# email server problems

## _easyrider_

Hello, i have been using my own mailserver with vpopmail and qmail but suddenly im not able to send mail out from my local network via my server and to another email. I keep getting this error

```

Server: '10.0.0.1', Protokol: SMTP, answer from server: '553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1)', Port: 25, secure (SSL): no, Servererror: 553, Errornumber : 0x800CCC79

```

What can that be??

----------

## BeatJunkie

It looks like your server isn't allowing hosts on your local network to relay through it.

Are you using tcprules to run qmail?  If so, make sure you have the following line in your /etc/tcp.smtp file:

```
10.0.0.:allow,RELAYCLIENT="",RBLSMTPD=""
```

Then compile the rules file as follows:

```
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
```

You may also have to do this:

```
chmod 644 /etc/tcp.smtp.cdb
```

After that, any host on your 10.0.0.x network should be able to relay through your server.

If that isn't the problem, perhaps you could give us some more background information.  Is your mail server a new server that never worked, or did it previously work?  If it previously worked, did you do anything to it between then and now?  Details on your configuration would be useful as well.

----------

## _easyrider_

My server has been working previously. But not any more.

What conf files do you want to see?.

I haven't changed anything, only updatet my system with emerge -u world from time to time.

----------

## BeatJunkie

Do you run etc-update after an emerge world when it asks you to?  It is possible that it may have reset one of your config files to its default state by accident.

Let's start with this...  Can you post the contents of these files?:

/etc/tcp.smtp   (did you try my previous suggestion?)

/var/qmail/supervise/qmail-smtpd/run

tcprules uses the .cdb file created from /etc/tcp.smtp to set certain environment variables forqmail depending on the originating IP address of the SMTP request, among other things.  This is where you tell your qmail server what IP addresses to always allow relaying from.

That should be a good start.  Post the contents of the above two files and we'll take it from there.  Cheers.

----------

## _easyrider_

Yes i tried with your sugestions but with no result.

This is the content of the 2 files

/etc/tcp.smtp

```

# Qmail-Scanner disabled for mail from localhost, relay allowed

127.0.0.1:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-queue"                                                                                                                   

# Qmail-Scanner enabled (virus only) for mail from local network, relay allowed

10.0.0.1.:allow,RELAYCLIENT="",RBLSMTPD="",QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"                                                                                                        

# Qmail-Scanner enabled (virus and spam) for mail from external internet, relay denied

:allow,QMAILQUEUE="/var/qmail/bin/qmail-scanner-queue.pl"

```

/var/qmail/supervise/qmail-smtp/run

```

#!/bin/bash

# Gentoo Startup script for qmail's SMTP daemon

# $Header: /var/cvsroot/gentoo-x86/mail-mta/qmail/files/run-qmailsmtpd,v 1.3 2005/01/03 20:55:10 hansmi Exp $

#

# If you need to edit this file, please look at editing conf-smtpd and

# conf-common first.  If you still need to change this file, you should

# probably file a bug on the bugzilla saying what you wanted to change so that

# modification can be make possible via the configuration files

SERVICE=smtp

source /var/qmail/bin/qmail-config-system && \

exec /usr/bin/softlimit ${SOFTLIMIT_OPTS} \

    ${QMAIL_TCPSERVER_PRE} \

    /usr/bin/tcpserver ${TCPSERVER_OPTS} -x ${TCPSERVER_RULESCDB} \

    -c ${MAXCONN} -u ${QMAILDUID} -g ${NOFILESGID} \

    ${TCPSERVER_HOST} ${TCPSERVER_PORT} \

    ${QMAIL_SMTP_PRE} /var/qmail/bin/qmail-${SERVICE}d ${QMAIL_SMTP_POST} \

    2>&1

```

----------

## BeatJunkie

I think the line in your tcp.smtp file for local network relaying has an error.  It has an extra "." after the IP address, and as a result won't match "10.0.0.1" because it's looking to match "10.0.0.1.".

Try removing the extra ".", and run tcprules on it again.

----------

## _easyrider_

Hmm i tried to use an older image i made from my server before i made an emerge -u world but still having the same problems. 

Will right back soon. Am going to update my server and get back to you. 

By the way i found out that my ISP have closed port 25 but made smtproutes with should take care of that problems but still same problems.

What i don't understand is that when i use squirrelmail i have no problems to send mail out. Very strange if you ask me.

----------

## kakou

I have same problem because the "ipv6" flag is set subitly

i have re-emerge sys-apps/ucspi-tcp =net-mail/courier-imap  without ipv6 flag and it's work

----------

## BeatJunkie

If squirrelmail is on the same server as qmail, there should be no problem sending mail because it is using the "127.0.0.1" rule in your tcp.smtp file, which is different than your "10.0.0.1" rule.

Removing the trailing period from your "10.0.0.1." rule should fix relaying from your local network, provided that your qmail-scanner-queue is working.

That said, if qmail-scanner-queue was broken, you would probably get a different error.

Make sure to run tcprules after making any changes to your /etc/tcp.smtp file:

```
tcprules /etc/tcp.smtp.cdb /etc/tcp.smtp.tmp < /etc/tcp.smtp
```

Not doing so will prevent the new rules from taking effect.

----------

## _easyrider_

Every time i have made some changes to that specific file i ran that command but with no result.

----------

## BeatJunkie

I just wanted to double-check...  The IP address of the machine you're trying to send mail from is 10.0.0.1, correct?  It hasn't changed?

----------

## _easyrider_

No the ip of my local computer is 10.0.0.2 and the ip 10.0.0.1 is the servers local interface. But also tried to use the ip 10.0.0.2 instead, but still i get the same error

----------

## LordArthas

Hi!

Exactly the same problem here, which happened after the emerge -uDav word of yesterday evening. Before it was working smoothly, so I guess it's something new that gives problem (not qmail however, since it's always at 1.03-r15).

I'll try to dig into this more...

Michele.

EDIT: After a bit of research I found this very recent thread which explains that everything in tcp.qmail-smtp.cdb is, for whatever reason, ignored by tcpserver except for the last :allow line. Therefore, I can oldy send e-mail to domains in the rcpthosts. Anyone's been able to resolve this?

----------

## _easyrider_

It might be a strange question. But witch file is it i need to make changes to, and add new rules for relay, do i make the changes directly to the /etc/tcpruler.d/tcp.qmail-smtp and update the systen.

----------

## LordArthas

 *_easyrider_ wrote:*   

> It might be a strange question. But witch file is it i need to make changes to, and add new rules for relay, do i make the changes directly to the /etc/tcpruler.d/tcp.qmail-smtp and update the systen.

 

Yes, you make changes to that file and then issue (supposing you are in /etc/tcprules.d/:

```

tcprules /etc/tcprules.d/tcp.qmail-smtp.cdb /etc/tcprules.d/tcp.qmail-smtp.tmp < tcp.qmail-smtp

```

However, the rules (except for the most general one) don't seem to work so well after the latest upgrade...

Michele.

----------

## t9k

 *kakou wrote:*   

> I have same problem because the "ipv6" flag is set subitly
> 
> i have re-emerge sys-apps/ucspi-tcp =net-mail/courier-imap  without ipv6 flag and it's work

 

I think this is the solution for those of us that recently did a 

```
# emerge -uDv world
```

 I'm betting ipv6 enabled ucspi-tcp is the culprit since nothing else changed with qmail.

Several other forum posts suggest the same solution.  

 *Quote:*   

> Exactly the same problem here, which happened after the emerge -uDav word of yesterday evening. Before it was working smoothly, so I guess it's something new that gives problem (not qmail however, since it's always at 1.03-r15). 

  LordArthas, did you try this yet?

----------

## BeatJunkie

Easyrider, I'm starting to think that there might be a problem with ucspi-tcp, given the other peoples' experiences in this thread.  It hasn't affected me yet, as I haven't upgraded ucspi-tcp recently.

I'm running ucspi-tcp-0.88-r8.  It was compiled to not use ipv6, however when I do a pretend emerge, it wants to compile it with ipv6 now.  If I were in your shoes, I'd try re-emerging ucspi-tcp, disabling the ipv6 USE flag.

Also, looking at the ebuild file for recent releases of ucspi-tcp, there is a comment that reads: *Quote:*   

>  "We have started a move to get all tcprules files into /etc/tcprules.d/, where we have provided a Makefile to easily update the CDB file.

 

I noticed that your /var/qmail/supervise/qmail-smtp/run differs slightly from mine, in where it specifies what .cdb file to use.

Your file says:

```
/usr/bin/tcpserver ${TCPSERVER_OPTS} -x ${TCPSERVER_RULESCDB} \
```

The -x option is what specifies the .cdb file to be used for tcprules processing.  Mine points directly to /etc/tcp.smtp.  Yours may be pointing elsewhere, depending on what ${TCPSERVER_RULESCDB} is set to.  This is probably set in /var/qmail/control/conf-smtpd.  Take a look -- you might find that your server is now looking for its rules in /etc/tcprules.d/tcp.smtp.cdb.

I'd try disabling the ipv6 USE flag and re-emerging ucspi-tcp.  Recompile your rules, then restart svscan.

If that fails, check where your system is actually looking for its rules a la ${TCPSERVER_OPTS}, and make sure that is where your actual tcp.smtp.cdb is kept.

Good luck!

----------

## _easyrider_

What USE flag do i need to set if emerging ucspi-tcp without ipv6 support?.

----------

## LordArthas

Hi!

 *t9k wrote:*   

> LordArthas, did you try this yet?

 

I'm a bit too much absent-mided these days: I completely overlooked the message on IPV6. Re-emerging ucspi-tcp with -ipv6 made everything work smoothly.

Thanks everybody.

Michele.

----------

## LordArthas

Hi!

 *_easyrider_ wrote:*   

> What USE flag do i need to set if emerging ucspi-tcp without ipv6 support?.

 

You can add -ipv6 to /etc/make.conf, which I think is a good idea if you're not using ipv6 at all. Alternatively, you can do that in-place just for ucspi-tcp:

```

USE="-ipv6" emerge ucspi-tcp

```

Michele.

----------

## _easyrider_

I will try to emerge gmail now without ipv6 support and get back to you with the result. Hopes this works.  :Very Happy: 

----------

## _easyrider_

Hmm now i have a new problem. I have re-emerged ucspi without ipv6 support but now my /etc/tcpruled.d/ folder is empty except from a Makefile.

----------

## BeatJunkie

Hi Easyrider,

From your posting on January 9th, it appears that your tcprules cdb file is at /etc/tcp.smtp.cdb, and not in /etc/tcprules.d.  Mine is the same as well.

As I had mentioned earlier, newer versions of ucspi_tcp encourage system admins to put their tcprules files in /etc/tcprules.d, instead of /etc.  But your system (and mine too) has the tcprules files in /etc.  As long as tcpserver knows where to find the rules file, your server should work.

To find out where tcpserver is looking for the rules file, you need to find out what ${TCPSERVER_RULESCDB} is set to.  You should be able to find this listed in your /var/qmail/control/conf-smtpd file.  If not there, it might be listed in /var/qmail/control/conf-common.

If your ${TCPSERVER_RULESCDB}=/etc/tcp.smtp.cdb, then you're fine.  Work with /etc/tcp.smtp as you used to.

If your ${TCPSERVER_RULESCDB}=/etc/tcprules.d/tcp.smtp.cdb, then you will want to move your /etc/tcp.smtp file into /etc/tcprules.d, and recompile the rules.  The Makefile is supposed to make compiling the rules easier when they are in /etc/tcprules.d, although I haven't tried moving them there yet.

I hope that helps!

----------

## _easyrider_

I can't find the RULE parameter in the conf-smtpd or the conf-conmon file.

----------

## BeatJunkie

Well that can certainly be a problem.  If the ${TCPSERVER_RULESCDB} variable isn't set in your qmail configuration files, then tcprules isn't using your tcp.smtp.cdb file (unless it's set elsewhere).

So your rules file is at /etc/tcp.smtp.cdb, correct?

Let's set you up so tcprules looks for it there.  Modify /var/qmail/supervise/qmail-smtp/run, changing the following line from:

```
/usr/bin/tcpserver ${TCPSERVER_OPTS} -x ${TCPSERVER_RULESCDB} \
```

to:

```
/usr/bin/tcpserver ${TCPSERVER_OPTS} -x /etc/tcp.smtp.cdb \
```

Then restart svscan by running:

```
/etc/init.d/svscan restart
```

Let us know how it goes.

----------

