<div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div dir="ltr"><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">Receiving servers are simply getting more strict about sender spoofing.</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">The sending host needs a valid PTR record for it's IP, and <a href="http://sendmail.cf" target="_blank">sendmail.cf</a> needs to be written so that it declares itself to be the same fqdn as whatever that PTR record says.<br><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">So for instance I have a digital ocean vm "tandy.wiki", that is the full fqdn, the tld is .wiki instead of .com etc, and I'm not using any www. for the hostname.</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">A few things all have to agree on that name:<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">* The machine thinks it's own hostname / fqdn is "tandy.wiki"</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">[root@tandy ~]# uname -n<br>tandy.wiki<br>[root@tandy ~]# hostname<br>tandy.wiki<br>[root@tandy ~]# hostname --fqdn<br>tandy.wiki<br>[root@tandy ~]# <br></div></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br>* "tandy.wiki" is a valid domain, and there is an A record named "tandy.wiki" in the public that points to the IP.</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">bkw@negre:~$ nslookup tandy.wiki<br>Server: 10.0.0.1<br>Address: 10.0.0.1#53<br><br>Non-authoritative answer:<br>Name: tandy.wiki<br>Address: 95.85.22.36<br><br>bkw@negre:~$ <br><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">* There is a PTR record in the public dns for that same IP, which points to the name "tandy.wiki".<br><br>bkw@negre:~$ nslookup -type=PTR 95.85.22.36<br>Server: 10.0.0.1<br>Address: 10.0.0.1#53<br><br>Non-authoritative answer:<br>36.22.85.95.in-addr.arpa name = tandy.wiki.<br><br>Authoritative answers can be found from:<br><br>bkw@negre:~$ <br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">* /etc/postfix/<a href="http://main.cf" target="_blank">main.cf</a> is configured to declare itself to be "tandy.wiki", which did require reading the comments in the file to understand what it would try to do by default, to override part of that. Notice in this excerpt there is only a single uncommented line. $myhostname is filled automatically with "tandy.wiki" because that is what "hostname" says, and so I only have to override the described default behavior for mydomain, to force mydomain to be an exact copy of myhostname, rather than just a portion of it. So, the end result here is that when postfix sends a mail, the HELO says "tandy.wiki".<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br>---excerpt of the only part I changed from stock---<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"># INTERNET HOST AND DOMAIN NAMES<br># <br># The myhostname parameter specifies the internet hostname of this<br># mail system. The default is to use the fully-qualified domain name<br># from gethostname(). $myhostname is used as a default value for many<br># other configuration parameters.<br>#<br>#myhostname = host.domain.tld<br>#myhostname = virtual.domain.tld<br><br># The mydomain parameter specifies the local internet domain name.<br># The default is to use $myhostname minus the first component.<br># $mydomain is used as a default value for many other configuration<br># parameters.<br>#<br>#mydomain = domain.tld<br>#mydomain = tandy.wiki<br>mydomain = $myhostname<br><br># SENDING MAIL<br># <br># The myorigin parameter specifies the domain that locally-posted<br># mail appears to come from. The default is to append $myhostname,<br># which is fine for small sites. If you run a domain with multiple<br># machines, you should (1) change this to $mydomain and (2) set up<br># a domain-wide alias database that aliases each user to<br># user@that.users.mailhost.<br>#<br># For the sake of consistency between sender and recipient addresses,<br># myorigin also specifies the default domain name that is appended<br># to recipient addresses that have no @domain part.<br>#<br>#myorigin = $myhostname<br>#myorigin = $mydomain<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">---excerpt of the only part I changed from stock---<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">Now, I can send mail, from sendmail and receiving servers mostly don't reject it.</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">gmail etc are satisfied that the IP the mail came from matches the name it declared itself.</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">[root@tandy ~]# cat test.eml<br>To: <a href="mailto:b.kenyon.w@gmail.com" target="_blank">b.kenyon.w@gmail.com</a><br>From: root@tandy.wiki<br>Subject: This is a test<br><br>this is a test email from tandy.wiki<br><br>[root@tandy ~]# sendmail -t < test.eml<br><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">[root@tandy ~]# tail /var/log/maillog<br>Feb 28 03:02:19 tandy postfix/sendmail[14775]: input attribute value: 0<br>Feb 28 03:02:19 tandy postfix/sendmail[14775]: /usr/sbin/postdrop -r -v -v: wanted attribute: (list terminator)<br>Feb 28 03:02:19 tandy postfix/sendmail[14775]: input attribute name: reason<br>Feb 28 03:02:19 tandy postfix/sendmail[14775]: input attribute value: (end)<br>Feb 28 03:02:19 tandy postfix/sendmail[14775]: /usr/sbin/postdrop -r -v -v: wanted attribute: (list terminator)<br>Feb 28 03:02:19 tandy postfix/sendmail[14775]: input attribute name: (end)<br>Feb 28 03:02:19 tandy postfix/cleanup[14777]: 60EEA41545: message-id=<20190228030219.60EEA41545@tandy.wiki><br>Feb 28 03:02:19 tandy postfix/qmgr[31133]: 60EEA41545: from=<root@tandy.wiki>, size=297, nrcpt=1 (queue active)<br>Feb 28 03:02:19 tandy postfix/smtp[14779]: 60EEA41545: to=<<a href="mailto:b.kenyon.w@gmail.com">b.kenyon.w@gmail.com</a>>, relay=<a href="http://gmail-smtp-in.l.google.com">gmail-smtp-in.l.google.com</a>[108.177.127.27]:25, delay=0.34, delays=0.04/0.01/0.11/0.18, dsn=2.0.0, status=sent (250 2.0.0 OK 1551322939 l52si1124580edb.0 - gsmtp)<br>Feb 28 03:02:19 tandy postfix/qmgr[31133]: 60EEA41545: removed<br>[root@tandy ~]# <br><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">And it is really there in my inbox.<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">This isn't even touching all the possible issues wih SPF, DMARC, DKIM,... I don't have any of that set up in dns or in postfix. But I am not trying to send from this host using any other domain name in the From: address or the envelop-from. The envelope-from will be local-username@local-hostname, so "local-hostname" better look good to the receiving server.<br><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">As for reptmail, check a few things:</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"> * look inside and search for MTABIN. What is $SENDMAIL?<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">* do you have a $MYMAIL in your environment? And if so, what is it?</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">* which "style" option are you using. "T and U just feed into the "mail" command, most of the others use $SENDMAIL</div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">If you look at the first few lines at the to pf tohtml() you can see what headers it's going to generate from which variables, and then $SENDMAIL is the actual sendmail command that it will be piped in to., which you can check all the way at the bottom.<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small">There is one possible quirk that might come in to effect if you have suid the mtabin executable, in which case reptmail will detect that and try to spoof the envelope-from to match MYMAIL. I don't know if that would cause any problems these days or just be ignored or actually work fine or what. Could try disabling that part just to remove variables (conceptual variables I mean that time, not environment variables haha)<br></div><div class="gmail_default" style="font-family:monospace,monospace;font-size:small"><br></div></div></div></div></div></div></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 27, 2019 at 8:19 PM scooter6--- via Filepro-list <<a href="mailto:filepro-list@lists.celestial.com" target="_blank">filepro-list@lists.celestial.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Have been sending emails forever and a day from this server<br>
<br>
They have always shown they're from <a href="mailto:root@pdmfl.pdminc.net" target="_blank">root@pdmfl.pdminc.net</a> (which I know is<br>
not really valid but that's another story - was never an issue until<br>
sometime this afternoon)<br>
<br>
After not receiving some automated emails from the server, I look at root<br>
mail on server and saw these errors:<br>
<br>
----- The following addresses had permanent fatal errors -----<br>
<<a href="mailto:scott.ullmann@pdminc.net" target="_blank">scott.ullmann@pdminc.net</a>><br>
(reason: 553 5.1.8 <<a href="mailto:root@pdmfl.pdminc.net" target="_blank">root@pdmfl.pdminc.net</a>>... Domain of sender address<br>
root@<br>
<a href="http://pdmfl.pdminc.net" rel="noreferrer" target="_blank">pdmfl.pdminc.net</a> does not exist)<br>
<br>
After changing .muttrc files to make from address <a href="mailto:root@pdminc.net" target="_blank">root@pdminc.net</a><br>
After changing <a href="http://sendmail.cf" rel="noreferrer" target="_blank">sendmail.cf</a> to masquerade things etc<br>
<br>
I can send command line email via sendmail and mutt<br>
<br>
Brian - I can't however make reptmail work?<br>
Sending reports using reptmail still results in bouncing back to root's<br>
email with the above error<br>
I even changed the FROM variable in reptmail to be "<a href="mailto:root@pdminc.net" target="_blank">root@pdminc.net</a>" but<br>
still no joy<br>
<br>
Any idea what I'm missing here?<br>
<br>
I suspect our ISP probably noticed these emails badly formed and maybe<br>
deleted MX record or something, I don't know....<br>
<br>
Only thing that I can't get to work now is reptmail….<br>
<br>
Thanks for any insight anyone can give<br>
<br>
Scott<br>
-------------- next part --------------<br>
An HTML attachment was scrubbed...<br>
URL: <<a href="http://mailman.celestial.com/pipermail/filepro-list/attachments/20190227/4764ceda/attachment.html" rel="noreferrer" target="_blank">http://mailman.celestial.com/pipermail/filepro-list/attachments/20190227/4764ceda/attachment.html</a>><br>
_______________________________________________<br>
Filepro-list mailing list<br>
<a href="mailto:Filepro-list@lists.celestial.com" target="_blank">Filepro-list@lists.celestial.com</a><br>
Subscribe/Unsubscribe/Subscription Changes<br>
<a href="http://mailman.celestial.com/mailman/listinfo/filepro-list" rel="noreferrer" target="_blank">http://mailman.celestial.com/mailman/listinfo/filepro-list</a><br>
</blockquote></div><br clear="all"><br>-- <br><div dir="ltr" class="gmail-m_119356967038281903gmail_signature"><div dir="ltr"><font face="monospace,monospace">bkw<br></font></div></div>