[CentOS] sendmail / logwatch relaying issue - driving me crazy

Thu Dec 23 15:56:33 UTC 2010
Les Mikesell <lesmikesell at gmail.com>

On 12/23/2010 8:01 AM, Jason Pyeron wrote:

>> On 12/23/10 3:44 AM, Götz Reinicke - IT-Koordinator wrote:
>>> Hallo, *<:-)
>>> may be I'm to tired to see the solution, maybe someone can
>> give me a hint?
>>> I do have a couple of servers, sending the daily logwatch
>> report to a
>>> central support email account.
>>> Some servers do have DNS A and CNAME records. On my mailserver
>>> relaying for the servers is allowed.
>>> Only one server drives me crazy, getting user unknown or releaying
>>> denied messages.
>>> Any idea, how to debug this issue? I'd be glad to fix this as a
>>> christmas gift. I could provide logmessages of course.
>> If there is an MX record for the target address, it will go
>> there instead of to
>> the A record for that name.   The receiving server will
>> usually try to resolve
>> the From: host address and reject if it can't, so the sender
>> must have a valid hostname in your DNS (or turn off that
>> feature).  If the receiving server doesn't accept for the
>> target domain/host address you'd get the relaying denyed
>> error.  If it does accept for the domain but does not have
>> the user in the address you'd get the user unknown error.
> In your /etc/mail/sendmail.mc:
> dnl # Uncomment and edit the following line if your outgoing mail needs to
> dnl # be sent out through an external mail server:
> dnl #
> define(`SMART_HOST',`mail.pdinc.us')dnl
> * the mail.pdinc.us resolves to a different ip inside as compared to the public
> dns entry
> Each box in your network should send the mail to a central smtp server which
> allows relaying from your network. We have 2-5 new virtual machines every day,
> they usually don’t last more than a few days. If we had to admin that centrally
> either by dns or mail server config we would go bonkers. This way every new
> machine is responsible for its self.

This is good advice and will let you relay to outside addresses as well, 
but not necessary if all of your mail is internal.  If you have an MX or 
A record in your DNS for the destination address the sender will find it 
directly, and if the recipient is a local user or alias at that machine 
it isn't considered a relay.

   Les Mikesell
     lesmikesell at gmail.com