Hi All,
I have a strange problem that I don't understand. I have an access file which has the following line:
168.144.250.215 OK # xsmtp02.mail2web.com
Yet email from this IP address is getting rejected. From my log file
Oct 15 21:52:33 mx01 sendmail[10569]: ruleset=check_relay, arg1=xsmtp02.mail2web.com, arg2=168.144.250.215, relay=xsmtp02.mail2web.com [168.144.250.215], reject=553 5.3.0 OK # xsmtp02.mail2web.com
Is this because I have commented out
dnl FEATURE(delay_checks)dnl
in my sendmail.mc?
What is the ruleset check_relay actually doing in this case. I have seen other cases where it rejected a message but always with a useful message. why is there a reject=553 code but with an OK after it? Can somebody give me a clue as to what I have misconfigured.
Christopher Chan wrote:
I have a strange problem that I don't understand. I have an access file which has the following line:
Did you run makemap? Does the db file contain the same stuff as the text file?
Yes. The output of
makemap -u hash access.db >access_dump
shows
168.144.250.215 OK # xsmtp02.mail2web.com
It is there.
After a lot of research I realized I am using two features that muck with the check_relay ruleset. The DCC hackmc script to make DCC understand about whitelisting from the access database and FEATURE(`require_rdns2',`forgedignore')dnl which requires the relay to have a rDNS. This changes the usual check_relay code albeit I haven't figured out how it can generate a 553 error code along with an OK.
on 10-16-2008 12:56 AM Paul R. Ganci spake the following:
Christopher Chan wrote:
I have a strange problem that I don't understand. I have an access file which has the following line:
Did you run makemap? Does the db file contain the same stuff as the text file?
Yes. The output of
makemap -u hash access.db >access_dump
shows
168.144.250.215 OK # xsmtp02.mail2web.com
It is there.
After a lot of research I realized I am using two features that muck with the check_relay ruleset. The DCC hackmc script to make DCC understand about whitelisting from the access database and FEATURE(`require_rdns2',`forgedignore')dnl which requires the relay to have a rDNS. This changes the usual check_relay code albeit I haven't figured out how it can generate a 553 error code along with an OK.
It is probably ignoring your # as a comment delimiter. So it is picking up # xsmtp02.mail2web.com as part of the error text. Try to have the comment on a line by itself, maybe directly above the ip address.
Scott Silva wrote:
It is probably ignoring your # as a comment delimiter. So it is picking up # xsmtp02.mail2web.com as part of the error text
Yes this was exactly the problem. I had completely forgotten about the comment restriction until Kai Schaetzl pointed it out to me earlier in the morning. Little did I realize the harm I was causing ... how ironic a "whitelist" actually became a "blacklist". In any event the problem is fixed now. Many thanks.
Paul R. Ganci wrote on Wed, 15 Oct 2008 23:23:33 -0600:
OK # xsmtp02.mail2web.com
You cannot put comments in the file like this, it's interpreted as the error message. You can use only comments that start the line.
Is this because I have commented out
dnl FEATURE(delay_checks)dnl
in my sendmail.mc?
No, delay_checks is necessary for instance if you want to use other access mechanisms like SMTP AUTH.
Kai
Kai Schaetzl wrote:
OK # xsmtp02.mail2web.com
You cannot put comments in the file like this, it's interpreted as the error message. You can use only comments that start the line
Crap ... after all the experience I had with sendmail I never realized that. I guess you learn something new every day. Thanks that seems to have fixed the problem.
-
Christopher Chan -
Kai Schaetzl -
Paul R. Ganci -
Scott Silva