←December→
Sun |
Mon |
Tue |
Wed |
Thu |
Fri |
Sat |
1 |
2 |
3 |
4 |
5 |
6 |
7 |
8 |
9 |
10 |
11 |
12 |
13 |
14 |
15 |
16 |
17 |
18 |
19 |
20 |
21 |
22 |
23 |
24 |
25 |
26 |
27 |
28 |
29 |
30 |
31 |
|
|
|
|
|
|
Tue, Apr 02, 2024 8:45 pm
Blocking email from an envelope "from" address with Sendmail
For a mail server running
Sendmail email server
software, if you wish to block email from a particular "from" address to
any email address on the server, you can include the address you wish to
block in the /etc/mail/access
file. E.g., if you wished to
block email from the address
spammer@example.com, you can include the following
line in that file:
# Block envelope "from" address of spammers
spammer@example.com REJECT
Any line beginning with a #
is treated as a comment, so the
first line above isn't needed, but adding a comment line may help you
recognize why the reject statement is in the file. After you have
added the line, you need to regenerate the
/etc/mail/access.db
file, or create a new one if there isn't
already one present, using the command shown below (you don't need to
restart sendmail):
# makemap hash /etc/mail/access </etc/mail/access
#
This will only work if you have a
FEATURE(`access_db')dnl
line in /etc/mail/sendmail.mc
.
E.g., a line like the one below:
FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl
If you don't have such a line, you will need to add it. If the line begins
with dnl
, you will need to remove the dnl
at the
beginning of the line, since that "comments out" the line.
[ More Info ]
[/network/email/sendmail]
permanent link
Mon, May 22, 2023 10:05 pm
Relaying Denied by Sendmail
A family member reported she was no longer able to send email via a
Sendmail service I have
running on a CentOS Linux
system. She sent me a screenshot of the message she received when attempting
to send a message. I saw a "Server error: '550 5.7.1 ... Relaying denied'"
message. At first, I thought that a technician from her Internet Service
Provider (ISP) might have changed her
Microsoft Outlook
settings when he upgraded her network equipment recently, but then I remembered
I was restricting email
relaying on the system by
IP address and realized
her IP address would have changed when the technician upgraded her network
equipment. So I had her visit
whatismyipaddress.com and provide me with the public
IPv4
IP address it showed for her. I then replaced her prior IP address in
/etc/mail/access
. The format for an entry to allow relaying
from a particular IP address is as shown below.
# Jane Doe
192.168.71.77 RELAY
You can include a comment to indicate who the IP address is associated
with by prefixing the comment with a
pound sign. The
IP address should be followed by the word "RELAY" (you can put tabs in
between the IP address and the word, if you like).
After changing the IP address, I rebuilt the access database with the
makemap command. I
then restarted Sendmail
# makemap hash /etc/mail/access </etc/mail/access
# service sendmail restart
Redirecting to /bin/systemctl restart sendmail.service
#
I was then able to receive a test message she sent me. After updating
the IP address, I may only have needed to restart Sendmail without running
the makemap command
first as I found the following at
19.3.2. Sendmail on a
Red Hat website in reference to running the
make all -C /etc/mail/
command (CentOS is derived from
Red Hat
Enterprise Linux):
All other generated files in /etc/mail
(db files) will be
regenerated if needed. The old makemap commands are still usable. The make
command is automatically used whenever you start or restart the
sendmail
service.
[/network/email/sendmail]
permanent link
Fri, Jun 01, 2018 10:11 pm
Modifying the "from" domain of a message with sendmail
A user sends a monthly email newsletter to a distribution list on an email
server I maintain that uses sendmail. He sends the message to an
email alias
on the system where sendmail converts the alias to all of the email
addresses in the mailing list and the sends it out through a
smart host to be
delivered to all of the recipients of the newsletter. The sender sends the
message from his verizon.net address and I needed to convert the "from"
address from a verizon.net email address to a local email address on the
server running sendmail. To do so, I placed the following lines at the
end of /etc/mail/sendmail.mc
. For the example below, I use the
example.com domain as the local domain name for the server.
MASQUERADE_DOMAIN(`verizon.net')dnl
MASQUERADE_AS(`example.com')dnl
Note: the "dnl" at the end of each line has the letter "l", not the
number "1" at the end of the line. And a
backtick, i.e., `
, is used before
"verizon.net" while a single quote is used after it.
[ More Info ]
[/network/email/sendmail]
permanent link
Sat, Jan 06, 2018 5:01 pm
Configuring Sendmail to always allow Steam email
A family member wasn't receiving email for a
Steam
account she created to play a
PC game.
Her email comes through a
Sendmail
email server I manage and I found that a
Domain Name
System-based Blackhole List (DNSBL), the
Spam and Open Relay Blocking System (SORBS), had blocked
email from the IP address that
Valve
had for the email server used to send email to her about the account.
When I checked the sendmail log file, I found the following two entries:
Dec 29 21:10:26 moonpoint sendmail[27413]: ruleset=check_relay, arg1=smtp03.stea
mpowered.com, arg2=127.0.0.6, relay=smtp03.steampowered.com [208.64.202.39], rej
ect=550 5.7.1 Spam Block:mail from 208.64.202.39 refused - see http://dnsbl.sorb
s.net/
Dec 29 21:17:35 moonpoint sendmail[27661]: ruleset=check_relay, arg1=smtp01.stea
mpowered.com, arg2=127.0.0.6, relay=smtp01.steampowered.com [208.64.202.37], rej
ect=550 5.7.1 Spam Block:mail from 208.64.202.37 refused - see http://dnsbl.sorb
s.net/
Checking, I found the following IP addresses and
fully qualified domain names (FQDNs) for Steam email
servers:
IP Address | FQDN |
208.64.202.36 |
smtp.steampowered.com |
208.64.202.37 |
smtp01.steampowered.com |
208.64.202.38 |
smtp02.steampowered.com |
208.64.202.39 |
smtp03.steampowered.com |
208.64.202.40 |
steammail.steampowered.com |
To ensure that none of the DNSBLs I use with Sendmail will ever block
email from the Steam email servers, I added the following lines to
/etc/mail/access
:
Connect:208.64.202.36 OK
Connect:208.64.202.37 OK
Connect:208.64.202.38 OK
Connect:208.64.202.39 OK
Connect:208.64.202.40 OK
I then used the makemap hash
command to rebuild the access
database.
# makemap hash /etc/mail/access </etc/mail/access
#
Once I did that, she was able to receive the Steam-related email.
[/network/email/sendmail]
permanent link
Thu, Jan 05, 2017 4:02 pm
Email stuck in the sendmail queue
A user repoted that she didn't receive an email someone sent her today.
I checked the
/var/log/maillog
file to see if the mail server,
which is running
Sendmail, received the email. When I searched on part of the
sender's email address, I saw the message had been received by the mail
server:
# grep sbear /var/log/maillog
Jan 5 14:08:08 moonpoint sendmail[6276]: v05IxmvR006276: from=<sbearab1@y0hoo.c
om>, size=2339942, class=0, nrcpts=1, msgid=<1226622358.574156.1483642780691@mai
l.y0hoo.com>, proto=ESMTP, daemon=MTA, relay=omp1011.mail.ne1.y0hoo.com [98.138.
87.11]
So I checked Sendmail's queue with the
mailq command and saw
the message was stuck there. Note: Mailq is identical to sendmail -bp
.
# mailq
/var/spool/mqueue (1 request)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
v05IxmvR006276 2338155 Thu Jan 5 14:08 <sbearab1@y0hoo.com>
(host map: lookup (yahoo.com): deferred)
<abad_kitty@moonpoint.com>
Total requests: 1
#
The sendmail queue can be flushed with the command sendmail -q -v
.
# sendmail -q -v
Running /var/spool/mqueue/v05IxmvR006276 (sequence 1 of 1)
<abad_kitty@moonpoint.com>... aliased to ann
ann... Connecting to local...
ann... Sent
# mailq
/var/spool/mqueue is empty
Total requests: 0
#
The meaning of the -q
and -v
options to the
sendmail command are
shown below:
-q[time]
Process saved messages in the queue at given intervals. If time
is omitted, process the queue once. Time is given as a tagged
number, with `s' being seconds, `m' being minutes (default), `h'
being hours, `d' being days, and `w' being weeks. For example,
`-q1h30m' or `-q90m' would both set the timeout to one hour
thirty minutes. By default, sendmail will run in the back-
ground. This option can be used safely with -bd.
-v Go into verbose mode. Alias expansions will be announced, etc.
[/network/email/sendmail]
permanent link
Sat, Sep 03, 2016 9:26 pm
SparkPost smart host issue with Sendmail
I recently created a
SparkPost account
to use SparkPost for
smart host email delivery service for an organization's
monthly newsletter distribution by email. SparkPost provides a free level
of service that will allow one to send up to 100,000 messages per month.
I had switched back to another service, but when I discovered a problem with
deliveries through the other service yesterday, I reconfigured
Sendmail to
use the SparkPost
SMTP server as the smart host. To use the SparkPost SMTP
server, smtp.sparkpostmail.com, as the smart host, I had the following lines
in
/etc/mail/sendmail.mc
, but email was not reaching recipients.
dnl # Uncomment and edit the following line if your outgoing mail needs to
dnl # be sent out through an external mail server:
dnl #
define(`RELAY_MAILER_ARGS', `TCP $h 587')
define(`ESMTP_MAILER_ARGS', `TCP $h 587')
define(`SMART_HOST', `smtp.sparkpostmail.com')dnl
[ More
Info ]
[/network/email/sendmail]
permanent link
Sat, Sep 03, 2016 1:37 pm
Deleting the files associated with a mailq entry
While troubleshooting an email delivery problem on a
CentOS 7 Linux
server running
Sendmail, I saw an unexpected entry when I checked the mail queue with
the
mailq command.
# mailq
/var/spool/mqueue (7 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
u83BWu3X020476 1010 Sat Sep 3 07:32 <apache@example.com>
(Deferred: Connection refused by mail.user-mail.net.)
<donniemenniti12345@yahoo.com>
The system was running
Apache, but I would not expect any email to originate from Apache destined
for a Yahoo
email address.
The contents of queued email are stored in the /var/spool/mqueue
directory. For a queued message there will normally be two files,
one beginning with the letters "df" and the other with the letters "qf",
containing the queue id, in this case u83BWu3X020476
, as the
rest of the file name.
# ls /var/spool/mqueue/??u83BWu3X020476
/var/spool/mqueue/dfu83BWu3X020476 /var/spool/mqueue/qfu83BWu3X020476
#
Note: you will only be able to access these files from the root account.
[ More Info ]
[/network/email/sendmail]
permanent link
Fri, Sep 02, 2016 10:32 pm
No longer need to run m4 to rebuild sendmail.cf under CentOS 7
When I was running
Sendmail on a
CentOS 5 server, I needed to use the
m4 command after modifying
/etc/sendmail.mc
to rebuild
/etc/sendmail.cf
from
that file, i.e.,
m4 /etc/mail/sendmail.mc >
/etc/mail/sendmail.cf
. E.g., see
Configuring Sendmail to
Use a Smart Host, but that is no longer needed with CentOS 7 and,
though I went from CentOS 5 to 7, may have gone away as a needed step
in CentOS 6. Now, if you modify
/etc/sendmail.mc
, when
you restart sendmail, e.g., with
service sendmail restart
,
the
sendmail.cf
file is automatically rebuilt.
[ More Info ]
[/network/email/sendmail]
permanent link
Thu, Aug 18, 2016 10:46 pm
Bitdefender milter causing Sendmail restart failure
I needed to change the
smart host setting for a Sendmail email server, so I edited
/etc/mail/sendmail.mc
and rebuilt
/etc/mail/sendmail.cf
with the
m4 command.
I then attempted to restart
Sendmail, but it did not restart.
# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# service sendmail restart
Redirecting to /bin/systemctl restart sendmail.service
Job for sendmail.service failed because the control process exited with error code. See "systemctl status sendmail.service" and "journalctl -xe" for details.
When I issued a systemctl status sendmail.service
command
for further information, I saw the following:
# systemctl status sendmail.service
● sendmail.service - Sendmail Mail Transport Agent
Loaded: loaded (/usr/lib/systemd/system/sendmail.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Thu 2016-08-18 15:40:49 EDT; 11s ago
Process: 25578 ExecStart=/usr/sbin/sendmail -bd $SENDMAIL_OPTS $SENDMAIL_OPTARG (code=exited, status=78)
Process: 25573 ExecStartPre=/etc/mail/make aliases (code=exited, status=0/SUCCESS)
Process: 25570 ExecStartPre=/etc/mail/make (code=exited, status=0/SUCCESS)
Main PID: 3394 (code=exited, status=0/SUCCESS)
Aug 18 15:40:49 moonpoint.com systemd[1]: Starting Sendmail Mail Transport A....
Aug 18 15:40:49 moonpoint.com sendmail[25578]: 554 5.0.0 /etc/mail/sendmail....d
Aug 18 15:40:49 moonpoint.com sendmail[25578]: NOQUEUE: SYSERR(root): /etc/m...d
Aug 18 15:40:49 moonpoint.com sendmail[25578]: NOQUEUE: SYSERR(root): InputF...y
Aug 18 15:40:49 moonpoint.com sendmail[25578]: 451 4.0.0 InputFilter BitDefe...y
Aug 18 15:40:49 moonpoint.com systemd[1]: sendmail.service: control process ...8
Aug 18 15:40:49 moonpoint.com systemd[1]: Failed to start Sendmail Mail Tran....
Aug 18 15:40:49 moonpoint.com systemd[1]: Unit sendmail.service entered fail....
Aug 18 15:40:49 moonpoint.com systemd[1]: sendmail.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
When I undid the changes I had made to sendmail.mc
, the issue
remained. When I used the
journalctl command to check on the problem, I saw the following:
# journalctl -xe
--
-- Unit sendmail.service has failed.
--
-- The result is failed.
Aug 18 15:43:25 moonpoint.com systemd[1]: Dependency failed for Sendmail Mail Tr
-- Subject: Unit sm-client.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit sm-client.service has failed.
--
-- The result is dependency.
Aug 18 15:43:25 moonpoint.com systemd[1]: Job sm-client.service/start failed wit
Aug 18 15:43:25 moonpoint.com systemd[1]: Unit sendmail.service entered failed s
Aug 18 15:43:25 moonpoint.com systemd[1]: sendmail.service failed.
Aug 18 15:43:25 moonpoint.com polkitd[771]: Unregistered Authentication Agent fo
Aug 18 15:43:53 moonpoint.com sshd[25845]: Address 168.176.56.13 maps to wimax13
Aug 18 15:43:53 moonpoint.com sshd[25845]: Invalid user log from 168.176.56.13
Aug 18 15:43:53 moonpoint.com sshd[25845]: input_userauth_request: invalid user
Aug 18 15:43:53 moonpoint.com sshd[25845]: pam_unix(sshd:auth): check pass; user
Aug 18 15:43:53 moonpoint.com sshd[25845]: pam_unix(sshd:auth): authentication f
Aug 18 15:43:55 moonpoint.com sshd[25845]: Failed password for invalid user log
Aug 18 15:43:56 moonpoint.com sshd[25845]: Connection closed by 168.176.56.13 [p
lines 1490-1512/1512 (END)
[ More
Info ]
[/network/email/sendmail]
permanent link
Mon, Aug 01, 2016 11:08 pm
Determining the version of Microsoft Windows from the command line
You can determine the version of Microsoft Windows on a system from a
command line interface (CLI), e.g., a command prompt, using the
systeminfo command.
Since that command will provide a lot of other information
on the system, you can filter the output to see only the
operating system (OS) version by piping its output into the
findstr command using
the "|"
pipe character. The command below will show only the
operating system version:
C:\>systeminfo | findstr /R "^OS.Version"
OS Version: 10.0.10586 N/A Build 10586
C:\>
The /R
option indicates that the findstr command should perform
its search based on a regular expression. The "^" character is a character
that when included in a regular expression means that what follows should be
at the beginning of the line. Without it, you could see something like the
following, instead, since "BIOS Version also matches:
C:\>systeminfo | findstr /R "OS.Version"
systeminfo | findstr /R "OS.Version"
OS Version: 10.0.10586 N/A Build 10586
BIOS Version: Dell Inc. A04, 11/21/2011
C:\>
The period between "OS" and "Version" indicates in a regular expression that
any one character in that space will match; in this case there is a space
character between the two words, which will match the period in a regular
expression. If you want to have a period treated as a period rather than
serving its function as a regular expression character, you can "escape"
its meaning by using the backslash, i.e. "\",
escape character.
[ More Info ]
[/network/email/sendmail]
permanent link
Privacy Policy
Contact