Fixing sendmail

The mail admins at my company turned off the open relay service on the Exchange server because it allowed spammers to route mail through it.  Unfortunately, one side effect was that Exchange would no longer accept messages bound for external addresses which didn't originate from Outlook clients.  I suspect there is a less draconian way of preventing such relays, but those were the instructions the admins got from Microsoft.  Running StarOffice on a Sun workstation, this blocked me from sending mail outside the company.  Messages for internal addresses still worked, and I could receive mail (I use StarOffice's POP3 mechanism to get my mail from Exchange).  The solution was to bypass the Exchange server for outbound mail by getting Sendmail working properly.

When I first setup StarOffice on my Sun box, I set the Outbox's SMTP server to, which was the name of the Exchange server.  But now that was bouncing messages, saying something like "Relaying is not allowed".  So, the first step was to change StarOffice's SMTP setting to point at the Sun box itself, and use sendmailto get messages out. This way, my workstation itself was the relay, so to speak.  But that still didn't work.  A few weeks earlier, I had tried to get sendmail working so that I could have scripts send email.  To get that to work I had put the following setting in /etc/mail/

# "Smart" relay host (may be null)
# DSmailhost.$m

This told sendmail to relay its mail via ex6.  But that service was now turned off on ex6, so I remarked it out, restarted sendmail, and sent a message to my ISP address, which seemed to work.  Problem solved!

Well, not quite.  As time goes by, more and more ISPs, in an effort to prevent spam, require that the sender's host name be resolvable via DNS.  Messages I sent had the sender address '', but since my workstation isn't a public host (it's not visible on the internet), that host name couldn't be resolved.  This didn't bother my ISP, but those of some friends were rejecting my messages because of it.  Back to the web.

I should mention that to test sending a message I used

/usr/lib/sendmail -v <message

to get a detailed account of sendmail trying to send the message.  Invaluable, as it also shows what the sender's address is, and why my messages were being rejected.

Several web postings said that all that was necessary was to use the DM macro in to trigger masquerading and everything would be fine:

# who I masquerade as (null for no masquerading) (see also $=M) 

I made the change, sent a message, no joy.   More hunting.  I found one article that said there also needed to be a CM setting in to tell sendmail which hosts/domains the masquerade setting should be applied to.  I grep-ed for CM but it came up empty.  Looking more carefully, I concluded that I needed to add the CM setting (I added just the last line):

# class E: names that should be exposed as from this host, even if we masquerade
# class L: names that should be delivered locally, even if we have a relay
# class M: domains that should be converted to $M
#CL root
#CE root

Save, restart sendmail, send a message via 'sendmail -v', and it still doesn't work.  Sigh.  Back to the web.

After lots of hunting I found a posting in which it was said that the default setting in Ruleset 94, which governs masquerading, was incorrect.  So I added the second line and commented out the third (original) line thusly:

R$+                     $@ $>93 $1
#R$* < @ *LOCAL* > $*   $: $1 < @ $j . > $2

Save, restart, send a message, worked!  Some day I'll learn sendmail's syntax well enough to understand the difference between those two lines, but for now all that mattered was that it seemed to work.  I was home free.

Well, almost.   I couldn't be too upset with the mail admins for turning off open relaying because it was I who started them down the path that resulted in that change.  What had started this whole thing was that a few friends' addresses were unreachable from within the company.  But if I sent a message from my ISP account, the messages got through fine, which suggests that the problem was at the source, not the destination.  The problem seemed to be DNS related.  If I used

sendmail -v <message

I got a message saying Deferred: Name server: host name lookup failure 

I ran nslookup with the server setting pointing to the company's DNS servers (Windows2K--bad idea I suspect).  First, I just looked up the address record for, and that seemed okay, which I expected because I had always been able to successfully point my browser to  Then I typed

set q=mx

to tell nslookup to look for mail records, and told it to lookup again.  This time I got back

*** can't find Non-existent host/domain

But then I set nslookup to look for any data types:

set q=any

and then I got a bunch of info including the mailserver for, the DNS servers, etc.  So, the problem was that mail queries to the company DNS servers weren't always getting the right info.  The solution for me was to add the DNS servers that belonged to the company's ISP to my /etc/resolv.conf file.  Actually, I initially added the DNS server of my friend's ISP to resolv.conf and when that worked I knew I'd found the answer.  But I didn't feel it was polite to use the DNS services of an ISP with whom I had no relation, so I changed it to the company's ISP DNS servers which also worked fine.  I told our DNS people about the problem: they said it sounded like a mail problem, and of course the mail people think it's a DNS problem.  I think it's a DNS problem, but I'll let them work it out.



I heard on the TCLUG mailing list that in Mandrake /etc/ masks /etc/mail/ So, check for the existence of that file if you are using Mandrake, or perhaps Red Hat. If /etc/ exists, you will probably need to edit that file instead.