On my Rocky server I have a couple services that I run, logwatch and BackupPC, that send status notifications to a local user on the server. I would like to send some notifications from BackupPC to another host on the local lan. Just for background I recently setup dnsmasq on my router to provide dns and assigned a local “domain” name. All network traffic has been working fine without any known collisions. But, the local user on the server stopped receiving notifications from BackupPC till I appended @hostname.domain to the username. Since BackupPC provides a command line means to test mail delivery I tested sending a message to user@remotehost.domain which failed. The mail log on the server indicated either “no route to host” or “connection refused”.
The mail log on the remotehost does not show any connection attempt.
How do I setup client and server to exchange smtp messages on local lan?
The easiest way is to put an entry into/etc/hosts on each relevant machine.
192.168.0.3 joes_machine
email to joe@joes_machine now goes to 192.168.0.3
On the machine that is the server, what SMTP daemon are you using? I’m assuming it is postfix, therefore it would be handy to see the /etc/postfix/main.cf config file to find out why delivery isn’t working as it should be.
I’m also assuming that the configuration on the BackupPC has some sort of configuration to send it to the server? Or are you just using MX records configured in the dnsmasq DNs? That would also help clarify how the BackupPC is attempting to make the connection.
Would also help to see /var/log/maillog on the server when the connection is attempted when you were testing, the error messages can help figure out why the problem is occuring as well.
Based on your original post it’s difficult to say because we lack the info to diagnose the issue. If you can post what I requested above, then we can figure the problem out.
sendmail
BackupPC points to sendmail in its configuration file. You could point it to another mailer like postfix if that was configured.
No, each machine has it’s own hosts file with ip hostname definitions.
/var/log/maillog:
> Apr 26 13:48:19 bagend sendmail[276642]: 23QHmIDM276642: from=backuppc, size=210, class=0, nrcpts=1, msgid=<202204261748.23QHmIDM276642@bagend.kellyrand>, relay=backuppc@localhost
> Apr 26 13:48:19 bagend sendmail[276642]: STARTTLS=client, relay=[127.0.0.1], version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
> Apr 26 13:48:19 bagend sendmail[276643]: STARTTLS=server, relay=localhost [127.0.0.1], version=TLSv1.3, verify=NOT, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
> Apr 26 13:48:19 bagend sendmail[276643]: 23QHmJsI276643: from=<backuppc@bagend.kellyrand>, size=471, class=0, nrcpts=1, msgid=<202204261748.23QHmIDM276642@bagend.kellyrand>, proto=ESMTPS, daemon=MTA, relay=localhost [127.0.0.1]
> Apr 26 13:48:19 bagend sendmail[276642]: 23QHmIDM276642: to=jbk@t4s.kellyrand, ctladdr=backuppc (495/482), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=30210, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (23QHmJsI276643 Message accepted for delivery)
> Apr 26 13:48:19 bagend sendmail[276645]: 23QHmJsI276643: to=<jbk@t4s.kellyrand>, ctladdr=<backuppc@bagend.kellyrand> (495/482), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=120471, relay=t4s.kellyrand. [10.251.227.9], dsn=4.0.0, stat=Deferred: Connection refused by t4s.kellyrand.
And maillog from the t4s server?
If it is empty then maybe firewall port blocked for port 25 or sendmail not running on t4s.
The maillog on t4s does not acknowledge any communications for the time period from bagend. I had opened “smtp” on the firewall for t4s during the test and it is still active in the current “runtime” environment.
t4s could be using a different mail client but local mail (logwatch on t4s) gets delivered to the specified user on t4s.
Maybe I need to open the same port on bagend.
Yeah I would check on bagend as well since it said it couldnt connect. As you are using mail relay with sendmail on bagend it queues locally and then relays to the other machine.
I disabled the firewall on both bagend and t4s and still no success.
mailq
# mailq | head
/var/spool/mqueue (11 requests)
-----Q-ID----- --Size-- -----Q-Time----- ------------Sender/Recipient-----------
23RBmRL8294776 98 Wed Apr 27 07:48 <backuppc@bagend.kellyrand>
(Deferred: Connection refused by t4s.kellyrand.)
<jbk@t4s.kellyrand>
Is there anyway to debug my configuration on bagend? Is there a separate alias file I have to configure that sendmail uses?
I would try using telnet from bagend and doing:
telnet t4s.kellyrand 25
and see if it connects. Since it’s having problems communicating with the server. Your local sendmail has deferred the email because it cannot connect to the other server and send it. Also use ping for t4s to make sure the IP is correct as to what is configured on the t4s server. Hopefully your IP addresses are static and not DHCP - unless you are using mac address reservation to ensure it acts like static IP’s.
Also on t4s do:
netstat -tunlp | grep 25
then we can see if port 25 is listening and to what it is bound, eg: localhost or the IP of the server or 0.0.0.0 for all IP’s.
3 packets transmitted, 3 received, 0% packet loss, time 2004ms
$ telnet t4s.kellyrand 25
Trying 10.251.227.9...
telnet: connect to address 10.251.227.9: Connection refused
Note, I disabled the firewall on both machines for at least one run of telnet with no difference in connection refusal.
$ netstat -tunlp | grep 25
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 4181/sendmail: acce
So sendmail on t4s is not listening on the IP address of the machine or on port 25 or the service is not running. Otherwise telnet would have connected. You will need to check/verify the sendmail config as well as make sure the service is enabled.
As for your netstat command, not sure if you did that from the bagend machine or not. Ideally that should also be configured correctly and listening on port 25 of the IP address of the machine or all IP’s using 0.0.0.0 - as netstat plainly shows it listening on localhost which means nobody except the local machine can connect.
So how do I tell sendmail to listen to the machines IP address instead of or in addition to localhost.
Systemctl status on both machines indicates that the sendmail service is enabled and active, “accepting connections”.
The netstat output is the same for both machines, but what I posted was from t4s.
OK, so on my rocky machine, I installed sendmail, have the same issue as you:
root@rocky ~]# netstat -tunlp | grep 25
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1702/sendmail: acce
So, now we need to change that, so we take a look at sendmail.mc:
[root@rocky ~]# cat /etc/mail/sendmail.mc | grep 127.0.0.1
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl
that’s the line we need to change, so I edited the file, now mine looks like this:
[root@rocky ~]# cat /etc/mail/sendmail.mc | grep 0.0.0.0
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')dnl
You can edit it with nano, vi or whatever. If you don’t want 0.0.0.0 then change it to the IP of the machine it’s running on.
Now we need to apply the config to sendmail.cf, so:
[root@rocky ~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
if you get an error running the above command, install sendmail-cf package. Sample error:
[root@rocky ~]# m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
m4:/etc/mail/sendmail.mc:10: cannot open `/usr/share/sendmail-cf/m4/cf.m4': No such file or directory
so then we just do:
dnf install sendmail-cf -y
and rerun the m4 command and this time it will work. Then restart sendmail and check netstat again, and you’ll see it’s listening.
Then do your delivery checks/tests again, should work.
OK, I got further after following your guidance but success is “a real domain name” away. Telnet connected from bagend to t4s. Doing the test email from BackupPC showed success in the bagend maillog but the delivery did not complete on the t4s side though I did get the following in the t4s maillog:
Apr 27 12:06:19 t4s sm-msp-queue[6711]: starting daemon (8.17.1): queueing@01:00:00
Apr 27 12:10:27 t4s sendmail[6771]: 23RG6oK2006771: bagend.kellyrand [10.251.227.4] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Apr 27 12:11:05 t4s sendmail[6802]: STARTTLS=server, relay=bagend.kellyrand [10.251.227.4], version=TLSv1.3, verify=NOT, cipher=TLS_AES_256_GCM_SHA384, bits=256/256
Apr 27 12:11:05 t4s sendmail[6802]: 23RGB58a006802: ruleset=check_mail, arg1=<backuppc@localhost.localdomain>, relay=bagend.kellyrand [10.251.227.4], reject=553 5.5.4 <backuppc@localhost.localdomain>... Real domain name required for sender address
So I need to tell sendmail to accept my chosen domain name as the real domain name.
Well, what you need to do is fix the sender address
reject=553 5.5.4 <backuppc@localhost.localdomain>
bagend should not be sending as localhost, your from field should have the user@domain
As a test you can do this via telnet (this is summarised without all the output between commands:
telnet t4s.kellyrand 25
ehlo bagend.kellyrand
mail from: backuppc@kellyrand
rcpt to: user@kellyrand
data
subject: test email.
test email.
.
replace user@kellyrand with a valid email/user on that t4s server.
the last . with a space in between the test email is to end the email. It will then go into the queue. To exit telnet at this point use CTRL+] and once at the telnet> prompt just write quit.
There are other ways to do this using the mail command from the console, I just prefer telnet since I’ve used it a lot for debugging email delivery.
Either way, once sendmail is configured properly and sending email for the domain it is configured to send for then it should just work fine. You may want to google how to configure sendmail for configuring the domain etc. I use postfix, so my sendmail knowledge is limited. But there are plenty of sendmail howtos out there.
Thanks Iwalker.
The things I need to do are configure an authorized user to receive the messages and allowed local domain.
It will take me some time to evaluate the googled solutions as they might apply to my use case.
You can whitelist the machine IP so it can send without having to authenticate. Postfix has mynetworks option for this, not sure what sendmail has to allow without authentication.
It turns out that the issue:
was caused within the BackkupPC application config and once I corrected the appropriate field with my domain the message was received by the user on the other machine.
I am happy that I did not have to delve into editing the sendmail configs any further. The problem with Howto’s on the net is that they make assumptions for certain use cases which lead you to editing more configs than are necessary for a simple local lan. The solution for me in sendmail is the edit on the receiving host to allow listening on all IP’s per post #13.
It’s worth noting that ‘sendmail’ and ‘mailx’ are both deprecated in Rocky 8.5, not sure why.
It’s deprecated by Red Hat, although it still exists in the repositories. From a Red Hat post it’s unlikely to appear in later versions of RHEL so they suggest using postfix instead.
Since Rocky tracks Red Hat, if RHEL deprecate, then Rocky will as well. The same for Almalinux and other distros (OEL) that track Red Hat.