4

i need help for sendmail configuration in our linux machine.

Here the things: I want to send email to outside by using our exchange server as the mail relay.But when sending the email through the server,it will response "user unknown".To make it worse, it will bounce back all the sent message to my localhost.

I already tested our configuration by using external mail server such as gmail and yahoo,the configuration is working without any issue and the email can be sent to the recipient.Most of the configuration of my sendmail is based on here.

authinfo file :

AuthInfo:my_exchange_server "U:my_name" "I:my_email" "P:my_passwd" "M:PLAIN LOGIN"
AuthInfo:my_exchange_server:587 "U:my_name" "I:my_email" "P:my_passwd" "M:PLAIN LOGIN"

sendmail.mc :

FEATURE(authinfo,hash /etc/mail/authinfo.db)
define(`SMART_HOST', `my_exchange server')dnl
define('RELAY_MAILER_ARGS', 'TCP $h 587')
define('ESMTP_MAILER_ARGS', 'TCP $h 587')
define('confCACERT_PATH', '/usr/share/ssl/certs')
define('confCACET','/usr/share/ssl/certs/ca-bundle.crt')
define('confSERVER_CERT','/usr/share/ssl/certs/sendmail.pem')
define('confSERVER_KEY','/usr/share/ssl/certs/sendmail.pem')
define('confAUTH_MECHANISMS', 'EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
TRUST_AUTH_MECH('EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')
define('confAUTH_OPTIONS, 'A')dnl

My first assumptions the problem occur is due to the authentication problem, as exchange server need encrypted authentication (DIGEST-MD5).I have already changed this in the authinfo file (from plain login to digest-md5 login) but still not working.

I also can telnet our exchange server.So the port is not being blocked by firewall.

Can someone help me out with this problems?I'm really at wits ends. Thanks.

user119720
  • 390
  • 4
  • 6
  • 20

2 Answers2

1

Create anonymous relay connector on Exchange Server

Create connector using powershell

New-ReceiveConnector -Name "Anonymous Relay" -Usage Custom -PermissionGroups AnonymousUsers -Bindings 0.0.0.0:26 -RemoteIpRanges 192.168.1.1

-RemoteIpRanges Parameter is allowed to relay server ip address

Add permissions

Get-ReceiveConnector "Anonymous Relay" | Add-ADPermission -User "NT AUTHORITY\ANONYMOUS LOGON" -ExtendedRights "Ms-Exch-SMTP-Accept-Any-Recipient"

No auth nesessary after this powershell command

Add allowed relay server ip to list

$RecvConn = Get-ReceiveConnector "Anonymous Relay"
$RecvConn.RemoteIPRanges += "192.168.1.2", "178.151.1.2", "8.8.8.2"
Set-ReceiveConnector "Anonymous Relay" -RemoteIPRanges $RecvConn.RemoteIPRanges

Links

All info avalible on MS TechNet Allow Anonymous Relay on a Receive Connector

IT TC
  • 31
  • 2
0

First of all, try testing your exchange relay by following these directions:

http://support.microsoft.com/kb/153119

Depending which version of exchange you're running, you may also need to setup a new receive connector and allow your Linux server to relay through it.

http://technet.microsoft.com/en-us/library/bb232021.aspx

Always make sure you test your server afterwards to make sure you haven't inadvertently created an open relay.

Nathan
  • 515
  • 2
  • 9
  • I have already tested my exchange relay but it show this error: `530 5.7.1 Client was not authenticated Connection closed by foreign host.` maybe this is because of the security reasons? – user119720 May 15 '12 at 03:56
  • Did you specify the IP for the server in the send connector? So it's actually allowed to relay? Did you also restart the transport service after making the changes to the connector? – xstnc May 15 '12 at 06:16
  • Also: do you try to auth with a special account? If so, do you HAVE to? Could it be set to Anonymous? – xstnc May 15 '12 at 06:23
  • @xstnc can i know where should i check the settings that you have mention?is it in our sendmail box or is it at the exchange mail server?because if its in the exchange mail server i need to wait as I do not have the permission to access that server =( – user119720 May 15 '12 at 07:07
  • Sorry that I forgot to mention! Some of it is exchange and some of it is sendmail. The smtp relay and connector is set in exchange, and the auth I was asking about is the sendmail server. If you can't check the exchange, it would be a good place to start checking the auth for the other server! – xstnc May 15 '12 at 07:13
  • @xstnc seems that the only auth in my sendmail that i have use is in the authinfo file itself (refer my post above).Other than that i do not change anything(using default sendmail)..Maybe i need add something else somewhere in the sendmail file? – user119720 May 15 '12 at 08:11
  • Shouldn't have to add anything else than define which "smart-host" or relay to use. When looking at this: http://cri.ch/linux/docs/sk0009.html I would try skipping the authinfo.db file, and just add the smarthost in the .mc file as you have done. In other words, what happens if you remove the "FEATURE(authinfo,hash /etc/mail/authinfo.db)" line? – xstnc May 15 '12 at 08:22
  • @xstnc without the authinfo file,the sendmail configuration is not working!this is because authinfo file hold the credential of the email account(password,email,username).Without this file sendmail is useless. – user119720 May 15 '12 at 08:42
  • Oh, kinda on deep waters here then.. When using the smtp-relay, you don't have to specify a user and password if you enable anonymous connections - which is the reason why I asked. Next step is confirming the settings on the exchange side – xstnc May 15 '12 at 08:47
  • @xstnc so there is no other way but to check the exchange mail server settings?seems i'm going to "stuck" on this problem until i have permission to check the mail exchange server then.Hopefully it will work though. – user119720 May 15 '12 at 08:59
  • Well, that's the best I've got at the moment.. I'll try to run this in a lab - to see how it works in my environment. – xstnc May 15 '12 at 09:53
  • I'm able to recreate the problem in my lab. I get the same message when not using any auth against exchange. As of now, I don't have the relay/connector setup. – xstnc May 15 '12 at 11:51
  • Today i'm going to check the settings in exchange mail server.Any further improvement i'll let you know. – user119720 May 16 '12 at 01:44