al slamo 3alikom

im working with RH9.0 ,installed sendmail server like this steps :
1./etc/sendmail.cf
Cwlocalhost sys1.dom1.ibm.com dom1.ibm.com
Comment out the DaemonPortOptions line.

2./etc/mail/access
dom1.ibm.com RELAY

3.make

4.service sendmail restart

5./etc/xinetd.d/ipop3
"disable" set to no.

6.service xinetd restart

i have real IP registered with domain dom1.ibm.com , users can send and rescive as they send to the domain dom1.ibm.com , when they send to another domain like hotmail.com they recive this error msg :
The message could not be sent because one of the recipients was rejected by the server. The rejected e-mail address was 'ahmedmoh@hotmail.com'. Subject 'sssssss', Account: sys1.dom1.ibm.com , Server: '192.168.100.15', Protocol: SMTP, Server Response: '550 5.7.1 <ahmedmoh@hotmail.com>... Relaying denied. IP name lookup failed [192.168.100.193]', Port: 25, Secure(SSL): No, Server Error: 550, Error Number: 0x800CCC79
i have here two IPs one virtual with microsoft DNS server and another Real IP with DNS on the ISP company , i configured the server to c both the DNSs ..but ther is a problem when user send to another domain ..wish u help waa gazakom alahoo ,7iran .

A relaying problem that may happen cuz of many reasons; also I didnt get all ur post cuz it is not so clear
Lets do the following:

1 - Allow (RELAY) access to ur TRUSTED LOCAL IPs
2 - Test again
3 - You had to provide us with the Sendwail logs in the 1st case or when any errors appear later


Check this post where u may get some good info about Sendmail http://www.linux-egypt.org/showthread.php?s=&threadid=2139

Also check this link either it may change ur mind and letu kick this Sendwail
http://www.linux-egypt.org/showthread.php?s=&threadid=1838

al salamo 3alikom
thanx for caring , when i use IP RELAY it works , any user inside my LAN can send to any other domain , the mail log when the problem done :
Nov 28 13:22:36 mail sendmail[1989]: hASBMaPW001989: ruleset=check_rcpt, arg1=<ahmedmoh@hotmail.com>, relay=[192.168.100.17], reject=550 5.7.1 <ahmedmoh@hotmail.com>... Relaying denied. IP name lookup failed [192.168.100.17]
Nov 28 13:22:36 mail sendmail[1989]: hASBMaPW001989: from=<romeo@mycompany.com>, size=0, class=0, nrcpts=0, proto=SMTP, daemon=Daemon0, relay=[192.168.100.17]
, I wish u can help me to enable relying by domain name , cos when any user want to use his mail from home by using internet he will not use or registered domain :( , i wish u also note that i use IP real with ISP DNS also a virtual ip indisde my lan , also i made a mail server by using exchange server on win 2k ie the setting of the real ip is right ... waa gazakom allaho ,7iaran

You have two options:
1 - SMTP AUTH
Which is a mechanism used to authenticate and authorize users to send mail thru ur system while not connected to ur network while at the same time not being an openrelay

2 - POP Before SMTP
A hacked way to enable relaying thru pop authentication http://popbsmtp.sourceforge.net

I prefere method 1 as it is built in the Sendmail that comes with RHL 9 while the second method requires more software to install and administer.

Sure method 1 requires ur MUA to be compatible with the SMTP AUTH RFC.
While the second doesnt require that cuz u dnt setup anything special for the SMTP in this case.

For method 1; the config files that come with RHL 9 r ready to just uncomment them and start using SMTP AUTH
But note that u ve to properly first setup a secure medium like SASL and dnt forget to issue a certificate for ur SMTP AUTH server.

Would u kidely explain in more details , cos i do not know what do u mean by SASL and dnt , about the SMTP auth ,its already uncommented in the sendmail.cf , i taked u a copy :# SMTP AUTH flags
O AuthOptions=A , i wish u help and really i apprciate the time and effort u give to me .

well b4 we go on uve to backup all the files wer going to play with in case something goes wrong

The SASL or TLS is for sending the authentication and authorization ids over secure encrypted channels rather than sending them over plain non-trusted medium. You can go without it at all but I prefere to do this as it hardens the security of ur MTA and minimizes the possibility of being an openrelay.

Now get used to edit the sendmail.mc and not the sendmail.cf files

Now I hope these steps do the job:
1 - Make sure the line containing the macro confAUTH_OPTIONS is uncommented and it reads define(`confAUTH_OPTIONS', `A p y')dnlThe p is used to ONLY allow SMTP AUTH over secure channels. The y is to disable anonymous connections; surely u dnt want it right? :)

2 - Also make sure the following are uncommented and read as
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `LOGIN PLAIN')dnlyou may add whatever auth mechanisms u want like DIGEST-MD5, GSSAPI, ...etc
Here LOGIN and PLAIN are the most commonly used mechanisms. The former is used by Outlook and the latter is used by Mozilla

3 - In case u r going to do it securely then enable the following lines
define(`confCACERT_PATH',`/usr/share/ssl/certs')
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')
Also u need to generate the sendmail certificate confSERVER_CERT
make -C /usr/share/ssl/certs sendmail.pemYoull need to answer all the questions correctly as this is ur certificate that other MUA will get when they connect

Note that any changes u make to the senmail.mc file u ve to compile it into sendmail.cf format either by
m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cfor bymake -C /etc/mail sendmail.cf
Also do not forget to restart the sendmail service

Al salmo alikom
1- For the errore i faced about relaying < reject=550 5.7.1 <ahmedmoh@hotmail.com>... Relaying denied. IP name lookup failed > after hard searching on the net and working with u i find its a problem with DNS , solved by making Reverse Lookup Zone in my DNS .

2- Really im very gratfull to u ,about the secuirty steps u gave to me but i have a note :
the outlook express program not feel with adifferent if i removed or put the check box of <my server requires authentication > is this right ,i thought it will not work when i remove check box but it works !!!

3-Is there any recommendation about secuirty with sendmail

4- Gazakom allaho ,7iaran

Post ur final conf of sendmail.mc regarding the SMTP AUTH settings or make sure that u ve the final settings.
Also make sure that ur /etc/mail/relay-domains is empty or not existing
Also amke sure that in ur access file is listed ur domain only. After each modification to this file do not forget to do amake -C /etc/mail or if ur CWD is /etc/mail thenmake is enough. This is an important step not to forget about a restart to the sendmail service is not sufficient
Also do not forget always to provide us with the logs

The sendmail.mc last configuration :

define(`confDEF_USER_ID',``8:12'')dnl
define(`confTRUSTED_USER', `smmsp')dnl
dnl define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confauth_OPTIONS', `A')dnl
define(`confAUTH_OPTIONS', `A p y')dnl
TRUST_AUTH_MECH(`LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', ` LOGIN PLAIN')dnl
define(`confCACERT_PATH',`/usr/share/ssl/certs')
define(`confCACERT',`/usr/share/ssl/certs/ca-bundle.crt')
define(`confSERVER_CERT',`/usr/share/ssl/certs/sendmail.pem')
define(`confSERVER_KEY',`/usr/share/ssl/certs/sendmail.pem')

, the user can work without sign my server require authentaciation so im afraid that the SMTP authentaication is not working , im sure that i dont have the file /etc/mail/relay-domains and in the file /etc/mail/access i relay mydomain only ...so if u note any thing missed pls notify me ..