[Techtalk] sendmail config questions

Rudy L. Zijlstra rudy at edsons.demon.nl
Sat Aug 9 17:48:00 EST 2003 

Dennis Wheeler wrote:

>On Sat, 9 Aug 2003, Rudy L. Zijlstra wrote:
>
>  
>
>>Dennis Wheeler wrote:
>>
>>    
>>
>>>I've got a remote server running RH 7.1 and sendmail 8.9 (I think)
>>>
>>>      
>>>
>>Hmmm, upgrade to the latest version (8.12.9 last i looked), it has
>>several security fixes. As far as i know 7.1 is *old* and i have no clue
>>whether RH is still bringing out patches for it. You may have to install
>>from source. I have to admit i do not track RH (do not use them).
>>
>>    
>>
>
>We'll eventually upgrade, but that'll require a plane trip. I'd like to
>just get them up and running again first.
>
Can imagine. I've done upgrading over internet connections, and prefer 
doing that when a rescue mission is possible....

>
>  
>
>>>I suspect it might be an open relay, so I need to 1) turn that off if
>>>it is and 2) verfiy that's it's not afterwards.
>>>
>>>      
>>>
>>This is default off on the later releases. You have to explicitly enable
>>it to get an open relay with those
>>
>>    
>>
>
>That's what I thought, but I wasn't sure how to verify it to be one way or
>another.
>
Provided the NT exchange is well configured, there is an easy way out of 
this.... See further on.

>[snip] It's behind a firewall, but it is accepting connections to port 25
>  
>
>The logs show incoming messages, but they are being queued. It should
>forward them to the exchange server.
>
>I did try just now telneting to port 25 on the exchange server and sending
>mail to a local mailbox. The exchange server seems to be queueing them as
>well -- I'll be asking the NT admin about that in the morning.
>

>[snip again]
>
>resolv.conf points to the internal dns (running on nt) as primary, and the
>isp's dns as secondary
>
>The problem I see is that the isp's dns only knows abcd.ext.st.us (not
>real btw) and the internal dns only knows abcd.edu
>  
>
>>You likely need to tell sendmail to accept mail from both domain names.
>>I cannot tell more without knowing more about the setup.
>>
>>    
>>
>
>Is that in the sendmail config? or the MX records in the DNS? or both?
>  
>
[last snip]

In the sendmail.cf. I suggest trying the following, because you're too 
far away to experiment.

Configure the NT exchange server as the smart host. This will cause 
sendmail to forward anything except local mail to the exchange server.  
This will likely also take care of the open relay, if it is that: the 
exchange server should kill  that (or be able to).

take a look in sendmail.cf  where you should find something like:

# "Smart" relay host (may be null)
DS

Behind de DS add the ip address of the NT exchange server and restart 
sendmail.
If you need to teach sendmail to accept for several domains, one 
possible trick is:

Cwlocalhost
Cw<your internel domain>
Cw<your external domain>

I don't think its the documented manner, but i have had that working 
quit good for me.

Succes,

Rudy (who goes on to urgent own sysman work: my main server just lost a 
HD...)

More information about the Techtalk mailing list