Tuesday, April 27, 2010

Connection refused by localdomain

Recently, one of my clients could not send out emails through his web conferencing platform.  More precisely, he could not send out conference invitation emails to some receipients, for example, hotmail.com.
His /var/log/maillog showed a number of  "connection refused by XXX.localdomain" messages and he suspected that it is the root cause of failed delivery.
In fact, "connection refused" was due to missing hostname in /etc/mail/access and local-host-names.  To fix it, I firstly added back his hostname XXX in access:
and recompiled the access.db by:
"makemap  hash access.db < access"
Then I updated /etc/mail/local-host-names which tells sendmail the machine name.
After making these changes effective by restarting sendmail daemon via "service sendmail restart", we finally understood why some emails could not be delivered.
The maillog now showed that the client's ip address was blacklisted in SPAMHAUS, a free internet blacklist service used by many email servers, including hotmail, as spam filter.
I guessed the client's server had been compromised some time ago and was captured by SPAMHAUS.

No comments:

Post a Comment