[rhn-users] RE: sendmail question (Eric Van Steenbergen)

Sean Countryman scountry at iastate.edu
Fri May 13 13:46:43 UTC 2005 

Whenever you receive error messages that imply something amiss with DNS (your
error message is "...Name server: kerridge.com.: host name lookup
> failure"), you need to debug this by trying the following commands and
checking the responses:

[root at mymachine ~]#  host -a domain.com

The result to this SHOULD be a listing of the DNS responses and a lookup of
domain.com (insert the domain you are actually interested in, of course).  If
the "host" command produces errors, you need to read them carefully to deduce
what they are telling you.  If your machine cannot resolve domain.com, then I
guarantee that sendmail also cannot (hence your error message).  Next, try host
again, but this time try asking for a common name for the mail exchanger:

[root at mymachine ~]#  host -a mail.domain.com

This can be interesting as it will return the result if such an entry is
included in the nameserver's DNS records.  It's not uncommon for this to be
either an "A" record or a "CNAME" record, but let's try the next command:

[root at mymachine ~]#  nslookup
>

If all goes well, you will see a ">" prompt on a blank line.  If, however, a
problem occurs, you will get a few error messages.  If you do at this point,
then you can usually be assured that sendmail won't work.  The typical problem
the causes nslookup to issue errors at start up revolve around either the lack
of a nameserver in your resolv.conf file (be sure you have one, a VALID one!),
or, even more insiduous, the nameserver listed in your resolv.conf file does not
have a fully correct and proper forward and back DNS listing...  Here's the
deal, if the primary nameserver that your machine is trying to use does not
resolve forwards and backwards, then nslookup (and sendmail) will have problems.
 What do I mean?  You need to be SURE that the nameserver has records that will
resolve both:

192.168.0.1  ===>   ns.domain.com

*** AND ***

ns.domain.com  ====>  192.168.0.1

If you don't have both the forward and reverse records in the DNS and CORRECT,
then nslookup will generate error messages (although it may still run and use
your nameserver, it spits out the errors to warn you).  Take these errors
seriously!  Fix the DNS records so that nslookup starts without any warnings.

Now try:

[root at mymachine ~]#  nslookup
> domain.com

It should return a result such as:

[root at mymachine ~]# nslookup
> domain.com
Server:         192.168.0.1
Address:        192.168.0.1#53

Non-authoritative answer:
Name:   domain.com
Address: xx.xx.xxx.xxx


Now try this:

> set type=mx
> domain.com
Server:         192.168.0.1
Address:        192.168.0.1#53

Non-authoritative answer:
domain.com mail exchanger = 0 domain.com.

Authoritative answers can be found from:
domain.com nameserver = ns2.nameserver.com.
domain.com nameserver = ns1.nameserver.com.
domain.com internet address = xx.xx.xxx.xxx


This is a GOOD result, it shows that it was ABLE to find a VALID mail exchanger
("MX") for the requested domain from the nameserver you asked.  The reason it
shows "non-authoritative" is that your nameserver (in this case, 192.168.0.1) is
NOT the authoritative nameserver for domain.com, the result above shows that you
need to ask either ns1.nameserver.com or ns2.nameserver.com for the
authoritative answers.  This is because those are the master nameservers for our
hypothetical domain.com.  If you tell nslookup to switch to use either of the
authoritative nameservers:

>server ns1.nameserver.com

Then you'll get a result like this:

Default server: ns1.nameserver.com
Address: 10.0.1.100#53
>

Now ask again:

> domain.com
Server:         ns1.nameserver.com
Address:        10.0.1.100#53

domain.com mail exchanger = 0 domain.com.
>


This result shows that the MX record does exist and is valid on domain.com and,
therefore, your sendmail will be able to find and resolve the MX record on the
domain you are trying to send to.  If there is not an mx record on that domain,
and your server cannot resolve that domain correctly, then you very well will
experience problems in any attempt to send mail to it.  Note that NONE of these
problems require you to do a thing to sendmail!

I highly recommend not messing with sendmail settings until AFTER you do the
above series of investigations/tests.  If your server cannot properly resolve
the DNS records, then you can be fairly sure that sendmail won't work.  If
sendmail continues to fail AFTER all of the above tests are ironed out and every
DNS response is correct, THEN you need to repost your problem.


I'm sorry for the very long reply, but I felt adding "screenshots" and a full
description would be good for the entire community.  I've worked in the trenches
of tech support for a major internet hosting company and learned that DNS is
easily one of the biggest gotchas on the internet.  I got called in once in an
emergency with a major website (over 1 mill hits per day) that wasn't working
properly; their tech guys had struggled for 2 days on the problem, I fixed it in
10 minutes with the series of steps shown above, they had a bad DNS entry...


Take Care,

Sean




> Hello,
> 
> I made the changes advised by RHN users (thanks) but without result. I'm
> still unable to send mail to another server. Our servers are not reachable
> from the 'outside', only from our offices and throught VPN connection.
> Attached is the sendmail.cf file. Hope someone can help me through this.
> Thanks in advance. 
> 
> Kind regards,
>  
> Eric Van Steenbergen
> 
> -----Oorspronkelijk bericht-----
> Van: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com]
> Namens rhn-users-request at redhat.com
> Verzonden: donderdag 12 mei 2005 18:01
> Aan: rhn-users at redhat.com
> Onderwerp: rhn-users Digest, Vol 15, Issue 19
> 
> Send rhn-users mailing list submissions to
> 	rhn-users at redhat.com
> 
> To subscribe or unsubscribe via the World Wide Web, visit
> 	https://www.redhat.com/mailman/listinfo/rhn-users
> or, via email, send a message with subject or body 'help' to
> 	rhn-users-request at redhat.com
> 
> You can reach the person managing the list at
> 	rhn-users-owner at redhat.com
> 
> When replying, please edit your Subject line so it is more specific than
> "Re: Contents of rhn-users digest..."
> 
> 
> Today's Topics:
> 
>    1. RE: sendmail question (Sterling, James A)
> 
> 
> ----------------------------------------------------------------------
> 
> Message: 1
> Date: Thu, 12 May 2005 11:52:40 -0400
> From: "Sterling, James A" <james.a.sterling at boeing.com>
> Subject: RE: [rhn-users] sendmail question
> To: "Red Hat Network Users List" <rhn-users at redhat.com>
> Message-ID:
> 	
> <D30F9AD857729942BC4958F0F702BC4F068A4FE6 at xch-ne-01.ne.nos.boeing.com>
> Content-Type: text/plain; charset="iso-8859-1"
> 
> Also just for grins check your route table..  I had a similar issue and I
> needed to flush and reset the route 
>  
> Hope this helps
>  
> jasiii
> 
>   _____  
> 
> From: Armando Garcma Govea [mailto:armando.garcia at nekotec.com.mx]
> Sent: Thursday, May 12, 2005 11:23 AM
> To: 'Red Hat Network Users List'
> Subject: RE: [rhn-users] sendmail question
> Importance: High
> 
> 
> Hi...
>  
> I want to ping www.kerridge.com <http://www.kerridge.com/>  and
> mail.kerridge.com, but ping (192.129.94.146) answer "Request time out"
> Check your configuration in BIND.
> What is your configuration in SENDMAIL..?
>  
>  
>  
> Regards,
> Armando Garcma Govea
> NEKOTEC TECNOLOGIA
> armando.garcia at nekotec.com.mx <mailto:armando.garcia at nekotec.com.mx> 
> Ing. Soporte Ticnico
> Tel. 5081 1431
> Tel. 52 (55) 5081 1431
>  
>  
>   _____  
> 
> De: rhn-users-bounces at redhat.com [mailto:rhn-users-bounces at redhat.com] En
> nombre de Eric Van Steenbergen
> Enviado el: Jueves, 12 de Mayo de 2005 02:50
> Para: rhn-users at redhat.com
> Asunto: [rhn-users] sendmail question
>  
> Hello all,
>  
> I'm having a little trouble sending mail from one server to another. I think
> I configured everything as it should be but apparantly I'm missing
> something. When I send mail using the following command: 
>  
> sendmail evs at kerridge.com
> text
> ..
>  
> the mail gets send as it seems (is in mailq) but with the error 
> j4C75VIB017588       29      30328 May 12 09:05 <root at localhost.localdomain>
>                  (Deferred: Name server: kerridge.com.: host name lookup
> failure)
>                                                 <evs at kerridge.com>
>  
> What am I missing? The destination server is reachable (ping and telnet
> tested). kerridge.com is in the hosts file, 
>  
> Kind regards,
>  
> Eric Van Steenbergen
>  
>  
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:
> https://www.redhat.com/archives/rhn-users/attachments/20050512/3f41b78f/atta
> chment.htm
> 
> ------------------------------
> 
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
> 
> End of rhn-users Digest, Vol 15, Issue 19
> *****************************************
> 
> _______________________________________________
> rhn-users mailing list
> rhn-users at redhat.com
> https://www.redhat.com/mailman/listinfo/rhn-users
> 


SEAN J COUNTRYMAN, Capt, USAF
Unit Commutation Officer
AFROTC, Detachment 250
Iowa State University

More information about the rhn-users mailing list