[CentOS] sendmail / logwatch relaying issue - driving me crazy

Thu Dec 23 16:02:07 UTC 2010
Jason Pyeron <jpyeron at pdinc.us>

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Les Mikesell
> Sent: Thursday, December 23, 2010 10:57
> To: centos at centos.org
> Subject: Re: [CentOS] sendmail / logwatch relaying issue - 
> driving me crazy
> 
> On 12/23/2010 8:01 AM, Jason Pyeron wrote:
> 
> >>
> >> On 12/23/10 3:44 AM, Götz Reinicke - IT-Koordinator wrote:
> >>> Hallo, *<:-)
> >>>
> >>> may be I'm to tired to see the solution, maybe someone can
> >> give me a hint?
> >>>
> >>> I do have a couple of servers, sending the daily logwatch
> >> report to a
> >>> central support email account.
> >>>
> >>> Some servers do have DNS A and CNAME records. On my mailserver 
> >>> relaying for the servers is allowed.
> >>>
> >>> Only one server drives me crazy, getting user unknown or 
> releaying 
> >>> denied messages.
> >>>
> >>> Any idea, how to debug this issue? I'd be glad to fix this as a 
> >>> christmas gift. I could provide logmessages of course.
> >>>
> >>
> >> If there is an MX record for the target address, it will go there 
> >> instead of to
> >> the A record for that name.   The receiving server will
> >> usually try to resolve
> >> the From: host address and reject if it can't, so the sender must 
> >> have a valid hostname in your DNS (or turn off that 
> feature).  If the 
> >> receiving server doesn't accept for the target domain/host address 
> >> you'd get the relaying denyed error.  If it does accept for the 
> >> domain but does not have the user in the address you'd get 
> the user 
> >> unknown error.
> >>
> >
> > In your /etc/mail/sendmail.mc:
> >
> > dnl # Uncomment and edit the following line if your outgoing mail 
> > needs to dnl # be sent out through an external mail server:
> > dnl #
> > define(`SMART_HOST',`mail.pdinc.us')dnl
> >
> > * the mail.pdinc.us resolves to a different ip inside as 
> compared to 
> > the public dns entry
> >
> > Each box in your network should send the mail to a central 
> smtp server 
> > which allows relaying from your network. We have 2-5 new virtual 
> > machines every day, they usually don’t last more than a few 
> days. If 
> > we had to admin that centrally either by dns or mail server 
> config we 
> > would go bonkers. This way every new machine is responsible 
> for its self.
> 
> This is good advice and will let you relay to outside 
> addresses as well, but not necessary if all of your mail is 
> internal.  If you have an MX or A record in your DNS for the 

The first time you try to send non-local mail the house of cards will fall apart
unless you centrally admin the mail. 

> destination address the sender will find it directly, and if 

In this situation, only one machine needs to make correct decisions. On that
machine here we have a list of domains which get delivered locally and all
others are tried to be delivered by DNS lookups, etc.

> the recipient is a local user or alias at that machine it 
> isn't considered a relay.



--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-                                                               -
- Jason Pyeron                      PD Inc. http://www.pdinc.us -
- Principal Consultant              10 West 24th Street #100    -
- +1 (443) 269-1555 x333            Baltimore, Maryland 21218   -
-                                                               -
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
This message is copyright PD Inc, subject to license 20080407P00.