Thread: configuring sendmail to accept verification for other server
View Single Post

   
  #4 (permalink)  
Old 01-18-2008, 05:48 PM
Bill Davidsen
 
Posts: n/a
Default Re: configuring sendmail to accept verification for other server
Liam wrote:
> We have a remote, off-site (redundant, sorry) production server our
> domain name points to.
> Let's call it "X.domainname.com".
>
> We have a small web server at the office that performs a couple but
> vital functions that needs to send an e-mail out about twice a day to
> two different external recipients.
> It has no domain name pointed to it.
>
> Every email that goes out from the local server, let's call
> "Y.localdomain", that goes out gets returned with:
>
> The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
> from localhost [127.0.0.1]
>
> ----- The following addresses had permanent fatal errors -----
> <(the recipient email address)>
> (reason: 550-Verification failed for <root@Y.localdomain>)
>
> ----- Transcript of session follows -----
> ... while talking to celticbear.com.:
>>>>>>> DATA
> <<< 550-Verification failed for <root@Y.localdomain>
> <<< 550-unrouteable mail domain "Y.localdomain"
> <<< 550 Sender verify failed
> 550 5.1.1 <(the recipient email address)>... User unknown
> <<< 503 valid RCPT command must precede DATA
>
> Now, it works fine if I replace the Y server's /etc/sysconfig/network
> 's
> HOSTNAME=Y.localdomain
> with
> HOSTNAME=X.domainname.com
>
> Works perfectly.
> However, and there may be no way around this if this is the only way to
> get it to work, but a few of us SSH shell into the local server AND
> that remote server, and if the local HOSTNAME= matches the remote
> server's, the command prompt and shell window title bar are the same
> for both servers and that can cause no end of confusion and
> accidentally doing something on one server meant for the other.
>
> I'd like to find some way in which the HOSTNAME= can be different and
> unique, but the mail from it still be accepted as verifyable.
> I can change the local domainname to the remote's domain name, and that
> makes the sending server in the mail headers become "Y.domainname.com"
> but the existance of that machine name "Y" prevents the verification.
>
> So looking into SENDMAIL options I tried the "domain masquerading" but
> that didn't change a single thing in the header.
> I added the outgoing user to "trusted users" but also no difference.
>
> Thinking the problem is, or at least partly, the remote server only
> accepting verification checks from itself (X.domainname.com) and
> obviously not for Y.domainname.com, I looked into its SENDMAIL options.
> I added Y.domainname.com to "local domains" and "relay domains" but
> still no change.
>
> I've reached the end of what I can find to try.
> Any other suggestions?
> Thanks!! =)
>
First, for sanity every machine should have and use a FQDN, even if it
isn't in DNA. You have obfuscated to the point where I'm not sure if you
have that.

I would suggest that if possible you tell the hidden machine to use the
visible machine as a smart mailer, and then tell the visible machine to
accept mail from the hidden site (by IP) and allow relay. The smart
mailer is in sendmail.mc (and then create the .cf file), and the relay
stuff is on the visible machine in /etc/mail/access.

That's if you have a more or less stock config, if your distribution has
moved things you will have to look.

--
bill davidsen
SBC/Prodigy Yorktown Heights NY data center
http://newsgroups.news.prodigy.com
Reply With Quote