Sendmail seems to be working fine, except that I can not send mail to a domain that is not on my box.

I get the following error message:

"Error while performing operation:
RCPT TO <emailaddr@domain.com> failed: <emailaddr@domain.com> ... Replaying Denied"

I'm accepting emails from off the box just fine, and i can send emails to myself on the box.

I'm using webmin to configure sendmail.

I have my domain listed in "local domains"
I have my domain listed in "outgoing domains"
I also have myself listed as a trusted user.

One thing that i did notice, is that it never prompted me for a password. So i think authentication might be turned off. I'm guessing this is what the problem might be, but I don't see where to handle that in webmin.

Edit:--
I just checked /var/log/maillog ... sendmail is rejecting my local IP address because of the relay. and is denying it with a 550 error.
--

Ideas?

Altp.

Never mind - The problem has been solved.

In the M4 config in sendmail, from the webmin interface:

The 2 key lines seem to be these 2:

TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl

They had "dnl" at the beginning of each of those. removing those lines enabled SMTP_AUTH.

Altp.

How bout me digging up an old post.

I searched the forums for this Relay denied error Im getting and this post poped up. I tried to uncomment the two lines listed in the sendmail.rc file and I restarted sendmail but that did not appear to correct the issue. I get the following error from outlook.

"Outlook is unable to connect to your outgoing SMTP e-mail server."

What else should I be looking for?

If it's entirely unable to connect, check the server's firewall for port 25.

Oh, and check your ISP for port 25...some ISPs, such as Cox, block port 25 as a security measure.

If it is your ISP, you can just run the SMTP on port 1025 or 125 or similar.

I know port 25 is not blocked at my ISP level cause I can send mail thru other servers not accocated with my ISP.

Ill have to figure out the port 25 thing on the servers firewall.

I dont think its an iptables problem because of a few things. First I dont know how to configure iptables so unless it defaults to have SMTP port closed then I know I didnt close it. If it does default to have it closed then I dont know how to open it either :(.

I tried to install the iptables applet in webmin and it tells me iptables is disabled so I dont think its running. But then again I dont know.

I get the following error now.

"reject=550 5.7.1 <user@domain1.com>... Relaying denied. Proper authentication required."

This is when I try to send an e-mail from an e-mail address on the server to another e-mail address off the server. For ease of explanation lets say the e-mail addy im tryint to send from is user1@domain.com and the e-mail im trying to send to is user2@domain1.com. Domain1 is not on the same server that domain.com is.

I can send e-mail from domain1.com to domain.com but I cant send mail from domain1.com to domain.com via my pc.

I dont know what kind of authenication it wants.

I use Eudora from work (thats where im trying all this) and i have the box marked Authenication Allowed checked and I have tried it unchecked aswell with the same result. I know its not some network restriction at work bacause I send e-mail thru other e-mail systems all the time with no problems.

Using SMTP Authentication

SMTP authentication operates automatically in Eudora.

Eudora can log in to an SMTP server when sending mail, just like it does for receiving mail. Not all SMTP servers require or allow such authentication. Eudora will attempt authentication to servers that allow it. The preferred SMTP authentication method is CRAM-MD5. If CRAM-MD5 is not available, LOGIN or PLAIN will automatically be used. Once Eudora discovers that your SMTP server allows authentication and when you send messages, a dialog appears that prompts you to enter a password.

Ever had that dialog appear?

[Edit]
Downloaded the Eudora trial, and tested it. Here's how sending a mail looks in my logs:
Dec 17 15:55:44 server1 sendmail[5734]: AUTH=server, relay=odnxx5.customer.tele.dk [194.192.135.214], authid=censored, mech=LOGIN, bits=0
Dec 17 15:55:45 server1 sendmail[5734]: hBHLtiSh005734: from=<eudora@projectjj.com>, size=360, class=0, nrcpts=1, msgid=<6.0.1.1.0.20031217225222.01bef2a0@pjj.cc>, proto=ESMTP, daemon=MTA, relay=odnxx5.customer.tele.dk [194.192.135.214]
Dec 17 15:55:46 server1 sendmail[5739]: hBHLtiSh005734: to=<pjj_jezral@yahoo.com>, ctladdr=<eudora@projectjj.com> (504/501), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=30332, relay=mx2.mail.yahoo.com. [64.156.215.5], dsn=2.0.0, stat=Sent (ok dirdel)
Important bit is the mech=LOGIN...is that enabled in your Sendmail? (the 2 lines that altp posted enables Auth)

And, it only asked for my POP3 password. It assumed it'd be the same password for sending, which in this case was correct.
Kinda odd, though. Documentation states that it'll use CRAM-MD5 if available, and CRAM-MD5 is enabled on my server. But Eudora is using LOGIN instead.

YEs those two lines have been uncommented out. IE i removed the leading dnl.

restarted sendmail and all that jazz

I can pop mail just fine from the eudora profile but cant send thru that profile.

Now that im home I tried to send thru outlook and i get the same error.

Is the CRAM-MD5 authenication equivlent to the account password? If not where do i establish what that password would be?

The account password is the user password, which is usually the same for POP, SMTP, SSH, ... etc.

Thats what i figured. I dont understand. I cant rightly go thru and allow realying from every potental domain that someone might sent mail thru the server on.

Try another client. Even Outlook Express can do authentication (I actually use OE as my primary client...).

If that doesn't work, you do have the option of allowing relaying to a few source IPs. So if you have a static IP at home or work, you can allow those IPs to send mail regardless of authentication.

This isent outlook express. I dont know if I said it was or not. Its acutally outlook 2002 SP1.

I know i could setup the static IP relay thing but my goal here was to give 15-20 trusted individuals e-mail accounts on the box. Since they are scattered all throut the country and some international I really cant go and constatntly enter IP's when they get issued a new one.

Maybe this will help. Here is the entry in the maillog.

Dec 17 21:40:12 server1 sendmail[28099]: hBI2eCKo028099: ruleset=check_rcpt, arg1=<user@domain.net>, relay=blah blah blah [XXX.XXX.XXX.XXX], reject=550 5.7.1 <user@domain.net>... Relaying denied. Proper authentication required.

As was said above, you need to have SMTP Auth enabled in sendmail (which it appears that you do), but you also have to tell your mail client that you need to use it. Eudora is good about detecting the need to use SMTP Auth automagically, I haven't had such luck with Outlook or Outlook Express, I have always had to set that manually.

If you go into the options that define your email account settings, there should be a setting in there that allows you to turn on SMTP Auth, and usually either specify a username and password, or tell it to use the same as your POP settings.

Hope that helps ... :beer:

Originally posted by Laz
As was said above, you need to have SMTP Auth enabled in sendmail (which it appears that you do), but you also have to tell your mail client that you need to use it. Eudora is good about detecting the need to use SMTP Auth automagically, I haven't had such luck with Outlook or Outlook Express, I have always had to set that manually.

If you go into the options that define your email account settings, there should be a setting in there that allows you to turn on SMTP Auth, and usually either specify a username and password, or tell it to use the same as your POP settings.

Hope that helps ... :beer:

I have told outlook to authenicate. You do so by clicking the More options button or something like that wen your setting up the account. Two different e-mail clients on two different computers dont work with the exact same error tells me its not the clients setup.