Ken Smith via GLLUG <gllug@mailman.lug.org.uk> writes: > Marco van Beek via GLLUG wrote: >> >> >> On 10/10/2022 22:54, Ken Smith via GLLUG wrote: >>> >>> I'm trying to sort out a Rocky 8.5 server that has sendmail >>> installed. (Please don't go on a diversion about how I should tell >>> the owner to dump sendmail and switch to exim or postfix - save that >>> for another thread please. ) >>> >>> I'm pretty good with sendmail but this problem has me a bit foxed. >>> I'd value some suggestions of where to look as I think I'm not seeing >>> the wood for the trees. >>> >>> It will send from addresses in the local network, without auth, >>> because I have "connect:192.168.123 relay" in the access file - >>> that being the local LAN. >>> >>> I've tested sasl auth and that is authenticating. >>> >>> Using telnet from an IP off their LAN (over a VPN) I can connect >>> using TLS (openssl s_client etc etc) and authenticate (perl >>> -MMIME::Base64 etc etc) it accepts my credentials and then if I try >>> to send a message I get "Relaying denied. IP name lookup failed [my >>> local ip]" The same happens with a test using Thunderbird. >>> >>> If I do the same test from the host that sendmail is on, it works fine. >>> >>> Also if I do the same test from another host on the same LAN it works >>> fine. >>> >>> Somehow its complaining about the source IP in authenticated sessions >>> outside the LAN range. >>> >>> In the test from my local LAN (172.16.0.x), over a VPN, the remote >>> dns can't resolve the reverse dns of my LAN. I've done a similar test >>> with another sendmail site and remote auth is working fine. >>> >>> Maybe sendmail is doing reverse DNS when it shouldn't be. >>> >>> Suggestions most welcome.... >>> >>> Thanks >>> >>> Ken >>> >>> >>> >>> >> Hi, >> >> It might be the difference between a missing entry in a zone file, and >> a missing zone file. Maybe it is the lookup mechanism that fails, >> rather than it checking the IP address itself. It might be another >> rule set that is trying to do a reverse lookup (eg hostname), and it >> barfs out at that point. >> >> Maybe increase the logging verbosity and check the logs again? >> >> Cheers, >> >> Marco > > Thank you - Not sure where my error was but, probably a typo on my > part. I reconfigured it from the ground up using the template config > files I've kept from other setups and its working fine now. Didn't touch > any thing to do with DNS or /etc/hosts. > > All fixed. Yay :-) Ken
Hi, I'd recommend installing etckeeper, which stores your /etc in git, and will then allow you to do stuff like: cd /etc git diff '@{last week}' and immediately see what's different from when the thing in question was working/broken. Cheers, Phil. -- |)| Philip Hands [+44 (0)20 8530 9560] HANDS.COM Ltd. |-| http://www.hands.com/ http://ftp.uk.debian.org/ |(| Hugo-Klemm-Strasse 34, 21075 Hamburg, GERMANY
signature.asc
Description: PGP signature
-- GLLUG mailing list GLLUG@mailman.lug.org.uk https://mailman.lug.org.uk/mailman/listinfo/gllug