Hello,
Our mail server is having a problem with the SMTP Relay. The issue is that it will not actually stop or get aborted, but it will stop working and when that happens mail does not get sent from external email to our mail boxes - internally works fine.
I have nagios setup to monitor services and the report for SMTP is:CRITICAL - Socket timeout after 10 seconds when the issue occurs.
This is a major issue because if I am not at work and do not see this then mail will not get delivered for hours on end.
I would like to find out how to
A. Resolve the problem or B. not use the smtp relay and just use sendmail.
Right now in sendmail.cf we have:
O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTA
O DaemonPortOptions=Port=smtps, Addr=127.0.0.1, Name=TLSMTA, M=s
If I take out the 127.0.0.1 part then mail will work w/out smtp relay, however when sending from webmail it goes to the drafts.
Either way would like some suggestions on what I could do to solve the issue.
Thanks!
SMTP Relay problem
Moderators: ScalixSupport, admin
-
Valerion
- Scalix Star
- Posts: 2730
- Joined: Thu Feb 26, 2004 7:40 am
- Location: Johannesburg, South Africa
- Contact:
Make sure SUBMIT=ON is in your SMTPD.CFG. Add SMTP=OFF just above that. Ensure that in the [SUMBIT] section the server is listening on port 587. Restart the SMTP gateway and check that it is only listening on 587 now.
Then in swa.properties add :587 to the SMTP server directive and restart and retest SWA
Then in swa.properties add :587 to the SMTP server directive and restart and retest SWA
-
techsharp
- Posts: 436
- Joined: Tue Jan 16, 2007 9:01 pm
-
Valerion
- Scalix Star
- Posts: 2730
- Joined: Thu Feb 26, 2004 7:40 am
- Location: Johannesburg, South Africa
- Contact:
-
techsharp
- Posts: 436
- Joined: Tue Jan 16, 2007 9:01 pm
Valerion -
OK right now we use stunnel so our config might be a little different - I know on 11.3 we wont have to worry about it - but here are the config changes I made - it looks like this now:
smtp.cfg
# Uncomment the following lines to enable the Submission and LMTP listeners
SMTP=OFF
SUBMIT=ON
#LMTP=ON
# The following group sets the configuration for the submission listener
# This listener is only active if SUBMIT=ON is above
# By default it binds to port 587
[SUBMIT]
LISTEN=localhost:587
# Reject all anonymous connections
ANONYMOUS Log_Reject ALL
swa.properties
swa.email.smtpServer=localhost.localdomain:587
lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sendmail 20572 root 4u IPv4 534165 TCP *:smtp (LISTEN)
lsof -i :587
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
omsmtpd 24873 root 4u IPv4 562370 TCP localhost.localdomain:submission (LISTEN)
I sent from webmail and Outlook no problems -
to be able to send from webmail I will need to keep the SMTP relay on correct?
Also does this look OK? I would assume the localhost is because we use stunnel - I changed in the swa.properties the localhost.localdomain part from mars.blueslate.net - when it had mars it did not work.
Thanks
OK right now we use stunnel so our config might be a little different - I know on 11.3 we wont have to worry about it - but here are the config changes I made - it looks like this now:
smtp.cfg
# Uncomment the following lines to enable the Submission and LMTP listeners
SMTP=OFF
SUBMIT=ON
#LMTP=ON
# The following group sets the configuration for the submission listener
# This listener is only active if SUBMIT=ON is above
# By default it binds to port 587
[SUBMIT]
LISTEN=localhost:587
# Reject all anonymous connections
ANONYMOUS Log_Reject ALL
swa.properties
swa.email.smtpServer=localhost.localdomain:587
lsof -i :25
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
sendmail 20572 root 4u IPv4 534165 TCP *:smtp (LISTEN)
lsof -i :587
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
omsmtpd 24873 root 4u IPv4 562370 TCP localhost.localdomain:submission (LISTEN)
I sent from webmail and Outlook no problems -
to be able to send from webmail I will need to keep the SMTP relay on correct?
Also does this look OK? I would assume the localhost is because we use stunnel - I changed in the swa.properties the localhost.localdomain part from mars.blueslate.net - when it had mars it did not work.
Thanks
-
techsharp
- Posts: 436
- Joined: Tue Jan 16, 2007 9:01 pm
OK
I made the changes on the production box and now getting in the maillog:
mars.blueslate.net [17x.4.x.x] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Mail looks to be coming in and out, but think it could be rejecting some messages - why does this now show up?
Mail access file:
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:mars.blueslate.net RELAY
Any suggestions on what I need to change to fix that?
I made the changes on the production box and now getting in the maillog:
mars.blueslate.net [17x.4.x.x] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Mail looks to be coming in and out, but think it could be rejecting some messages - why does this now show up?
Mail access file:
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:mars.blueslate.net RELAY
Any suggestions on what I need to change to fix that?
Last edited by techsharp on Sat Jan 12, 2008 3:22 am, edited 1 time in total.
-
techsharp
- Posts: 436
- Joined: Tue Jan 16, 2007 9:01 pm
-
satei
-
Valerion
- Scalix Star
- Posts: 2730
- Joined: Thu Feb 26, 2004 7:40 am
- Location: Johannesburg, South Africa
- Contact:
Lots of questions 
You can change the LISTEN= in [SUMBIT] to add listening to eth0 (separate by ,). That way you can have the submission listener authenticating outside POP3/IMAP sessions as well as SWA. I use that when my travelling employees want to send via GPRS/3G and doesn't always know which SMTP server they can send to. Also, since there is no relaying configuration, so only authenticated users can use it.
The "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" happens if someone violates the ESMTP protocol. sendmail is VERY strict about this and will log it, though not necessarily reject. I get this when someone telnets to port 25 without completing a transaction (my nagios does this a lot as it just checks if sendmail is listening).
DaemonPortOptions should not list localhost if you want it to listen on all addresses (as in this case). If an Addr is present, it bind only to the selected address(es), otherwise it will bind to *.
You can change the LISTEN= in [SUMBIT] to add listening to eth0 (separate by ,). That way you can have the submission listener authenticating outside POP3/IMAP sessions as well as SWA. I use that when my travelling employees want to send via GPRS/3G and doesn't always know which SMTP server they can send to. Also, since there is no relaying configuration, so only authenticated users can use it.
The "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA" happens if someone violates the ESMTP protocol. sendmail is VERY strict about this and will log it, though not necessarily reject. I get this when someone telnets to port 25 without completing a transaction (my nagios does this a lot as it just checks if sendmail is listening).
DaemonPortOptions should not list localhost if you want it to listen on all addresses (as in this case). If an Addr is present, it bind only to the selected address(es), otherwise it will bind to *.
-
techsharp
- Posts: 436
- Joined: Tue Jan 16, 2007 9:01 pm
Valerion-
Thank you.
OK right now my sendmail.cf file is setup as:
O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTA
O DaemonPortOptions=Port=smtps, Addr=127.0.0.1, Name=TLSMTA, M=s
And my smtp.cfg is:
SMTPFILTER=TRUE
RELAY accept 127.0.0.1
RELAY accept .blueslate.net
RELAY accept 172.20.2.11
RELAY Log_Reject ALL
# extra rules added to prevent open relay usage
RECIPIENT Log_Reject *@*@*
RECIPIENT Log_Reject *%*
RECIPIENT Log_Reject *!*
RECIPIENT Log_Reject *#*@*
# Uncomment the following lines to enable the Submission and LMTP listeners
#SUBMIT=ON
#LMTP=ON
# The following group sets the configuration for the submission listener
# This listener is only active if SUBMIT=ON is above
# By default it binds to port 587
[SUBMIT]
#LISTEN=localhost:587
# Reject all anonymous connections
ANONYMOUS Log_Reject ALL
# The following group sets the configuration for the lmtp listener
# This listener is only active if LMTP=ON is above
[LMTP]
LISTEN=localhost:24
# Use the following line to listen on a unix domain socket
#LISTEN=~/tmp/lmtp.unix
Now of course this is before the changes you have said to make. Now if I go and make the sendmail.cf file w/ no localhost and make the changes to the smtp.cfg and webmail file I get the "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA".
If I look now at the maillog now it reads this:
Jan 14 08:45:33 mars sendmail[30775]: m0EDj8Qb030775: to=<user@blueslate.net>, delay=00:00:25, xdelay=00:00:10, mailer=relay, pri=32845, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0EDjNDY030799 Message accepted for delivery)
As we can see relay is 127.0.0.1 which is fine because it is in the sendmail.cf file.
When I change it how come it gives me the did not issue error?
My access file states:
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:mars.blueslate.net RELAY
Mars.blueslate.net is in there. - So the only hurdle now is to get by that error message - I mean it was happening literally every 5 seconds - so which file do I need to change so sendmail can see this is as OK?
Sorry for the long post - and thanks once again!
Thank you.
OK right now my sendmail.cf file is setup as:
O DaemonPortOptions=Port=smtp, Addr=127.0.0.1, Name=MTA
O DaemonPortOptions=Port=smtps, Addr=127.0.0.1, Name=TLSMTA, M=s
And my smtp.cfg is:
SMTPFILTER=TRUE
RELAY accept 127.0.0.1
RELAY accept .blueslate.net
RELAY accept 172.20.2.11
RELAY Log_Reject ALL
# extra rules added to prevent open relay usage
RECIPIENT Log_Reject *@*@*
RECIPIENT Log_Reject *%*
RECIPIENT Log_Reject *!*
RECIPIENT Log_Reject *#*@*
# Uncomment the following lines to enable the Submission and LMTP listeners
#SUBMIT=ON
#LMTP=ON
# The following group sets the configuration for the submission listener
# This listener is only active if SUBMIT=ON is above
# By default it binds to port 587
[SUBMIT]
#LISTEN=localhost:587
# Reject all anonymous connections
ANONYMOUS Log_Reject ALL
# The following group sets the configuration for the lmtp listener
# This listener is only active if LMTP=ON is above
[LMTP]
LISTEN=localhost:24
# Use the following line to listen on a unix domain socket
#LISTEN=~/tmp/lmtp.unix
Now of course this is before the changes you have said to make. Now if I go and make the sendmail.cf file w/ no localhost and make the changes to the smtp.cfg and webmail file I get the "did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA".
If I look now at the maillog now it reads this:
Jan 14 08:45:33 mars sendmail[30775]: m0EDj8Qb030775: to=<user@blueslate.net>, delay=00:00:25, xdelay=00:00:10, mailer=relay, pri=32845, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (m0EDjNDY030799 Message accepted for delivery)
As we can see relay is 127.0.0.1 which is fine because it is in the sendmail.cf file.
When I change it how come it gives me the did not issue error?
My access file states:
Connect:localhost.localdomain RELAY
Connect:localhost RELAY
Connect:127.0.0.1 RELAY
Connect:mars.blueslate.net RELAY
Mars.blueslate.net is in there. - So the only hurdle now is to get by that error message - I mean it was happening literally every 5 seconds - so which file do I need to change so sendmail can see this is as OK?
Sorry for the long post - and thanks once again!
-
Valerion
- Scalix Star
- Posts: 2730
- Joined: Thu Feb 26, 2004 7:40 am
- Location: Johannesburg, South Africa
- Contact:
With the setup you have now, Scalix's SMTP Relay is listening on port 25 and sendmail is only listening on localhost, so any connection attempts will go to Scalix, not sendmail, and Scalix does not log this AFAIK.
To get rid of the message you will have to find out which process does the connection and kill it. Maybe do a packet dump, combined with a regular lsof to see which process it is? Not sure how else to trace it. Could it be that machine runs some kind of automated mailer that is misbehaving?
To get rid of the message you will have to find out which process does the connection and kill it. Maybe do a packet dump, combined with a regular lsof to see which process it is? Not sure how else to trace it. Could it be that machine runs some kind of automated mailer that is misbehaving?
-
techsharp
- Posts: 436
- Joined: Tue Jan 16, 2007 9:01 pm
Valerion-
Right- when I make the change though - sendmail only listens on 25 and then smtp relay is listens on 587.
Mail comes in and out, but that message comes up every 5 seconds-if I can get rid of then I am good to go.
Machine runs nagios - but that works fine and do not see the message until I make the change - I could try it and shut nagios off to see if that is the problem - other then that nothing else runs on it.
Right- when I make the change though - sendmail only listens on 25 and then smtp relay is listens on 587.
Mail comes in and out, but that message comes up every 5 seconds-if I can get rid of then I am good to go.
Machine runs nagios - but that works fine and do not see the message until I make the change - I could try it and shut nagios off to see if that is the problem - other then that nothing else runs on it.
Who is online
Users browsing this forum: No registered users and 2 guests