Building a secure web server with CentOS 5, Troubleshooting
Posted on 05 Jan 2010 by Ray Heffer
When setting up my first Linux web server it was actually sendmail that caused me the most trouble. If you get the following errors:
<< 550-Verification failed for <<< 550-Unrouteable address <<< 550- does not appear to be valid. Sender verify <<< 550 failed. 550 5.1.1 ... User unknown <<< 503 valid RCPT command must precede DATA
- This is likely to be a problem with the hostname of the server. Check to make sure the hostname of the server (e.g. linuxweb.mydomain.com) can actually be resolved over the internet. The hostname must be the same in /etc/hosts, /etc/sysconfig/network, and /etc/mail/relay-domains.
- The /etc/mail/local-host-names and /etc/mail/relay-domains file should contain the hostname of the server, and also localhost. If the relay-domains file does not exist, then you can create it.
- Check /etc/hosts.allow and make sure it has sendmail:ALL
- This is unlikely but it may be a problem with the sendmail configuration (/etc/mail/sendmail.cf). Do not edit /etc/mail/sendmail.cf directly, instead edit /etc/mail/sendmail.mc which is a meta-config file. When done, you can use m4 sendmail.mc > sendmail.cf to write the meta-config to the sendmail.cf file.
The sendmail.mc file has various entries beginning with dnl (do not load). For sendmail to work properly on a virtual hosting server then make sure you add dnl to the following:
dnl FEATURE(delay_checks)dnl dnl FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl dnl FEATURE(always_add_domain)dnl dnl FEATURE(`blacklist_recipients')dnl dnl FEATURE(`relay_based_on_MX')dnl dnl FEATURE(masquerade_envelope)dnl dnl FEATURE(masquerade_entire_domain)dnl
Then, the following entries should be enabled (without dnl at the beginning)
FEATURE(`accept_unresolvable_domains')dnl FEATURE(`no_default_msa',`dnl')dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl FEATURE(redirect)dnl FEATURE(use_cw_file)dnl FEATURE(use_ct_file)dnl FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl FEATURE(`access_db',`hash -T -o /etc/mail/access.db')dnl
5) As a final resort, re-install sendmail then go back to step 1.
# yum remove sendmail sendmail-cf
# yum install sendmail sendmail-cf