Black lists and blocked good users - sendmail, SA and MailScanner

Scott Silva ssilva at sgvwater.com
Thu Nov 29 20:48:12 GMT 2007


on 11/28/2007 10:55 PM Götz Reinicke spake the following:
> Hi,
> 
> I hope, somewone can point me into the right direction.
> 
> Recently I added two blacklist-checks to our sendmail config: spamhaus
> zen and the list from the german computer magazin IX.
> 
> The good news: Spam has been about 70%-80%, now it is about 20%-30%. The
> bad news: A lot of our users have problems sendig mails from there dial
> up DSL or mobile phone network connections. I'v looked up there IPs and
> all where on the Black lists or the PBL from spamhaus. So was my Arcor 
> IP last night :-)
> 
> The information from spamhaus is, to use SMTP Authentification 
> (http://www.spamhaus.org/pbl/query/PBL042952).
> 
> I thought, we do use TLS and  smtp auth already, so I thought, users 
> allowed to log in will be allowd to send. But I got the errormessage 
> using Thunderbird 2, that our mailserver didn't support STARTTLS in 
> combination with EHLO.
> 
> Outlook-users do get the message, that our server didn't support SSL, 
> the server error messagt is 250.
> 
> I did some hours of googling and checked some sendmail docs, but can't 
> find the error or missing config settinges.
> 
> So where to start/how to debug this problem? What may I check?
> 
> Thanks for any help and hint!
> 
> Best regards
> 
> Götz Reinicke
> goetz.reinicke at filmakademie.de
> 
> 
> 
> 
Did you follow a howto for your OS?
You need to carefully check your sendmail.mc for proper entries and paths to 
certs and rebuild sendmail.cf if you change anything.
You should have the following, edited to fix your paths;

define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confCACERT_PATH', `/etc/mail/certs')dnl
define(`confCACERT', `/etc/mail/certs/cacert.pem')dnl
define(`confSERVER_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confSERVER_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_CERT', `/etc/mail/certs/sendmail.pem')dnl
define(`confCLIENT_KEY', `/etc/mail/certs/sendmail.pem')dnl
define(`confAUTH_OPTIONS', `A p y')dnl

You don't have to match these auth_mechanisms, but both lines need the same 
options.

Do a sendmail -d0.1 -bv root and see if you have STARTTLS and SASLv2.

If you need more help, post your OS info and we can find a more detailed howto.


-- 
MailScanner is like deodorant...
You hope everybody uses it, and
you notice quickly if they don't!!!!



More information about the MailScanner mailing list