Mail

Damien Estrada damienjp at bellsouth.net
Thu Sep 23 17:20:07 UTC 2004 

I meant the firewall ( Security Level ) in the system settings, i've
tried shutting it off, besides the mail port is open aswell as my www
port which seems to be working.

Now for as what was in virtualtable before i threw anything in there...
nuthin. I added afew mailboxes such as my local and the root's and
another account i have... as you can see it says something bout RHS AND
LHS which i read something about the other day but can't remember where
i read it. Keep in mind... i'm still alil new to Linux coming form a
Windows 2000 Advanced Server environment.... thingz we're alil easier to
configure.

For example i had a Mail Server and a DNS Server on my other server i
was running and if i wanted to to bind ( listen ) to a specific address
i simply select which one i want. I see things are alil fustrating but i
really would love to work this out !! :-)

Below is a copy of iptables i think :



# Firewall configuration written by lokkit
# Manual customization of this file is not recommended.
# Note: ifup-post will punch the current nameservers through the
#       firewall; such entries will *not* be listed here.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:RH-Lokkit-0-50-INPUT - [0:0]
-A INPUT -j RH-Lokkit-0-50-INPUT
-A FORWARD -j RH-Lokkit-0-50-INPUT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 80 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 21 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 22 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 25 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 23 --syn -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0
--dport 67:68 -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p udp -m udp -s 0/0 --sport 67:68 -d 0/0
--dport 67:68 -i eth1 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i lo -j ACCEPT
-A RH-Lokkit-0-50-INPUT -i eth0 -j ACCEPT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 0:1023 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 2049 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 0:1023 -j REJECT
-A RH-Lokkit-0-50-INPUT -p udp -m udp --dport 2049 -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 6000:6009 --syn -j REJECT
-A RH-Lokkit-0-50-INPUT -p tcp -m tcp --dport 7100 --syn -j REJECT
COMMIT




On Thu, 2004-09-23 at 13:03, McDougall, Marshall (FSH) wrote:
> >From your command line, type "service security_thingy stop" and see what
> happens.
> 
> -----Original Message-----
> From: Damien Estrada [mailto:damienjp at bellsouth.net] 
> Sent: Thursday, September 23, 2004 11:01 AM
> To: Reuben D. Budiardja
> Cc: redhat-list at redhat.com
> Subject: Re: Mail
> 
> 
> I have no firewall running except the security thingy in linux but that
> is set to except incoming mail. Thats why i don't understand why it not
> working. Also when i tried the virtualtable thingy it says something
> about, actually heres the error :
> 
> # make -C /etc/mail
> make: Entering directory `/etc/mail'
> makemap: virtusertable.db: line 1: no RHS for LHS
> damienjp at gc-site.hopto.org       damienjp
> makemap: virtusertable.db: line 3: no RHS for LHS
> @gc-site.hopto                  root
> make: *** [virtusertable.db] Error 65
> make: Leaving directory `/etc/mail'
> 
> 
>  I guess i'ma have to post the setup files so that maybe ya can get a
> better understanding :
> 
> 
> ###########
> #/etc/hosts:
> 
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 67.34.177.240	gc-site.hopto.org	mail.gc-site.hopto.org
> 
> ################
> #/etc/mail/access 
> 
> localhost.localdomain		RELAY
> localhost			RELAY
> 127.0.0.1			RELAY
> gc-site.hopto.org               RELAY
> 67.34.177.240                   RELAY
> 
> ############
> #/etc/mail/local-hosts-names
> gc-site.hopto.org
> localhost
> localhost.localdomain
> 
> ###########
> #sendmail.mc
> 
> 
> divert(-1)dnl
> dnl #
> dnl # This is the sendmail macro config file for m4. If you make changes
> to
> dnl # /etc/mail/sendmail.mc, you will need to regenerate the
> dnl # /etc/mail/sendmail.cf file by confirming that the sendmail-cf
> package is
> dnl # installed and then performing a
> dnl #
> dnl #     make -C /etc/mail
> dnl #
> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
> VERSIONID(`setup for Red Hat Linux')dnl
> OSTYPE(`linux')dnl
> dnl #
> dnl # Uncomment and edit the following line if your outgoing mail needs
> to
> dnl # be sent out through an external mail server:
> dnl #
> dnl define(`SMART_HOST',`smtp.your.provider')
> dnl #
> define(`confDEF_USER_ID',``8:12'')dnl
> define(`confTRUSTED_USER', `smmsp')dnl
> dnl define(`confAUTO_REBUILD')dnl
> define(`confTO_CONNECT', `1m')dnl
> define(`confTRY_NULL_MX_LIST',true)dnl
> define(`confDONT_PROBE_INTERFACES',true)dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> define(`ALIAS_FILE', `/etc/aliases')dnl
> dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
> define(`UUCP_MAILER_MAX', `2000000')dnl
> define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
> define(`confPRIVACY_FLAGS',
> `authwarnings,novrfy,noexpn,restrictqrun')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> dnl #
> dnl # The following allows relaying if the user authenticates, and
> disallows
> dnl # plaintext authentication (PLAIN/LOGIN) on non-TLS links
> dnl #
> dnl define(`confAUTH_OPTIONS', `A p')dnl
> dnl # 
> dnl # PLAIN is the preferred plaintext authentication method and used by
> dnl # Mozilla Mail and Evolution, though Outlook Express and other MUAs
> do
> dnl # use LOGIN. Other mechanisms should be used if the connection is
> not
> dnl # guaranteed secure.
> dnl #
> dnl TRUST_AUTH_MECH(`EXTERNAL DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
> dnl define(`confAUTH_MECHANISMS', `EXTERNAL GSSAPI DIGEST-MD5 CRAM-MD5
> LOGIN PLAIN')dnl
> dnl #
> dnl # Rudimentary information on creating certificates for sendmail TLS:
> dnl #     make -C /usr/share/ssl/certs usage
> dnl #
> dnl define(`confCACERT_PATH',`/usr/share/ssl/certs')
> dnl define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
> dnl define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
> dnl define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
> dnl #
> dnl # This allows sendmail to use a keyfile that is shared with
> OpenLDAP's
> dnl # slapd, which requires the file to be readble by group ldap
> dnl #
> dnl define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
> dnl #
> dnl define(`confTO_QUEUEWARN', `4h')dnl
> dnl define(`confTO_QUEUERETURN', `5d')dnl
> dnl define(`confQUEUE_LA', `12')dnl
> dnl define(`confREFUSE_LA', `18')dnl
> define(`confTO_IDENT', `0')dnl
> dnl FEATURE(delay_checks)dnl
> FEATURE(`no_default_msa',`dnl')dnl
> FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
> FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
> FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
> FEATURE(redirect)dnl
> FEATURE(always_add_domain)dnl
> FEATURE(use_cw_file)dnl
> FEATURE(use_ct_file)dnl
> dnl #
> dnl # The -t option will retry delivery if e.g. the user runs over his
> quota.
> dnl #
> FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
> FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
> FEATURE(`blacklist_recipients')dnl
> EXPOSED_USER(`root')dnl
> dnl #
> dnl # The following causes sendmail to only listen on the IPv4 loopback
> address
> dnl # 127.0.0.1 and not on any other network devices. Remove the
> loopback
> dnl # address restriction to accept email from the internet or intranet.
> dnl #
> dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
> dnl #
> dnl #
> dnl # The following causes sendmail to additionally listen to port 587
> for
> dnl # mail from MUAs that authenticate. Roaming users who can't reach
> their
> dnl # preferred sendmail daemon due to port 25 being blocked or
> redirected find
> dnl # this useful.
> dnl #
> dnl DAEMON_OPTIONS(`Port=submission, Name=MSA, M=Ea')dnl
> dnl #
> dnl # The following causes sendmail to additionally listen to port 465,
> but
> dnl # starting immediately in TLS mode upon connecting. Port 25 or 587
> followed
> dnl # by STARTTLS is preferred, but roaming clients using Outlook
> Express can't
> dnl # do STARTTLS on ports other than 25. Mozilla Mail can ONLY use
> STARTTLS
> dnl # and doesn't support the deprecated smtps; Evolution <1.1.1 uses
> smtps
> dnl # when SSL is enabled-- STARTTLS support is available in version
> 1.1.1.
> dnl #
> dnl # For this to work your OpenSSL certificates must be configured.
> dnl #
> dnl DAEMON_OPTIONS(`Port=smtps, Name=TLSMTA, M=s')dnl
> dnl #
> dnl # The following causes sendmail to additionally listen on the IPv6
> loopback
> dnl # device. Remove the loopback address restriction listen to the
> network.
> dnl #
> dnl # NOTE: binding both IPv4 and IPv6 daemon to the same port requires
> dnl #       a kernel patch
> dnl #
> dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')dnl
> dnl #
> dnl # We strongly recommend not accepting unresolvable domains if you
> want to
> dnl # protect yourself from spam. However, the laptop and users on
> computers
> dnl # that do not have 24x7 DNS do need this.
> dnl #
> FEATURE(`accept_unresolvable_domains')dnl
> dnl #
> FEATURE(`relay_based_on_MX')dnl
> dnl # 
> dnl # Also accept email sent to "localhost.localdomain" as local email.
> dnl # 
> LOCAL_DOMAIN(`localhost')dnl
> dnl #
> dnl # The following example makes mail from this host and any additional
> dnl # specified domains appear to be sent from mydomain.com
> dnl #
> dnl MASQUERADE_AS(`mydomain.com')dnl
> dnl #
> dnl # masquerade not just the headers, but the envelope as well
> dnl #
> dnl FEATURE(masquerade_envelope)dnl
> dnl #
> dnl # masquerade not just @mydomainalias.com, but @*.mydomainalias.com
> as well
> dnl #
> dnl FEATURE(masquerade_entire_domain)dnl
> dnl #
> dnl MASQUERADE_DOMAIN(localhost)dnl
> dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
> dnl MASQUERADE_DOMAIN(mydomainalias.com)dnl
> dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
> MAILER(smtp)dnl
> MAILER(procmail)dnl
> 
> 
> 
> ############################################################################
> #####
> 
> 
> 
> 
> On Thu, 2004-09-23 at 08:26, Reuben D. Budiardja wrote:
> > On Thursday 23 September 2004 04:29, Damien Estrada wrote:
> > > Thankz for letting me know we get dat fixed ASAP....
> > >
> > > Now i have another question, I finally got sendmail to recongnize
> > > gc-site.hopto.org ( i think ) I telnet gc-site.hopto.org 25 and the
> > > servers version comes out but when i do localhost 25 nuthin comes out.
> > >
> > > N-e-wayz i edited the access and threw in there gc-site.hopto.org RELAY
> > > aswell as 67.34.177.240 RELAY but from what i'm seeing in the logz it's
> > > only Relaying for localhost. How can i change this ??
> > >
> > > Wat i think is going on is that since 127.0.0.1 is the only authorized
> > > relay it's blocking everything else.
> > >
> > > I edited sendmail.mc like Jeff said (thnkz) and wat happened waz :
> > >
> > >  I changed it from 127.0.0.1 to 67.34.177.20 and i couldn't get no mail
> > > wat so ever so i added both ( Not sure if thats correct ) and i'm
> > > getting local mail.
> > >
> > > Please give me all suggestions and comments thankz :)
> > 
> > >From out here, your mail server still not listening to the outside world.
> I 
> > cannot "telnet gc-site.hopto.org 25". 
> > 
> > 1. Make absolutely sure you don't have any soft of firewall running (IP 
> > tables, routers ,etc. If you have router you need to forward port 25 to
> your 
> > machine)
> > 
> > 2. Like Jeff said, just *comment* out the line 
> > dnl DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')
> > in sendmail.mc. Rebuilt sendmail.cf using the instruction on the top of
> that 
> > file, restart sendmail. 
> > 
> > 3. Add your aliases for the machines in /etc/mail/local-host-names. If the
> 
> > file doesn't exist, then create it. It should contains, eg:
> > gc-site.hopto.org
> > mail.gc-site.hopto.org
> > 
> > 4. Add those domains also to the file /etc/mail/relay-domains. If the file
> 
> > doesn't exist, then create it. It should contains, eg:
> > gc-site.hopto.org
> > mail.gc-site.hopto.org
> > 
> > 5. You may want to add email address that can accept mail in
> gc-site.hopto.org 
> > to the /etc/mail/virtusertable in case the local username is not the same,
> 
> > eg:
> > myemail at gc-site.hopto.org	local-username1
> > myemail2 at gc-site.hopto.org	local-username2
> > @gc-site.hopto			root
> > 
> > the last entry is a catch-all, so that anything else not explicitly
> defined 
> > goes to root. You can also do something like the following for catch-all:
> > @gc-site.hopto			error:nouser No such user here
> > 
> > 6. Restart sendmail .
> > 
> > 
> > Another comment, you said when you telnet localhost it tries to access a 
> > 10.10.. address. Do you have localhost defind as anything else other then 
> > 127.0.0.1 in /etc/hosts ? check that file also. If that's the case, many 
> > network operation may break.
> > 
> > Hope that helps. 
> > 
> > RDB
> 
> 
> -- 
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

More information about the redhat-list mailing list