TIPS Stopping Sendmail from forwarding "root" emails

[simplydrew]

Hey guys,

In my initial PIAF configuration, I had Sendmail sending voicemail to email notifications on my network to recipients on my local domain, which mailboxes live on my Exchange 2010 box. In that configuration, my local Exchange mailboxes would receive the mail being sent from Sendmail fine. However, now that I have a friend with an extension on my box, he has his voicemail to email notifications going to his Gmail address, and Sendmail's originating emails obviously wouldn't get through to Gmail because SPF isn't in place on that box, etc. The PIAF box does have a FQDN, so I went ahead and setup a receive connector on my Exchange box and configured Sendmail to relay mail through Exchange. Exchange will deliver mail to both local and external recipients fine (Gmail, in this case, for my friend's notifications), but I've been noticing that Exchange has been getting ticked off that the root notification emails (root@fqdn) are trying to get through, and it's rejecting them, I assume because Exchange doesn't see a mailbox that corresponds to "root".

What I need to configure at this point in the Sendmail configuration is messages destined for root don't go over the connection to the smarthost (Exchange) and instead just deliver locally. Is this possible, and if so where in the Sendmail configuration would I make the change?

Thanks!

 

[jeff.h]

Set up an alias for root to a real email address. You can do this pretty easily in Webmin >Servers > Sendmail Mail Server >Mail Aliases. Scroll down to "root", enable it and enter a real email address that you do want them to go to.

 

[simplydrew]

Set up an alias for root to a real email address. You can do this pretty easily in Webmin >Servers > Sendmail Mail Server >Mail Aliases. Scroll down to "root", enable it and enter a real email address that you do want them to go to.

Thanks, Jeff. Do I need to wipe out "root" in this case and just put in the email address? I got a little confused if I needed to put it there or add on to the list below

 

[simplydrew]

And...embedded images don't appear to be showing up. Screenshot is at http://cl.ly/image/1K1U0L1A2l0h[IMG]

 

[jeff.h]

Ok not sure where all those other aliases came from. Mine only has one line where I put in an actual email address that I want the messages sent to. Other than that, just select enable and save it.

 

[simplydrew]

Ok not sure where all those other aliases came from. Mine only has one line where I put in an actual email address that I want the messages sent to. Other than that, just select enable and save it. View attachment 1161

Modified this to mimic your settings then did a stop/start on Sendmail, but I'm still getting the same result with Exchange trying to pass the "root" emails.

 

[jeff.h]

What are you seeing as the to and from email addresses?

 

[simplydrew]

What are you seeing as the to and from email addresses?

I left the "address" field as just "root" and the to address to an email address on the local domain. However, emails are still going out to Exchange, being processed by Exchange, and sent out to the smarthost which is then rejecting the address of "root@pbx.[insert my domain name here].com", I'm assuming because "pbx.domain" doesn't have any corresponding MX records, etc.

 

[jeff.h]

Are you saying that it is rejecting the emails because it does not like the senders originating email address?

 

[simplydrew]

Are you saying that it is rejecting the emails because it does not like the senders originating email address?

That appears to be the case at this point, even when I've changed the "from" address to the local domain. I've also set the masquerade condition to be the local domain.

EDIT: Actually, I should probably stop using "local domain" in this context without more explanation. I'm using an FQDN for both the "from" field ([email protected]) and in the masquerade as domain in the masquerade settings is that domain as well, which has a corresponding MX record, etc.

 

[jeff.h]

I'm not sure then, unless your to and from domains and or complete addresses are the same, maybe your exchange server thinks its getting a spoofed email. I know that many places have their exchange servers set to reject emails where both the to and from are the same thing.

Any reason why you aren't allowing the sendmail server to just send email directly out? That would certainly simplify things.

 

[simplydrew]

I'm not sure then, unless your to and from domains and or complete addresses are the same, maybe your exchange server thinks its getting a spoofed email. I know that many places have their exchange servers set to reject emails where both the to and from are the same thing.

Any reason why you aren't allowing the sendmail server to just send email directly out? That would certainly simplify things.

It would simplify things, sure. But to kind of adhere to "best practice" as much as I can within my own environment, at least I know I have one mail gateway sending out and not everything that has mail functionality that I have to check when something gets spammy sending stuff out where it's not supposed to, etc. Prevents more of that from happening, or at least to be safe, IMHO.

 

[simplydrew]

Who, exactly, labeled this food for thought at this point? Changing...

 

[wardmundy]

Who, exactly, labeled this food for thought at this point? Changing...

I think it's become pretty clear that this is not a SendMail issue, but a problem with either your DNS configuration or the setup of your Exchange mail gateway. There's an easy way to do it with SendMail, but you don't want to go that route. That's fine, but it's probably beyond the scope of our resources to invest more time troubleshooting a problem that affects only a single user's custom (commercial) config. Sorry.

p.s. The (unaltered) PIAF SendMail setup does not send SPAM.

 

[rjaiswal]

I'm not sure then, unless your to and from domains and or complete addresses are the same, maybe your exchange server thinks its getting a spoofed email. I know that many places have their exchange servers set to reject emails where both the to and from are the same thing.

Any reason why you aren't allowing the sendmail server to just send email directly out? That would certainly simplify things.

You could just set your exchange server as a smart host for send mail, and then set the exchange server to accept and relay messages from send mail...

 

[simplydrew]

I think it's become pretty clear that this is not a SendMail issue, but a problem with either your DNS configuration or the setup of your Exchange mail gateway. There's an easy way to do it with SendMail, but you don't want to go that route. That's fine, but it's probably beyond the scope of our resources to invest more time troubleshooting a problem that affects only a single user's custom (commercial) config. Sorry.

p.s. The (unaltered) PIAF SendMail setup does not send SPAM.

Hi Ward,

Actually, I never mentioned in my post that this was a commercial setup. This is in my home lab environment, and I have an Exchange server acting as the mail gateway out. That was a little presumptuous

I never accused Sendmail of sending spam. I'm simply trying to alter the Sendmail configuration to stop using the "[email protected]" name and just "[email protected]" so the external smarthost will play nice. I'm not asking for Exchange specific help. Seems like you've misinterpreted the whole thing here.

 

[simplydrew]

You could just set your exchange server as a smart host for send mail, and then set the exchange server to accept and relay messages from send mail...

Right, and that's what's setup in this case. Exchange is then pushing that mail out...but when seeing the FQDN being pbx.domain.com instead of what it knows (which is just domain.com), it's getting hung up (at least from what I can tell so far). I could just setup an internal record for the pbx.domain.com name, but it's more of a curiosity to me where I need to change it without needing to implement something else.

Even if I was using the Gmail methodology that probably most use here, I have a feeling I'd ultimately hit the same exact issue.

 

[matthew]

If I'm understanding the thread, you want mail from [email protected] to look like it's from [email protected]. (btw, it's handy if the mailserver that receives mail for yourdomain.com accepts mail for root. It's nice to accept your own bouncebacks rather than having them sitting in someone elses mail queue being rejected by you.)

Also, apologies, but I don't really do sendmail administration from webmin, so you might have to work this one out, or roll up your sleeves and manually edit a file and run a command or two. My masquerading is a bit rusty, but this should get you in the right direction.

From a command prompt, edit /etc/mail/sendmail.mc. Find the line that looks like

dnl MASQUERADE_AS(`mydomain.com')dnl

Remove the leading "dnl" and change "mydomain.com" to "yourdomain.com" (if you get my meaning). You should have something that looks like

MASQUERADE_AS(`yourdomain.com')dnl

Now find the line that looks like

EXPOSED_USER(`root')dnl

and put a dnl in front of it, so you get

dnl EXPOSED_USER(`root')dnl

Save the file. Run the following command

/etc/mail/make

then

service sendmail restart

 

[Hyksos]

thats not what he wants. he wants mail destined for and sent to root to be delivered locally and not be relayed out to his smarthost.

 

[simplydrew]

thats not what he wants. he wants mail destined for and sent to root to be delivered locally and not be relayed out to his smarthost.

Correct.