Ok, so i've run into somewhat of a roadblock and can't seem to find where i'm going wrong...
I have sendmail on a Ubuntu machine running asterisk... I want sendmail to send email to a relay server I have set up that is using Postfix... The email is not getting accepted by the relay server... so I think I may be missing something in the config...
Here's what I have so far ---
In the Postfix Log ---
Jan 19 07:49:07 plesk-server postfix/smtpd[1747495]: connect from unknown[xxx.xxx.xxx.xxx]
Jan 19 07:49:07 plesk-server postfix/smtpd[1747495]: NOQUEUE: reject: RCPT from unknown[xxx.xxx.xxx.xxx]: 554 5.7.1 <unknown[xxx.xxx.xxx.xxx]>: Client host rejected: Access denied; from=<[email protected]>
Jan 19 07:49:07 plesk-server postfix/smtpd[1747495]: disconnect from unknown[xxx.xxx.xxx.xxx] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
Jan 19 07:49:07 plesk-server psa-pc-remote[3822896]: Message aborted.
Jan 19 07:49:07 plesk-server psa-pc-remote[3822896]: Message aborted.
Jan 19 07:49:07 plesk-server postfix/smtpd[1747495]: connect from unknown[xxx.xxx.xxx.xxx]
Jan 19 07:49:07 plesk-server postfix/smtpd[1747495]: NOQUEUE: reject: RCPT from unknown[xxx.xxx.xxx.xxx]: 554 5.7.1 <unknown[xxx.xxx.xxx.xxx]>: Client host rejected: Access denied; from=<[email protected]>
Jan 19 07:49:07 plesk-server postfix/smtpd[1747495]: disconnect from unknown[xxx.xxx.xxx.xxx] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
Jan 19 07:49:07 plesk-server psa-pc-remote[3822896]: Message aborted.
Jan 19 07:49:07 plesk-server psa-pc-remote[3822896]: Message aborted.
Jan 19 07:49:20 plesk-server postfix/smtpd[1747498]: connect from unknown[xxx.xxx.xxx.xxx]
Jan 19 07:49:20 plesk-server postfix/smtpd[1747498]: NOQUEUE: reject: RCPT from unknown[xxx.xxx.xxx.xxx]: 554 5.7.1 <unknown[xxx.xxx.xxx.xxx]>: Client host rejected: Access denied; from=<[email protected]>
Jan 19 07:49:20 plesk-server psa-pc-remote[3822896]: Message aborted.
Jan 19 07:49:20 plesk-server psa-pc-remote[3822896]: Message aborted.
Jan 19 07:49:20 plesk-server postfix/smtpd[1747498]: disconnect from unknown[xxx.xxx.xxx.xxx] ehlo=2 starttls=1 mail=1 rcpt=0/1 data=0/1 rset=1 quit=1 commands=6/8
Postfix - main.cf
# See /usr/share/postfix/main.cf.dist for a commented, more complete version
# Debian specific: Specifying a file name will cause the first
# line of that file to be used as the name. The Debian default
# is /etc/mailname.
# myorigin = /etc/mailname
myhostname = postfix.domain.com
smtpd_banner = $myhostname ESMTP $mail_name (Ubuntu)
biff = no
# appending .domain is the MUA's job.
append_dot_mydomain = no
# Uncomment the next line to generate "delayed mail" warnings
# delay_warning_time = 4h
readme_directory = no
# See http://www.postfix.org/COMPATIBILITY_README.html -- default to 3.6 on
# fresh installs.
compatibility_level = 3.6
# TLS parameters
smtpd_tls_cert_file = /etc/postfix/postfix.pem
smtpd_tls_key_file = $smtpd_tls_cert_file
smtp_tls_CApath=/etc/ssl/certs
smtp_tls_security_level = may
# smtp_tls_security_level = encrypt
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
# smtp_enforce_tls = yes
smtpd_relay_restrictions = permit_mynetworks permit_sasl_authenticated defer_unauth_destination
myhostname = postfix.domain.com
alias_maps = hash:/etc/aliases, hash:/var/spool/postfix/plesk/aliases
alias_database = hash:/etc/aliases
myorigin = /etc/mailname
mydestination = localhost.domain.com, localhost, localhost.localdomain
relayhost = [relay2.domain.com]:587
mynetworks = xxx.xxx.xxx.xxx/32, xxx.xxx.xxx.xxx/24, xxx.xxx.xxx.xxx/32, xxx.xxx.xxx.xxx/32, xxx.xxx.xxx.xxx/32
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
inet_protocols = all
virtual_mailbox_domains = $virtual_mailbox_maps, hash:/var/spool/postfix/plesk/virtual_domains
virtual_alias_maps = $virtual_maps, hash:/var/spool/postfix/plesk/virtual
virtual_mailbox_maps = , hash:/var/spool/postfix/plesk/vmailbox
transport_maps = , hash:/var/spool/postfix/plesk/transport
tls_server_sni_maps = hash:/var/spool/postfix/plesk/certs
smtpd_use_tls = yes
smtp_use_tls = no
disable_vrfy_command = yes
smtpd_sender_restrictions = check_sender_access hash:/var/spool/postfix/plesk/blacklists, permit_sasl_authenticated
smtpd_client_restrictions = permit_mynetworks, permit_sasl_authenticated
authorized_flush_users =
authorized_mailq_users =
smtp_send_xforward_command = yes
smtpd_authorized_xforward_hosts = 127.0.0.0/8 [::1]/128
smtpd_sasl_auth_enable = yes
smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, reject_unauth_destination
virtual_mailbox_base = /var/qmail/mailnames
virtual_uid_maps = static:30
virtual_gid_maps = static:31
smtpd_milters = , inet:127.0.0.1:12768
sender_dependent_default_transport_maps = hash:/var/spool/postfix/plesk/sdd_transport_maps
virtual_transport = plesk_virtual
plesk_virtual_destination_recipient_limit = 1
mailman_destination_recipient_limit = 1
message_size_limit = 10240000
virtual_mailbox_limit = 0
smtputf8_enable = no
smtpd_tls_dh1024_param_file = /opt/psa/etc/dhparams2048.pem
smtpd_tls_mandatory_protocols = TLSv1.2 TLSv1.3
smtpd_tls_protocols = TLSv1.2 TLSv1.3
smtpd_tls_ciphers = medium
smtpd_tls_mandatory_ciphers = medium
tls_medium_cipherlist = EECDH+AESGCM+AES128:EECDH+AESGCM+AES256:EECDH+CHACHA20:EECDH+SHA256+AES128:EECDH+SHA384+AES256:EECDH+SHA1+AES128:EECDH+SHA1+AES256:EECDH+HIGH:AESGCM+AES128:AESGCM+AES256:CHACHA20:SHA256+AES128:SHA256+AES256:SHA1+AES128:SHA1+AES256:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK:!KRB5:!aECDH:!kDH:!EDH
tls_preempt_cipherlist = yes
recipient_canonical_maps = tcp:127.0.0.1:12346
recipient_canonical_classes = envelope_recipient,header_recipient
smtp_sasl_auth_enable = yes
smtp_sasl_password_maps = hash:/etc/postfix/sasl_passwd
smtp_sasl_security_options = noanonymous
smtp_sasl_tls_security_options = noanonymous
In the Sendmail Log ---
Jan 19 07:49:20 Asterisk sendmail[1081803]: 40JCnKct1081803: [email protected], size=91, class=0, nrcpts=1, msgid=<202401191249.40JCnKct1081803@Asteri>
Jan 19 07:49:20 Asterisk sm-mta[1081804]: 40JCnKYc1081804: from=<[email protected]>, size=485, class=0, nrcpts=1, msgid=<202401191249.40JCnKct1081803@Aster>
Jan 19 07:49:20 Asterisk sendmail[1081803]: 40JCnKct1081803: to=<[email protected]>, [email protected] (0/0), delay=00:00:00, xdelay=00>
Jan 19 07:49:20 Asterisk sm-mta[1081806]: STARTTLS=client, relay=relay.domain.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Jan 19 07:49:20 Asterisk sm-mta[1081806]: 40JCnKYc1081804: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:00:00, xdelay=00>
Jan 19 07:49:20 Asterisk sm-mta[1081806]: 40JCnKYc1081804: 40JCnKYc1081806: DSN: Service unavailable
Jan 19 07:49:20 Asterisk sm-mta[1081806]: 40JCnKYc1081806: to=<[email protected]>, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=30000, dsn=2.0.0, sta>
Sendmail.mc
divert(-1)dnl
# -----------------------------------------------------------------------------
# $Sendmail: debproto.mc,v 8.15.2 2020-03-08 00:39:49 cowboy Exp $
#
# Copyright (c) 1998-2010 Richard Nelson. All Rights Reserved.
#
# cf/debian/sendmail.mc. Generated from sendmail.mc.in by configure.
#
# sendmail.mc prototype config file for building Sendmail 8.15.2
#
# Note: the .in file supports 8.7.6 - 9.0.0, but the generated
# file is customized to the version noted above.
#
# This file is used to configure Sendmail for use with Debian systems.
#
# If you modify this file, you will have to regenerate /etc/mail/sendmail.cf
# by running this file through the m4 preprocessor via one of the following:
# * make (or make -C /etc/mail)
# * sendmailconfig
# * m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
# The first two options are preferred as they will also update other files
# that depend upon the contents of this file.
#
# The best documentation for this .mc file is:
# /usr/share/doc/sendmail-doc/cf.README.gz
#
# -----------------------------------------------------------------------------
divert(0)dnl
#
# Copyright (c) 1998-2005 Richard Nelson. All Rights Reserved.
#
# This file is used to configure Sendmail for use with Debian systems.
#
define(`SMART_HOST', `relay.domain.com')dnl
define(`RELAY_MAILER',`esmtp')dnl
define(`RELAY_MAILER_ARGS', `TCP $h 587')dnl
define(`_USE_ETC_MAIL_')dnl
include(`/usr/share/sendmail/cf/m4/cf.m4')dnl
VERSIONID(`$Id: sendmail.mc, v 8.15.2-18 2020-03-08 00:39:49 cowboy Exp $')
OSTYPE(`debian')dnl
DOMAIN(`debian-mta')dnl
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
undefine(`confHOST_STATUS_DIRECTORY')dnl #DAEMON_HOSTSTATS=
dnl # Items controlled by /etc/mail/sendmail.conf - DO NOT TOUCH HERE
dnl #
dnl # General defines
dnl #
dnl # SAFE_FILE_ENV: [undefined] If set, sendmail will do a chroot()
dnl # into this directory before writing files.
dnl # If *all* your user accounts are under /home then use that
dnl # instead - it will prevent any writes outside of /home !
dnl # define(`confSAFE_FILE_ENV', `')dnl
dnl #
dnl # Daemon options - restrict to servicing LOCALHOST ONLY !!!
dnl # Remove `, Addr=' clauses to receive from any interface
dnl # If you want to support IPv6, switch the commented/uncommentd lines
dnl #
FEATURE(`no_default_msa')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet, Name=MTA-v4, Port=smtp, Addr=127.0.0.1')dnl
dnl DAEMON_OPTIONS(`Family=inet6, Name=MSP-v6, Port=submission, M=Ea, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet, Name=MSP-v4, Port=submission, M=Ea, Addr=127.0.0.1')dnl
dnl #
dnl # Be somewhat anal in what we allow
define(`confPRIVACY_FLAGS',dnl
needmailhelo,needexpnhelo,needvrfyhelo,restrictqrun,restrictexpand,nobodyreturn,authwarnings')dnl
dnl #
dnl # Define connection throttling and window length
define(`confCONNECTION_RATE_THROTTLE', `15')dnl
define(`confCONNECTION_RATE_WINDOW_SIZE',`10m')dnl
dnl #
dnl # Features
dnl #
dnl # use /etc/mail/local-host-names
FEATURE(`use_cw_file')dnl
dnl #
dnl # The access db is the basis for most of sendmail's checking
FEATURE(`access_db', , `skip')dnl
dnl #
dnl # The greet_pause feature stops some automail bots - but check the
dnl # provided access db for details on excluding localhosts...
FEATURE(`greet_pause', `1000')dnl 1 seconds
dnl #
dnl # Delay_checks allows sender<->recipient checking
FEATURE(`delay_checks', `friend', `n')dnl
dnl #
dnl # If we get too many bad recipients, slow things down...
define(`confBAD_RCPT_THROTTLE',`3')dnl
dnl #
dnl # Stop connections that overflow our concurrent and time connection rates
FEATURE(`conncontrol', `nodelay', `terminate')dnl
FEATURE(`ratecontrol', `nodelay', `terminate')dnl
dnl #
dnl # If you're on a dialup link, you should enable this - so sendmail
dnl # will not bring up the link (it will queue mail for later)
dnl define(`confCON_EXPENSIVE',`True')dnl
dnl #
dnl # Dialup/LAN connection overrides
dnl #
include(`/etc/mail/m4/dialup.m4')dnl
include(`/etc/mail/m4/provider.m4')dnl
dnl #
dnl # Masquerading options
FEATURE(`always_add_domain')dnl
MASQUERADE_AS(`asterisk.domain.com')dnl
FEATURE(`allmasquerade')dnl
FEATURE(`masquerade_envelope')dnl
dnl #
dnl # Default Mailer setup
MAILER_DEFINITIONS
MAILER(`local')dnl
MAILER(`smtp')dnl
Additional Logs --
Jan 23 09:24:53 Asterisk sendmail[1100425]: 40NEOr961100425: [email protected], size=136, class=0, nrcpts=1, msgid=202401231424.40NEOr961100425@Asterisk.kqicqtms5eeezejjspbgv3d4tf.bx.inter Jan 23 09:24:53 Asterisk sm-mta[1100426]: 40NEOrVV1100426: [email protected], size=451, class=0, nrcpts=1, msgid=202401231424.40NEOr961100425@Asterisk.kqicqtms5eeezejjspbgv3d4tf.bx.inter Jan 23 09:24:53 Asterisk sendmail[1100425]: 40NEOr961100425: [email protected], [email protected] (0/0), delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=30136, relay=[12> Jan 23 09:24:53 Asterisk sm-mta[1100428]: STARTTLS=client, relay=relay.domain.com., version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256 Jan 23 09:24:53 Asterisk sm-mta[1100428]: 40NEOrVV1100426: [email protected], delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=120451, relay=relay.domain.com. [xxx.xxx.xxx.xxx], > Jan 23 09:24:53 Asterisk sm-mta[1100428]: 40NEOrVV1100426: 40NEOrVV1100428: DSN: Service unavailable Jan 23 09:24:54 Asterisk sm-mta[1100428]: 40NEOrVV1100428: [email protected], delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30000, relay=relay.domain.com. [xxx.xxx.xxx.xxx], d> Jan 23 09:24:54 Asterisk sm-mta[1100428]: 40NEOrVV1100428: to=MAILER-DAEMON, delay=00:00:01, mailer=local, pri=30000, dsn=5.1.1, stat=User unknown Jan 23 09:24:54 Asterisk sm-mta[1100428]: 40NEOrVV1100428: to=postmaster, delay=00:00:01, mailer=local, pri=30000, dsn=5.1.1, stat=User unknown Jan 23 09:24:54 Asterisk sm-mta[1100428]: 40NEOrVV1100428: 40NEOrVW1100428: return to sender: User unknown Jan 23 09:24:54 Asterisk sm-mta[1100428]: 40NEOrVW1100428: to=MAILER-DAEMON, delay=00:00:00, mailer=local, pri=0, dsn=5.1.1, stat=User unknown Jan 23 09:24:54 Asterisk sm-mta[1100428]: 40NEOrVV1100428: Saved message in /var/lib/sendmail/dead.letter
This:
is postfix complaining that somebody is trying to give it an email without a valid RCPT FROM header.
When you open a SMTP session to postfix, it expects you to give it
HELO (initiating session) MAIL FROM (sender) RCTP TO (recipient) DATA (body of the mail)
by the way there is from and MAIL FROM. from is in the body, and you can set it to whatever you want (most mailservers dont complain if it does not match MAIL FROM). MAIL FROM is whats used to actually route emails. Ironically most mail clients show you only the
fromfrom the body. It will also be used if you click on "reply".Not sure why its printing this - did you redact this before posting?
Long story short, your mail client is not setting the recipient correctly. Seems to be an issue on sendmails side, postfix looks ok here.
Can you post the cli command you use to send mails? Something like this:
echo body_content | mail -s testsubject -a "From: [email protected]" [email protected]This will set the MAIL FROM to [email protected]
By the way this
# smtp_enforce_tls = yesyou can forget, 90% of mail servers out there have a TLS certificate installed but its not for the respective domain or its expired. you can turn it on, but then your mailserver wont talk to anybody, which would be the desired behavior. Sadly email in general is a bit broken. If you only relay mails with that postifx, and your relay server has working TLS, good for you ;) then enable it.If you get sick of postfix (I don't like it, its to bloated) you can give OpenSMTPD a shot. Its much simpler to setup and understand and I have a mostly working config for a relay host with lots of comments for understand for you here: https://www.blunix.com/manual/baseline/functions/mailrelay/#etcsmtpdconf-in-detail