allowing sendmail to relay mailThis article deals with allowing sendmail to accept mail for specific domains, often referred to as relaying. If you have installed sendmail 8.9.3 or later, it will automatically disable relaying. In simple terms, mail relay is a mechanism by which mail is transferred from host to host until it reaches its ultimate destination.
I use langille.org as the example domain. I’ve recently registered this domain and I’m about to tell sendmail about it.
Note: More recent versions of FreeBSD put all sendmail configuration files in /etc/mail not /etc.
Note: sendmail.cw has been renamed to local-host-names after sendmail version 8.10.
Why disable relaysendmail 8.9.3 comes with relay disabled to prevent abuse of your mail server. If relay were permitted, anyone could use your mail server to send out mail. Spammers love mail servers which don’t restrict relay. If they find one, they send all the mail they can through it. Spammers do this because it uses someone else’s resources and partially masks their identity.
By the way, spammers are people who send out junk mail.
The basic reason you should disable relay is to first prevent the theft and abuse of your mail server resources.
Why enable relayYou want to enable relay only for those domains from which you wish to send mail and for those domain for which you wish to receive mail. This doesn’t mean that you have to specify each domain which can send you mail. No, this is much simpler than that.
I just added a new domain to my collection, langille.org. At present, my mail server does not accept incoming mail for that domain. However, my mail is registered as the mail host for that domain. Here’s how to verify that:
# host langille.org langille.org mail is handled (pri=5) by freebsddiary.yi.org
freebsddiary.yi.org is my box. The first thing I did was create the domain in my DNS zone files.
Incoming mail – relaying deniedIf someone tries to send mail to langille.org, it will arrive at my server, but it will be refused. Here is the bounced email message. The exact message will vary from ISP to ISP:
To: firstname.lastname@example.org From: Mail Administrator <Postmaster@xtra.co.nz> Send reply to: Mail Administrator <Postmaster@xtra.co.nz> Subject: Mail System Error - Returned Mail Date sent: Sat, 30 Oct 1999 11:10:42 +1300 This is a system generated message. Please DO NOT REPLY. This Message was undeliverable due to the following reason: Each of the following recipients was rejected by a remote mail server. The reasons given by the server are included to help you determine why each recipient was rejected. Recipient: <email@example.com> Reason: <firstname.lastname@example.org>... Relaying denied If you need any help to interpret the error, please forward this message to: - XTRA Help Desk email@example.com if you are an XTRA Residential Customer. - XTRA Business Help Desk firstname.lastname@example.org if you are an XTRA Business Customer. For all others, please contact your local site administrator or Help Desk. Regards. Telecom XTRA Messaging Team
Here are the corresponding messages in my mail log:
Oct 30 11:04:44 ducky sendmail: LAA98224: ruleset=check_rcpt, arg1=<email@example.com>, relay=mta1-rme.xtra.co.nz [220.127.116.11], reject=550 <firstname.lastname@example.org>... Relaying denied Oct 30 11:04:44 ducky sendmail: LAA98224: from=<email@example.com>, SIZE=938, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=mta1-rme.xtra.co.nz [18.104.22.168][A
It is important to note that the above example represents mail being sent to langille.org from an external domain. It is incoming mail.
To allow sendmail to receive mail for langille.org, I added the following entry to /etc/mail/sendmail.cw (after sendmail version 8.10, this file is local-host-names). Note that more recent versions of FreeBSD put all of these files in /etc/mail/.
Then I told sendmail to re-read it’s configuration files by issuing the following commands.
# killall -hup sendmail
With the above changes, my mail server began to accept incoming mail for langille.org.
Outgoing mail – relaying deniedIf you try to send mail through your own server and you get the following message, then you need to modify /etc/mail/relay-domains.
From: Mail Delivery System <> To: Self Subject: Mail Delivery Failure. Date sent: Sat, 30 Oct 1999 15:14:10 Delivery has failed on the enclosed message for the following reasons reported either by the mail delivery system on the mail relay host or by the local TCP/IP transport module: 550 <firstname.lastname@example.org>... Relaying denied Your original mail message follows: -------------------------------------------------------- X-PM-Identity: langille.org From: "Dan Langille" <email@example.com> Organization: langille.org To: firstname.lastname@example.org Date: Sat, 30 Oct 1999 15:14:09 +1300 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: test langille.org Reply-to: email@example.com Priority: normal X-mailer: Pegasus Mail for Win32 (v3.12a) -- Dan Langille http://www.langille.org
The solution to this problem will be in your mail logs. Look at the following carefully:
Oct 30 15:13:34 ducky sendmail: PAA98968: ruleset=check_rcpt, arg1=<firstname.lastname@example.org>, relay=starlajo.nz.freebsd.org [10.0.0.45], reject=550 ... Relaying denied Oct 30 15:13:34 ducky sendmail: PAA98968: from=<email@example.com>, SIZE=422, class=0, pri=0, nrcpts=0, proto=ESMTP, relay=starlajo.nz.freebsd.org [10.0.0.45]
You will see that the relay attempt came from the host starlajo.nz.freebsd.org with IP=10.0.0.45. So I added the following entry to /etc/mail/relay-domains:
Then I hup’d sendmail.
Summary/etc/mail/relay-domains contains a list of hosts which are allowed to relay mail through your mail server. This list may consist of either specific hosts or whole domains.
/etc/mail/sendmail.cw (after sendmail version 8.10, this file is local-host-names) contains a list of domains for which your mail server will accept mail. This list is usually the domains hosted by your machine.
NOTE: put a CR/LF at the end of the last domain. Otherwise it won’t work.
Silly but practical examplesYour friend’s domain is retch.org. You wish to allow your friend to use your mail server. The box he will be sending mail from is dry.retch.org.
You would add the following entries to the files on your mail server:
The above tells your mail server to accept outgoing mail from the host dry.retch.org.
The above tells your mail server to accept incoming mail for the domain retch.org (after sendmail version 8.10, this file is local-host-names).