These days got a sendmail issue and fixed it after some research and tests, and I though it could be shared here.
The primary email server was 192.168.3.40 and was used as relay server to send email to the internet, and I was configuring another server 192.168.6.23 to send email through the relay server.
I added the network 192.168.6 to the access file and generated new access.db file, while when I did the test I got below error:
Apr 10 21:46:52 ServerA sendmail: w3ADkqYT012680: ruleset=check_rcpt, arg1=<email@example.com>, relay=212.215.xxnet [2XX.1XX.212.215] (may be forged), rej
ect=550 5.7.1 <firstname.lastname@example.org>... Relaying denied. IP name possibly forged [2XX.1XX.212.215]
I made sure the email address [email protected] could receive email without any issue, and I did not know where the ip address 2XX.1XX.212.215 came.
I searched and found one reason was that the A record of the DNS server was different, while for me I did not use DNS to lookup both hostnames but the /etc/hosts files, and of course they matched on both servers.
At the beginning I lost minds in the sendmail configurations and wasted much time in finding the issues in the config files, while eventually I found the reason with really simple traceroute command:
traceroute to 192.168.6.23 (192.168.6.23), 30 hops max, 38 byte packets
1 192.168.3.2 (192.168.3.2) 0.987 ms 1.097 ms 0.960 ms
2 212.215.xxnet (2XX.1XX.212.215) 1.276 ms 1.288 ms 1.519 ms
traceroute to 192.168.3.40 (192.168.3.40), 30 hops max, 60 byte packets
1 192.168.6.1 (192.168.6.1) 5.874 ms 5.849 ms 5.836 ms
2 192.168.6.1 (192.168.6.1) 5.873 ms 5.911 ms 5.938 ms
As I checked this issue remotely and had no idea about the network configurations, so I did not think public ip address was used in the network path.
To fix this issue, I added the ip address 2XX.1XX.212.215 to the access file and then I would still get below warning:
Apr 15 23:28:21 ServerA sendmail: w3FFSKEU016329: from=<xxxxxx@ServerB>, size=494, class=0, nrcpts=1, msgid=<20180415152821.511084122F@ServerB>, proto=ESMTP, daemon=MTA, relay=212.215.xxnet [2XX.1XX.212.215] (may be forged)
While the email would be sent out.