SMTP AUTH Problem ?
I have compiled smtp AUTH with sendmail it can authenticate properly, but it will refuse to relay the mail. here is a copy of the sendmail log for the communications from the external client to the mail server.
a hint also is that when i ssh to the server and do the exact same thing it works fine.
16131 >>> 220 mail.mydomain.net ESMTP Sendmail 8.12.9/8.12.9; Wed, 9 Apr 2003 16:35:29 -0500
16131 <<< EHLO sonytop^M
16131 >>> 250-mail.mydomain.net Hello adsl-67-65-137-215.dsl.REMOVED.net [18.104.22.168], pleased to meet you
16131 >>> 250-ENHANCEDSTATUSCODES
16131 >>> 250-PIPELINING
16131 >>> 250-EXPN
16131 >>> 250-VERB
16131 >>> 250-8BITMIME
16131 >>> 250-SIZE
16131 >>> 250-DSN
16131 >>> 250-ETRN
16131 >>> 250-AUTH LOGIN PLAIN
16131 >>> 250-DELIVERBY
16131 >>> 250 HELP
16131 <<< AUTH LOGIN^M
16131 >>> 334 VXNlcm5hbWU6
16131 <<< base 64 username
16131 >>> 334 UGFzc3dvcmQ6
16131 <<< base64 password
16131 >>> 235 2.0.0 OK Authenticated
16131 <<< MAIL FROM: <ddecker@REMOVED.net>^M
16131 >>> 250 2.1.0 <ddecker@REMOVED.net>... Sender ok
16131 <<< RCPT TO: <email@example.com>^M
16131 >>> 550 5.7.1 <firstname.lastname@example.org>... Relaying denied
16131 <<< QUIT^M
16131 >>> 221 2.0.0 mail.REMOVED.net closing connection
here is a copy of the mc
VERSIONID(`$Id: generic-linux.mc,v 8.1 1999/09/24 22:48:05 gshapiro Exp $')
define(`confAUTH_MECHANISMS', 'LOGIN PLAIN')dnl
Cant help with your problem, just wanted to point out that its not the best idea to post your ip address on a bbs.
I don't know if there are any better ways, but when I want to allow a sendmail server to relay, I add the network names/IP addresses of the computers allowed to relay through it to my /etc/mail/access. For example, to allow all my internal clients to relay through the sendmail on my router, I added this line:
I use pop before smtp authentication. I have a perl daemon running which parses the mail logs for ips from pop3/imap connections then adds them to a file. I have the mta enable relaying for that file. After 20min, the perl daemon removes the ips from the file.
Well as far as my home IP i dont care, its dynamic, ill prolly never see that ip again.. I thought that i had removed the server name. I do see where i missed it. I dont see a way to go back and edit a post though. Guess i just have to ask for a moderators help and ask them to take off the server name.
but back to the original issue. most of the employees use qwest to connect to the net. Since we are nationwide there is a vast pool of ips that the people can be assigned. It would be impossible to list them all in the access file. And that is why i setup SMTP AUTH i thought it was going to replace the access file, by accepting only authenticated connections.
Well, if only AUTH'ed connections are accepted, you can probably just allow everyone to forward, since no un-AUTH'ed connections will get that far anyway. Alternatively, if all clients are part of the same DNS name, just add "mydomain.tld RELAY" to allow relaying for all clients whose DNS reverse lookups yields a result that ends in mydomain.tld.
genlee's solution is the most glamourous, and a lot of ISPs do that so you can check AND send mail when dialed-up to other networks. Genlee, do you have a link to a walkthrough on setting that up? I'd love to give it a try.
No I don't have a link but if you search for it on google there are plenty. I looked at how some others do it and wrote my own for my server. I do remember seeing some howto's on it and it is discussed a lot on usenet. Search at www.deja.com as well as google and you should find plenty of info.