SCIENTIFIC-LINUX-USERS Archives

February 2013

SCIENTIFIC-LINUX-USERS@LISTSERV.FNAL.GOV
Options: Use Monospaced Font
Show Text Part by Default
Show All Mail Headers

Message: [<< First] [< Prev] [Next >] [Last >>]
Topic: [<< First] [< Prev] [Next >] [Last >>]
Author: [<< First] [< Prev] [Next >] [Last >>]

Print Reply
Subject:
Re: Sendmail / mailx instructions
From:
Nico Kadel-Garcia <[log in to unmask]>
Reply To:
Nico Kadel-Garcia <[log in to unmask]>
Date:
Wed, 27 Feb 2013 14:59:12 -0500
Content-Type:
text/plain
Parts/Attachments:
text/plain (206 lines) 
On Wed, Feb 27, 2013 at 12:58 PM, CS DBA <[log in to unmask]> wrote:
> On 2/26/13 8:17 PM, Nico Kadel-Garcia wrote:
>>
>> On Tue, Feb 26, 2013 at 7:17 PM, CS DBA <[log in to unmask]>
>> wrote:
>>>
>>> Hi All;
>>>
>>> I've installed mediawiki for our company on a Scientific Linux 6.x
>>> server.
>>> Mediawiki does not
>>> allow users I create to login and go to a settings page to change their
>>> password.
>>>
>>> The only way users can change passwords is to click the lost password
>>> link
>>> and have Mediawiki
>>> email them a new password.
>>> However, email does not work. I downloaded sendmail but still no luck.
>>> I also tried to send a simple email from the command line via sendmail,
>>> still no luck
>>
>> Downloading isn't enough, you actually ahve to start it. But if you're
>> using SL 6.3, I strongly suspect that you already had Postfix
>> installed and running, and you should rip sendmail right back out and
>> use Postfix (wich is the default now for our favorite upstream
>> vendor).
>>
>> Sendmail is an MTA, a Mail Transfer Agent. If the email got to it, it
>> should show up in /var/log/maillog.
>>
>>> I'm pretty well versed in basic Linux admin tasks but when it comes to
>>> sendmail, mailx, etc
>>> I'm a complete noobie.
>>
>> mailx is an old, somewhat simpler command line client for email. If
>> that's not working, something is wrong. Are you sure you don't have a
>> network firewall in place somewhere that is blocking email from any
>> but designated, active SMTP servers, and machines like yours would be
>> forced to pass their mail first to a "smarthost"? I've done that kind
>> of blocking myself, *precisely* to keep every student and staff and
>> their granny from running public and unmaintained wikis and mailing
>> lists that would be coming from sites inside our network but had
>> nothing to do with the company.
>>
>>> Any help on setting up the mail (and getting it to play nice with
>>> mediawiki)
>>> would be much appreciated
>>>
>>> Thanks in advance...
>>>
>>> /Kevin
>>
>> See above. Check /var/spool/mailllog, and see what "/usr/lib/sendmail
>> -bp" says about any outstanding email messages stuck in the queue.
>
>
>
>
>
>
>
> No luck.
>
> Here's where I'm at:
>
> 1) thinking I needed sendmail I installed sendmail & sendmail-cf
>    based on feedback from the list I've since removed them both
>
> 2) SELINUX is disables, also the default IPTABLES firewall is disabled
>     We do have a firtewall for the office (Untangle) but it is not blocking
> any outgoing traffic
>
> 3) There is no maillog at /var/spool
>
> 4) /usr/lib/sendmail -bp says this:
>
>    Note:  I changed my work email to [log in to unmask] for security
>
> # /usr/lib/sendmail -bp
> -Queue ID- --Size-- ----Arrival Time---- -Sender/Recipient-------
> 0D8FD8C04DE      737 Tue Feb 26 15:48:12
> [log in to unmask]
> (connect to alt2.aspmx.l.google.com[2607:f8b0:400c:c01::1a]:25: Network is
> unreachable)
>                                          [log in to unmask]
>
> 4AEE78C04C2      657 Tue Feb 26 15:50:19
> [log in to unmask]
> (connect to alt2.aspmx.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is
> unreachable)
>                                          [log in to unmask]

Ahh. Google and IPv6 DNS.. Check that you can, in fact, reach out to
the IPv6 DNS entries listed on port 25. Google has a *lot* of MX
records for their mail services.

# host -t mx gmail.com
gmail.com mail is handled by 10 alt1.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 20 alt2.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 30 alt3.gmail-smtp-in.l.google.com.
gmail.com mail is handled by 5 gmail-smtp-in.l.google.com.
gmail.com mail is handled by 40 alt4.gmail-smtp-in.l.google.com.

Running that through aloop shows:

# for name in `host -t mx gmail.com | awk '{print $NF}'`; do
> host $name
> done
alt3.gmail-smtp-in.l.google.com has address 173.194.70.26
alt3.gmail-smtp-in.l.google.com has IPv6 address 2a00:1450:4001:c02::1a
gmail-smtp-in.l.google.com has address 173.194.76.27
gmail-smtp-in.l.google.com has IPv6 address 2607:f8b0:400d:c01::1a
alt1.gmail-smtp-in.l.google.com has address 173.194.78.27
alt1.gmail-smtp-in.l.google.com has IPv6 address 2a00:1450:400c:c05::1a
alt2.gmail-smtp-in.l.google.com has address 173.194.65.26
alt2.gmail-smtp-in.l.google.com has IPv6 address 2a00:1450:4013:c00::1a
alt4.gmail-smtp-in.l.google.com has address 173.194.69.26
alt4.gmail-smtp-in.l.google.com has IPv6 address 2a00:1450:4008:c01::1b

Notice the dual IP addresses? IPv6 is not reliable in much of the
Internet and internal networks. As much as it's applauded as the wave
of the future, I've personally run into serious issues with gmail when
chunks of a network between the inside, and the outside of a network,
simply didn't work well with IPv6 for all sorts of reasons. Ask if
curious.

The way I dealt last time was to use the same SMARTHOST as the rest of
our local network used.

> 467548C046A      662 Tue Feb 26 18:37:43
> [log in to unmask]
> (connect to alt2.aspmx.l.google.com[2607:f8b0:400c:c01::1b]:25: Network is
> unreachable)
>                                          [log in to unmask]

Try "telnet 2607:f8b0:400c:c01::1b 25" and see what you get.


> # mailx
> Heirloom Mail version 12.4 7/29/08.  Type ? for help.
> "/var/spool/mail/root": 1 message 1 new
>>N  1 Mail Delivery System  Wed Feb 27 10:41  60/2235  "Mail Delivery Status
>> "
> &
> Message  1:
> From MAILER-DAEMON  Wed Feb 27 10:41:41 2013
> Return-Path: <>
> X-Original-To: [log in to unmask]
> Delivered-To: [log in to unmask]
> Date: Wed, 27 Feb 2013 10:41:41 -0700 (MST)
> From: [log in to unmask] (Mail Delivery System)
> Subject: Mail Delivery Status Report
> To: [log in to unmask]
> Auto-Submitted: auto-replied
> Content-Type: multipart/report; report-type=delivery-status;
>     boundary="877348C0475.1361986901/this_server.my_domain.com"
> Status: R
>
> Part 1:
> Content-Description: Notification
> Content-Type: text/plain; charset=us-ascii
>
> This is the mail system at host this_server.my_domain.com.
>
> Enclosed is the mail delivery report that you requested.
>
>                    The mail system
>
> <[log in to unmask]>: connect to
>     alt2.aspmx.l.google.com[2607:f8b0:400c:c03::1a]:25: Network is
> unreachable

Why is this talking to anything at google.com ?

> 6)  I can however ping  alt2.aspmx.l.google.com
> # ping alt2.aspmx.l.google.com
> PING alt2.aspmx.l.google.com (173.194.75.27) 56(84) bytes of data.
> 64 bytes from ve-in-f27.1e100.net (173.194.75.27): icmp_seq=1 ttl=48
> time=99.3 ms

Ping is *not the same thing* as SMTP, it's a different kind of packet.
Try telnet'ing or using 'nc' to reach port 25 on the relevant *IPV6*
IP address.

> 64 bytes from ve-in-f27.1e100.net (173.194.75.27): icmp_seq=2 ttl=48
> time=99.7 ms
> 64 bytes from ve-in-f27.1e100.net (173.194.75.27): icmp_seq=3 ttl=48
> time=99.8 ms
> 64 bytes from ve-in-f27.1e100.net (173.194.75.27): icmp_seq=4 ttl=48
> time=99.1 ms
> 64 bytes from ve-in-f27.1e100.net (173.194.75.27): icmp_seq=5 ttl=48
> time=99.6 ms
>
>
>
> 7) Help?
>
> Not sure if I've missed a config item somewhere, is there some file I need
> to setup with SMTP info?

The postfix defaults are suitable for a standalone host that can reach
directly out to the Internet with all the protocols that it needs. But
a local NAT and firewall setup can get in the way of this in subtle
ways, which I suspect is your issue.

ATOM RSS1 RSS2