Configure Sendmail Server to accept external incoming emails

linux networking ubuntu email sendmail
14,435

Have you configured sendmail to accept email for the relevant domain name you are using for email on the server? E.g., if your domain name is example.com and a valid email address on the system should be [email protected], if you run the command sendmail -bv [email protected] from the root account on the system, does it indicate that the email is deliverable and reference "mailer local" and a local account? E.g., do you see something similar to the following?

# sendmail -bv [email protected]
[email protected]... deliverable: mailer local, user xpt

If you have sendmail configured to accept email for the relevant domain name, it will reference "mailer local" and a local account.

Update: The output you provided from the sendmail -bv command indicates to me that you don't have sendmail configured to accept email addressed to xpt.mydomain.org. To have sendmail accept email for a domain name, you need to add that domain name, xpt.mydomain.org, to /etc/mail/local-host-names then you need to issue the command makemap hash /etc/mail/local-host-names < /etc/mail/local-host-names. Don't worry about any "no RHS for LHS" messages you may see when you issue the command. Try that and then rerun the same sendmail -bv [email protected] command. When you rerun the sendmail -bv [email protected] command, you should then see a reference to "mailer local" rather than "mailer relay" and "user" should then be followed by a local account, rather than "[email protected]". See Getting sendmail to accept email for a domain for an example of output from the makemap and sendmail -bv commands.

Update 2: You referenced the Sendmail is only accepting connections from localhost (127.0.0.1 IP) article, but perhaps you didn't make the change needed for the line below in /etc/mail/sendmail.mc:

DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

You need to comment out that line by putting "dnl" at the beginning of it. It should look like the following line:

dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

I don't add the line the article suggests be put in place of the original line, I just comment it out and then rebuild the sendmail.cf file from the sendmail.mc file with the following command in order to have sendmail accept email sent by email clients outside of the server on which sendmail is running.

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf

Once you've rebuilt the file with the m4 command, you need to restart sendmail. The article suggests doing so with /etc/init.d/sendmail restart If that command doesn't restart sendmail on your system, e.g., if it produces a No such file or directory message, try service sendmail restart or systemctl restart sendmail, instead. Once you've restarted sendmail, it should then accept email for valid email addresses on the system, i.e, for domains you've listed in the local-host-names file.

Do you have an external email account that you can use to send email to an address on your system, e.g., a Hotmail, Gmail, or other email account? If so, what do you see in a bounced email message now, if you send to a valid email address on your system? What is the error referenced in a bounced email?

Even, if you have sendmail configured properly, there are other matters that you may need to address to be able to receive email from the Internet. You stated that your firewall rules are configured properly. You may need appropriate firewall rules both on the system running sendmail and any external router/firewall on the Local Area Network (LAN) on which your sendmail server resides. For external email servers to communicate with your email server, if the router/firewall on your LAN is using Network Address Translation (NAT), you need to configure that device for port forwarding connections to port 25, the Simple Mail Transfer Protocol (SMTP) port used to deliver email from one email server to another, from the firewall/router to your sendmail server.

If you have the required firewall rules and any required port forwarding set appropriately, then an external system should be able to successfully connect to port 25 on your sendmail server. You can test whether that is possible, which will help narrow down the source of the problem, by using one of the many port checking services provided for free by a number of websites. E.g., you could use the Port Forwarding Tester. If you aren't running the test from your server, you may need to provide the IP address that external systems will see when attempting to communicate with your server, which will differ from the IP address you have assigned to it, if there is a firewall or router on the network on which your server resides employing NAT that separates your server from the Internet. To find the address that external systems will see, you can use any of a number of free services that will show you the externally visible IP address for a device if you visit a website of the entity providing that service. E.g., you could use a web browser to visit whatismyip.com from your sendmail server. Then at the Port Forwarding Tester site you would use that IP address for the "Remote Address" and 25 for the port number. When you click on "Check", you should then see "Port 25 is open on" followed by the IP addres your provided, if you have the requisite firewall rules and any needed port forwarding configured correctly.

You can also use telnet on a system outside of your network to attempt to connect to port 25 on your sendmail server. You should see a response from sendmail on your server, if you have the required firewall rules and any needed port forwarding in place. If you can establish a connection to port 25 on your sendmail server, you can then issue SMTP commands that will allow you to attempt to send a test message to an account on your server. E.g., see Testing email delivery with SMTP commands.

If you are able to successfully deliver email by that method, then perhaps you don't have an appropriate mail exchanger (MX) record for your email server. Let's suppose the fully qualified domain name for your sendmail server is example.com. If someone using a Hotmail, Gmail, or any email server other than your email server sends email to you, let's say using [email protected], the other email server will check to see what email server or servers are designated to handle email for example.com. It doesn't necessarily have to be example.com. For instance, you could use an email service provided by an external email provider, let's say bigemailprovider.com.

You can use the MX Lookup service to check the MX records for your domain. Just put in your domain name and click on "MX Lookup". E.g., this link will show you the results for gmail.com. If you attempt to send an email message from your sendmail server to a gmail.com address, your server will perform a similar check and will see similar results. Google has many email servers that can accept email from other servers for Gmail users. You will see a list of such servers with varying preferences and IP addresses. Your server and others will first try the server with the lowest preference. E.g., a Gmail server with a preference of 5 will be tried before one with a preference of 10. If your server couldn't communicate with the Gmail server with the preference of 5 it would then try one with a preference of 10, perhaps trying many Gmail servers before giving up.

If you don't see any MX records for your domain, that is ok. If you were using example.com and no MX record exists for example.com, another email server would then assume that the IP address for example.com is where it should attempt to deliver the email. If you see MX records pointing to other IP addresses than the one for your sendmail server, then you may need to modify the MX record(s) for your domain through the Domain Name System (DNS) settings web page provided by your domain name registrar, e.g., the company through which you registered the domain name for your server. Some registrars will, by default, create MX records pointing to their email servers when you register a domain. You can perform the same check yourself manually from a command line prompt on a Unix, Linux, OS X, or Microsoft Windows system using the nslookup command to check MX records. E.g., nslookup -querytype=mx gmail.com

Share:
14,435

Related videos on Youtube

xpt
Author by

xpt

Updated on September 18, 2022

Comments

  • xpt
    xpt almost 2 years

    For security reason sendmail is by default configured to accept connection from local system (127.0.0.1), to avoid open mail relay problem. But,

    How do I force sendmail to accept mail from the internet?

    The article at http://www.cyberciti.biz/tips/sendmail-is-only-accepting-connections-from.html says, to remove the Addr=127.0.0.1 part from 

    DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

    to

    DAEMON_OPTIONS(`Port=smtp,Name=MTA')dnl

    will "force to accept connection from any host". I've done that:

    $ grep smtp /etc/mail/sendmail.mc
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
MAILER(`smtp')dnl

    However, looks like I still unable to accept incoming emails from the Internet. So commented it out as suggested by moonpoint:

    $ grep smtp /etc/mail/sendmail.mc
dnl DAEMON_OPTIONS(`Family=inet6, Name=MTA-v6, Port=smtp, Addr=::1')dnl
dnl DAEMON_OPTIONS(`Family=inet,  Name=MTA-v4, Port=smtp')dnl
MAILER(`smtp')dnl

% make
Updating databases ...
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/databases...
Creating /etc/mail/relay-domains
# Optional file...
Updating Makefile ...
Reading configuration from /etc/mail/sendmail.conf.
Validating configuration.
Creating /etc/mail/Makefile...
Updating sendmail.cf ...
The following file(s) have changed:
  /etc/mail/sendmail.cf /etc/mail/local-host-names
** ** You should issue `/etc/init.d/sendmail reload` ** **

% /etc/init.d/sendmail reload
 * Reloading Mail Transport Agent (MTA) sendmail                    [ OK ]

    However, I think it is not working as expected, because previously at least I get "Relaying denied" error, but now, when I tried to send email to my system via google, nothing happened for about 10 minutes now. Trying to troubleshoot the problem myself, I refer to http://support.moonpoint.com/blog/blosxom/2015/04/04#smtp-telnet-commands and tried to connect my server using telnet. But immedately, I get "Connection refused" error:

    $ telnet xpt.mydomain.org 25
Trying 104.243.xx.xx...
telnet: Unable to connect to remote host: Connection refused

    Removing that dnl so as to revert back to what I got before, I am now able to at lest connect:

    $ telnet xpt.mydomain.org 25
Connected to xpt.mydomain.org.
Escape character is '^]'.
220 mail.xpt.mydomain.net ESMTP Sendmail 8.14.4/8.14.4/Debian-2.1ubuntu4; Sun, 14 Jun 2015 22:16:13 -0400; (No UCE/UBE) logging access from: my.remote.domain

    if I want to accept incoming emails from the Internet, what shall I do?

    Update: I have already configured sendmail to be the mail server for my LAN, and thought I have configured sendmail to accept email for the relevant domain name I am using for email on the server, but this is what I got:

    % sendmail -bv [email protected]
[email protected]... deliverable: mailer relay, host mail.myisp.com, user [email protected]

    Now I know it is not (actually it was configured with another dynamic dns name that I have), so I change it to xpt.mydomain.org. And now it looks OK:

    % sendmail -bv [email protected]
[email protected]... deliverable: mailer local, user me

    However, using an external email account to send email to my system, I got:

    Delivery to the following recipient failed permanently:

     [email protected]

Technical details of permanent failure:
Google tried to deliver your message, but it was rejected by the server for the recipient domain xpt.mydomain.org by xpt.mydomain.org. [104.243.xx.xx].

The error that the other server returned was:
550 5.7.1 <[email protected]>... Relaying denied

----- Original message -----

DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20120113;
        h=mime-version:date:message-id:subject:from:to:content-type;
        bh=0rLnzRsn....

    OK, I'm glad that spammers can't use my Sendmail Server for email Relaying, but I don't get emails either.

    So how can I avoid the open mail relay problem, while allowing connections from all LAN hosts to send mails and receive emails from anyone as well?

    Update2: Trying to further troubleshoot the problem myself, I pushed it further, to test the full SMTP protocol using telnet. What's strange is that I didn't get "Relaying denied" error when using telnet:

    ...
mail from: [email protected]
250 2.1.0 [email protected]... Sender ok
rcpt to: [email protected]
550 5.7.1 [email protected]... Relaying denied
rcpt to: [email protected]
250 2.1.5 [email protected]... Recipient ok
Data
354 Enter mail, end with "." on a line by itself
This is a test message.
.
250 2.0.0 t5F2ItI0008331 Message accepted for delivery
quit
221 2.0.0 mail.xpt.mydomain.net closing connection
Connection closed by foreign host.

    So now everything is working fine now. Thanks a lot moonpoint!!!

    Thanks

    $ lsb_release -a 
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 13.10
Release:        13.10
Codename:       saucy

$ apt-cache policy sendmail-bin
sendmail-bin:
  Installed: 8.14.4-2.1ubuntu4
  Candidate: 8.14.4-2.1ubuntu4
  Version table:
 *** 8.14.4-2.1ubuntu4 0
        500 http://us.archive.ubuntu.com/ubuntu/ saucy/universe amd64 Packages
        100 /var/lib/dpkg/status

    PS. A bit more on why I want to do that -- all I want to do is to enable my sendmail server to accept mail from the internet, for my personal use. I had tried to follow these 5 easy steps several times,

    How to set up a simple mail server on Debian in 5 easy steps
    http://cnedelcu.blogspot.ca/2014/01/how-to-set-up-simple-mail-server-debian-linux.html

    But in the end, they never worked, and I don't even know what went wrong. So I think the easiest way is to enable my sendmail server instead.

  • moonpoint
    moonpoint about 9 years
    @xpt, sorry I didn't notice your update and additional comment this morning. Based on the output your provided from the "sendmail -bv" command, it appears that sendmail isn't configured to handle email for the domain. I've added an additional paragraph starting with "Update:" to the section on using that command. I experienced a similar problem myself yesterday when configuring sendmail to handle email for a new domain for which my wife wanted our sendmail server to proces email. I added it to /etc/local-host-names, but forgot to add the ".com" to the end of the domain name, so it didn't work
  • xpt
    xpt about 9 years
    Thanks a lot moonpoint! I found that it was actually configured with another dynamic dns name that I have, so I fixed it and updated the OP. However, using an external email account to send email to my system, I stil got the same Relaying denied error, tried just now, after sendmail -bv showed correct result.
  • moonpoint
    moonpoint about 9 years
    @xpt, I've added information on a line that needs to be commented out in /etc/mail/sendmail.mc in case you haven't commented it out and rebuilt the sendmail.cf file with the m4 command. You won't be able to receive email from outside sources until you've done that. I started the update with "Update 2".
  • xpt
    xpt about 9 years
    Everything is working fine now. Thanks a lot moonpoint!!! but please note in my update that commenting out smtp entry didn't work for me.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Is it possible to read an email using its ID on Postfix?
How to send mail from localhost in ubuntu 14.04
How to connect to device via SSH over direct ethernet connection
How to access apache web server on Ubuntu from windows
Configure sendmail as a client to SSL Port 465 (SMTPS)
"Connection closed by (ip adress) port 22" when trying to connect to raspberry pi with ssh
How do I map a network drive in Ubuntu? I want to save my Firefox downloads directly in the mapped network drive (folder)
Linux Ubuntu MATE 14.04.1 Connection Issues
How can I sniff traffic sent by POST method (on another computer)?
port 8082 on ubuntu 9.10