Find the answer to your Linux question:
Results 1 to 9 of 9
I have compiled smtp AUTH with sendmail it can authenticate properly, but it will refuse to relay the mail. here is a copy of the sendmail log for the communications ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Apr 2003
    Posts
    4

    SMTP AUTH Problem ?


    I have compiled smtp AUTH with sendmail it can authenticate properly, but it will refuse to relay the mail. here is a copy of the sendmail log for the communications from the external client to the mail server.

    a hint also is that when i ssh to the server and do the exact same thing it works fine.


    16131 >>> 220 mail.mydomain.net ESMTP Sendmail 8.12.9/8.12.9; Wed, 9 Apr 2003 16:35:29 -0500
    16131 <<< EHLO sonytop^M
    16131 >>> 250-mail.mydomain.net Hello adsl-67-65-137-215.dsl.REMOVED.net [67.65.137.215], pleased to meet you
    16131 >>> 250-ENHANCEDSTATUSCODES
    16131 >>> 250-PIPELINING
    16131 >>> 250-EXPN
    16131 >>> 250-VERB
    16131 >>> 250-8BITMIME
    16131 >>> 250-SIZE
    16131 >>> 250-DSN
    16131 >>> 250-ETRN
    16131 >>> 250-AUTH LOGIN PLAIN
    16131 >>> 250-DELIVERBY
    16131 >>> 250 HELP
    16131 <<< AUTH LOGIN^M
    16131 >>> 334 VXNlcm5hbWU6
    16131 <<< base 64 username
    16131 >>> 334 UGFzc3dvcmQ6
    16131 <<< base64 password
    16131 >>> 235 2.0.0 OK Authenticated
    16131 <<< MAIL FROM: <ddecker@REMOVED.net>^M
    16131 >>> 250 2.1.0 <ddecker@REMOVED.net>... Sender ok
    16131 <<< RCPT TO: <fake@fake.com>^M
    16131 >>> 550 5.7.1 <fake@fake.com>... Relaying denied
    16131 <<< QUIT^M
    16131 >>> 221 2.0.0 mail.REMOVED.net closing connection


    here is a copy of the mc
    divert(0)dnl
    VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $')
    OSTYPE(linux)dnl
    DOMAIN(generic)dnl
    define(`confAUTH_MECHANISMS', 'LOGIN PLAIN')dnl
    TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
    MAILER(local)dnl
    MAILER(smtp)dnl

  2. #2
    Linux Newbie
    Join Date
    Apr 2003
    Location
    UK, Manchester
    Posts
    147
    Cant help with your problem, just wanted to point out that its not the best idea to post your ip address on a bbs.

  3. #3
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    I don't know if there are any better ways, but when I want to allow a sendmail server to relay, I add the network names/IP addresses of the computers allowed to relay through it to my /etc/mail/access. For example, to allow all my internal clients to relay through the sendmail on my router, I added this line:
    192.168.0 RELAY

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    I use pop before smtp authentication. I have a perl daemon running which parses the mail logs for ips from pop3/imap connections then adds them to a file. I have the mta enable relaying for that file. After 20min, the perl daemon removes the ips from the file.

  6. #5
    Just Joined!
    Join Date
    Apr 2003
    Posts
    4
    Well as far as my home IP i dont care, its dynamic, ill prolly never see that ip again.. I thought that i had removed the server name. I do see where i missed it. I dont see a way to go back and edit a post though. Guess i just have to ask for a moderators help and ask them to take off the server name.


    but back to the original issue. most of the employees use qwest to connect to the net. Since we are nationwide there is a vast pool of ips that the people can be assigned. It would be impossible to list them all in the access file. And that is why i setup SMTP AUTH i thought it was going to replace the access file, by accepting only authenticated connections.


    any suggestions?

  7. #6
    Linux Guru
    Join Date
    Oct 2001
    Location
    Täby, Sweden
    Posts
    7,578
    Well, if only AUTH'ed connections are accepted, you can probably just allow everyone to forward, since no un-AUTH'ed connections will get that far anyway. Alternatively, if all clients are part of the same DNS name, just add "mydomain.tld RELAY" to allow relaying for all clients whose DNS reverse lookups yields a result that ends in mydomain.tld.

  8. #7
    Just Joined!
    Join Date
    Jul 2002
    Location
    Madison, WI.
    Posts
    36
    genlee's solution is the most glamourous, and a lot of ISPs do that so you can check AND send mail when dialed-up to other networks. Genlee, do you have a link to a walkthrough on setting that up? I'd love to give it a try.

  9. #8
    Linux Engineer
    Join Date
    Jan 2003
    Location
    Lebanon, pa
    Posts
    994
    No I don't have a link but if you search for it on google there are plenty. I looked at how some others do it and wrote my own for my server. I do remember seeing some howto's on it and it is discussed a lot on usenet. Search at www.deja.com as well as google and you should find plenty of info.

  10. #9
    Just Joined!
    Join Date
    Jul 2002
    Location
    Madison, WI.
    Posts
    36
    Thanks!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •