I managed to resolve this issue with some strange workaround. I must confess, I dont exactly know which service was handling DNS before, as NetworkManager and systemd-resolved were both disabled.
/etc/resolv.conf was overwritten by each DHCP request. So I did the following. I configured systemd-resolved to also listen on 192.168.158.200:53, and to use 192.168.158.1 as DNS Server. I then set the 6 domain-name-server DNS option on DNS for the host 192.168.158.200 to point to 192.168.158.200 (127.0.0.1 was not allowed). So each DNS request is not sent to 192.168.158.200:53, which is the local systemd-resolved. This then looks at the /etc/hosts file for matches, and forwards queries to 192.168.158.1 if no matches are found. Now OpenSMTP connects to the internal IP, but can still use SSL/TLS and verify the certificate. Strange strange... When I have some more time I will switch OS to OpenBSD. Thanks for your help! Simon > > Hey yall, > > in my smtpd.conf file I have "relay smtps://host.domain.tld" > > host.domain.tld does resolve to a public IP, and this needs to be a public IP > on > public DNS. > However, OpenSMTPd needs to relay to the local IP address of the smarthost. > Since I have no DNS server running on that network, and i dont want to setup > a DNS > server only for OpenSMTPd, I added an enty to /etc/hosts, assigning the local > IP to > the FQDN. > When i ping the FQDN it correctly resolves to the internal IP of the > smarthost. > However, OpenSMTPd ignores the entry in /etc/hosts and still tries to connect > to the > public IP of the host. > > Is this known that OpenSMTPd ingores /etc/hosts? Or is this a problem on > Debian? > Is there a workaround? Specifying "relay smtps://192.168.158.1" will not > work, as the > private IP is not part of the Cert. > Can I force OpenSMTPd to use the internal IP? Can I disable Cert checking for > the > smarthost? > > Thanks! > > System details: > > root@mx01:~# lsb_release -a > No LSB modules are available. > Distributor ID: Debian > Description: Debian GNU/Linux 11 (bullseye) > Release: 11 > Codename: bullseye > root@mx01:~# smtpd -h > version: OpenSMTPD 6.8.0p2 > usage: smtpd [-dFhnv] [-D macro=value] [-f file] [-P system] [-T trace] > > root@mx01:~# cat /etc/network/interfaces > # This file describes the network interfaces available on your system > # and how to activate them. For more information, see interfaces(5). > > source /etc/network/interfaces.d/* > > # The loopback network interface > auto lo > iface lo inet loopback > > # The primary network interface > allow-hotplug ens192 > iface ens192 inet dhcp > > > Any info else you need? > > Cheers, > > Simon
signature.asc
Description: PGP signature
