglou.com>... Relaying denied

Dec  6 00:43:32 eli sm-mta[11296]: jB65hWru011296: from=<rj@elilabs.com>, size=500, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=aaron [192.168.2.2]

Dec  6 00:43:32 eli sm-mta[11296]: jB65hWrw011296: from=<>, size=2327, class=0, nrcpts=1, msgid=<200512060543.jB65hXM4004696@ezra.elilabs.com>, proto=ESMTP, daemon=MTA, relay=aaron [192.168.2.2]
```

I am pretty sure there is a directive somewhee that tells sendmail to allow forwarding, and that this has not yet been turned on.

----------

## papal_authority

Ok your /etc/mail/relay-domains should look something like this: 

```
192.168
```

Now try stopping sendmail (/etc/init.d/sendmail stop) and re-starting it (/etc/init.d/sendmail start).

----------

## Moriah

Actually it looks like this:

```
elijah-5.iglou.com

aaron.elilabs.com

66.64.136.202.nw.nuvox.net
```

which is exactly what it looked like with the old server too.

Yes, I stopped and started sendmail after making the access map, butit did a restart instead of a stop followed by a start.  I will add the 192.168 to relay-domains and stop then start sendmail, and we shall see what happens.

 TA DA !!!

It worked!  Thanks a 10^(10^10)!   :Very Happy: 

----------

