SUMMARY: Sendmail error "relaying denied"

From: Jeffrey C. Keyser (jkeyser@frycomm.com)
Date: Wed Sep 09 1998 - 07:51:07 CDT


> Original post:
>
> I just upgraded my mailhost to 8.9.1a on an Ultra5 (Solaris 2.6). I
> built /etc/mail/sendmail.cf file using the following .mc file and made
> no modifications to the resultant .cf:
>
> OSTYPE(solaris)
> MAILER(smtp)
> MAILER(local)
> LOCAL_CONFIG
> O MaxMimeHeaderLength=256/128
> MASQUERADE_AS(frycomm.com)
> FEATURE(masquerade_entire_domain)
>
> Using my new /etc/mail/sendmail.cf, I get "relaying denied" when
> attempting to send mail to my domain from outside of my domain. POP
> (Netscape Communicator 4.04) clients within my domain get relay errors,
> as well.
>
> I tried creating a /etc/mail/relay-domains file, but that didn't do the
> trick, even though I killed and restarted the the sendmail daemon.
>
> I spoke with the sys-admin at my ISP and he tells me that I don't need
> to specify any relay domains, even though they're passing my Email traffic
> to the world.
>
> I've been using ORA's sendmail (2nd ed.), Eric Allman's Installation
> and Operation Guide (op.ps) from the distribution and www.sendmail.org
> as my resources.
>
> sendmail was compiled to use both NDBM and NEWDB.
>

Thanks to all who replied:
   Doug Otto <otto@alldata.com>
   Sean Christopher Harding <sharding@cs.uoregon.edu>
   Aaron Lineberger <aaron@pinn.net>
   Charles Nguyen <ctn@umn.edu>
   Charlie Mengler <charliem@anchorchips.com>
   sasha e. <sage@3Sheep.COM>
   Greg Polanski <greg_polanski@adc.com>
   James Ford <jford@tusc.net>
   Julie Schenck <jschenck@unipress.com>
   Ed Baxter <Ed.Baxter@pii.com>
   Todd Herr <todd_herr@hermes.sra.com>
   Wade Stuart <wade.stuart@intranetsol.com>
   Auteria Wally Winzer Jr. <wally.winzer@ChampUSA.COM>
   Kun Li <likun@bjaimail.asiainfo.com>
   Claus Assmann <ca@informatik.uni-kiel.de>
   Tony C. Wu <tonywu@att.net.tw>

Working solutions came from:
   David Kinney <dkinney@gti.net>
   Deepak Sinha <sinha@ils.nwu.edu>
   Bismark Espinoza <bismark@alta.jpl.nasa.gov>
   Doug Hall <hall@med.ucalgary.ca>

Along with a very detailed technical response, David Kinney provided a
great deal of moral support, during this trying period. David went
beyond the call of duty, going so far as to provide me with copies of
his .mc (M4 script) and sendmail.cf files. The willingness to help one's
peers (for no personal gain), as evidenced by the volume of responses to
this question, makes me proud to associate myself with this group.

Thanks again to all who replied.

The short answer:
I needed an /etc/mail/access file.

The long answer:
I don't believe I could do David justice by trying to summarize his
response, so I've quoted it below.

***BEGIN QUOTE***
        I overcame the problem, although I'm not sure that my fix
        is the best/recommended/shortest way to do it.

        In my .mc file, I added:

define(`DATABASE_MAP_TYPE', `dbm') <------ Added for 'access' DB.
FEATURE(access_db)dnl <------ Added for 'access' DB.

        The reason I needed these lines was because by default, the
        generated .cf file would contain:

        Kaccess hash -o /etc/mail/access

        i.e. use "hash" as the DB type. Since Solaris 2.6 has the NDBM
        database stuff built in (see 'man dbm' for more info), I had to
        explicitly force the database type to "dbm". Don't ask why if
        the built-in stuff is referred to as NDBM, I have to define the
        database type as "dbm" here :-)

        With the 'define' line in place, the generated .cf file
contains:
 
        Kaccess dbm -o /etc/mail/access

        You also need to build the 'makemap' source that came with
        the 'sendmail' distribution.

        I then created a temporary file:

cat /BACKUP/tmp2/access
.MYDOMAIN.com ACCEPT
ANOTHER_DOMAIN1.com RELAY
ANOTHER_DOMAIN2.com RELAY

        and:

<root@mail3> makemap dbm /BACKUP/tmp2/access < /BACKUP/tmp2/access
<root@mail3> cp /BACKUP/tmp2/access.* /etc/mail

        Next, I did 'kill -15' on 'sendmail', then re-started it.

        The reason I put the original 'access' file in a temporary
        directory is that the current version of 'sendmail' is so
        picky about directory permissions, that I couldn't build
        the access database directly in '/etc/mail'. And I *certainly*
        didn't want to change all the permissions on '/etc' and
'/etc/mail'
        to make it happy. I have no idea what I might break. Thus,
        a temporary directory:

<root@mail3> ls -ld /BACKUP/tmp2
drwxr-xr-x 2 root other 512 Aug 10 11:11 /BACKUP/tmp2

        What bothers me about all this is that the doc at
'www.sendmail.org'
        and elsewhere implies that all I needed to do was build the
default
        'sendmail' config and that's it. Nowhere did it mention this
problem.

        Hope this helps,

                David Kinney dkinney@gti.net
                Sr. UNIX admin. Database America
***END QUOTE***

-- 
Jeffrey C. Keyser, CNE
Network Engineer              "Out the 10Base-T, past the firewall,
jkeyser@frycomm.com            through the router, down the T1...
717/766-0211 x458                       nothing but Net."
http://www.frycomm.com



This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:48 CDT