FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > CentOS > CentOS

 
 
LinkBack Thread Tools
 
Old 05-15-2012, 07:44 PM
Jussi Hirvi
 
Default Sendmail problem - baffled

Our backup mail server (which I have just re-configured) tries to
contact the primary mail server, and fails. My log shows repeatedly
"connection refused":

May 15 22:21:41 mx2 sm-mta-rx[8674]: q4FIhPij007483: makeconnection
(mail.greenspot.fi. [83.143.217.182]) failed: Connection refused by
mail.greenspot.fi.
May 15 22:21:41 mx2 sm-mta-rx[8674]: q4FIhPij007483:
to=<myuser@mydomain.com>, delay=00:38:16, xdelay=00:00:00, mailer=esmtp,
pri=10021795, relay=mail.greenspot.fi. [83.143.217.182], dsn=4.0.0,
stat=Deferred: Connection refused by mail.greenspot.fi.

But yet I can successfully telnet that host:

# telnet mail.greenspot.fi 25
Trying 83.143.217.182...
Connected to mail.greenspot.fi (83.143.217.182).
Escape character is '^]'.
220 mail.greenspot.fi ESMTP Sendmail; Tue, 15 May 2012 22:34:22 +0300

Also, the mailer-daemon *can* send automatic warning messages to
mail.greenspot.fi just fine.

So, the error probably is in my sendmail configuration.

The error appeared as I today reconfigured the backup mail server to use
a "dual sendmail" setup with amavis and greylisting. How could I proceed?

- Jussi
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 08:22 PM
Alexander Dalloz
 
Default Sendmail problem - baffled

Am 15.05.2012 21:44, schrieb Jussi Hirvi:
> Our backup mail server (which I have just re-configured) tries to
> contact the primary mail server, and fails. My log shows repeatedly
> "connection refused":
>
> May 15 22:21:41 mx2 sm-mta-rx[8674]: q4FIhPij007483: makeconnection
> (mail.greenspot.fi. [83.143.217.182]) failed: Connection refused by
> mail.greenspot.fi.
> May 15 22:21:41 mx2 sm-mta-rx[8674]: q4FIhPij007483:
> to=<myuser@mydomain.com>, delay=00:38:16, xdelay=00:00:00, mailer=esmtp,
> pri=10021795, relay=mail.greenspot.fi. [83.143.217.182], dsn=4.0.0,
> stat=Deferred: Connection refused by mail.greenspot.fi.
>
> But yet I can successfully telnet that host:
>
> # telnet mail.greenspot.fi 25
> Trying 83.143.217.182...
> Connected to mail.greenspot.fi (83.143.217.182).
> Escape character is '^]'.
> 220 mail.greenspot.fi ESMTP Sendmail; Tue, 15 May 2012 22:34:22 +0300

It is technically impossible that the telnet to target port 25 succeeds
from the same system on which the Sendmail gets a connection refused,
unless Sendmail is configured to use a non-standard target port.

> Also, the mailer-daemon *can* send automatic warning messages to
> mail.greenspot.fi just fine.
>
> So, the error probably is in my sendmail configuration.
>
> The error appeared as I today reconfigured the backup mail server to use
> a "dual sendmail" setup with amavis and greylisting. How could I proceed?

Deeply inspect your sendmail.mc files. Provide them here if you like to
get assistance.

> - Jussi

Alexander
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 08:27 PM
Jussi Hirvi
 
Default Sendmail problem - baffled

Some more info. Below is a more complete telnet session from backup mail
server (mx2.greenspot.fi) to primary mail server (mail.greenspot.fi).

It only proves that sending mail works fine from command-line. But my
sendmail setup cannot do the same.

I wrote that MAILER-DAEMON can get mail through. I am not actually sure
about that. (One warning message did come through, but maybe it was
because something I changed in the config - not sure anymore.)

Here's the successful telnet session:

[root@mx2 ~]# telnet mail.greenspot.fi 25
Trying 83.143.217.182...
Connected to mail.greenspot.fi (83.143.217.182).
Escape character is '^]'.
220 mail.greenspot.fi ESMTP Sendmail; Tue, 15 May 2012 23:17:59 +0300
HELO mx2.greenspot.fi
250 mail.greenspot.fi Hello mx2.greenspot.fi [83.143.217.179], pleased
to meet you
MAIL FROM: me1@domain.com
250 2.1.0 me1@domain.com... Sender ok
RCPT TO: me2@domain.com
250 2.1.5 me2@domain.com... Recipient ok
DATA
354 Enter mail, end with "." on a line by itself
Testing testing
.
250 2.0.0 q4FKHxf7012785 Message accepted for delivery
QUIT
221 2.0.0 mail.greenspot.fi closing connection
Connection closed by foreign host.

- Jussi
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 08:33 PM
 
Default Sendmail problem - baffled

Jussi Hirvi wrote:
> Some more info. Below is a more complete telnet session from backup mail
> server (mx2.greenspot.fi) to primary mail server (mail.greenspot.fi).
>
> It only proves that sending mail works fine from command-line. But my
> sendmail setup cannot do the same.
<snip>
Is there any chance that your sendmail is sending an invalid id?

mark


_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 08:48 PM
Jussi Hirvi
 
Default Sendmail problem - baffled

On 15.5.2012 23.22, Alexander Dalloz wrote:
> It is technically impossible that the telnet to target port 25 succeeds
> from the same system on which the Sendmail gets a connection refused,
> unless Sendmail is configured to use a non-standard target port.

That is why I am baffled. :-/

I could use a way to see what port sendmail is actually using to make
the contact. My assumption is that when the log entry (see my orig post)
says "mailer=esmtp,", it implies port 25 - but then it really does not
make sense that the connection is refused.

On the primary mail server (which I try in vain to contact) I see
*nothing* about the failed connections in the maillog, even though I
raised log_level to 19.

Below is my thishost-tx.mc. It looks totally ok to me, but maybe
somebody else spots something there. This is a dual-sendmail setup, and
this is the conf for the transmitting sendmail instance.

- Jussi

divert(-1)dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
VERSIONID(`MTA-TX jh-2012-05')dnl
OSTYPE(`linux')dnl
define(`confSMTP_LOGIN_MSG', `$w.tx.$m Sendmail $v/$Z; $b')dnl MTA-TX
define(`confLOG_LEVEL', `19')dnl
define(`confDEF_USER_ID', ``8:12')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST', `True')dnl
define(`confDONT_PROBE_INTERFACES', `True')dnl
define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
define(`STATUS_FILE', `/var/log/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC',
`/etc/mail/userdb.db')dnldefine(`confPRIVACY_FLAGS',
`authwarnings,novrfy,noexpn,restrictqrun,restrictm ai
lq')dnl
define(`confAUTH_OPTIONS', `A')dnl
define(`confTO_QUEUEWARN', `2h')dnl
define(`confTO_QUEUERETURN', `2d')dnl
define(`confREFUSE_LA', `999')dnl disabled; limiting belongs to MTA-RX
define(`confTO_IDENT', `0')dnl
FEATURE(`no_default_msa', `dnl')dnl
FEATURE(`nocanonify')dnl host/dom names considered caninical at MTA-TX
FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
FEATURE(`mailertable', `hash /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable', `hash /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl (= local-host-names)
FEATURE(use_ct_file)dnl
define(`confMAX_DAEMON_CHILDREN', `0') dnl disabled; limiting belongs to
MTA-RX
FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
EXPOSED_USER(`root')dnl
DAEMON_OPTIONS(`Addr=127.0.0.1,Port=10025,Name=MTA-TX')dnl
FEATURE(`accept_unresolvable_domains')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
LOCAL_DOMAIN(`[127.0.0.1]')dnl
LOCAL_DOMAIN(`127.0.0.1')dnl
MAILER(smtp)dnl
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 08:54 PM
Alexander Dalloz
 
Default Sendmail problem - baffled

Am 15.05.2012 22:48, schrieb Jussi Hirvi:
> Below is my thishost-tx.mc. It looks totally ok to me, but maybe
> somebody else spots something there. This is a dual-sendmail setup, and
> this is the conf for the transmitting sendmail instance.
>
> - Jussi
>
> divert(-1)dnl
> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
> VERSIONID(`MTA-TX jh-2012-05')dnl
> OSTYPE(`linux')dnl
> define(`confSMTP_LOGIN_MSG', `$w.tx.$m Sendmail $v/$Z; $b')dnl MTA-TX
> define(`confLOG_LEVEL', `19')dnl
> define(`confDEF_USER_ID', ``8:12')dnl
> define(`confTO_CONNECT', `1m')dnl
> define(`confTRY_NULL_MX_LIST', `True')dnl
> define(`confDONT_PROBE_INTERFACES', `True')dnl
> define(`PROCMAIL_MAILER_PATH', `/usr/bin/procmail')dnl
> define(`ALIAS_FILE', `/etc/aliases')dnl
> define(`STATUS_FILE', `/var/log/mail/statistics')dnl
> define(`UUCP_MAILER_MAX', `2000000')dnl
> define(`confUSERDB_SPEC',
> `/etc/mail/userdb.db')dnldefine(`confPRIVACY_FLAGS',
> `authwarnings,novrfy,noexpn,restrictqrun,restrictm ai
> lq')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> define(`confTO_QUEUEWARN', `2h')dnl
> define(`confTO_QUEUERETURN', `2d')dnl
> define(`confREFUSE_LA', `999')dnl disabled; limiting belongs to MTA-RX
> define(`confTO_IDENT', `0')dnl
> FEATURE(`no_default_msa', `dnl')dnl
> FEATURE(`nocanonify')dnl host/dom names considered caninical at MTA-TX
> FEATURE(`smrsh', `/usr/sbin/smrsh')dnl
> FEATURE(`mailertable', `hash /etc/mail/mailertable.db')dnl
> FEATURE(`virtusertable', `hash /etc/mail/virtusertable.db')dnl
> FEATURE(redirect)dnl
> FEATURE(always_add_domain)dnl
> FEATURE(use_cw_file)dnl (= local-host-names)
> FEATURE(use_ct_file)dnl
> define(`confMAX_DAEMON_CHILDREN', `0') dnl disabled; limiting belongs to
> MTA-RX
> FEATURE(local_procmail, `', `procmail -t -Y -a $h -d $u')dnl
> EXPOSED_USER(`root')dnl
> DAEMON_OPTIONS(`Addr=127.0.0.1,Port=10025,Name=MTA-TX')dnl
> FEATURE(`accept_unresolvable_domains')dnl
> LOCAL_DOMAIN(`localhost.localdomain')dnl
> LOCAL_DOMAIN(`[127.0.0.1]')dnl
> LOCAL_DOMAIN(`127.0.0.1')dnl
> MAILER(smtp)dnl

What is the content of the submit.mc? Your previous log snipplet showed

> May 15 22:21:41 mx2 sm-mta-rx[8674]: q4FIhPij007483: makeconnection

So there must be "sm-mta-rx" be defined somewhere.

Alexander
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 08:55 PM
Jussi Hirvi
 
Default Sendmail problem - baffled

On 15.5.2012 23.33, m.roth@5-cent.us wrote:
> Is there any chance that your sendmail is sending an invalid id?

Uh, what do you mean by id? Domain name? I assume that comes from
/etc/sysconfig/network. which correctly says
> HOSTNAME=mx2.greenspot.fi

- Jussi
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 08:57 PM
Bowie Bailey
 
Default Sendmail problem - baffled

On 5/15/2012 4:48 PM, Jussi Hirvi wrote:
> On 15.5.2012 23.22, Alexander Dalloz wrote:
>> It is technically impossible that the telnet to target port 25 succeeds
>> from the same system on which the Sendmail gets a connection refused,
>> unless Sendmail is configured to use a non-standard target port.
> That is why I am baffled. :-/
>
> I could use a way to see what port sendmail is actually using to make
> the contact. My assumption is that when the log entry (see my orig post)
> says "mailer=esmtp,", it implies port 25 - but then it really does not
> make sense that the connection is refused.
>
> On the primary mail server (which I try in vain to contact) I see
> *nothing* about the failed connections in the maillog, even though I
> raised log_level to 19.

You could use wireshark to monitor the network traffic and determine
exactly what happens when sendmail tries to make the connection.

--
Bowie
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 09:18 PM
John Hinton
 
Default Sendmail problem - baffled

On 5/15/2012 4:57 PM, Bowie Bailey wrote:
> On 5/15/2012 4:48 PM, Jussi Hirvi wrote:
>> On 15.5.2012 23.22, Alexander Dalloz wrote:
>>> It is technically impossible that the telnet to target port 25 succeeds
>>> from the same system on which the Sendmail gets a connection refused,
>>> unless Sendmail is configured to use a non-standard target port.
>> That is why I am baffled. :-/
>>
>> I could use a way to see what port sendmail is actually using to make
>> the contact. My assumption is that when the log entry (see my orig post)
>> says "mailer=esmtp,", it implies port 25 - but then it really does not
>> make sense that the connection is refused.
>>
>> On the primary mail server (which I try in vain to contact) I see
>> *nothing* about the failed connections in the maillog, even though I
>> raised log_level to 19.
> You could use wireshark to monitor the network traffic and determine
> exactly what happens when sendmail tries to make the connection.
>
A couple of things to check. I don't know if these servers are in the
same location or not but it is possible if not, that your provider
blocks port 25. Here are two configs to check.

dnl # The following causes sendmail to only listen on the IPv4 loopback
address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp, Name=MTA')dnl

If this is not done on the primary, it will not listen to anything but
itself.... so the backup wouldn't be able to contact it.

dnl #
dnl # The following causes sendmail to additionally listen to port 587 for
dnl # mail from MUAs that authenticate. Roaming users who can't reach their
dnl # preferred sendmail daemon due to port 25 being blocked or
redirected find
dnl # this useful.
dnl #
DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl

and this if it is possible that port 25 is blocked.

Sorry if this has already been discussed. I stepped in late on the
conversation.

--
John Hinton
877-777-1407 ext 502
http://www.ew3d.com
Comprehensive Online Solutions

_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 
Old 05-15-2012, 09:19 PM
Jussi Hirvi
 
Default Sendmail problem - baffled

On 15.5.2012 23.54, Alexander Dalloz wrote:
> What is the content of the submit.mc? Your previous log snipplet showed
>
>> > May 15 22:21:41 mx2 sm-mta-rx[8674]: q4FIhPij007483: makeconnection

> So there must be "sm-mta-rx" be defined somewhere.

Yes. In a dual sendmail setup there are two instances of sendmail. The
receiving one ("rx") dumps all email to amavis (TCP 10024), and then
amavis hauls everything back again to the other instance ("tx") (using
TCP 10025), which sends it away over net or piles it up in local mailboxes.

My conf for the "rx" instance is probably not important, as the "rx"
instance does not actually contact anything outside localhost. The
submit conf is for mail submission, so it is probably not used here.

- Jussi
_______________________________________________
CentOS mailing list
CentOS@centos.org
http://lists.centos.org/mailman/listinfo/centos
 

Thread Tools




All times are GMT. The time now is 08:14 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org