mail to unknown local recipient gets too many hops

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

les
Scalix Star
Scalix Star
Posts: 819
Joined: Thu Feb 23, 2006 10:18 am
Location: Sydney, Australia

mail to unknown local recipient gets too many hops

Postby les » Mon Apr 30, 2007 12:01 pm

Hi All,

an interesting problem i just found while trying to replicate another. It happens on multiple scalix installations, feodra or redhat/centos.

scalix version: 11.0.3
my server: mail.mydomain.com 192.168.1.254
my domain: mydomain.com
a valid user: les@mydomain.com
a non-existent user: nobody@mydomain.com

All my scalix installations are fairly much bog standard out of the box, especially related to this particular problem.
smtpfilter=true is setup and spamass-milter is in use as per normal setup instructions. Thus all mail, internal and external gets kicked through the milter.

Ok, here's what happens

Using outlook connector, or telnet to port 25 of the scalix server i send an email from les@mydomain.com to nobody@mydomain.com
i would expect a user unknown to come back.
Scalix accepts the mail, determines there is no user and forwards it to my upstream isp's smtp server, which is sendmail's configured smart host. In turn the isp smtp server ships it back to our server. It then proceeds to loop around until we get too many hops and sendmail panics.
i get nothing back to say the mail message never made it. Postmaster gets a rejection message of too many hops, although your lucky if you get that, when sendmail panics it cant deliver the message, even to postmaster and it simply leaves it behind in the mail queue, renamed. But thats another issue.

Back to the problem at hand....I should immediately get a rejection of user unknown, but the message loops and leaves the server for sendmail's smart host.

Its got to be something with the milter setup or the smtpd cfg but im not sure. I'm really starting to dislike the spamass-milter setup as it cannot be configured to only scan inbound mail.

p.s. i also used my external yahoo account to send an email to nobody@mydomain.com. Watching the logs it too also looped until too many hops but i never got anything back to the yahoo account. I should have got a user doesn't exist.

my smtpd.cfg

# Filter via SpamAssassin

SMTPFILTER=TRUE

# NB Authenticated RELAYs are always allowed
RELAY accept 127.0.0.1
RELAY accept 192.168.1.0/24
RELAY accept .mydomain.com
RELAY Log_Reject ALL

# extra rules added to prevent open relay usage
RECIPIENT Log_Reject *@*@*
RECIPIENT Log_Reject *%*
RECIPIENT Log_Reject *!*
RECIPIENT Log_Reject *#*@*


Can anyone shed some light on why this is happening?

why also when i telnet to my scalix smtp port, do i NOT get a user unknown when i type in the following at the "rcpt to" reply?...

[root@mail ~]# telnet 192.168.1.254 25
Trying 192.168.1.254...
Connected to mail.mydomain.com (192.168.1.254).
Escape character is '^]'.
220 mail.mydomain.com ESMTP Scalix SMTP Relay 11.0.3.10719; Tue, 01 May 2007 01:34:21 +1000 (EST)
ehlo me
250-mail.mydomain.com Hello mail.mydomain.com [192.168.1.254], pleased to meet you
250-AUTH LOGIN GSSAPI DIGEST-MD5 CRAM-MD5 PLAIN
250-AUTH=LOGIN
250-DSN
250 8BITMIME
mail from: <les@mydomain.com>
250 john@mydomain.com... Sender ok
rcpt to: <nobody@mydomain.com>
250 Ok
quit
221 mail.mydomain.com closing connection
Connection closed by foreign host.
You have new mail in /var/spool/mail/root
[root@mail ~]#

TIA
Regards,

Les Stott

les
Scalix Star
Scalix Star
Posts: 819
Joined: Thu Feb 23, 2006 10:18 am
Location: Sydney, Australia

Postby les » Mon Apr 30, 2007 12:06 pm

sorry...news just in....

i did eventually get rejection emails (almost an hour later!) to my internal account but they were for the "too many hops" errors they should have originally been for an invalid user.

Its almost like, in this setup, scalix is not rejecting unknown users and its handing off to the milter.
Sendmail must know its not a valid internal scalix user as it forwards it via the smart host. If it were a valid user it would hand it back to scalix.....
Regards,

Les Stott

les
Scalix Star
Scalix Star
Posts: 819
Joined: Thu Feb 23, 2006 10:18 am
Location: Sydney, Australia

SOLVED!!

Postby les » Mon Apr 30, 2007 1:36 pm

I have found a resolution to my problem.

in order for sendmail to properly reject unknown internal users you will need your domain added to the /etc/mail/local-host-names

restart sendmail afterwards.

Although i've never heard or seen that mentioned in installation guides (correct me if i'm wrong).

I think that should be part of the installation package, or at the very least listed in release notes.....

Scalix Techs....I 'll raise a bug for this if you think its appropriate.
Regards,

Les Stott

les
Scalix Star
Scalix Star
Posts: 819
Joined: Thu Feb 23, 2006 10:18 am
Location: Sydney, Australia

Re: SOLVED!!

Postby les » Tue May 01, 2007 10:43 am

les wrote:
Scalix Techs....I 'll raise a bug for this if you think its appropriate.


i have raised the following bug....

http://bugzilla.scalix.com/show_bug.cgi?id=15285
Regards,

Les Stott

jeffs
Posts: 30
Joined: Thu Mar 08, 2007 5:37 pm
Location: Cincinnati, OH

Postby jeffs » Tue May 01, 2007 10:58 am

Les -

Just a guess at this point but it may be related to switching from ommapsmtp (version 10 and prior) to ldapmapper (version 11). Looks like Sendmail is now responsible in some fashion for mail routing for all mail messages, not just external ones.

A side effect of that is that if (when) ldapmapper dies it causes internal mail to stack up in Sendmail too.

I thought I saw this issue with local-host-names brought up in the forums but not in the official documentation. I'll have another look though.

Jeff


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 1 guest

cron