sendmail+poprelayd problem. help

2025-04-02

I use sendmail8.9 on a redhat 7.3 and put in POPRELAYD for smtp-before-pop to allow imap/pop users to send mail. my sendmail.cf has been generated by linuxconf1.29 because i needed virtual domains/users for pop/imap.
the sendmail.cf created by linuxconf is strict at relaying -as it should be- but even when i added this code (as suggested by poprelayd) directly to sendmail.cf (i am not using sendmail.m4 but linuxconf !):

Kpopip hash -a<MATCH> /etc/mail/popip
....
# Allow if the connected host has recently POP3 authenticated.
SLocal_check_rcpt
R$* $: < $&{client_addr} > Get client IP address.
R< $* > $(popip $1 $) Check full address.
R$* < MATCH > $#OK

i am still not allowed to send email from IMAP users. i checked with poprelayd -p that IPs are correctly detected and entered in the popip.db file. so what could be wrong?

i include below parts of my sendmail.cf (esp. LOCAL_RULE part) in case some nice soul could detect whta's wrong!

thanks a lot ... i have been trying to solve this for 4 days non-stop!

========================== sendmail.cf
######## Generated by linuxconf 1.29
##### SENDMAIL CONFIGURATION FILE
############################
# level 7 config file format
V8/Berkeley
# Alias for this host
Cw localhost mysite.mine.nu
# Virtual email domain
FV/etc/mail/sendmail.cV
#CV mysite.net
#CV mysite.org
# who I masquerade as (null for no masquerading)
# Smart host
DS
# Use this mailer to reach the Smart host
DNsmtp
# Central host for local mail
DH
# class L: names that should be delivered locally, even if we have a relay
CLroot
# class E: names that should be exposed as from this host, even if we
masquerade
CEroot
# Trust users
Troot
Tdaemon
Tuucp
# Database for special routing
# Not activated
# Restrict DNS to those domain only
CD
# /usr/lib/linuxconf/mailconf/stdmacros.cf
# There macros are generally never modified. Linuxconf does not
# manipulate them in any way. You are on your own.
# operators that cannot be in local usernames (i.e., network indicators)
CO @ %
# a class with just dot (for identifying canonical names)
C..
# a class with just a left bracket (for identifying domain literals)
C[[
# dequoting map
Kdequote dequote
CPREDIRECT
######################
# Special macros #
######################
# SMTP initial login message
De$j Sendmail $v/$Z ready at $b
# UNIX initial From header format
DlFrom $g $d
# my name for error messages
DnMAILER-DAEMON
# delimiter (operator) characters
Do.:%@!^/[]
# format of a total name
Dq$?x$x <$g>$|$g$.
# Configuration version number
DZlinuxconf

# file containing IP numbers of machines which can use our relay
F{LocalIP} /etc/mail/ip_allow
# file containing names of machines which can use our relay
F{LocalNames} /etc/mail/name_allow
# Virtual user table (maps incoming users
Kvirtuser hash /etc/mail/virtusertable
# The pop/imap users table: POPRELAYD
Kpopip hash -a<MATCH> /etc/mail/popip
# Deliver mail only in DNS is available
#OI
# Match full user name when receiving
OGFalse
# maximum message size
#O MaxMessageSize=1000000
#O MaxRecipientsPerMessage=xxxxx
# delivery mode
O DeliveryMode=background
# /usr/lib/linuxconf/mailconf/stdmacros.cf
# There macros are generally never modified. Linuxconf does not
# manipulate them in any way. You are on your own.

###################################################################
### Ruleset 98 -- local part of ruleset zero (can be null) ###
###################################################################
S98
# addresses sent to foo@host.REDIRECT <mailto:foo@host.REDIRECT> will give a 551 error code
R$* < @ $+ .REDIRECT. > $: $1 < @ $2 . REDIRECT . > < ${opMode} >
R$* < @ $+ .REDIRECT. > <i> $: $1 < @ $2 . REDIRECT. >
R$* < @ $+ .REDIRECT. > < $- > $# error $@ 5.1.1 $: "551 User has moved;
please try " <$1@$2 <mailto:$1@$2>>

Scheck_mail
R$* $: $>check_rbl $1
# don't check these
R<$*@$=w <mailto:$*@$=w>> $@ ok shortcut
# idea from Steven Schultz
R<> $: <$n @ $(dequote "" $&{client_name} $) >
# remove at least the dot...
R<$*@$ <mailto:$*@$>*.> <$1@$2 <mailto:$1@$2>>
R$* $: $>3 $1 canonify
R$- $@ ok
# no host without a . in the FQHN ?
R$*<@$->$* $#error $@ 5.1.8 $: 551 invalid host name $2, check your
configuration.
# lookup IP address (reverse mapping available?)
#R$*<@[$-.$-.$-.$-]>$* $: $1 < @ $[ [ $2.$3.$4.$5 ] $] > $6
# copy the result of the lookup
R$* $:$1 $| $1
# now remove the dot
R$* $| $*<@$*.>$* $: $1 $| $2<@$3>$4
# and check the database
R$* $| $*<@$*>$* $: $1 $| $>junk $2<@$3>
# match: return given error code (rhs of map)
R$* $| $*<@$*@JUNK>$* $#error $@ 5.7.1 $: $3
# restore original value (after canonicalization by ruleset 3)
R$* $| $* $: $1
# this is dangerous! no real name
# (see RFC 1123,sections 5.2.2 and 5.2.18)
#R$*<@$*$~P>$* $#error $@ 4.1.8 $: 451 unresolvable host name $2$3, check
your setup.
#
# Envelope sender rewriting
#
S10
R<@> $n errors to mailer-daemon
R$+ $: $>50 $1 add local domain if needed
R$* $: $>94 $1 do masquerading
#
# Envelope recipient rewriting
#
S20
R$+ < @ $* > $: $1 strip host part
#
# Header sender rewriting
#
S30
R<@> $n errors to mailer-daemon
R$+ $: $>50 $1 add local domain if needed
R$* $: $>93 $1 do masquerading
#
# Header recipient rewriting
#
S40
R$+ $: $>50 $1 add local domain if needed
#R$* $: $>93 $1 do all-masquerading
#
# Common code to add local domain name (only if always-add-domain)
#
S50
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification
#
# envelope sender rewriting
#
S11
R$+ $: $>51 $1 sender/recipient common
R$* :; <@> $@ list:; special case
R$* $: $>61 $1 qualify unqual'ed names
R$+ $: $>94 $1 do masquerading

#
# envelope recipient rewriting --
# also header recipient if not masquerading recipients
#
S21
R$+ $: $>51 $1 sender/recipient common
R$+ $: $>61 $1 qualify unqual'ed names

#
# header sender and masquerading header recipient rewriting
#
S31
R$+ $: $>51 $1 sender/recipient common
R:; <@> $@ list:; special case
# do special header rewriting
R$* <@> $* $@ $1 <@> $2 pass null host through
R< @ $* > $* $@ < @ $1 > $2 pass route-addr through
R$* $: $>61 $1 qualify unqual'ed names
R$+ $: $>93 $1 do masquerading

#
# convert pseudo-domain addresses to real domain addresses
#
S51
# pass <route-addr>s through
R< @ $+ > $* $@ < @ $1 > $2 resolve <route-addr>
# output fake domains as user%fake@relay <mailto:user%fake@relay>
# do UUCP heuristics; note that these are shared with UUCP mailers
R$+ < @ $+ .UUCP. > $: < $2 ! > $1 convert to UUCP form
R$+ < @ $* > $* $@ $1 < @ $2 > $3 not UUCP form
# leave these in .UUCP form to avoid further tampering
R< $&h ! > $- ! $+ $@ $2 < @ $1 .UUCP. >
R< $&h ! > $-.$+ ! $+ $@ $3 < @ $1.$2 >
R< $&h ! > $+ $@ $1 < @ $&h .UUCP. >
R< $+ ! > $+ $: $1 ! $2 < @ $Y > use UUCP_RELAY
R$+ < @ $+ : $+ > $@ $1 < @ $3 > strip mailer: part
R$+ < @ > $: $1 < @ *LOCAL* > if no UUCP_RELAY

#
# common sender and masquerading recipient rewriting
#
S61
R$* < @ $* > $* $@ $1 < @ $2 > $3 already fully qualified
R$+ $@ $1 < @ *LOCAL* > add local qualification

#
# relay mailer header masquerading recipient rewriting
#
S71
R$+ $: $>61 $1
R$+ $: $>93 $1
# Allow relaying if the connected host has recently POP3 authenticated.
SLocal_check_rcpt
R$* $: < $&{client_addr} > Get client IP address.
R< $* > $(popip $1 $) Check full address.
R$* < MATCH > $#OK
# Special rules when relay control is active
Scheck_rcpt
R$* $: $(dequote "" $1 $)
# first: get client address
R$+ $: $(dequote "" $&{client_addr} $) $| $1
R0 $| $* $@ ok client_addr is 0 for sendmail -bs
R$={LocalIP}$* $| $* $@ ok from here
# next: get client name
R$* $| $+ $: $(dequote "" $&{client_name} $) $| $2
R $| $* $@ ok no client name: directly invoked
#R$- $| $* $@ ok for those without full DNS...
R$*$=w $| $* $@ ok from here
R$*$={LocalNames} $| $* $@ ok from allowed system
#R$* $| $* $: $(popauth $1 $)
#ROK $@ OK
# now check other side
R$* $| $* $: $>3 $2
# remove local part
R$+ $:$>removelocal $1
# still something left?
R$*%$*<@> $#error $@ 5.7.1 $: 551 We do not relay
R$*<@$+>$* $#error $@ 5.7.1 $: 551 we do not relay
Sremovelocal
# remove RelayTo part (maybe repeatedly)
R$*<@$*$={RelayTo}.>$* $>3 $1 $4
R$*<@$*$={RelayTo}>$* $>3 $1 $4
R$*<@$=V>$* $: $>removelocal $>3 $1 $3
R$*<@$=V.>$* $: $>removelocal $>3 $1 $3
R$*<@$=w.>$* $: $>removelocal $>3 $1 $3
R$*<@$*>$* $@ $1<@$2>$3
# dequote local part
R$- $: $>3 $(dequote $1 $)
R$*<@$*>$* $: $>removelocal $1<@$2>$3
Scheck_relay
# check IP
R$+ $| $+ $: $1 $| $>junkIP $2
R$+ $| $*@JUNK <mailto:$*@JUNK> $#error $@ 5.7.1 $: $2
# check hostname
R$+ $| $+ $: $>junk <@$1>
R$*<@$*@JUNK>$* $#error $@ 5.7.1 $: $2
#Empty junk rule
Sjunk
SjunkIP
# RBL not enabled, empty ruleset
Scheck_rbl