[l008com]

My problem for the longest time has been getting php scripts, including a forum, to send emails out. I think I've figured it out. What I know is that PHP can send mail to me but no one else (me meaning my emails hosted on the same machine). I set up the mail server (OS X Server 10.2.3) to realy mail only from 192.168.*.* and localhost. the first one covered my whole network, and all computer on my network can send and recieve mail no problem. But for some reason, the mail server blocks mail sent from itself. localhost and 127.0.0.1 both don't work, as they are they same thing anyway. My idea is that when PHP tries to send an email, it is given my servers own external IP address, which is dynamic and changes from time to time, and therefore the server doesn't let the mail through, as the external IP is neither a 192 address nor a 127 address. I thought that localhost would definatly let mail through but for some reason its still not working.

SO I'm sure tons of people use OS X Server's mail services. How do you keep the relay restricted, yet still allow mail from the server itself?

[If your solution it so switch to another mail server, whatever your favorite is, then skip it, I'm sticking with the built in mail server, its plenty powerfull enough for me, and works problem free for all mail except this one little glitch]

[Rainy Day]

This doesn't sound like a PHP problem, since you say you can at least send mail to yourself. It sounds like an MTA (Mail Transfer Agent) problem, which means you probably need to look at your sendmail configuration. I suspect - but am far from certain - that PHP is trying to use sendmail as its MTA, even though you're running MacOS X Server's mail server.

So your first task is to figure out exactly which MTA PHP is actually using, and then you should be looking at your MTA configuration for the solution to this problem. What do the long mail headers from the mail you're able to send to yourself tell you about the route the mail took?

As far as sendmail is concerned, any mail originating from PHP should be coming from a local source. Since relaying is turned off by default in sendmail, that indeed could be your problem. If so, you probably need to add these two lines to /etc/mail/relay-domains (a file which you may need to create):

Code:
192.168.0		# Allow relaying from our local network
localhost

Actually, you probably don't even need the first line, since you have a mail server running already, and so i'd omit it at first.

Another solution is to figure out how to tell PHP to use MacOS X Server's mail server as its MTA. That is perhaps the best solution (as you don't need to duplicate your security efforts). YMMV.

[l008com]

"Received: from localhost [127.0.0.1] by johnmasone.com (AppleMailServer 10.2.3.0) id 3379 via TCP with SMTP; Tue, 29 Apr 2003 00:27:22 -0400
Received: by localhost (8.12.6/8.12.2/Submit) id h3T4RMFc024050; Tue, 29 Apr 2003 00:27:22 -0400 (EDT)"

Thats an email that worked, that was sent to myself. It looks like it did infact go through the Apple Mail Server in OS X Server. What do you think?

--also, how do you restart sendmail? Something like the equivelent of sudo apachectl graceful? I'd hate to reboot the whole machine just for that, I value my uptime.

[Rainy Day]

Thats an email that worked, that was sent to myself. It looks like it did infact go through the Apple Mail Server in OS X Server. What do you think?

Well, the message certainly went through Apple Mail Server in OS X Server for delivery to your local mailbox, and that's what the first line is telling you. But it also appears to have gone through sendmail (version 8.12.6, in fact) as this line is telling you:

Received: by localhost (8.12.6/8.12.2/Submit) id h3T4RMFc024050; Tue, 29 Apr 2003 00:27:22 -0400 (EDT)"

You can grep your sendmail log for the id of that message, h3T4RMFc024050, to prove that sendmail indeed handled that mail message. But a tail may prove to be more interesting to you. Try: tail -n40 /var/log/mail.log | more to see the last 40 log entries into your sendmail log. That'll probably give you some clues about the other eMails which didn't go out. You may see something like "relaying denied," or something similar. If you can find an entry for a failed message, you might want to post it. Look for the message id, and include all log entries with that id. Usually, there'll be more than one line if the eMail wasn't relayed. Use a command something like this: grep h3T4RMFc024050 /var/log/mail.log, except replace the "h3T4RMFc024050" with the id of your target message.

--also, how do you restart sendmail? Something like the equivelent of sudo apachectl graceful? I'd hate to reboot the whole machine just for that, I value my uptime.

Something like sudo kill -HUP `sudo head -1 /var/run/sendmail.pid` ought to restart sendmail daemon. But bear in mind that sendmail does not normally run as a daemon under MacOS X, and so that probably isn't want you want to do (unless you've setup sendmail to run as daemon, which i doubt you have). If ps -cxa | grep sendmail returns nothing, you're not running sendmail as a daemon. If it does, you may be running sendmail as a daemon (or your timing may just have been "lucky" and you looked at your system when PHP had invoked sendmail, for example).

Default MacOS X operation is to start sendmail each time it is used, and shut it down when done. Since sendmail reads its configuration files each time it starts up, you don't have to do anything (besides change its configuration files). Restarting, or even logging out, is completely unnecessary as well.

[l008com]

OK I tried adding that file with localhost in it, and it still didn't work. Then it occured to me, that, if I'm getting these rejection errors in the Server Status app, then it has to be the Apple Mail Server that is getting them, which means that IT must actually be the culprit right? Yet it is set to relay from localhost. Now I'm very confused, I have no idea what exactly is up. Plus I'm still pretty sure that I want to make PHP use only my Apple Mail Server so I don't have two mail servers running in parallel. But I don't know how to do that either. :-(

[Rainy Day]

Well, strictly speaking, sendmail is not running as an eMail server. It is merely an MTA. PHP is using it to dispatch the mail. But we may just be spliting semantic hairs on that.

it occured to me, that, if I'm getting these rejection errors in the Server Status app, then it has to be the Apple Mail Server that is getting them, which means that IT must actually be the culprit right?

No, not necessarily. What appears to be happening is that PHP is handing the mail to sendmail for delivery. sendmail is clearly happy to hand that off to your local mail server for delivery of local mail (as it should). The headers you posted above tell us that much. What's not clear is what happens in the case of outbound messages. I'm sure those are channeled via sendmail too. The question is: Is sendmail trying to deliver them directly, or is it handing them off to Apple Mail Server for delivery? If the former, why is Apple Mail Server telling you about the error? Could the error be routed from sendmail? Perhaps (that's why the sendmail log would be worth looking at.)

To solve this problem you might:[list=1][*] have sendmail deliver the mail directly (i.e. relay)[*] tell sendmail to hand the mail off to the Apple Mail Server for delivery (if it's not already doing that)[*] try to configure PHP to bypass sendmail and hand it off directly to the Apple Mail Server for delivery[/list=1] I think #3 is the best solution, #2 is probably second best, and #1, in retrospect, the least desirable (so delete that file i suggested previously).

#2 can probably be achieved by using a SmartHost sendmail configuration. But i think you should look into #3 first. Surely there must be a way to tell PHP to use a different MTA. Probably in the PHP configuration file. I don't have time to look it up right now, but my instincts tell me this is the avenue to pursue first.

I still think it would be valuable to see a reject message from your sendmail log.

[l008com]

-- zip --

magic!

[l008com]

Also both my AMS and sendmail are running on the same machine, as far as I can tell, if you wanna forward mail in sendmail, you have to give it only an address to go to, how do you specify which specific program is used?

[Rainy Day]

Here's how to interpret your log entries (besides the obvious things like date, etc.)...

The number inside the square brackets is the process ID number of the sendmail process which wrote the log entry. Notice how your entries are in groups of four. The first two lines of each four line block are the same:
 My unqualified host name (localhost) unknown; sleeping for retry
 unable to qualify my own domain name (localhost) -- using short name
This looks like a sendmail configuration problem.

Anything sent to the domain "fellsbiker.com" appears to be dispatched properly, but everything else appears to fail with a stat=User unknown. This is likely because there is no such local user and sendmail defaults to not act as a relay. One option is to simply set up sendmail to relay from this host/user to the outside world.

I looked a little at the PHP doc's, but am unsure how to tell it to use a different MTA. I'm thinking the PHP configuration file is where it might be changed, but don't know where.

Perhaps the SmartHost solution, telling sendmail to just forward everything to Apple Mail Server for dispatch, is the best approach.

[l008com]

Originally posted by Rainy Day:
Perhaps the SmartHost solution, telling sendmail to just forward everything to Apple Mail Server for dispatch, is the best approach.

I have come to the same conclusion, as i've found other things that default ot sendmail too, but I have no idea how to set such a thing up?

[Rainy Day]

Well my server box (a vintage 68K Mac) isn't running MacOS X Server because, well, it can't. And i have chosen to use sendmail as my "mail server" anyhow, so i don't have this problem. I only played with MacOS X Server (10.1) for a week or so (about 15 months ago), and didn't really get into working with mail on it. So i'm sort of groping a bit in the dark here.

But the thought occurs to me that: 1) we've identified the problem (i.e. that PHP is passing the mail off to sendmail, which is refusing to relay it to the outside world), and 2) we've identified what seems to be a reasonable solution (i.e. to configure sendmail to pass it off to AMS).

Now i was all set to try to chew on the task of #2 above when it crossed my mind that this must be a fairly common problem for MacOS X Server, one which Apple may even have solved already. At the very least, there ought to be a preferred solution to this problem, one which should be documented somewhere. My guess is that it might be productive to search the net for this, or post it to the Server forum to see if someone knows off the top of their head how to either get sendmail to relay to AMS, or how to use AMS as the default MTA under MacOS X Server. Clearly this can be done by rolling up our sleeves and getting into heavy duty sendmail configuration, but i suspect that may be re-inventing the wheel (and a lot more work than is necessary to solve this problem).

If you try that and you're still stuck, send me a private message and we'll see what we can do about configuring your sendmail "the hard way." I'm pretty certain i know how to solve all these problems, but it's likely to take a bit of tinkering to get it going. But i'd be really surprised if there isn't a configuration option in Server to address just this issue.

[l008com]

Apple's solution is an option to do the opposite, to have AMS relay everything to Sendmail. But I don't wanna do that, I like GUI control of my mail server. I'll search the til and some other places and get back to you.

[Rainy Day]

I don't wanna do that, I like GUI control of my mail server.

For outgoing eMail, i'm not sure that really matters. For incoming, sure you'd want a GUI interface (to manage domains served, mailboxes, users, forwards, aliases, etc.) But for outgoing, it's pretty much configure once and forget about it.

Be all that as it may, i posted some info on your thread in the Servers forum about routing outbound mail to another server.