Sendmail isn't using SMART_HOST. Now what?

Kirk Strauser kirk at strauser.com
Thu Apr 17 10:31:45 PDT 2003 

I have a firewall machine that I don't want to communicate directly with the
outside world, so I've been trying to get it to use another FreeBSD server
on the LAN as it's smart host.  The Sendmail config on the machine is
default except for the SMART_HOST setting:

    diff -u freebsd.mc gopher.honeypot.net.mc
    --- freebsd.mc  Sun Dec 29 11:16:44 2002
    +++ gopher.honeypot.net.mc      Thu Apr 17 12:17:55 2003
    @@ -74,7 +74,7 @@
     dnl FEATURE(dnsbl, `blackholes.mail-abuse.org', `"550 Mail from " $&{client_addr} " rejected, see http://mail-abuse.org/cgi-bin/lookup?" $&{client_addr}')

     dnl Dialup users should uncomment and define this appropriately
    -dnl define(`SMART_HOST', `your.isp.mail.server')
    +define(`SMART_HOST', `kanga.honeypot.net')

     dnl Uncomment the first line to change the location of the default
     dnl /etc/mail/local-host-names and comment out the second line.

However, after a `make; make install; make restart', I can run tcpdump on
the smart host and watch as the firewall does a DNS query for the domain of
an outgoing email, and then nothing; the firewall is still sending email
directly to the remote machine.

On a related note, the firewall insists on delivering mail locally that it
has no business handling.  I have `root' set as an alias to
`root at kanga.honeypot.net' (i.e., on the smart host).  Whenever I type

    echo test | mail root at kanga.honeypot.net

I get this in my /var/log/messages:

    Apr 17 12:26:25 gopher sm-mta[1812]: h3HHQOU1001811: SYSERR(root): MX list for honeypot.net. points back to gopher.honeypot.net
    Apr 17 12:26:25 gopher sm-mta[1812]: h3HHQPU1001812: Losing ./qfh3HHQPU1001812: savemail panic

I've read the Sendmail FAQ, but the destination machine *is* configured
correctly.  Every other machine I've tested can deliver to that email
address except the machine in question.  In fact, a tcpdump doesn't even
show any packets from the firewall to the smart host.

I'm at a loss.  This really shouldn't be as difficult as I seem to be making
it.  Any suggestions?  Am I overlooking something obvious?
-- 
Kirk Strauser
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 188 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20030417/fc00d019/attachment.bin

More information about the freebsd-questions mailing list