1

I am an absolute newB on sendmail, now I installed sendmail, configured it (as far as i know) added localhost-names, added access entries added virtuser entry, opened port 25 in iptables.

My DNS is pointing to my server!

Now when I connect from another location on the internet, and use telnet server.com 25 and use manual SMTP commands (HELO, MAIL From etc) the mail goes and arrives and gets put to the right user. but When I use another client and it's relayed by (for example google) I get this error back:

Relaying denied. Proper authentication required. (state 14).

What setting did I forget? Any config files I need to post so you can help me? I use CentOS 5.5 and the latest sendmail rpm

local-host-names:

localhost localhost.localdomain footballmatcher.com

access:

Connect:localhost.localdomain RELAY Connect:localhost RELAY Connect:127.0.0.1 RELAY footballmatcher.com OK

domaintable = empty mailertable = empty trustedusers = empty virtusertable = empty

sendmail.mc (extract from webmin, so firt line word is not real)

Entry type Line in configuration file Move Other divert(-1)dnl Other dnl # Other dnl # This is the sendmail macro config file for m4. If you make changes to Other dnl # /etc/mail/sendmail.mc, you will need to regenerate the Other dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf package is Other dnl # installed and then performing a Other dnl # Other dnl # make -C /etc/mail Other dnl # Other include(`/usr/share/sendmail-cf/m4/cf.m4')dnl Other VERSIONID(`setup for linux')dnl OS Type OSTYPE(`linux')dnl Other dnl # Other dnl # Do not advertize sendmail version. Other dnl # Other dnl define(`confSMTP_LOGIN_MSG', `$j Sendmail; $b')dnl Other dnl # Other dnl # default logging level is 9, you might want to set it higher to Other dnl # debug the configuration Other dnl # Other dnl define(`confLOG_LEVEL', `9')dnl Other dnl # Other dnl # Uncomment and edit the following line if your outgoing mail needs to Other dnl # be sent out through an external mail server: Other dnl # Other dnl define(`SMART_HOST', `smtp.your.provider')dnl Other dnl # Define define(`confDEF_USER_ID', ``8:12'')dnl Other dnl define(`confAUTO_REBUILD')dnl Define define(`confTO_CONNECT', `1m')dnl Define define(`confTRY_NULL_MX_LIST', `True')dnl Define define(`confDONT_PROBE_INTERFACES', `True')dnl Define define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl Define define(`ALIAS_FILE', `/etc/aliases')dnl Define define(`STATUS_FILE', `/var/log/mail/statistics')dnl Define define(`UUCP_MAILER_MAX', `2000000')dnl Define define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl Define define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl Define define(`confAUTH_OPTIONS',`A') Other dnl # Other dnl # The following allows relaying if the user authenticates, and disallows Other dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links Other dnl # Other dnl # Other dnl # PLAIN is the preferred plaintext authentication method and used by Other dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs do Other dnl # use LOGIN. Other mechanisms should be used if the connection is not Other dnl # guaranteed secure. Other dnl # Please remember that saslauthd needs to be running for AUTH. Other dnl # Other TRUST_AUTH_MECH(`LOGIN PLAIN')dnl Define define(`confAUTH_MECHANISMS',`LOGIN PLAIN') Other dnl # Other dnl # Rudimentary information on creating certificates for sendmail TLS: Other dnl # cd /etc/pki/tls/certs; make sendmail.pem Other dnl # Complete usage: Other dnl # make -C /etc/pki/tls/certs usage Other dnl # Other dnl define(`confCACERT_PATH', `/etc/pki/tls/certs')dnl Other dnl define(`confCACERT', `/etc/pki/tls/certs/ca-bundle.crt')dnl Other dnl define(`confSERVER_CERT', `/etc/pki/tls/certs/sendmail.pem')dnl Other dnl define(`confSERVER_KEY', `/etc/pki/tls/certs/sendmail.pem')dnl Other dnl # Other dnl # This allows sendmail to use a keyfile that is shared with OpenLDAP's Other dnl # slapd, which requires the file to be readble by group ldap Other dnl # Other dnl define(`confDONT_BLAME_SENDMAIL', `groupreadablekeyfile')dnl Other dnl # Other dnl define(`confTO_QUEUEWARN', `4h')dnl Other dnl define(`confTO_QUEUERETURN', `5d')dnl Other dnl define(`confQUEUE_LA', `12')dnl Other dnl define(`confREFUSE_LA', `18')dnl Define define(`confTO_IDENT', `0')dnl Other dnl FEATURE(delay_checks)dnl Feature FEATURE(`no_default_msa', `dnl')dnl Feature FEATURE(`smrsh', `/usr/sbin/smrsh')dnl Feature FEATURE(`mailertable', `hash -o /etc/mail/mailertable.db')dnl Feature FEATURE(`virtusertable', `hash -o /etc/mail/virtusertable.db')dnl Feature FEATURE(redirect)dnl Feature FEATURE(always_add_domain)dnl Feature FEATURE(use_cw_file)dnl Feature FEATURE(use_ct_file)dnl Other dnl # Other dnl # The following limits the number of processes sendmail can fork to accept Other dnl # incoming messages or process its message queues to 20.) sendmail refuses Other dnl # to accept connections once it has reached its quota of child processes. Other dnl # Other dnl define(`confMAX_DAEMON_CHILDREN', `20')dnl Other dnl # Other dnl # Limits the number of new connections per second. This caps the overhead Other dnl # incurred due to forking new sendmail processes. May be useful against Other dnl # DoS attacks or barrages of spam. (As mentioned below, a per-IP address Other dnl # limit would be useful but is not available as an option at this writing.) Other dnl # Other dnl define(`confCONNECTION_RATE_THROTTLE', `3')dnl Other dnl # Other dnl # The -t option will retry delivery if e.g. the user runs over his quota. Other dnl # Feature FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl Feature FEATURE(`access_db', `hash -T<TMPF> -o /etc/mail/access.db')dnl Feature FEATURE(`blacklist_recipients')dnl Other EXPOSED_USER(`root')dnl Other dnl # Other dnl # For using Cyrus-IMAPd as POP3/IMAP server through LMTP delivery uncomment Other dnl # the following 2 definitions and activate below in the MAILER section the Other dnl # cyrusv2 mailer. Other dnl # Other dnl define(`confLOCAL_MAILER', `cyrusv2')dnl Other dnl define(`CYRUSV2_MAILER_ARGS', `FILE /var/lib/imap/socket/lmtp')dnl Other dnl # Other dnl # The following causes sendmail to only listen on the IPv4 loopback address Other dnl # 127.0.0.1 and not on any other network devices. Remove the loopback Other dnl # address restriction to accept email from the internet or intranet. Other dnl # Other DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl Other dnl # Other dnl # The following causes sendmail to additionally listen to port 587 for Other dnl # mail from MUAs that authenticate. Roaming users who can't reach their Other dnl # preferred sendmail daemon due to port 25 being blocked or redirected find Other dnl # this useful. Other dnl # Other dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl Other dnl # Other dnl # The following causes sendmail to additionally listen to port 465, but Other dnl # starting immediately in TLS mode upon connecting. Port 25 or 587 followed Other dnl # by STARTTLS is preferred, but roaming clients using Outlook Express can't Other dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use STARTTLS Other dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses smtps Other dnl # when SSL is enabled-- STARTTLS support is available in version 1.1.1. Other dnl # Other dnl # For this to work your OpenSSL certificates must be configured. Other dnl # Other dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl Other dnl # Other dnl # The following causes sendmail to additionally listen on the IPv6 loopback Other dnl # device. Remove the loopback address restriction listen to the network. Other dnl # Other dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl Other dnl # Other dnl # enable both ipv6 and ipv4 in sendmail: Other dnl # Other dnl DAEMON_OPTIONS(`Name=MTA-v4, Family=inet, Name=MTA-v6, Family=inet6') Other dnl # Other dnl # We strongly recommend not accepting unresolvable domains if you want to Other dnl # protect yourself from spam. However, the laptop and users on computers Other dnl # that do not have 24x7 DNS do need this. Other dnl # Feature FEATURE(`accept_unresolvable_domains')dnl Other dnl # Other dnl FEATURE(`relay_based_on_MX')dnl Other dnl # Other dnl # Also accept email sent to "localhost.localdomain" as local email. Other dnl # Other LOCAL_DOMAIN(`localhost.localdomain')dnl Other dnl # Other dnl # The following example makes mail from this host and any additional Other dnl # specified domains appear to be sent from mydomain.com Other dnl # Other dnl MASQUERADE_AS(`mydomain.com')dnl Other dnl # Other dnl # masquerade not just the headers, but the envelope as well Other dnl # Other dnl FEATURE(masquerade_envelope)dnl Other dnl # Other dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com as well Other dnl # Other dnl FEATURE(masquerade_entire_domain)dnl Other dnl # Other dnl MASQUERADE_DOMAIN(localhost)dnl Other dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl Other dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl Other dnl MASQUERADE_DOMAIN(mydomain.lan)dnl Mailer MAILER(smtp)dnl Mailer MAILER(procmail)dnl Other dnl MAILER(cyrusv2)dnl
Improve this question
1
  • as you can see, my domain name is footballmatcher.com Commented Feb 8, 2011 at 6:34

2 Answers 2

Reset to default
3

According to your sendmail.mc your sendmail setup supports SMTP authentication and STARTTLS. When you connect "by hand" (telnet) on port 25 you are not using any of these options. However, it seems that your client is setup to connect to your sendmail server and use either SMTP authentication or STARTTLS (or both) and your server, although it claims to support these options, is not properly configured.

Have your client connect to port 25 at the server and uncheck any options that enable STARTTLS, SSL, TLS or SMTP-AUTH. Your other choice is to configurethem properly after reading the sendmail documentation.

Improve this answer
0

Use SMTP authorization(local login and password):

AUTH PLAIN base64("\000email\000password")

or accept to relay your ip in /etc/mail/access

192.168.1.1 RELAY

and then create map "makemap hash /etc/mail/access.db < /etc/mail/access"

Improve this answer
2
  • nothing... my accesslist contains my domain name and ip address with RELAY. I created DNS records directly to my A record, and A record points to my server. Also Created TXT record with SPF (or something) record, which allows that server to relay. local-hosts... file contains all my domain names as well. Commented Feb 7, 2011 at 15:52
  • access don't contains domain. it contains "HOST(IP OR DNS) ACTION". add access file and mail log to question. Commented Feb 7, 2011 at 16:04

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.