Re: sendmail problem

Subject: Re: sendmail problem
From: Richard Mckinney (mckinney@gci.net)
Date: Thu Mar 07 2002 - 10:03:29 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Mike Barsalou: "MySQL Project"
• Previous message: Greg Madden: "Re: Fw: Re: Friday Nites @ APU"
• In reply to: James F. Zuelow Jr.: "Re: sendmail problem"
• Next in thread: Craig Callender: "Re: sendmail problem"
• Reply: Richard Mckinney: "Re: sendmail problem"
• Reply: Richard Mckinney: "Re: sendmail problem"

If the probelem is sending from your workstation then it could be that
the sendmail machine
can't resolve the workstation IP address. It is trying to do it via DNS
but, unless you are running a DNS server internally (I assume not) then
this will fail. You might try adding
the IP range your dhcp server is using in your sendmail machines hosts
file. The node name does not need to be correct but there must be
something there. You might also set up the search order to first check
your files then use DNS for resolving.

Just a thought,

Rich

"James F. Zuelow Jr." wrote:
>
> ----- Original Message -----
> From: "Justin Dieters" <enderak@yahoo.com>
> To: "James F. Zuelow Jr." <jamesz@ideafamilies.org>
> Cc: "Aklug" <aklug@aklug.org>
> Sent: Thursday, March 07, 2002 9:02 AM
> Subject: Re: sendmail problem
>
> OK, I think it is still a DNS problem with the e-mail address you're
> using on your workstation and Sendmail attempting to not relay spam.
> IMHO it is much easier to just put in a firewall, NAT both boxes, and
> tell Sendmail to accept mail from your local network (192.168.0.x or
> whatever). Don't forget to port forward mail traffic to your server.
>
> Or, you can figure out how to tell mail.enderakonline.com that it is OK
> to relay from your workstation. I think I sent you a link about ESMPT
> authentication last month. If you look at the mail headers of the mail
> you send through yahoo.com you'll see that is what they're doing (you'll
> see a line that starts "Received: from enderak (AUTH plain) at
> 118-..."). That would avoid the whole problem, as your workstation
> would actually authenticate itself to Sendmail every time it connected.
>
> Here's a quote:
>
> xxxx
> Inconsistent DNS data
> QAA02454: <ESCAPEFOUR@AOL.COM>... Relaying denied
> QAA02454: ruleset=check_rcpt, arg1=<ESCAPEFOUR@AOL.COM>,
> relay=some.domain [10.0.0.1] (may be forged),
> reject=550 <ESCAPEFOUR@AOL.COM>... Relaying denied
> QAA02454: from=<Anonymous@aol.com>, size=0, class=0, pri=0, nrcpts=0,
> proto=SMTP, relay=some.domain [10.0.0.1] (may be forged)
>
> Here the (may be forged) is the important part: it means that the DNS
> data for the host is inconsistent, and hence the name is not used for
> the relaying check but only the IP number. So this is the same situation
> as before. If the host name would be used, it would be simple to
> circumvent basic anti-relaying checks because the PTR records might be
> under the control of an attacker, so he can chose any name he wants for
> his IP address. That is, he can select a name for which you allow
> relaying because that name is one that you control (your domain name).
> However, the forward (A) lookup will fail or give at least a different
> IP address, hence the name is marked as (may be forged)
> xxxx
>
> from this link:
>
> http://www.sendmail.org/~ca/email/relayingdenied.html
>
> Cheers,
>
> James

• Next message: Mike Barsalou: "MySQL Project"
• Previous message: Greg Madden: "Re: Fw: Re: Friday Nites @ APU"
• In reply to: James F. Zuelow Jr.: "Re: sendmail problem"
• Next in thread: Craig Callender: "Re: sendmail problem"
• Reply: Richard Mckinney: "Re: sendmail problem"
• Reply: Richard Mckinney: "Re: sendmail problem"

This archive was generated by hypermail 2a23 : Thu Mar 07 2002 - 10:03:13 AKST