Operating System - HP-UX
1748228 Members
4017 Online
108759 Solutions
New Discussion юеВ

Re: maillog messages (dsn=5)

 
SOLVED
Go to solution
Jano_1
Advisor

maillog messages (dsn=5)

I am seeing some DSN (delivery status notification) messages in my maillog file indicating problems with delivering e-mail. What is interesting is that sometimes I can successfully send messages to a specific user, and sometimes I cannot. Here is a typical message:

Mar 25 13:07:57 platinum sendmail[15138]: i2PG7W215125: to=, ctladdr= (500/500), delay=00:00:25, xdelay=00:00:15, mailer=esmtp, pri=121964, relay=mailer.yourdomain.com. [11.22.33.44], dsn=5.0.0, stat=Service unavailable
Mar 25 13:07:57 platinum sendmail[15138]: i2PG7W215125: i2PG7gg15138: DSN: Service unavailable

Is it a configuration problem and can I fix it?


11 REPLIES 11
Jeff Schussele
Honored Contributor

Re: maillog messages (dsn=5)

Hi Jano,

Usually not.
That typically indicates one of two things.
The sendmail service is down on the box you're trying to deliver to. Or network trouble is preventing the connection. And that's not all that unusual. Sometimes mail servers get flooded & get taken down deliberately or they go down for maintenance, etc. And we all know that networks never fail ;~))

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Steven E. Protter
Exalted Contributor

Re: maillog messages (dsn=5)

This could be due to an attempt to relay mail using the DS directive in sendmail.cf and the relay server not accepting mail for relay.

If this is the case check /etc/mail/access on the RELAY server.

This could also be due to a temporary or permanent problem resolving the DNS names in the email.

I'd check /etc/resolv.conf and make sure those servers are pingable and accepting and answering DNS name requests.

nslookup server.mydomain.com
dig server.mydomain.com

as examples


You can get improved verbose diagnosis as follows:

sendmail -v -d8.99 -d38.99 jano@mydomain.com
type some text

.


You'll get lots of interesting(at least i think it is) information and may wish to redirect the output to a file for detailed anlaysis.

Hopefully the diagnostic process can be helped. This answer does take into account the suggestion made initially on the thread.

I hope this answer is thorough and useful.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jano_1
Advisor

Re: maillog messages (dsn=5)

Hi Jeff,

It makes sense what you are saying because I see these messages for some of our free e-mail service providers.

What worries me is that there is a domain of a bank that doesn't want to accept my e-mail anymore. The maillog reports more or less the same dsn=5 messages as noted in the original post, but look at what arrived in my inbox:

The original message was received at Thu, 25 Mar 2004 13:07:32 -0300
from [192.168.38.25]

----- The following addresses had permanent fatal errors -----

(reason: 550 5.7.1 Access denied)

----- Transcript of session follows -----
... while talking to mailer01.bankdomain.com.:

>>>>>> MAIL From:

<<< 550 5.7.1 Access denied
554 5.0.0 Service unavailable

I also tried to send mail from a different user account, but this e-mail also returned with the same messages as noted above. This is strange. I ran about 40 tests to see if my server is an open relay - all negative. I also checked to see if my server is listed on some of those spam black lists - negative.

Any suggestions or comments?
Steven E. Protter
Exalted Contributor

Re: maillog messages (dsn=5)

You could have been put on the access REJECT list for the target server in the message you post in your follow up message.

The diagnostics in my first post would essentially lead you to the same conclusion.

I would try a different target address, say an account you have at yahoo or perhaps someone you know some place else.

That second message shows a clear reject at target and not a DNS related issue at all.

I keep an extensive spam database on my servers, that blocks sometimes by class C address.

I would try this if your server is exposed on the public internet.

http://www.abuse.net/

There is a relay tester there that can test the security of your sendmail configuration. If there are any open relays, you need to close them.

The same could apply to an smtp server on your firewall. If people have been bouncing spam off it, it could be causing people to manually add you to their 554 spam lists (also controlled in /etc/mail/access).

If you have any mail forms on a webserver on your system, this also could be abused for relaying mail.

There would be evidence of this on your mail.log file

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jano_1
Advisor

Re: maillog messages (dsn=5)

Hi Steven,

I see you posted the command to run sendmail in diagnostic mode in a previous post also. Can I run this command sendmail -v -d8.99 -d38.99 on a live production server?

Secondly I have checked my DNS maybe a thousand times with the dig command using various external name servers. I also checked with tools on dnsreport.com and couldn't find any problem.

To get back to the bank domain example. A user there can send e-mail to me with a 100% success rate, but when I try to reply no e-mail gets delivered.

Suggestions?

Steven E. Protter
Exalted Contributor
Solution

Re: maillog messages (dsn=5)

sure, log on as root.

sendmail -v -d8.99 -d38.99 someone@somenetwork.com
type text

.


It uses sendmail in client mode and you don't even have to have the sendmail running in daemon mode to try it out.

HP taught me this diagnostic technique.

I think its going to show you that the mail is being rejected at the other server.

I had some sendmail issues a while back on a Linux box and aol put a temporary block on mail from my domain. This command helped me get the error code, trace the problem back to an aol user trying to abuse my resources.

Very useful, non-dangerous command.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jano_1
Advisor

Re: maillog messages (dsn=5)

Here is my /etc/mail/access

# by default we allow relaying from localhost...
localhost.localdomain RELAY
localhost RELAY
127.0.0.1 RELAY
mydomain.com RELAY
192.168.38 RELAY

As I wrote in the previous post I already ran the http://www.abuse.net/relay.html tests. All 17 tests negative!

Let's say I am listed for some reason in the bank's black book, what is the right procedure to check? Do I just send an e-mail to postmaster@bank.com ?

Steven E. Protter
Exalted Contributor

Re: maillog messages (dsn=5)

Sorry about missing the detail about you running the relay tests. Just being anal(cutting and pasting error).

Another diag popped to mind.

sendmail -q -v

You can watch sendmail attempt to empty the queue interactively. I bet the -d8 -d38.99 might work too.

Use a yahoo or hotmail or other account to contact the banks postmaster. Usually their website will list the contact email address. Obviously an email from your server in question is going to bounce. Otherwise you wouldn't have a thread here.

It may just be a typo by the postmaster at their end.


SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
Jano_1
Advisor

Re: maillog messages (dsn=5)

I just ran sendmail in diagnostic mode as SEP suggested. Is there anything specific I have to look for? I am a bit reluctant to paste all the output in this forum. ;-)

Here is some:

250 ENHANCEDSTATUSCODES
>>> MAIL From:
550 5.7.1 Access denied

Hmmm, the same "access denied" that I received in my inbox. It just confirmed what I already know and that is that the bank is denying my post.

OK, I think I'll contact the postmaster and demand some explanation. ;-)