3

Anyone able to explain this problem? I can do a dig or nslookup on a host and get the MX servers, but when I check through sendmail it fails?

RHEL 5.6

Sendmail:

(root)> sendmail -bt
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> /mx google.com
getmxrr(google.com) returns 0 value(s):

Sendmail debug output

(root)> echo '/mx google.com' | sendmail -bt -d8.20
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
> getmxrr(google.com, droplocalhost=0)
getmxrr(google.com) returns 0 value(s):

Dig:

(root)> dig mx google.com

; <<>> DiG 9.3.6-P1-RedHat-9.3.6-14.P1.el5 <<>> mx google.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2247
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 4, ADDITIONAL: 9

;; QUESTION SECTION:
;google.com.                    IN      MX

;; ANSWER SECTION:
google.com.             600     IN      MX      10 aspmx.l.google.com.
google.com.             600     IN      MX      20 alt1.aspmx.l.google.com.
google.com.             600     IN      MX      30 alt2.aspmx.l.google.com.
google.com.             600     IN      MX      40 alt3.aspmx.l.google.com.
google.com.             600     IN      MX      50 alt4.aspmx.l.google.com.

;; AUTHORITY SECTION:
google.com.             33524   IN      NS      ns3.google.com.
google.com.             33524   IN      NS      ns4.google.com.
...

Sendmail log entry

Sep 20 00:42:26 myhost sendmail[26714]: r8K0gLUS026712: to=user@example.org, ctladdr=user@myhost.com (500/500), delay=00:00:05, xdelay=00:00:05, mailer=example, pri=152798, relay=example.org, dsn=5.1.2, stat=Host unknown (Name server: example.org: host not found)

Sendmail with -d17 (times out)

sendmail -v -d17.20 -qR@gmail.com
Running /var/spool/mqueue/r8KFB1VF002503 (sequence 1 of 1)
hostsignature(gmail.com)
hostsignature(): getmxrr() returned 1, mxhosts[0]=gmail.com
hostsignature(gmail.com) = gmail.com
hostsignature(gmail.com)
hostsignature(): stab(gmail.com) found gmail.com
<me@gmail.com>... Connecting to gmail.com via esmtp...
tracerbullet
  • 31
  • 3
  • AFAIK, both dig and nslookup use their own DNS client resolver, not the DNS client resolver of the machine you're running them from... so I would look at the DNS client resolver on this machine. – joeqwerty Sep 20 '13 at 03:12
  • Could you post sendmail log entries? – AnFi Sep 20 '13 at 04:51
  • dig and nslookup will get the resolver information from resolv.conf, unless it is otherwise specified. – Falcon Momot Sep 20 '13 at 06:49
  • The following command should provide more details incluing sendmail's resolver options : `echo '/mx google.com' | sendmail -bt -d8.20` – AnFi Sep 20 '13 at 06:58
  • I added the sendmail debug output (not too helpful) and a line from the mail log. Could there be something in the sendmail config that is causing the issue? Unfortunately I only have the sendmail.cf file, not the .mc source file. – tracerbullet Sep 20 '13 at 13:27
  • I'm not sure if the output would be different from what Andrzej suggested by I'd recommend running `sendmail -v -d17.9 -qR@recipientfoo.com` The “-d17” is the mx lookup debug flag and the “.9” indicates that we want details consistent with log level 9. – Mike B Sep 20 '13 at 14:03
  • @MikeB I added the output of that command. It looks like it tries to find the MX and fails. Is there any reason it wouldn't be using the DNS servers that dig and nslookup are using (in resolv.conf)? – tracerbullet Sep 20 '13 at 15:27
  • 1
    Any strange DNS settings on the box? What do you have specified in /etc/hosts and /etc/resolv.con and /etc/nsswitch.conf (be sure to scrub the output for confidential info before posting). – Mike B Oct 02 '13 at 22:14
  • Try grepping for ResolverOptions and dns in sendmail.cf. – jeffatrackaid Jan 08 '14 at 19:09
  • You can try what the gethostbyname (libc resolver) functions opinion on the name is by trying to ping google.com. – ZaphodB Feb 21 '14 at 23:08
  • Some MTAs also queried for ANY records instead of MX records for efficiency in the past, although i'm not sure if sendmail ever did qmail had that nasty habit which often resulted in dns errors with it. Also for each MX record you can try if you can ping the name. – ZaphodB Feb 21 '14 at 23:11

1 Answers1

4

Would rather post this as a comment, but I can't.

Your sendmail log entry keeps talking about "example.org", which indicates sendmail not completely configured. example.org is a typical placeholder domain, as is user@myhost.com.

(That is assuming you didn't selectively mangle/censor it yourself -- if that's the case, that a) makes it difficult to extract meaningful information and b) should at least be done consistently)

fstd
  • 141
  • 4