# unable to deliver..Remote host said: 550 5.1.1 <>... User unknown [RCPT_TO], sendmail



## c00kie (Dec 26, 2012)

hi 

I have a FreeBSD 9 VPS server with a hosting company. I'm using it as a web server with FAMP amongst other things installed on it. They give me minimal support with the admin of the server. I say minimal since anyting port or daemon related and 'fix it yourself' basically. 

I configured sendmail on the server some months ago and got it to work. I could send and receive emails both ways; from my server (shell) to google and vice versa.

It's now suddenly stopped working. Emails sent from two web based mail clients, gmail and yahoo fail to reach my server. I'm trying to send a message from mygmail@gmail.com account to my FreeBSD machine admin@example.org which is configured through sendmail. 

Both report:


> Sorry, we were unable to deliver your message to the following address.
> 
> <>:
> Remote host said: 550 5.1.1 <>... User unknown [RCPT_TO]



Things don't suddenly stop working - what's happened?

I look in my /var/log/maillog 

with the last few lines....

```
...
Dec 26 02:54:05 web sm-mta[52936]: qBQ7s5iG052936: from=<test@live.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=www.tfgapt.com [66.195.68.134]
Dec 26 03:01:14 web sm-mta[52971]: qBQ81DqF052971: ruleset=check_rcpt, arg1=<therichsheickc@yahoo.com>, relay=79.161.3.142.static.lyse.net [79.161.3.142] (may be forged), reject=550 5.7.1 <therichsheickc@yahoo.com>... Relaying denied. IP name possibly forged [79.161.3.142]
Dec 26 03:01:14 web sm-mta[52971]: qBQ81DqF052971: from=<test@live.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=79.161.3.142.static.lyse.net [79.161.3.142] (may be forged)
...
Dec 26 03:59:14 web sm-mta[53125]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use
Dec 26 03:59:14 web sm-mta[53125]: daemon IPv4: problem creating SMTP socket
Dec 26 03:59:14 web sm-mta[53125]: NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: server SMTP socket wedged: exiting
Dec 26 03:59:17 web sm-mta[53142]: qBQ8xHPx053142: <admin@example.org>... User unknown
Dec 26 03:59:17 web sm-mta[53142]: qBQ8xHPx053142: from=<mygmail@gmail.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=mail-ee0-f66.google.com [74.125.83.66]
Dec 26 04:00:48 web sm-mta[53159]: qBQ90iUh053159: ruleset=check_rcpt, arg1=<therichsheickc@yahoo.com>, relay=CPE-120-146-193-153.static.vic.bigpond.net.au [120.146.193.153], reject=550 5.7.1 <therichsheickc@yahoo.com>... Relaying denied
Dec 26 04:00:48 web sm-mta[53159]: qBQ90iUh053159: from=<test@live.com>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=IPv4, relay=CPE-120-146-193-153.static.vic.bigpond.net.au [120.146.193.153]
```

With stuff like


```
NOQUEUE: SYSERR(root): opendaemonsocket: daemon IPv4: cannot bind: Address already in use
<therichsheickc@yahoo.com>... Relaying denied. IP name possibly forged [79.161.3.142] (may be forged)
```


Alarm bells start to ring. I know sendmail is a complex business and someting that I have very little knowledge of or
experience with. You can only learn so much from the manual pages. 


My biggest fear is 'Is my sendmail daemon now being used as a spam bot?' In my naive sendmail configuration do I need
to tighten security up somewhat? If so, what are some basic steps to take?

My: /etc/mail/access


```
From:example.org		OK
From:admin.example.org		OK
```

/etc/mail/aliases


```
# Pretty much everything else in this file points to "root", so
# you would do well in either reading root's mailbox or forwarding
# root's email from here.

root: user

# Basic system aliases -- these MUST be present
MAILER-DAEMON: postmaster
postmaster: root
...
# NETWORK OPERATIONS MAILBOX NAMES
abuse:	root
# noc:		root
security:	root
admin:		root
```

/etc/mail/local-host-names


```
example.org
admin.example.org
localhost
```


/etc/mail/virtusertable


```
admin@example.org	user
```


Am I being over paranoid? And what steps should I take to get it working again?


----------

