Is sendmail caching DNS or getting it via different method than host/dig/nslookup?

linux domain-name-system sendmail

We've got a linux server running sendmail that relays email through our primary mail server, but ever since a change of DNS servers last week, it's been timing out connecting to our mail server. Upon further investigation, /var/log/maillog shows lines like the following, incl. the incorrect IP address for the mail server:

Apr  4 15:37:32 yip sendmail[20583]: p34JVgLE020540: to=<[email protected]>, ctladdr=<[email protected]> (0/0), delay=00:05:50, xdelay=00:02:00, mailer=esmtp, pri=258071, relay=mailserver.domain.tld. [xxx.xxx.xxx.xxx], dsn=4.0.0, stat=Deferred: Connection timed out with mailserver.domain.tld.

Now, we had updated the linux server's DNS servers last week along with the migration by editing /etc/resolv.conf. Running dig mailserver.domain.tld, host mailserver.domain.tld, or nslookup mailserver.domain.tld on the linux server all result in the correct IP address being returned. Where could sendmail be getting/caching the incorrect IP address and how can I resolve that issue?


  • Restart sendmail.
  • Restart nscd (if it's in use on the system).

Also make sure you have the correct MX record entries. Sendmail relies on the MX lookup.

Try dig mx domain.tld and see if that results in the correct host. If not, you can force sendmail to deliver mail destined for a particular domain using the mailertable file typically found in /etc/mail/.

A typical mailertable entry looks like:

xxx.com esmtp:[192.168.1.2]

Where "xxx.com" is the domain and the IP for delivery is explicitly stated.


sendmail does cache information about a host's status before reconsulting DNS. Tweaking Timeout.hoststatus can change this, but then again restarting sendmail for your particular case is the way to go (instead of waiting for the timeout to expire).


Sendmail doesn't do any caching itself, it relies on the local name server.

There's a couple of things that are worth checking, though you'll probably of done them already:

  • Check /etc/hosts has no entries for the relay server, that'll take precedence over DNS
  • Check the Sendmail resolver options to see if it's actually set to use DNS
  • Ensure /etc/resolv.conf is only pointing to updated DNS servers, and 1 of them isn't still returning the old value. Do this manually by running nslookup and entering "server 1.2.3.4" for each DNS server, remember it could return 2 different IPs on repeat queries if it's set to have duplicate entries. I've seen this plenty of times.

I know they're all pretty basic, but it's easy for a very rushed admin to make a simple mistake like one of these.

Related

Flow for purchasing an SSL Certificate
Minimum access rights for generating schema creation scripts
Transitioning from Finance to IT careers - degree required? [closed]
Online EXT4 on LVM resize
How to stop backscatter email spam
Proper permissions for two developer team on PHP5 Apache Linux server
What can I do with an IP address of a visitor that tried to access a shell exploit that was planted on my system?
dig: "Transfer failed."
Enable Remote Login (SSH) without GUI on a Mac
When is it appropriate to run chkdsk?
How to convert a postgres database to sqlite
RAID1 performance with madam