I recently took over server management for our company from the guy who did it before. We had a client who couldn't make their payments, so we shut off their service - basically removed their DNS entries so none of their stuff would work and so we could turn them back on by adding their DNS entries back if they did start paying again. Anyway, I got the sites set up fine. Their website is up. But I can't get their mail to work. We use sendmail to handle all mail for us and our clients for whom we handle mail. This was all set up before I took over management - including shutting them down. I think I've gotten it back so they can receive email, but they can't send it. We use horde as our webmail client, and when trying to send mail from one of these users, I get the following error: There was an error sending your message: sendmail: data format error (65) Code (markup): So I tried to telnet into the server directly. After successful connection, I tried to send mail using the commands: MAIL FROM: <me@mydomain.com> Code (markup): When I do that and send a test from my email address, I get the following response: 250 2.1.0 <me@mydomain.com>... Sender ok Code (markup): And I can send the email. But when I try to send from the client's address, I get the following error: 553 5.1.8 <client@hisdomain.com>... Domain of sender address client@hisdomain.com does not exist Code (markup): DNS entries all exist. And the domain is listed in /etc/mail/domaintable. This is using Sendmail (not sure what version) on RHEL 5. I'm positive there must be some way that the previous server admin blocked access to those users within sendmail, but I'm not sure where to look to find it. Thanks in advance for any help you can give.
have you checked /etc/localdomains and remote domains? Check out your exim logs. tbh, wiping DNS entries is not the smartest idea to " suspend " accounts. It creates issues. What control panel are you running?
I'm using webmin, but I actually prefer to do everything I can on the command line through PuTTy. I checked /etc/localdomains, but I don't think I checked remotedomains... I'll look for that when next I'm on. I'm not 100% sure what you mean by exim logs And I didn't wipe the DNS entries . That was done before me Seriously though, for future reference, what would you suggest for the future?
tail -f /var/log/exim_mainlog Then try to send some mail. Also check out the sendmail to make sure its the original and not modified. In future when suspending ones account, i would say change the account password, and change the virtual hosts config to a customized suspended page, webmin is pretty basic :/ not sure if webmin allows you to suspend an account or not afaik.
I don't seem to have a remotedomains file.... here's the output of ls -l /etc/mail/ -rw-r--r-- 1 root root 838 Nov 6 16:59 access -rw-r----- 1 root root 12288 Nov 6 17:02 access.db -rw-r--r-- 1 root root 0 Nov 28 2006 domaintable -rw-r----- 1 root root 12288 Oct 27 2007 domaintable.db -rw-r--r-- 1 root root 5521 Nov 28 2006 helpfile -rw-r--r-- 1 root root 397 Nov 11 16:09 local-host-names -rw-r--r-- 1 root root 0 Nov 28 2006 mailertable -rw-r----- 1 root root 12288 Oct 27 2007 mailertable.db -rw-r--r-- 1 root root 1048 Nov 28 2006 Makefile -rw-r--r-- 1 root root 62898 Dec 8 2006 rules_du_jour -rw-r--r-- 1 root root 58283 Nov 11 16:09 sendmail.cf -rw-r--r-- 1 root root 58232 Feb 1 2008 sendmail.cf.bak -rw-r--r-- 1 root root 7381 Feb 1 2008 sendmail.mc -rw-r--r-- 1 root root 2949 Jun 17 2008 sourcelight.org.txt drwxr-xr-x 4 root root 4096 Aug 14 20:27 spamassassin -r--r--r-- 1 root root 41285 Nov 28 2006 submit.cf -rw-r--r-- 1 root root 940 Nov 28 2006 submit.mc -rw-r--r-- 1 root root 127 Nov 28 2006 trusted-users -rw-r--r-- 1 root root 20595 Dec 19 13:43 virtusertable -rw-r----- 1 root root 45056 Dec 19 13:43 virtusertable.db Code (markup): I also apparently don't have an exim_mainlog file anywhere in my system. PS: Webmin.. yeah... lol. That's why I prefer to work from command line
Depending on the cf file, you may have to add them to the passwd file, and alias them through the virtusertable table. Don't forget to makemap the file when you are done (makemap hash /etc/mail/virtusertable.db < /etc/mail/virtusertable).
I'm pretty sure they're in virtusertable... I mean I found them. I'm also pretty sure they're in passwd... They can log in fine and all that. How would I check that for sure though? Thanks.
Check the virtusertable and make sure that the entry is really in there. Make sure that the virtusertable.db is current (see previous post). Make sure that the access file is up to date as well, if they need to have ACCEPT or RELAY privileges. Chances are the guy commented out the entries with a "#". Check the virtusertable, mailertable, access, domaintable and local-host-name files to see if the entry is indeed commented out. If they are, remove the "#" and rebuild the table files as needed.
Thanks for all your suggestions so far. I'm still dealing with this oddity. I heard back from the guy and he said that all he had done to disable their account was delete the dns entries.
Hey, I figured it out guys, with the help of my coworker (the one who had disabled them in the first place). Turns out there was a line missing in the DNS records file: IN TXT "v=spfl mx ip4:xxx.xxx.xxx.xxx - all" Code (markup):