SEO

We have a remote, off-site (redundant, sorry) production server our
domain name points to.
Let's call it "X.domainname.com".

We have a small web server at the office that performs a couple but
vital functions that needs to send an e-mail out about twice a day to
two different external recipients.
It has no domain name pointed to it.

Every email that goes out from the local server, let's call
"Y.localdomain", that goes out gets returned with:

The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
from localhost [127.0.0.1]

----- The following addresses had permanent fatal errors -----
<(the recipient email address)>
(reason: 550-Verification failed for <root@Y.localdomain>)

----- Transcript of session follows -----
.... while talking to celticbear.com.:
>>> >>> DATA
<<< 550-Verification failed for <root@Y.localdomain>
<<< 550-unrouteable mail domain "Y.localdomain"
<<< 550 Sender verify failed
550 5.1.1 <(the recipient email address)>... User unknown
<<< 503 valid RCPT command must precede DATA

Now, it works fine if I replace the Y server's /etc/sysconfig/network
's
HOSTNAME=Y.localdomain
with
HOSTNAME=X.domainname.com

Works perfectly.
However, and there may be no way around this if this is the only way to
get it to work, but a few of us SSH shell into the local server AND
that remote server, and if the local HOSTNAME= matches the remote
server's, the command prompt and shell window title bar are the same
for both servers and that can cause no end of confusion and
accidentally doing something on one server meant for the other.

I'd like to find some way in which the HOSTNAME= can be different and
unique, but the mail from it still be accepted as verifyable.
I can change the local domainname to the remote's domain name, and that
makes the sending server in the mail headers become "Y.domainname.com"
but the existance of that machine name "Y" prevents the verification.

So looking into SENDMAIL options I tried the "domain masquerading" but
that didn't change a single thing in the header.
I added the outgoing user to "trusted users" but also no difference.

Thinking the problem is, or at least partly, the remote server only
accepting verification checks from itself (X.domainname.com) and
obviously not for Y.domainname.com, I looked into its SENDMAIL options.
I added Y.domainname.com to "local domains" and "relay domains" but
still no change.

I've reached the end of what I can find to try.
Any other suggestions?
Thanks!! =)

Liam wrote:
> We have a remote, off-site (redundant, sorry) production server our
> domain name points to.
> Let's call it "X.domainname.com".
>
> We have a small web server at the office that performs a couple but
> vital functions that needs to send an e-mail out about twice a day to
> two different external recipients.
> It has no domain name pointed to it.
>
> Every email that goes out from the local server, let's call
> "Y.localdomain", that goes out gets returned with:
>
> The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
> from localhost [127.0.0.1]
>
> ----- The following addresses had permanent fatal errors -----
> <(the recipient email address)>
> (reason: 550-Verification failed for <root@Y.localdomain>)

Sendmail and Postfix can both be configured to send all outgoing mail
pretending to be from a specific domain, irrelevant of the machine's
hostname. Take a careful look at sendmail.mc or main.cf for sendmail or
Postfix.

> ----- Transcript of session follows -----
> ... while talking to celticbear.com.:
>>>>>>> DATA
> <<< 550-Verification failed for <root@Y.localdomain>
> <<< 550-unrouteable mail domain "Y.localdomain"
> <<< 550 Sender verify failed
> 550 5.1.1 <(the recipient email address)>... User unknown
> <<< 503 valid RCPT command must precede DATA
>
> Now, it works fine if I replace the Y server's /etc/sysconfig/network
> 's
> HOSTNAME=Y.localdomain
> with
> HOSTNAME=X.domainname.com
>
> Works perfectly.
> However, and there may be no way around this if this is the only way
> to get it to work, but a few of us SSH shell into the local server AND
> that remote server, and if the local HOSTNAME= matches the remote
> server's, the command prompt and shell window title bar are the same
> for both servers and that can cause no end of confusion and
> accidentally doing something on one server meant for the other.
>
> I'd like to find some way in which the HOSTNAME= can be different and
> unique, but the mail from it still be accepted as verifyable.
> I can change the local domainname to the remote's domain name, and
> that makes the sending server in the mail headers become
> "Y.domainname.com" but the existance of that machine name "Y"
> prevents the verification.
>
> So looking into SENDMAIL options I tried the "domain masquerading" but
> that didn't change a single thing in the header.
> I added the outgoing user to "trusted users" but also no difference.
>
> Thinking the problem is, or at least partly, the remote server only
> accepting verification checks from itself (X.domainname.com) and
> obviously not for Y.domainname.com, I looked into its SENDMAIL
> options. I added Y.domainname.com to "local domains" and "relay
> domains" but still no change.
>
> I've reached the end of what I can find to try.
> Any other suggestions?
> Thanks!! =)

Nico Kadel-Garcia wrote:
> Liam wrote:
> > We have a remote, off-site (redundant, sorry) production server our
> > domain name points to.
> > Let's call it "X.domainname.com".
> >
> > We have a small web server at the office that performs a couple but
> > vital functions that needs to send an e-mail out about twice a day to
> > two different external recipients.
> > It has no domain name pointed to it.
> >
> > Every email that goes out from the local server, let's call
> > "Y.localdomain", that goes out gets returned with:
> >
> > The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
> > from localhost [127.0.0.1]
> >
> > ----- The following addresses had permanent fatal errors -----
> > <(the recipient email address)>
> > (reason: 550-Verification failed for <root@Y.localdomain>)
>
> Sendmail and Postfix can both be configured to send all outgoing mail
> pretending to be from a specific domain, irrelevant of the machine's
> hostname. Take a careful look at sendmail.mc or main.cf for sendmail or
> Postfix.

We're using Sendmail.
Yep, I realize it should be configured, but it doesn't seem to be
working for me.
As seen in this thread, I'd made changed to the configuration, but it
doesn't seem to be working for me... I need some more information or
suggestions that I can't seem to get on my own.
Thanks for the reply!
-Liam

Liam wrote:
> We have a remote, off-site (redundant, sorry) production server our
> domain name points to.
> Let's call it "X.domainname.com".
>
> We have a small web server at the office that performs a couple but
> vital functions that needs to send an e-mail out about twice a day to
> two different external recipients.
> It has no domain name pointed to it.
>
> Every email that goes out from the local server, let's call
> "Y.localdomain", that goes out gets returned with:
>
> The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
> from localhost [127.0.0.1]
>
> ----- The following addresses had permanent fatal errors -----
> <(the recipient email address)>
> (reason: 550-Verification failed for <root@Y.localdomain>)
>
> ----- Transcript of session follows -----
> ... while talking to celticbear.com.:
>>>>>>> DATA
> <<< 550-Verification failed for <root@Y.localdomain>
> <<< 550-unrouteable mail domain "Y.localdomain"
> <<< 550 Sender verify failed
> 550 5.1.1 <(the recipient email address)>... User unknown
> <<< 503 valid RCPT command must precede DATA
>
> Now, it works fine if I replace the Y server's /etc/sysconfig/network
> 's
> HOSTNAME=Y.localdomain
> with
> HOSTNAME=X.domainname.com
>
> Works perfectly.
> However, and there may be no way around this if this is the only way to
> get it to work, but a few of us SSH shell into the local server AND
> that remote server, and if the local HOSTNAME= matches the remote
> server's, the command prompt and shell window title bar are the same
> for both servers and that can cause no end of confusion and
> accidentally doing something on one server meant for the other.
>
> I'd like to find some way in which the HOSTNAME= can be different and
> unique, but the mail from it still be accepted as verifyable.
> I can change the local domainname to the remote's domain name, and that
> makes the sending server in the mail headers become "Y.domainname.com"
> but the existance of that machine name "Y" prevents the verification.
>
> So looking into SENDMAIL options I tried the "domain masquerading" but
> that didn't change a single thing in the header.
> I added the outgoing user to "trusted users" but also no difference.
>
> Thinking the problem is, or at least partly, the remote server only
> accepting verification checks from itself (X.domainname.com) and
> obviously not for Y.domainname.com, I looked into its SENDMAIL options.
> I added Y.domainname.com to "local domains" and "relay domains" but
> still no change.
>
> I've reached the end of what I can find to try.
> Any other suggestions?
> Thanks!! =)
>
First, for sanity every machine should have and use a FQDN, even if it
isn't in DNA. You have obfuscated to the point where I'm not sure if you
have that.

I would suggest that if possible you tell the hidden machine to use the
visible machine as a smart mailer, and then tell the visible machine to
accept mail from the hidden site (by IP) and allow relay. The smart
mailer is in sendmail.mc (and then create the .cf file), and the relay
stuff is on the visible machine in /etc/mail/access.

That's if you have a more or less stock config, if your distribution has
moved things you will have to look.

--
bill davidsen
SBC/Prodigy Yorktown Heights NY data center
http://newsgroups.news.prodigy.com

Bill Davidsen wrote:
> Liam wrote:
> > We have a remote, off-site (redundant, sorry) production server our
> > domain name points to.
> > Let's call it "X.domainname.com".
> >
> > We have a small web server at the office that performs a couple but
> > vital functions that needs to send an e-mail out about twice a day to
> > two different external recipients.
> > It has no domain name pointed to it.
> >
> > Every email that goes out from the local server, let's call
> > "Y.localdomain", that goes out gets returned with:
> >
> > The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
> > from localhost [127.0.0.1]
> >
> > ----- The following addresses had permanent fatal errors -----
> > <(the recipient email address)>
> > (reason: 550-Verification failed for <root@Y.localdomain>)
> >
> > ----- Transcript of session follows -----
> > ... while talking to celticbear.com.:
> >>>>>>> DATA
> > <<< 550-Verification failed for <root@Y.localdomain>
> > <<< 550-unrouteable mail domain "Y.localdomain"
> > <<< 550 Sender verify failed
> > 550 5.1.1 <(the recipient email address)>... User unknown
> > <<< 503 valid RCPT command must precede DATA
> >
> > Now, it works fine if I replace the Y server's /etc/sysconfig/network
> > 's
> > HOSTNAME=Y.localdomain
> > with
> > HOSTNAME=X.domainname.com
> >
> > Works perfectly.
> > However, and there may be no way around this if this is the only way to
> > get it to work, but a few of us SSH shell into the local server AND
> > that remote server, and if the local HOSTNAME= matches the remote
> > server's, the command prompt and shell window title bar are the same
> > for both servers and that can cause no end of confusion and
> > accidentally doing something on one server meant for the other.
> >
> > I'd like to find some way in which the HOSTNAME= can be different and
> > unique, but the mail from it still be accepted as verifyable.
> > I can change the local domainname to the remote's domain name, and that
> > makes the sending server in the mail headers become "Y.domainname.com"
> > but the existance of that machine name "Y" prevents the verification.
> >
> > So looking into SENDMAIL options I tried the "domain masquerading" but
> > that didn't change a single thing in the header.
> > I added the outgoing user to "trusted users" but also no difference.
> >
> > Thinking the problem is, or at least partly, the remote server only
> > accepting verification checks from itself (X.domainname.com) and
> > obviously not for Y.domainname.com, I looked into its SENDMAIL options.
> > I added Y.domainname.com to "local domains" and "relay domains" but
> > still no change.
> >
> > I've reached the end of what I can find to try.
> > Any other suggestions?
> > Thanks!! =)
> >
> First, for sanity every machine should have and use a FQDN, even if it
> isn't in DNA. You have obfuscated to the point where I'm not sure if you
> have that.

Yeah, I guess a another $9 domain name from GoDaddy would fix this
pretty easy. =/

> I would suggest that if possible you tell the hidden machine to use the
> visible machine as a smart mailer, and then tell the visible machine to
> accept mail from the hidden site (by IP) and allow relay. The smart
> mailer is in sendmail.mc (and then create the .cf file), and the relay
> stuff is on the visible machine in /etc/mail/access.

Ah, OK, I get the concept. Makes sense.
Not sure I get the details.
Here's what I tried:

Remote main mail server ("X":
I added to /etc/mail/access
Y.domainname.com RELAY
(Y's public IP address) RELAY

And then on the local, "hidden" server ("Y"):
/etc/mail/mailertable
..localdomain smtp:domainname.com

(and in sendmail.cf)
DMdomainname.com
CMY.domainname.com
CMlocaldomain

And still, no difference.

Here's an odd bit, doubt it's related but maybe...
In looking at /var/log/maillog on the local "hidden" server ("Y") after
trying, I found this entry:

Apr 26 16:12:23 fileserve sendmail[32213]: k3QLCJAj032211:
to=<news@celticbear.com>, ctladdr=<liam@Y.domainname.com> (500/500),
delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120374,
relay=celticbear.com. [69.93.188.250], dsn=5.1.1, stat=User unknown
Apr 26 16:12:23 fileserve sendmail[32213]: k3QLCJAj032211:
k3QLCNAj032213: DSN: User unknown

That right after the timestamp, "fileserve", was the old machine name
for this box. It should now be Y.
I checked /etc/hosts and /etc/HOSTNAME and both have "Y", not
"fileserve".
Where else would it pull the name of the box from except from those
files?

Anyway, thanks for the assistance!!
-Liam


> That's if you have a more or less stock config, if your distribution has
> moved things you will have to look.
>
Well, the visible main server is RedHet AS 2.1, and the local non-FQDN
server is Fedora Core 5. No changes from stock.

> --
> bill davidsen
> SBC/Prodigy Yorktown Heights NY data center
> http://newsgroups.news.prodigy.com

Liam wrote:
> Bill Davidsen wrote:
>> Liam wrote:
>>> We have a remote, off-site (redundant, sorry) production server our
>>> domain name points to.
>>> Let's call it "X.domainname.com".
>>>
>>> We have a small web server at the office that performs a couple but
>>> vital functions that needs to send an e-mail out about twice a day to
>>> two different external recipients.
>>> It has no domain name pointed to it.
>>>
>>> Every email that goes out from the local server, let's call
>>> "Y.localdomain", that goes out gets returned with:
>>>
>>> The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
>>> from localhost [127.0.0.1]
>>>
>>> ----- The following addresses had permanent fatal errors -----
>>> <(the recipient email address)>
>>> (reason: 550-Verification failed for <root@Y.localdomain>)
>>>
>>> ----- Transcript of session follows -----
>>> ... while talking to celticbear.com.:
>>>>>>>>> DATA
>>> <<< 550-Verification failed for <root@Y.localdomain>
>>> <<< 550-unrouteable mail domain "Y.localdomain"
>>> <<< 550 Sender verify failed
>>> 550 5.1.1 <(the recipient email address)>... User unknown
>>> <<< 503 valid RCPT command must precede DATA
>>>
>>> Now, it works fine if I replace the Y server's /etc/sysconfig/network
>>> 's
>>> HOSTNAME=Y.localdomain
>>> with
>>> HOSTNAME=X.domainname.com
>>>
>>> Works perfectly.
>>> However, and there may be no way around this if this is the only way to
>>> get it to work, but a few of us SSH shell into the local server AND
>>> that remote server, and if the local HOSTNAME= matches the remote
>>> server's, the command prompt and shell window title bar are the same
>>> for both servers and that can cause no end of confusion and
>>> accidentally doing something on one server meant for the other.
>>>
>>> I'd like to find some way in which the HOSTNAME= can be different and
>>> unique, but the mail from it still be accepted as verifyable.
>>> I can change the local domainname to the remote's domain name, and that
>>> makes the sending server in the mail headers become "Y.domainname.com"
>>> but the existance of that machine name "Y" prevents the verification.
>>>
>>> So looking into SENDMAIL options I tried the "domain masquerading" but
>>> that didn't change a single thing in the header.
>>> I added the outgoing user to "trusted users" but also no difference.
>>>
>>> Thinking the problem is, or at least partly, the remote server only
>>> accepting verification checks from itself (X.domainname.com) and
>>> obviously not for Y.domainname.com, I looked into its SENDMAIL options.
>>> I added Y.domainname.com to "local domains" and "relay domains" but
>>> still no change.
>>>
>>> I've reached the end of what I can find to try.
>>> Any other suggestions?
>>> Thanks!! =)
>>>
>> First, for sanity every machine should have and use a FQDN, even if it
>> isn't in DNA. You have obfuscated to the point where I'm not sure if you
>> have that.
>
> Yeah, I guess a another $9 domain name from GoDaddy would fix this
> pretty easy. =/
>
>> I would suggest that if possible you tell the hidden machine to use the
>> visible machine as a smart mailer, and then tell the visible machine to
>> accept mail from the hidden site (by IP) and allow relay. The smart
>> mailer is in sendmail.mc (and then create the .cf file), and the relay
>> stuff is on the visible machine in /etc/mail/access.
>
> Ah, OK, I get the concept. Makes sense.
> Not sure I get the details.
> Here's what I tried:
>
> Remote main mail server ("X":
> I added to /etc/mail/access
> Y.domainname.com RELAY
> (Y's public IP address) RELAY

Just a thought, did you rebuild the table after that? Using makemap?
>
> And then on the local, "hidden" server ("Y"):
> /etc/mail/mailertable
> .localdomain smtp:domainname.com
>
> (and in sendmail.cf)
> DMdomainname.com
> CMY.domainname.com
> CMlocaldomain
>
> And still, no difference.
>
> Here's an odd bit, doubt it's related but maybe...
> In looking at /var/log/maillog on the local "hidden" server ("Y") after
> trying, I found this entry:
>
> Apr 26 16:12:23 fileserve sendmail[32213]: k3QLCJAj032211:
> to=<news@celticbear.com>, ctladdr=<liam@Y.domainname.com> (500/500),
> delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120374,
> relay=celticbear.com. [69.93.188.250], dsn=5.1.1, stat=User unknown
> Apr 26 16:12:23 fileserve sendmail[32213]: k3QLCJAj032211:
> k3QLCNAj032213: DSN: User unknown

Did you reboot after the change? Set the new value with "hostname -s" if
not?

I would just have forwarded the mail to the open host by setting the
smartmailer field in sendmail.mc and building sendmail.cf. The open host
will probably accept the mail. I don't think the name change was needed
if you just send all the non-local mail for remailing.

You are getting close to my "I have to try it and look at logs" point,
the method of forwarding is sound, that's how people with DHCP IPs
usually do it, but the mail to Y.domainname.com should have been locally
delivered, and I don't think changing or faking machine names was needed.
>
> That right after the timestamp, "fileserve", was the old machine name
> for this box. It should now be Y.
> I checked /etc/hosts and /etc/HOSTNAME and both have "Y", not
> "fileserve".
> Where else would it pull the name of the box from except from those
> files?
>
> Anyway, thanks for the assistance!!
> -Liam
>
>
>> That's if you have a more or less stock config, if your distribution has
>> moved things you will have to look.
>>
> Well, the visible main server is RedHet AS 2.1, and the local non-FQDN
> server is Fedora Core 5. No changes from stock.

AS 2.1... a piece of history. But it should work.


--
bill davidsen
SBC/Prodigy Yorktown Heights NY data center
http://newsgroups.news.prodigy.com

Bill Davidsen wrote:
> Liam wrote:
> > Bill Davidsen wrote:
> >> Liam wrote:
> >>> We have a remote, off-site (redundant, sorry) production server our
> >>> domain name points to.
> >>> Let's call it "X.domainname.com".
> >>>
> >>> We have a small web server at the office that performs a couple but
> >>> vital functions that needs to send an e-mail out about twice a day to
> >>> two different external recipients.
> >>> It has no domain name pointed to it.
> >>>
> >>> Every email that goes out from the local server, let's call
> >>> "Y.localdomain", that goes out gets returned with:
> >>>
> >>> The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
> >>> from localhost [127.0.0.1]
> >>>
> >>> ----- The following addresses had permanent fatal errors -----
> >>> <(the recipient email address)>
> >>> (reason: 550-Verification failed for <root@Y.localdomain>)
> >>>
> >>> ----- Transcript of session follows -----
> >>> ... while talking to celticbear.com.:
> >>>>>>>>> DATA
> >>> <<< 550-Verification failed for <root@Y.localdomain>
> >>> <<< 550-unrouteable mail domain "Y.localdomain"
> >>> <<< 550 Sender verify failed
> >>> 550 5.1.1 <(the recipient email address)>... User unknown
> >>> <<< 503 valid RCPT command must precede DATA
> >>>
> >>> Now, it works fine if I replace the Y server's /etc/sysconfig/network
> >>> 's
> >>> HOSTNAME=Y.localdomain
> >>> with
> >>> HOSTNAME=X.domainname.com
> >>>
> >>> Works perfectly.
> >>> However, and there may be no way around this if this is the only way to
> >>> get it to work, but a few of us SSH shell into the local server AND
> >>> that remote server, and if the local HOSTNAME= matches the remote
> >>> server's, the command prompt and shell window title bar are the same
> >>> for both servers and that can cause no end of confusion and
> >>> accidentally doing something on one server meant for the other.
> >>>
> >>> I'd like to find some way in which the HOSTNAME= can be different and
> >>> unique, but the mail from it still be accepted as verifyable.
> >>> I can change the local domainname to the remote's domain name, and that
> >>> makes the sending server in the mail headers become "Y.domainname.com"
> >>> but the existance of that machine name "Y" prevents the verification.
> >>>
> >>> So looking into SENDMAIL options I tried the "domain masquerading" but
> >>> that didn't change a single thing in the header.
> >>> I added the outgoing user to "trusted users" but also no difference.
> >>>
> >>> Thinking the problem is, or at least partly, the remote server only
> >>> accepting verification checks from itself (X.domainname.com) and
> >>> obviously not for Y.domainname.com, I looked into its SENDMAIL options.
> >>> I added Y.domainname.com to "local domains" and "relay domains" but
> >>> still no change.
> >>>
> >>> I've reached the end of what I can find to try.
> >>> Any other suggestions?
> >>> Thanks!! =)
> >>>
> >> First, for sanity every machine should have and use a FQDN, even if it
> >> isn't in DNA. You have obfuscated to the point where I'm not sure if you
> >> have that.
> >
> > Yeah, I guess a another $9 domain name from GoDaddy would fix this
> > pretty easy. =/
> >
> >> I would suggest that if possible you tell the hidden machine to use the
> >> visible machine as a smart mailer, and then tell the visible machine to
> >> accept mail from the hidden site (by IP) and allow relay. The smart
> >> mailer is in sendmail.mc (and then create the .cf file), and the relay
> >> stuff is on the visible machine in /etc/mail/access.
> >
> > Ah, OK, I get the concept. Makes sense.
> > Not sure I get the details.
> > Here's what I tried:
> >
> > Remote main mail server ("X":
> > I added to /etc/mail/access
> > Y.domainname.com RELAY
> > (Y's public IP address) RELAY
>
> Just a thought, did you rebuild the table after that? Using makemap?
> >
> > And then on the local, "hidden" server ("Y"):
> > /etc/mail/mailertable
> > .localdomain smtp:domainname.com
> >
> > (and in sendmail.cf)
> > DMdomainname.com
> > CMY.domainname.com
> > CMlocaldomain
> >
> > And still, no difference.
> >
> > Here's an odd bit, doubt it's related but maybe...
> > In looking at /var/log/maillog on the local "hidden" server ("Y") after
> > trying, I found this entry:
> >
> > Apr 26 16:12:23 fileserve sendmail[32213]: k3QLCJAj032211:
> > to=<news@celticbear.com>, ctladdr=<liam@Y.domainname.com> (500/500),
> > delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120374,
> > relay=celticbear.com. [69.93.188.250], dsn=5.1.1, stat=User unknown
> > Apr 26 16:12:23 fileserve sendmail[32213]: k3QLCJAj032211:
> > k3QLCNAj032213: DSN: User unknown
>
> Did you reboot after the change? Set the new value with "hostname -s" if
> not?
>

Odd. I:
[root@webserve mail]# hostname -s
hostname: Unknown host
When I made the hostname changes I just restarted the service: network.
Thought that'd be enough. Guess not.
I reboot the machine, and now all the logs refer to itself as
"webserve" instead of "fileserve". So, guess that's fine now. =) Thanks
for the advice!
But I still get "hostname: Unknown host" when I hostname -s.

> I would just have forwarded the mail to the open host by setting the
> smartmailer field in sendmail.mc and building sendmail.cf. The open host
> will probably accept the mail. I don't think the name change was needed
> if you just send all the non-local mail for remailing.

Well, on the local machine I made sure to add the following to the MC:
define(`SMART_HOST',`smtp.domainname.com')dnl
MASQUERADE_AS(`domainname.com')dnl

and rebuilt sendmail.cf

On the remote server I have in:
/etc/mail/access
Y.domainname.com RELAY
local-IP-address RELAY

and /etc/mail/relay-domains
Y.domainname.com
local-IP-address

All that sounds like it should be enough... in fact! on the local
server in /var/log/maillog I don't get the errors anymore, I get:

Apr 27 15:41:51 webserve sendmail[2427]: k3RKfpWa002427: from=liam,
size=53, class=0, nrcpts=1,
msgid=<200604272041.k3RKfpWa002427@webserve.domain name.com>,
relay=liam@localhost
Apr 27 15:41:51 webserve sendmail[2428]: k3RKfpRB002428:
from=<liam@webserve.domainname.com>, size=383, class=0, nrcpts=1,
msgid=<200604272041.k3RKfpWa002427@webserve.domain name.com>,
proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
Apr 27 15:41:51 webserve sendmail[2427]: k3RKfpWa002427:
to=news@celticbear.com, ctladdr=liam (500/500), delay=00:00:00,
xdelay=00:00:00, mailer=relay, pri=30053, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent (k3RKfpRB002428 Message accepted for
delivery)
Apr 27 15:41:52 webserve sendmail[2430]: k3RKfpRB002428:
to=<news@celticbear.com>, ctladdr=<liam@webserve.domainname.com>
(500/500), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120383,
relay=smtp.domainname.com [72.3.xx.xx], dsn=2.0.0, stat=Sent
(k3RKfjXk013713 Message accepted for delivery)

Which seems OK, until I get the email back saying:

The original message was received at Thu, 27 Apr 2006 15:41:46 -0500
from webserve [64.19.xx.xx]

----- The following addresses had permanent fatal errors -----
<news@celticbear.com>
(reason: 550-Verification failed for
<liam@webserve.domainname.com>)

----- Transcript of session follows -----
.... while talking to celticbear.com.:
>>> >>> DATA
<<< 550-Verification failed for <liam@webserve.domainname.com>
<<< 550-unrouteable mail domain "webserve.domainname.com"
<<< 550 Sender verify failed
550 5.1.1 <news@celticbear.com>... User unknown
<<< 503 valid RCPT command must precede DATA


*sigh*
Well, I appreciate the feedback and assistance. =)
Thanks!
Liam

> You are getting close to my "I have to try it and look at logs" point,
> the method of forwarding is sound, that's how people with DHCP IPs
> usually do it, but the mail to Y.domainname.com should have been locally
> delivered, and I don't think changing or faking machine names was needed.
> >
> > That right after the timestamp, "fileserve", was the old machine name
> > for this box. It should now be Y.
> > I checked /etc/hosts and /etc/HOSTNAME and both have "Y", not
> > "fileserve".
> > Where else would it pull the name of the box from except from those
> > files?
> >
> > Anyway, thanks for the assistance!!
> > -Liam
> >
> >
> >> That's if you have a more or less stock config, if your distribution has
> >> moved things you will have to look.
> >>
> > Well, the visible main server is RedHet AS 2.1, and the local non-FQDN
> > server is Fedora Core 5. No changes from stock.
>
> AS 2.1... a piece of history. But it should work.
>
>
> --
> bill davidsen
> SBC/Prodigy Yorktown Heights NY data center
> http://newsgroups.news.prodigy.com

Liam wrote:
> Bill Davidsen wrote:
>> Liam wrote:
>>> Bill Davidsen wrote:
>>>> Liam wrote:
>>>>> We have a remote, off-site (redundant, sorry) production server our
>>>>> domain name points to.
>>>>> Let's call it "X.domainname.com".
>>>>>
>>>>> We have a small web server at the office that performs a couple but
>>>>> vital functions that needs to send an e-mail out about twice a day to
>>>>> two different external recipients.
>>>>> It has no domain name pointed to it.
>>>>>
>>>>> Every email that goes out from the local server, let's call
>>>>> "Y.localdomain", that goes out gets returned with:
>>>>>
>>>>> The original message was received at Mon, 24 Apr 2006 21:16:47 -0500
>>>>> from localhost [127.0.0.1]
>>>>>
>>>>> ----- The following addresses had permanent fatal errors -----
>>>>> <(the recipient email address)>
>>>>> (reason: 550-Verification failed for <root@Y.localdomain>)
>>>>>
>>>>> ----- Transcript of session follows -----
>>>>> ... while talking to celticbear.com.:
>>>>>>>>>>> DATA
>>>>> <<< 550-Verification failed for <root@Y.localdomain>
>>>>> <<< 550-unrouteable mail domain "Y.localdomain"
>>>>> <<< 550 Sender verify failed
>>>>> 550 5.1.1 <(the recipient email address)>... User unknown
>>>>> <<< 503 valid RCPT command must precede DATA
>>>>>
>>>>> Now, it works fine if I replace the Y server's /etc/sysconfig/network
>>>>> 's
>>>>> HOSTNAME=Y.localdomain
>>>>> with
>>>>> HOSTNAME=X.domainname.com
>>>>>
>>>>> Works perfectly.
>>>>> However, and there may be no way around this if this is the only way to
>>>>> get it to work, but a few of us SSH shell into the local server AND
>>>>> that remote server, and if the local HOSTNAME= matches the remote
>>>>> server's, the command prompt and shell window title bar are the same
>>>>> for both servers and that can cause no end of confusion and
>>>>> accidentally doing something on one server meant for the other.
>>>>>
>>>>> I'd like to find some way in which the HOSTNAME= can be different and
>>>>> unique, but the mail from it still be accepted as verifyable.
>>>>> I can change the local domainname to the remote's domain name, and that
>>>>> makes the sending server in the mail headers become "Y.domainname.com"
>>>>> but the existance of that machine name "Y" prevents the verification.
>>>>>
>>>>> So looking into SENDMAIL options I tried the "domain masquerading" but
>>>>> that didn't change a single thing in the header.
>>>>> I added the outgoing user to "trusted users" but also no difference.
>>>>>
>>>>> Thinking the problem is, or at least partly, the remote server only
>>>>> accepting verification checks from itself (X.domainname.com) and
>>>>> obviously not for Y.domainname.com, I looked into its SENDMAIL options.
>>>>> I added Y.domainname.com to "local domains" and "relay domains" but
>>>>> still no change.
>>>>>
>>>>> I've reached the end of what I can find to try.
>>>>> Any other suggestions?
>>>>> Thanks!! =)
>>>>>
>>>> First, for sanity every machine should have and use a FQDN, even if it
>>>> isn't in DNA. You have obfuscated to the point where I'm not sure if you
>>>> have that.
>>> Yeah, I guess a another $9 domain name from GoDaddy would fix this
>>> pretty easy. =/
>>>
>>>> I would suggest that if possible you tell the hidden machine to use the
>>>> visible machine as a smart mailer, and then tell the visible machine to
>>>> accept mail from the hidden site (by IP) and allow relay. The smart
>>>> mailer is in sendmail.mc (and then create the .cf file), and the relay
>>>> stuff is on the visible machine in /etc/mail/access.
>>> Ah, OK, I get the concept. Makes sense.
>>> Not sure I get the details.
>>> Here's what I tried:
>>>
>>> Remote main mail server ("X":
>>> I added to /etc/mail/access
>>> Y.domainname.com RELAY
>>> (Y's public IP address) RELAY
>> Just a thought, did you rebuild the table after that? Using makemap?
>>> And then on the local, "hidden" server ("Y"):
>>> /etc/mail/mailertable
>>> .localdomain smtp:domainname.com
>>>
>>> (and in sendmail.cf)
>>> DMdomainname.com
>>> CMY.domainname.com
>>> CMlocaldomain
>>>
>>> And still, no difference.
>>>
>>> Here's an odd bit, doubt it's related but maybe...
>>> In looking at /var/log/maillog on the local "hidden" server ("Y") after
>>> trying, I found this entry:
>>>
>>> Apr 26 16:12:23 fileserve sendmail[32213]: k3QLCJAj032211:
>>> to=<news@celticbear.com>, ctladdr=<liam@Y.domainname.com> (500/500),
>>> delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120374,
>>> relay=celticbear.com. [69.93.188.250], dsn=5.1.1, stat=User unknown
>>> Apr 26 16:12:23 fileserve sendmail[32213]: k3QLCJAj032211:
>>> k3QLCNAj032213: DSN: User unknown
>> Did you reboot after the change? Set the new value with "hostname -s" if
>> not?
>>
>
> Odd. I:
> [root@webserve mail]# hostname -s
> hostname: Unknown host
> When I made the hostname changes I just restarted the service: network.
> Thought that'd be enough. Guess not.
> I reboot the machine, and now all the logs refer to itself as
> "webserve" instead of "fileserve". So, guess that's fine now. =) Thanks
> for the advice!
> But I still get "hostname: Unknown host" when I hostname -s.

hostname (no option) tells you the hostname, hostname -s followed by the
new hostname sets it.
>
>> I would just have forwarded the mail to the open host by setting the
>> smartmailer field in sendmail.mc and building sendmail.cf. The open host
>> will probably accept the mail. I don't think the name change was needed
>> if you just send all the non-local mail for remailing.
>
> Well, on the local machine I made sure to add the following to the MC:
> define(`SMART_HOST',`smtp.domainname.com')dnl
> MASQUERADE_AS(`domainname.com')dnl
>
> and rebuilt sendmail.cf
>
> On the remote server I have in:
> /etc/mail/access
> Y.domainname.com RELAY
> local-IP-address RELAY
>
> and /etc/mail/relay-domains
> Y.domainname.com
> local-IP-address
>
> All that sounds like it should be enough... in fact! on the local
> server in /var/log/maillog I don't get the errors anymore, I get:
>
> Apr 27 15:41:51 webserve sendmail[2427]: k3RKfpWa002427: from=liam,
> size=53, class=0, nrcpts=1,
> msgid=<200604272041.k3RKfpWa002427@webserve.domain name.com>,
> relay=liam@localhost
> Apr 27 15:41:51 webserve sendmail[2428]: k3RKfpRB002428:
> from=<liam@webserve.domainname.com>, size=383, class=0, nrcpts=1,
> msgid=<200604272041.k3RKfpWa002427@webserve.domain name.com>,
> proto=ESMTP, daemon=MTA, relay=localhost [127.0.0.1]
> Apr 27 15:41:51 webserve sendmail[2427]: k3RKfpWa002427:
> to=news@celticbear.com, ctladdr=liam (500/500), delay=00:00:00,
> xdelay=00:00:00, mailer=relay, pri=30053, relay=[127.0.0.1]
> [127.0.0.1], dsn=2.0.0, stat=Sent (k3RKfpRB002428 Message accepted for
> delivery)
> Apr 27 15:41:52 webserve sendmail[2430]: k3RKfpRB002428:
> to=<news@celticbear.com>, ctladdr=<liam@webserve.domainname.com>
> (500/500), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120383,
> relay=smtp.domainname.com [72.3.xx.xx], dsn=2.0.0, stat=Sent
> (k3RKfjXk013713 Message accepted for delivery)
>
> Which seems OK, until I get the email back saying:
>
> The original message was received at Thu, 27 Apr 2006 15:41:46 -0500
> from webserve [64.19.xx.xx]
>
> ----- The following addresses had permanent fatal errors -----
> <news@celticbear.com>
> (reason: 550-Verification failed for
> <liam@webserve.domainname.com>)
>
> ----- Transcript of session follows -----
> ... while talking to celticbear.com.:
>>>>>>> DATA
> <<< 550-Verification failed for <liam@webserve.domainname.com>
> <<< 550-unrouteable mail domain "webserve.domainname.com"
> <<< 550 Sender verify failed
> 550 5.1.1 <news@celticbear.com>... User unknown
> <<< 503 valid RCPT command must precede DATA
>
>
> *sigh*
> Well, I appreciate the feedback and assistance. =)

Add an MX record for webserve.domainname.com pointing to the smart host.

--
bill davidsen
SBC/Prodigy Yorktown Heights NY data center
http://newsgroups.news.prodigy.com