11iv3 sendmail issue

Tom Haddad
Super Advisor

11iv3 sendmail issue

one day recently we noticed the SMTP host name during sendmail processing (in mail.log) was overlaid with unknown outside host name and not using the name set in sendmail.cf.


Sendmail.cf has not changed, no patching or software installs have occurred.


If we replace the SMTP host name with its IP address in CF file..its works once again.


Any idea what has happened?



P.S. This thread has been moved from HP-UX>System Administration to Messaging. -HP Forum Moderator

Patrick Wallek
Honored Contributor

Re: 11iv3 sendmail issue

I noticed this on a customer system recently.  Troubleshooting it was a challenge.  The issue this customer had was that the mail relay that was specified in their sendmail.cf file was NOT what was being used, which was supported by the incorrect relay showing up in the mail.log file.


One of the admins had done a packet capture and we finally figured out that part of the mail processing that sendmail was doing was to do a lookup for an MX record for the domains listed in the 'search' line of their /etc/resolv.conf file.  This customer had a domain listed that was in use by them at one point, but apparently had been acquired by someone else.  Someone had modified the MX record for that domain and sendmail was picking up that information and using it as the relay. 


It was apparently irrelevant that they already had a relay specified in their sendmail.cf file.  Sendmail insisted on using the relay it found. 


Check your /etc/resolv.conf file and see what domains you have listed there.


Then invoke 'nslookup' or 'dig' and see what the MX record is for that domain.


For example, I'll look up the MX record for google.com:


Looking up via 'nslookup'

# nslookup
Using /etc/hosts on:  atl1

> server
Specifying a server has overridden the switch policy order.
The reset command will reinstate the order specified by the switch policy.
Default Name Server:  google-public-dns-a.google.com

> set type=MX
> google.com
Name Server:  google-public-dns-a.google.com

Trying DNS
Non-authoritative answer:
google.com      preference = 30, mail exchanger = alt2.aspmx.l.google.com
google.com      preference = 10, mail exchanger = aspmx.l.google.com
google.com      preference = 20, mail exchanger = alt1.aspmx.l.google.com
google.com      preference = 40, mail exchanger = alt3.aspmx.l.google.com
google.com      preference = 50, mail exchanger = alt4.aspmx.l.google.com

Looking up via 'dig':


# dig google.com mx

; <<>> DiG named 9.2.0 <<>> google.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 20702
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 1

;google.com.                    IN      MX

google.com.             599     IN      MX      10 aspmx.l.google.com.
google.com.             599     IN      MX      50 alt4.aspmx.l.google.com.
google.com.             599     IN      MX      30 alt2.aspmx.l.google.com.
google.com.             599     IN      MX      40 alt3.aspmx.l.google.com.
google.com.             599     IN      MX      20 alt1.aspmx.l.google.com.

aspmx.l.google.com.     292     IN      A

;; Query time: 132 msec
;; WHEN: Tue Jun 17 17:50:32 2014
;; MSG SIZE  rcvd: 152

Sendmail can be a royal pain to troubleshoot and configure. 


I hope this helps.