[ZendTo] Issues with sending to external users

Brian Novogradac Brian.Novogradac at utoronto.ca
Fri Jan 13 16:05:49 GMT 2017 

I just figured it out just before getting your email.

You were correct I ned to relay to our outgoing mail server.  I just found it weird because it was working internally.

Thank you all, for all your help.

Case closed.

From: zendto-bounces at zend.to [mailto:zendto-bounces at zend.to] On Behalf Of Jules
Sent: Friday, January 13, 2017 10:59 AM
To: ZendTo Users <zendto at zend.to>
Subject: Re: [ZendTo] Issues with sending to external users

Brian,

Sounds like you are sending mail directly to Google, rather than going via your organisation's SMTP relay. That will certainly cause the symptoms you are seeing. And it looks like your domainname (as far as sendmail is concerned) is wrong too.

Edit /etc/mail/sendmail.mc
Look for a line mentioning
    SMART_HOST
You want a line that says something like
define(`SMART_HOST', `smtp.utoronto.ca')dnl
The 1st and 3rd quotes should be back-quotes like `
The 2nd and 4th quotes should be normal single-quotes like '

In your line
define(`confDOMAIN_NAME', `zendto.host.ca')dnl
that really isn't the domain name you want, as it won't have an SPF record or anything. Set it to `utoronto.ca' instead of `zendto.host.ca'.

then
    cd /etc/mail
    make
    service sendmail restart

Then do a command like
    sendmail -bv jules at zend.to<mailto:jules at zend.to>
to see what your sendmail would do with an email addressed to jules at zend.to<mailto:jules at zend.to>. It should say that it will relay it to smtp.utoronto.ca (or whatever full host name you put in there).

Then you should have some more luck.

Cheers,
Jules.

On 13/01/2017 15:37, Brian Novogradac wrote:
Here is the error from my root mailbox


   ----- The following addresses had permanent fatal errors -----
<user at gmail.com><mailto:user at gmail.com>
    (reason: 550-5.7.1 [2606:fa00:400:2006:250:56ff:fe92:282a] Our system has detected that)

   ----- Transcript of session follows -----
... while talking to gmail-smtp-in.l.google.com.:
>>> DATA
<<< 550-5.7.1 [2606:fa00:400:2006:250:56ff:fe92:282a] Our system has detected that
<<< 550-5.7.1 this message does not meet IPv6 sending guidelines regarding PTR
<<< 550-5.7.1 records and authentication. Please review
<<< 550-5.7.1  https://support.google.com/mail/?p=IPv6AuthError for more information
<<< 550 5.7.1 . u130si1909083iod.170 - gsmtp
554 5.0.0 Service unavailable

--v0DDJKOE005944.1484313560/send.utoronto.ca
Content-Type: message/delivery-status

Reporting-MTA: dns; send.utoronto.ca
Received-From-MTA: DNS; localhost.localdomain
Arrival-Date: Fri, 13 Jan 2017 08:19:19 -0500

Final-Recipient: RFC822; user at gmail.com<mailto:user at gmail.com>
Action: failed
Status: 5.7.1
Remote-MTA: DNS; gmail-smtp-in.l.google.com
Diagnostic-Code: SMTP; 550-5.7.1 [2606:fa00:400:2006:250:56ff:fe92:282a] Our system has detected that
Last-Attempt-Date: Fri, 13 Jan 2017 08:19:20 -0500

--v0DDJKOE005944.1484313560/zendto.XXX.ca

From: zendto-bounces at zend.to<mailto:zendto-bounces at zend.to> [mailto:zendto-bounces at zend.to] On Behalf Of Mike Brudenell
Sent: Friday, January 13, 2017 9:40 AM
To: ZendTo Users <zendto at zend.to><mailto:zendto at zend.to>
Subject: Re: [ZendTo] Issues with sending to external users

Hi, Brian -

Firstly note that I've not touched Sendmail since 2008 (we use Exim now) so my memory/interpretation might be hazy in places in my comments below...

On 13 January 2017 at 13:31, Brian Novogradac <Brian.Novogradac at utoronto.ca<mailto:Brian.Novogradac at utoronto.ca>> wrote:
Thanks for helping me out here here is some more information.


-          Running Centos 6.8

-          Yes the zendto is sending messages to sendmail on the machine

-          I have all hostname information set correctly in hosts file

-          In sendmail.mc<http://sendmail.mc> I have added the domainname in define(`confDOMAIN_NAME', `zendto.host.ca<http://zendto.host.ca>')dnl
I seem to remember that you set confDOMAIN_NAME to the domain name you want adding to unqualified addresses - ie, those that are only a username. If you have really set this to "zendto.host.ca<http://zendto.host.ca>" then a message from/to the plain username address

apache

say, becomes

apache at zendto.host.ca<mailto:apache at zendto.host.ca>

I've used dig to look up data for the domain "host.ca<http://host.ca>" and to be honest I'm not convinced you've really set it to that as it seems to be something to do with domainsatcost.ca<http://domainsatcost.ca>.


Maillog:

Jan 13 08:19:19 zendto sendmail[5941]: v0DDJILc005941: from=apache, size=1517, class=0, nrcpts=1, msgid=<201701131319.v0DDJILc005941 at zendto.XXXXX<mailto:201701131319.v0DDJILc005941 at zendto.XXXXX>>, relay=apache at localhost

The above will be the locally generated message your apache username is creating and handing to Sendmail.


Jan 13 08:19:19 zendto sendmail[5942]: v0DDJJOE005942: from=<apache@ zendto.XXXXX >, size=1744, class=0, nrcpts=1, msgid=<201701131319.v0DDJILc005941@ zendto.XXXXX ><mailto:201701131319.v0DDJILc005941 at zendto.XXXXX>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]

Then sendmail qualifies the plain sender address "apache" with a domain name, making it <apache.zendto.XXXXX> - hmm, if that's the case then that won't be a valid email address.

I seem to recall that "relay=" identifies the server the message is transmitted onward to: in this case to the SMTP server running on the same machine - localhost.localdomain [127.0.0.1]


Jan 13 08:19:19 zendto sendmail[5941]: v0DDJILc005941: to=userXXX at gmail.com<mailto:userXXX at gmail.com>, ctladdr=apache (48/48), delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=31517, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (v0DDJJOE005942 Message accepted for delivery)

I think the above is Sendmail logging it has successfully transmitted your message to the SMTP listener running on your host.


Jan 13 08:19:20 zendto sendmail[5944]: STARTTLS=client, relay=gmail-smtp-in.l.google.com<http://gmail-smtp-in.l.google.com>., version=TLSv1/SSLv3, verify=FAIL, cipher=ECDHE-RSA-AES128-GCM-SHA256, bits=128/128

Your Sendmail then decides it needs to transmit the message to the server gmail-smtp-in.l.google.com<http://gmail-smtp-in.l.google.com>

Which tallies with the MX records for gmail.com<http://gmail.com> - these have the most preferred one being gmail-smtp-in.l.google.com<http://gmail-smtp-in.l.google.com>


Jan 13 08:19:20 zendto sendmail[5944]: v0DDJJOE005942: to=< userXXX at gmail.com<mailto:userXXX at gmail.com> >, ctladdr=<apache@ zendto.XXXXX > (48/48), delay=00:00:01, xdelay=00:00:01, mailer=esmtp, pri=121744, relay=gmail-smtp-in.l.google.com<http://gmail-smtp-in.l.google.com>. [IPv6:2607:f8b0:4001:c01::1b], dsn=5.0.0, stat=Service unavailable

The above line is Gmail's SMTP server refusing to accept your message, returning a 5xx permanent failure response code, with the rather unhelpful explanatory text "Service unavailable".

The 5xx response code tells your Sendmail to abandon any further attempts to send the message and to generate a Non-Delivery Report to return to the sender.


Jan 13 08:19:20 zendto sendmail[5944]: v0DDJJOE005942: v0DDJKOE005944: DSN: Service unavailable
Jan 13 08:19:20 zendto sendmail[5944]: v0DDJKOE005944: to=root, delay=00:00:00, xdelay=00:00:00, mailer=local, pri=32992, dsn=2.0.0, stat=Sent

This shows a message being delivered to the local mailbox belonging to the root username on your server - ie, the Zendto box. Check in that mailbox and you'll likely find the Non-Delivery Report, hopefully with some information about why the message was rejected by Gmail.

Things that trouble me are the stray spaces everywhere. For example the sender address seems to be <apache@ zendto.XXXXX > and the recipient address < userXXX at gmail.com<mailto:userXXX at gmail.com> >. But a quick test suggests Gmail would reject these with a "555 5.5.2 Syntax error." response rather than "Service unavailable".


Email Header:

Received: from zendto.XXXXX (localhost.localdomain [127.0.0.1]) by
zendto.XXXXX t(8.14.4/8.14.4) with ESMTP id v0CJ8WAd001980; Thu, 12 Jan
2017 14:08:32 -0500
Received: (from apache at localhost<mailto:apache at localhost>) by zendto.XXXXX (8.14.4/8.14.4/Submit)
id v0CJ8Wm9001976; Thu, 12 Jan 2017 14:08:32 -0500
Date: Thu, 12 Jan 2017 14:08:32 -0500
Message-ID: <201701121908.v0CJ8Wm9001976@ zendto.XXXXX <mailto:201701121908.v0CJ8Wm9001976 at send.utoronto.ca> >
To: < userXXX at gmail.com<mailto:userXXX at gmail.com> >
Subject: User has dropped off a file for you
X-PHP-Originating-Script: 0:NSSDropbox.php
From: Zendto <no-reply@ zendto.XXXXX <mailto:no-reply at utoronto.ca> >

Basically there's still a lot of obfuscation, possibly along with some typos (the stray spaces) introduced whilst obfuscating, for anyone else to be sure what's going on. You'll need to discuss your pristine logs with a local Sendmail support guru at your site.

Cheers,
Mike B.

--
Systems Administrator & Change Manager
IT Services, University of York, Heslington, York YO10 5DD, UK
Tel: +44-(0)1904-323811

Web:                www.york.ac.uk/it-services<http://www.york.ac.uk/it-services>
Disclaimer:      www.york.ac.uk/docs/disclaimer/email.htm<http://www.york.ac.uk/docs/disclaimer/email.htm>




_______________________________________________

ZendTo mailing list

ZendTo at zend.to<mailto:ZendTo at zend.to>

http://mailman.ecs.soton.ac.uk/mailman/listinfo/zendto



Jules



--

Julian Field MEng MBCS CITP CEng



'There is one thing stronger than all the armies in the world;

 and that is an idea whose time has come.'



www.Zend.To<http://www.Zend.To>

Twitter: @JulesFM

PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ecs.soton.ac.uk/pipermail/zendto/attachments/20170113/69b5038c/attachment-0001.html

More information about the ZendTo mailing list