allowing sendmail to relay mail – a trouble shooting tip

allowing sendmail to relay mail

This article deals with allowing sendmail to accept mail for
specific domains, often referred to as relaying.  If you have installed sendmail
8.9.3 or later, it will automatically disable relaying.  In simple terms, mail relay
is a mechanism by which mail is transferred from host to host until it reaches its
ultimate destination.

I use langille.org as the example domain.  I’ve recently
registered this domain and I’m about to tell sendmail about it.

Note: More recent versions of FreeBSD put all sendmail configuration files in /etc/mail
not /etc.

Note: sendmail.cw has been renamed to local-host-names after sendmail
version 8.10.

Why disable relay

sendmail 8.9.3 comes with relay disabled to prevent abuse of your
mail server.  If relay were permitted, anyone could use your mail server to send out
mail.  Spammers love mail servers which don’t restrict relay.  If they find one,
they send all the mail they can through it.  Spammers do this because it uses someone
else’s resources and partially masks their identity.

By the way, spammers are people who
send out junk mail.

The basic reason you should disable relay is to first prevent the theft and abuse of
your mail server resources.

Why enable relay

You want to enable relay only for those domains from which you wish to
send mail and for those domain for which you wish to receive mail.  This doesn’t mean
that you have to specify each domain which can send you mail.  No, this is much
simpler than that.

I just added a new domain to my collection, langille.org.  At
present, my mail server does not accept incoming mail for that domain.  However, my
mail is registered as the mail host for that domain.  Here’s how to verify that:

# host langille.org
langille.org mail is handled (pri=5) by freebsddiary.yi.org

freebsddiary.yi.org is my box.  The first thing I did was create the domain in my DNS zone files.

Incoming mail – relaying denied

If someone tries to send mail to langille.org, it will arrive at my
server, but it will be refused.  Here is the bounced email message.  The exact
message will vary from ISP to ISP:

To:             	myotheraddress@anotherisp.co.nz
From:           	Mail Administrator <Postmaster@xtra.co.nz>
Send reply to:  	Mail Administrator <Postmaster@xtra.co.nz>
Subject:        	Mail System Error - Returned Mail
Date sent:      	Sat, 30 Oct 1999 11:10:42 +1300

This is a system generated message. Please DO NOT REPLY.

This Message was undeliverable due to the following reason:

Each of the following recipients was rejected by a remote mail 
server.  The reasons given by the server are included to help you 
determine why
each recipient was rejected.

    Recipient: <dan@langille.org>
    Reason:    <dan@langille.org>... Relaying denied

If you need any help to interpret the error, please forward this
message to:

- XTRA Help Desk xtrahelp@xtra.co.nz if you are an XTRA
Residential Customer.

- XTRA Business Help Desk business.support@xtra.co.nz if you are
an XTRA Business Customer.

For all others, please contact your local site administrator or
Help Desk.

Regards.
Telecom XTRA Messaging Team

Here are the corresponding messages in my mail log:

Oct 30 11:04:44 ducky sendmail[98224]: LAA98224: ruleset=check_rcpt,
     arg1=<dan@langille.org>, relay=mta1-rme.xtra.co.nz [203.96.92.1], reject=550
     <dan@langille.org>... Relaying denied
Oct 30 11:04:44 ducky sendmail[98224]: LAA98224: from=<junkmale@xtra.co.nz>, SIZE=938,
     class=0, pri=0, nrcpts=0, proto=ESMTP,
     relay=mta1-rme.xtra.co.nz [203.96.92.1]

[A

It is important to note that the above example represents mail being sent to
langille.org from an external domain.  It is incoming mail.

To allow sendmail to receive mail for langille.org, I added the following
entry to /etc/mail/sendmail.cw (after sendmail version 8.10, this file is local-host-names).
  Note that more recent versions of FreeBSD put all of these files in /etc/mail/.

langille.org

Then I told sendmail to re-read it’s configuration files by issuing the following
commands.

# killall -hup sendmail

With the above changes, my mail server began to accept incoming mail for langille.org.

Outgoing mail – relaying denied

If you try to send mail through your own server and you get the following
message, then you need to modify /etc/mail/relay-domains.

From:           	Mail Delivery System <>
To:             	Self
Subject:        	Mail Delivery Failure.
Date sent:      	Sat, 30 Oct 1999 15:14:10

Delivery has failed on the enclosed message for the following
reasons reported either by the mail delivery system on the mail
relay host or by the local TCP/IP transport module:

   550 <junkmale@xtra.co.nz>... Relaying denied

Your original mail message follows:
--------------------------------------------------------

X-PM-Identity: langille.org
From: "Dan Langille" <dan@langille.org>
Organization: langille.org
To: someone@some.other.domain
Date: Sat, 30 Oct 1999 15:14:09 +1300
MIME-Version: 1.0
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Subject: test langille.org
Reply-to: dan@langille.org
Priority: normal
X-mailer: Pegasus Mail for Win32 (v3.12a)

--
Dan Langille
http://www.langille.org

The solution to this problem will be in your mail logs.  Look at the following
carefully:

Oct 30 15:13:34 ducky sendmail[98968]: PAA98968: ruleset=check_rcpt,
      arg1=<junkmale@xtra.co.nz>, relay=starlajo.nz.freebsd.org [10.0.0.45], reject=550
     ... Relaying denied
Oct 30 15:13:34 ducky sendmail[98968]: PAA98968: from=<dan@langille.org>, SIZE=422,
     class=0, pri=0, nrcpts=0, proto=ESMTP,
     relay=starlajo.nz.freebsd.org [10.0.0.45]

You will see that the relay attempt came from the host starlajo.nz.freebsd.org with
IP=10.0.0.45.  So I added the following entry to /etc/mail/relay-domains:

starlajo.nz.freebsd.org

Then I hup’d sendmail.

Summary

/etc/mail/relay-domains contains a list of hosts which are
allowed to relay mail through your mail server.  This list may consist of either
specific hosts or whole domains.

/etc/mail/sendmail.cw (after sendmail
version 8.10, this file is local-host-names) contains a list of domains for
which your mail server will accept mail.  This list is usually the domains hosted by
your machine.

NOTE: put a CR/LF at the end of the last domain.  Otherwise it won’t work.

Silly but practical examples

Your friend’s domain is retch.org.  You wish to allow your friend to
use your mail server.  The box he will be sending mail from is dry.retch.org.

You
would add the following entries to the files on your mail server:

/etc/mail/relay-domains

dry.retch.org

The above tells your mail server to accept outgoing mail from the host dry.retch.org.

/etc/mail/sendmail.cw

retch.org

The above tells your mail server to accept incoming mail for the domain retch.org
(after sendmail version 8.10, this file is local-host-names).

Troubeshooting

I found, by trial and accident, that /etc/mail/sendmail.cw needs
a CR/LF after the last domain.  Otherwise sendmail doesn’t pick up that
domain.  So make sure you press ENTER after the last entry in that file (after
sendmail version 8.10, this file is local-host-names).

Leave a Comment

Scroll to Top