Thanks for responding. I'm afraid, though, that your response leaves unanswered many of the questions I asked. See below.
At 08:48 AM 8/12/02 -0400, Craig Heil wrote: >We are running Linux version 2.2.19-3-LEAF with the default firewalling. This statement does not identify the LEAF version. LEAF versions have names like Dachstein, Oxygen, and Bering. Which are you using, and is it a floppy or a CD-based version? >The >LAN is using NAT. We are able to send mail to the server by adding the >server name to the hosts file on the network machines. I assume you mean here that you can send mail out through your on-LAN server from workstations on the LAN. Please correct me if this interpretation is wrong. >We are able to send >mail out to external mailers (Yahoo, AOL), We can send mail from user to >user inside the network. And just to be clear ... the mail server is a different host from the LEAF firewall, right? What Linux distro does it run, what kernel version, and what MTA? >However, when sending TO the internal network the >mail gets to the sendmail mail queue then gets deferred due to the >mailserver's inability to contact the sending MTA. Once again, I must ask: do you mean the sendmail queue on the on-LAN server? If so, this description is very puzzling. In order for the complete message to reach the on-LAN server, it has to make several responses to the sending MTA (responding to the HELO, RCPT, and MAIL messages) before the actual piece of e-mail (the DATA message) is sent. So we need a better explanation of the problem than "gets deferred due to the mailserver's inability to contact the sending MTA". Of course, you might mean something else. If so, please explain it more clearly. Also, if I have interpreted this correctly ... what is sendmail *supposed* to do with these messages? Deliver them to on-server accounts (to be read using POP3, IMAP, or shell logins)? Send them on to the workstations (how ... what MTAs are the workstations running)? Do the messages coming from outside have To: FQNs (I mean the part after the @) that are the same as the ones used on messages that originate internally? How does the server resolve names (since you mention needing to add its name to the hosts files on workstations, it sounds like you are not running on-LAN DNS)? I ask all this stuff because when mail is stuck in the sendmail queue, that usually indicates a problem contacting the *destination* MTA, not the *source* MTA. To be sure that the problem is with the *sending* MTA, as you write: from off-LAN, if you telnet to port 25 and send a message using the various smtp commands manually, at what point does the interchange fail? >The openings in the firewall for smtp are: >EXTERN_SMTP_PORTS = "0/0_ntp 0/0_smtp" >and >INTERN_SMTP_SERVER = 10.0.0.XXX This no doubt relates to whichever LEAF version you are running, but without knowing which version that is, I cannot really comment on it. A couple of quick comments, though -- 1. Listing the ntp port as an external smtp port seems odd, no matter what version you are using. 2. The INTERN_SMTP_SERVER needs a complete IP address, not "10.0.0.XXX". (I assume you are not being silly enough to think that you need to protect yourself by keeping a *private-range* IP address secret from us.) Here we would benefit from seeing the actual firewall ruleset, not just a couple of config-file lines. Next time, post the unedited output of "ipchains -nvL" if you want actual troubleshooting help with respect to the ruleset you have installed. >As far as the ISP, that is not the case for us. We can run anything on our >pipe. However, we are still only testing the server so the mail will come >from [EMAIL PROTECTED] until we are ready to go live. The only >thing could be some strange name service rule that picks up on that unknown >private.network. I don't understand this last part. If all mail is coming from "[EMAIL PROTECTED]", how are you doing off-LAN tests? If you are spoofing the source when doing off-LAN tests, then is it possible that you are hitting your MTA's anti-relaying or anti-SPAM rules rather than having a LEAF-related problem? If so, you need to get advice from a support list for your MTA, not from LEAF. >-----Original Message----- >From: [EMAIL PROTECTED] >[mailto:[EMAIL PROTECTED]]On Behalf Of Ray Olszewski >Sent: Friday, August 09, 2002 5:02 PM >To: Craig Heil; [EMAIL PROTECTED] >Subject: Re: SMTP problem (was: [leaf-user] (no subject)) [old stuff deleted] -- -------------------------------------------"Never tell me the odds!"-------- Ray Olszewski -- Han Solo Palo Alto, California, USA [EMAIL PROTECTED] ------------------------------------------------------------------------------- ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
