Link to home
Start Free TrialLog in
Avatar of kstarks
kstarks

asked on

Gateway SM 8.12.10+Spamassassin+MimeDefang=tagged mail but no relay to final destination server

I have configured RH 9 with SM 8.12.10, latest SpamAssasin and MimeDefang.  My external DNS is configured so that the "main" email server (Exchange 5.5, booooo) is the primary MX for the domain, and the SM mail filter machine is the secondary MX.  I receive the Internet emails, and tagging of email (either spam or ham) works great, but the messages are not being relayed to the Exchange server as they should.  I had an older version of SM and SpamAssassin working on this machine, and it did this no problem.   I have attempted to configure /etc/mail/sendmail.mc and thought that I had the correct stuff turned on.  I made sure that I included the Exchange server in the /etc/mail/relay-domains file, in the access.db (which I re-hashed), and in the hosts file.  I also insured that the internal DNS servers were correct on the SM machine so that it could do a lookup and see that it was not the primary destination for mail for the domain and forward it over to Exchange.  I am desperate to get this up, if anyone has the secret please let me know and I will be forever grateful.  Thanks and cheers.

Keith Starks
Avatar of jlevie
jlevie

If you want your Sendmail server to be an anti-spam filter it needs to be the Primary MX for your domain. Otherwise mail for your domain won't, in general, ever reach your Sendmail server.

Now as to what is happening with mail that does reach the Sendmail server... You should be able to tell from your /var/log/maillog if sendmail is attempting to relay filtered messages to your Exchange server. Know what's happening, as shown in the logs, is essential to determining what your problem is.
Avatar of kstarks

ASKER

Jlevie -

Thanks for the repsonse.

Regarding the DNS, what I have had working for the past year or so is to have the primary (Exchange) set as MX (10), and the spam milter as MX (20).  I then turn off access to the primary MX machine via my firewall, which leaves only the MX (20) machine responding.  Mail servers trying to deliver to our domain try the 10, fail and retry to the 20, which works.  Since our DNS is split, the spam milter would recieve an email for our domain, use internal DNS to see that it was not the default server, run the mail through SpamAssassin and our anti-virus package, then forward over to Exchange.  Worked like a champ, right up until I rebuilt the server with the latest version of Sendmail.

Regarding the maillog, here is a tail of the last few  lines:

v 11 11:10:35 foxhound sendmail[2008]: hABGA9fU002008: Milter change: header  MIME-Version: from 1.0 to 1.0
Nov 11 11:10:35 foxhound sendmail[2008]: hABGA9fU002008: Milter message: body replaced
Nov 11 11:10:35 foxhound sendmail[2008]: hABGA9fU002008: Milter add: header: X-Scanned-By: MIMEDefang 2.38
Nov 11 11:10:35 foxhound sendmail[2011]: hABGA9fU002008: to=<kstarks@beallsinc.com>, delay=00:00:18, xdelay=00:00:00, mailer=local, pri=33923, dsn=2.0.0, stat=Sent
Nov 11 11:27:55 foxhound sendmail[2027]: hABGRsfU002027: <belindah@beallsinc.com>... User unknown
Nov 11 11:27:55 foxhound sendmail[2027]: hABGRsfU002027: <billw@beallsinc.com>... User unknown
Nov 11 11:27:55 foxhound sendmail[2027]: hABGRsfU002027: lost input channel from [65.125.82.35] to MTA after rcpt
Nov 11 11:27:55 foxhound sendmail[2027]: hABGRsfU002027: from=<vutypdgr2@onlinemeds.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=[65.125.82.35]
Nov 11 11:28:46 foxhound sendmail[2041]: hABGSjfU002041: ruleset=check_rcpt, arg1=<cindys@mygiftcottage.com>, relay=pcp05312216pcs.norstn01.pa.comcast.net [68.84.225.163], reject=550 5.7.1 <cindys@mygiftcottage.com>... Relaying denied
Nov 11 11:28:46 foxhound sendmail[2041]: hABGSjfU002041: lost input channel from pcp05312216pcs.norstn01.pa.comcast.net [68.84.225.163] to MTA after rcpt
Nov 11 11:28:46 foxhound sendmail[2041]: hABGSjfU002041: from=<dxvnhkdaz@yahoo.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=pcp05312216pcs.norstn01.pa.comcast.net [68.84.225.163]
Nov 11 11:33:53 foxhound sendmail[2052]: hABGXrfU002052: <tosullivan@beallsinc.com>... User unknown
Nov 11 11:33:53 foxhound sendmail[2052]: hABGXrfU002052: from=<bounce-ttnews-express-607301@lyris.truckline.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=lyris.truckline.com [207.247.51.181]
Nov 11 11:39:11 foxhound sendmail[2058]: hABGcQfU002058: from=<admin@BEALLSINC.COM>, size=30780, class=0, nrcpts=1, msgid=<200311111638.hABGcQfU002058@foxhound.beallsinc.com>, proto=SMTP, daemon=MTA, relay=w118.z208037117.nyc-ny.dsl.cnc.net [208.37.117.118] (may be forged)
Nov 11 11:39:20 foxhound mimedefang.pl[1777]: MDLOG,hABGcQfU002058,virus,W32/Mimail-A,208.37.117.118,<admin@beallsinc.com>,<postmaster@beallsinc.com>,your account                         oiofiiwa
Nov 11 11:39:20 foxhound mimedefang.pl[1777]: filter: hABGcQfU002058:  bounce=1 quarantine=1
Nov 11 11:39:20 foxhound mimedefang[1790]: hABGcQfU002058: Bouncing because filter instructed us to
Nov 11 11:39:20 foxhound mimedefang[1790]: hABGcQfU002058: Filter time is 9381ms
Nov 11 11:39:20 foxhound sendmail[2058]: hABGcQfU002058: Milter: data, reject=554 5.7.1 Virus W32/Mimail-A found in mail - rejected
Nov 11 11:39:20 foxhound sendmail[2058]: hABGcQfU002058: to=<postmaster@BEALLSINC.COM>, delay=00:00:38, pri=60780, stat=Virus W32/Mimail-A found in mail - rejected
Nov 11 11:41:11 foxhound sendmail[2070]: hABGf9fU002070: <belindah@beallsinc.com>... User unknown
Nov 11 11:41:11 foxhound sendmail[2070]: hABGf9fU002070: lost input channel from pcp842662pcs.beridg01.fl.comcast.net [68.56.170.105] to MTA after rcpt
Nov 11 11:41:11 foxhound sendmail[2070]: hABGf9fU002070: from=<odly30@hotmail.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=pcp842662pcs.beridg01.fl.comcast.net [68.56.170.105]
Nov 11 11:41:15 foxhound sendmail[2068]: hABGf6fU002068: ruleset=check_mail, arg1=<pvvyvfr@loyus.com>, relay=200-207-114-27.zeronet.psi.br [200.207.114.27] (may be forged), reject=553 5.1.8 <pvvyvfr@loyus.com>... Domain of sender address pvvyvfr@loyus.com does not exist
Nov 11 11:41:19 foxhound sendmail[2068]: hABGf6fU002068: from=<pvvyvfr@loyus.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=200-207-114-27.zeronet.psi.br [200.207.114.27] (may be forged)
Nov 11 11:45:08 foxhound sendmail[2074]: hABGj7fU002074: <brianr@beallsinc.com>... User unknown
Nov 11 11:45:08 foxhound sendmail[2074]: hABGj7fU002074: lost input channel from mx3.efax.com [207.213.246.143] to MTA after rcpt
Nov 11 11:45:08 foxhound sendmail[2074]: hABGj7fU002074: from=<b.13ca.32511f9@mx3.efax.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=mx3.efax.com [207.213.246.143]
Nov 11 11:47:01 foxhound sendmail[2076]: hABGkqfU002076: <janak@beallsinc.com>... User unknown
Nov 11 11:47:04 foxhound sendmail[2076]: hABGkqfU002076: lost input channel from adsl-215-42-108.bct.bellsouth.net [68.215.42.108] to MTA after rcpt
Nov 11 11:47:04 foxhound sendmail[2076]: hABGkqfU002076: from=<john@beallsinc.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=MTA, relay=adsl-215-42-108.bct.bellsouth.net [68.215.42.108]

It is listing users in my proper domain as unknown (shouldn't even be looking them up) and apparently allowing relays that should not be.
Thanks for any help you can lend.

Keith
ASKER CERTIFIED SOLUTION
Avatar of jlevie
jlevie

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial