Building a secure web server with CentOS 5, Troubleshooting

Part 1Part 2Part 3Troubleshooting

Problems with Sendmail

When setting up my first Linux web server it was actually sendmail that caused me the most trouble. If you get the following errors:

<< 550-Verification failed for
<<< 550-Unrouteable address
<<< 550- does not appear to be valid. Sender verify
<<< 550 failed.
550 5.1.1 ... User unknown
<<< 503 valid RCPT command must precede DATA


1) This is likely to be a problem with the hostname of the server. Check to make sure the hostname of the server (e.g. linuxweb.mydomain.com) can actually be resolved over the internet. The hostname must be the same in /etc/hosts, /etc/sysconfig/network, and /etc/mail/relay-domains.

2) The /etc/mail/local-host-names and /etc/mail/relay-domains file should contain the hostname of the server, and also localhost. If the relay-domains file does not exist, then you can create it.

3) Check /etc/hosts.allow and make sure it has sendmail:ALL

4) This is unlikely but it may be a problem with the sendmail configuration (/etc/mail/sendmail.cf). Do not edit /etc/mail/sendmail.cf directly, instead edit /etc/mail/sendmail.mc which is a meta-config file. When done, you can use m4 sendmail.mc > sendmail.cf to write the meta-config to the sendmail.cf file.

The sendmail.mc file has various entries beginning with dnl (do not load). For sendmail to work properly on a virtual hosting server then make sure you add dnl to the following:

dnl FEATURE(delay_checks)dnl
dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
dnl FEATURE(always_add_domain)dnl
dnl FEATURE(`blacklist_recipients')dnl
dnl FEATURE(`relay_based_on_MX')dnl
dnl FEATURE(masquerade_envelope)dnl
dnl FEATURE(masquerade_entire_domain)dnl

Then, the following entries should be enabled (without dnl at the beginning)

FEATURE(`accept_unresolvable_domains')dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl

5) As a final resort, re-install sendmail then go back to step 1.

# yum remove sendmail sendmail-cf
# yum install sendmail sendmail-cf

Comments

  1. kash says

    good material. please do keep updating so the open source community can be benefited.thanks

  2. says

    I was curious if you ever considered changing the page layout of your website?
    Its very well written; I love what youve got to say. But maybe you could a little more in the way
    of content so people could connect with it better. Youve got an awful lot of text for only having one or two pictures.
    Maybe you could space it out better?

Trackbacks

Leave a Reply