Cannot send external mail

[colint]

Hi,

It appears that I can only send internal mail back and forth between users in the system. If I attempt to send and external mail say to someone@yahoo.ca I get this simple error in the webmail client:

Unable to send mail to someone@yahoo.ca

There are no errors, or anything, in the maillog or messages log. The firewall is disabled and I am using a Redhat Enterprise 3, Scalix 10.

Colin

[cjwilber]

Hi,

It appears that I can only send internal mail back and forth between users in the system. If I attempt to send and external mail say to someone@yahoo.ca I get this simple error in the webmail client:

Unable to send mail to someone@yahoo.ca

There are no errors, or anything, in the maillog or messages log. The firewall is disabled and I am using a Redhat Enterprise 3, Scalix 10.

Colin

Just a thought, but is this because Yahoo is rejecting from a DUL?
If so, you need to use your ISP as a smarthost. I can't remember the exact details off top of my head, but I think it is in /etc/sendmail.cf and need to set DSsmarthost where smarthost is the name of your ISP smtp server.
Apologies if this is completely off the mark.

[colint]

I am just using @yahoo as one example. All mail domains not specifically defined in the users I have created do not work.

[ScalixSupport]

Colin,

Although this may sound tedious - these checks are worth looking at

Verify sendmail is installed...

[root@dsx1 /]# rpm -qa | grep sendmail
sendmail-8.12.11-4.RHEL3.1
sendmail-cf-8.12.11-4.RHEL3.1

Can you resolve the mail exchange records?

[root@dsx1 /]# host -a -t mx yahoo.ca
Trying "yahoo.ca"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24955
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;yahoo.ca. IN MX

;; ANSWER SECTION:
yahoo.ca. 3361 IN MX 1 mx1.mail.yahoo.com.
yahoo.ca. 3361 IN MX 1 mx3.mail.yahoo.com.
yahoo.ca. 3361 IN MX 1 mx2.mail.yahoo.com.
yahoo.ca. 3361 IN MX 5 mx4.mail.yahoo.com.

Received 120 bytes from 10.17.64.3#53 in 10 ms

If you do need to add the smarthost value...

1. Set the DS macro in the sendmail.cf file on the Scalix Server. Change the file from:

# "Smart" relay host (may be null)

DS

to something like...

# "Smart" relay host (may be null)

DSoutboundserver.domain.com

where outboundserver.domain.com is the name of your perimter MTA server or Smart Host.

2. Stop (omshut) and Start Scalix (omrc) after the change.
What about queuing messages?

Is Scalix even handing it to sendmail? If Scalix fails to deliver to sendmail - you should see messages in /var/spool/clientmqueue

If Scalix is handing it to sendmail and sendmail is failing to deliver, then you should see messages in /var/spool/mqueue.

Last question - when you actually hit "send" from within the email clients, what exactly do you see (normal behaviour or do you get a pop-up).

Karl

[colint]

Hi,

Here are the various questions answered:

_________________________________
rpm -qa | grep sendmail

sendmail-devel-8.12.11-4.RHEL3.1
sendmail-cf-8.12.11-4.RHEL3.1
sendmail-8.12.11-4.RHEL3.1

Note: Sendmail was actually stopped for whatever reason so I restarted it.
__________________________________

[root@edgewatercomputersystems root]# host -a -t mx yahoo.ca
Trying "yahoo.ca"
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40423
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 5, ADDITIONAL: 4

;; QUESTION SECTION:
;yahoo.ca. IN MX

;; ANSWER SECTION:
yahoo.ca. 4351 IN MX 1 mx3.mail.yahoo.com.
yahoo.ca. 4351 IN MX 5 mx4.mail.yahoo.com.
yahoo.ca. 4351 IN MX 1 mx1.mail.yahoo.com.
yahoo.ca. 4351 IN MX 1 mx2.mail.yahoo.com.

;; AUTHORITY SECTION:
yahoo.ca. 85322 IN NS ns1.yahoo.com.
yahoo.ca. 85322 IN NS ns2.yahoo.com.
yahoo.ca. 85322 IN NS ns3.yahoo.com.
yahoo.ca. 85322 IN NS ns5.yahoo.com.
yahoo.ca. 85322 IN NS ns7.yahoo.com.

;; ADDITIONAL SECTION:
ns1.yahoo.com. 4267 IN A 66.218.71.63
ns2.yahoo.com. 4267 IN A 66.163.169.170
ns3.yahoo.com. 4267 IN A 217.12.4.104
ns5.yahoo.com. 4267 IN A 216.109.116.17
_______________________________________________________

I even tried to telnet from the machine with Scalix on it and that worked fine.

[root@edgewatercomputersystems spool]# telnet mail.edgewater.ca 25
Trying 192.168.0.XX...
Connected to mail.edgewater.ca (192.168.0.XX).
Escape character is '^]'.
220 mail.edgewater.ca ESMTP
MAIL FROM: colint@edgewater.ca
250 ok
RCPT TO: colint@edgewater.ca
250 ok
DATA
354 go ahead
Subject: Test
test
.
250 ok 1140706940 qp 7796
QUIT
221 mail.edgewater.ca
Connection closed by foreign host.


Mail was received through edgewater.ca mail server.
__________________________________________________________

I do not see the failed mail attempts in /var/spool/clientqueue or mqueue.

When I hit send to and user setup within the Scalix system it sends it right away. If I send it to anyone not configured within the system, even on the same domain, I get a popup error right away.

Another note I can even go into the Admin console and change my user email to @yahoo.ca and it will send the mail again within the scalix system to the email address I have listed but it will not go out externally.


Colin

[ScalixSupport]

Please add the IP address of your SWA server to the Relay accept lines of /var/opt/scalix/sys/smtpd.cfg and restart the SMTP Relay.

Cheers

Dave

[colint]

Ok, just so I could start off fresh I unistalled everything and then reinstalled. Everything is back to the way it was before. So I went in and edited the /var/opt/scalix/sys/smtpd.cfg and it looks like this now:

RELAY accept 127.0.0.1
RELAY accept .ecs
RELAY Log_Reject ALL
RELAY accept 192.168.0.32

192.168.0.32 is the internal ip of our main mail server not the scalix server.

I then logged in as a user to webmail and sent a mail to someone@yahoo.ca and it said unable to send mail to someone@yahoo.ca. This popup appears the second I click send.

[ScalixSupport]

The RELAY rules work on a first match basis. Because the RELAY reject rule occurs before the new line you added, it is going to reject anything that doesn't match above.

Please swap those two lines around and try again.

Cheers

Dave

[colint]

Hi,

I changed it like so:

RELAY accept 192.168.0.32
RELAY accept 127.0.0.1
RELAY accept .ecs
RELAY Log_Reject ALL


Then restarted every scalix service from the admin console, logged back into webmail and got the same error.

Does something need to be set in /var/named (MX records) to point to the mail server? I thought that the scalix install might take care of that but I of course am unsure.

Colin

[ScalixSupport]

OK. So that indicates that the client IP address does not resolve back to a .ecs hostname.

I'm always concerned when people decide to open up their relay rules to a wider address range.

The simplest solution is to authenticate with the SMTP Relay as this allows relaying anywhere.

Cheers

Dave

[colint]

Sorry I am uncertian what you want me to do. Currently I will show you what I have set:

cat /etc/hosts

192.168.0.7 ecs.ca ecs
127.0.0.1 localhost.localdomain localhost
192.168.0.32 mail.edgewater.ca
192.168.0.32 edgewater.ca

hostname ecs
domainname ecs.ca

You say "The simplest solution is to authenticate with the SMTP Relay as this allows relaying anywhere. ". How would I do this?

Colin

[ScalixSupport]

From the look of the information you posted, the SMTP Relay configuration is incorrect.

The line:

Code: Select all

RELAY accept .ecs

Is expecting to match against serverA.ecs, serverB.ecs, serverC.subdomain.ecs. Your hosts file shows that your host name is actually in the .ca domain.

You need to look at the information at hand ( you don't need to post it again ):

• What is the IP address of your Scalix server ?
• What domain do the connecting clients come in from ? The big BUT is that if you use .ca in the RELAY accept line, everybody in the .ca line will be able to relay. If it's a handful of clients, you can just add their fqdn to a RELAY accept line. For that to work successfully, you must be able to do a reverse lookup on their IP addresses. If your DNS is not configured correctly then you will need to rely on adding the IP address to the SMTP Relay.
• If the connecting clients could be coming from anywhere, you need to configure authentication in the client. Use the same user name/password as their Scalix mailbox.

Cheers

Dave

[colint]

Ok great. So the way I fixed it was I changed ecs to edgewater.ca.

Mail is working!

Thankyou for your help.

I have one calendar issue that I will bring up in another post.