#1
  1. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049

    Ip address may be forged


    So I have a server that I hardly ever use other than for hosting websites for personal/developmental purposes. For this reason, I never really needed the mail server working at 100%. (Although, this server used to work fine in the past before it was updated to latest Sendmail version). I'm running Fedora Core, and my problem is that I can almost get my server to send email. I have about 15 domains here.

    Yesterday is when I noticed the problem. (I have 2 people that want me to host their site because they don't want to pay the yearly price they normally would... and they are family, so I didn't want to say no). Anyways, here's I noticed as of yesterday:
    I could not send from within any of the domains, using mail.domain.com. I kept receiving the error message IP address may be resolved.
    I was able to send via Webmail (Squirrelmail) no problem, and I could send if I changed the SMTP server to smarthost provided from my ISP.

    I eventually figured this problem out... Had to make sure all the domains were listed properly in:
    /etc/hosts

    All of the domains were correctly listed in
    /etc/mail/local-host-names

    When I added them to /etc/hosts, it seemed to work. Until I tried adding the accounts on my phone. Then I noticed the same IP forged error within /var/log/maillog.

    Now I'm lost as to what to try as everything seems to fail:
    - Within Sendmail conf, I have changed the Smarthost line to my ISP's smarthost
    - I have, within the Sendmail conf, explicitly named the IP address needed
    - I have added the domains to access and hosts.allow files
    - I have added the domains to the Outgoing list
    - I have 1 of the domains set with an SPF record (I only set up 1 so that I could test with and without an SPF to see if either way will work)

    I'm currently in the process of setting up Authentication to see if that works, but figured I'd ask here to see if anyone has any additional ideas I can try.

    Thanks for any input and if you need further info, just let me know.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    Hi Hiker, did you have any luck figuring this out? I'm curious as to what the culprit was.
  4. #3
  5. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Not yet. I've just informed them to use Webmail for now and let them know that if they want a reliable host, that they should actually host it elsewhere. So at that point, I'll work on it more. Don't want to keep taking it down over and over while trying to figure this out until I'm not actually hosting their mail.

    That's one of the reasons I posted... was hoping someone could tell me the culprit so I could make a quick change or two and have it working as it should.

    But I will let you know if I do come across the answer. I've seen many posts like this on various forums and searches, but nothing seems to fix the problem except the possibility of setting up AUTH. Which, because of my install, would require me to disable my current install and reinstall from a tarball.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    What was the error message again? Almost sounds like a dns issue or an authentication issue since you have to use a smart host.
    Last edited by seack79; October 2nd, 2011 at 04:42 PM.
  8. #5
  9. No Profile Picture
    Grumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,443
    Rep Power
    4539
    Why do you need to edit /etc/hosts on the mail server? For email to work from anywhere outside your LAN DNS pretty much needs to work for your mail domain, and you shouldn't need to mess with the hosts file. External mail clients need to properly resolve your domain MX to your server external IP, and you need to have SMTP open through any firewalls (and your isp).

    You also need a reverse DNS ptr set up, which you can't do through a hosts filee, and it wouldn't make any difference, it's the receiving server that does the reverse IP lookup.
    ======
    Doug G
    ======
    Bartender to Rene Descartes "have another beer?" Descartes: "I think not" and he vanished.
    --Alfred Bester
  10. #6
  11. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Originally Posted by Doug G
    Why do you need to edit /etc/hosts on the mail server? For email to work from anywhere outside your LAN DNS pretty much needs to work for your mail domain, and you shouldn't need to mess with the hosts file.
    Without the domains listed in /etc/hosts, I wasn't even able to send from one of my domains to another one of mine.

    External mail clients need to properly resolve your domain MX to your server external IP, and you need to have SMTP open through any firewalls (and your isp).
    The SMTP port is open through firewalls and ISP. I have been able to send in the past as well using this same server, but with an older version of Sendmail. Sendmail, by default now, has changed the way relaying is allowed/denied which, according to various searches, seems to be the problem for the forging error message. Although, I can't find an exact solution online...

    You also need a reverse DNS ptr set up, which you can't do through a hosts filee, and it wouldn't make any difference, it's the receiving server that does the reverse IP lookup.
    Reverse DNS is already set up at the ISP. When I do a lookup, my IP properly shows my domain name.

    Thanks for the reply.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    Not being able to send mail from one domain to another sounds like a dns issue; is your server providing dns services?
  14. #8
  15. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Originally Posted by seack79
    Not being able to send mail from one domain to another sounds like a dns issue; is your server providing dns services?
    Yes. I have a DNS server running as well.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    If you run nslookup on the server for the domain names what do you get?
  18. #10
  19. They're coming to take me away

    Join Date
    Jan 2005
    Location
    Florida
    Posts
    5,105
    Rep Power
    5049
    Originally Posted by seack79
    If you run nslookup on the server for the domain names what do you get?
    I receive a Non-authoritative answer of the external IP address for each of the domains on the server.
    "I don't need to get a life. I'm a gamer. I have lots of lives!"
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    May 2004
    Location
    surfing the interwebz
    Posts
    2,410
    Rep Power
    2005
    If you run nslookup on the server for the domain names what do you get?

IMN logo majestic logo threadwatch logo seochat tools logo