I'm a little johnny-come-lately on this discussion, but here's my
2-cents worth:
First, let's be clear on something -- with the exception of your own
LAN, you do not control, nor does your server answer for a reverse-DNS
lookup. DJBDNS, Bind, or even windoze DNS servers answer for NAME
lookups for your configured domains, but the REVERSE DNS lookup will be
resolved by your ISP. (Amazing how many admins get this wrong!) Based on
your question, you may or may not have already known that, but I wanted
to get it out of the way anyways. (Again, your LAN is the exception).
Now typically, djbdns is setup as a "caching" nameserver -- which means
it doesn't resolve LAN names or addresses -- just Internet ones. So that
is probably where your first problem is. To learn how to install "local"
domains, go to http://cr.yp.to/djbdns/run-server-bind.html This is
where Daniel (Bernstein, not me) explains how to import and/or create
the database for his djbdns system. (Personally, I use bind).
Finally, remember that the REVERSE DNS zone has to be NAMED something
like (using your apparent LAN address below): "1.168.192.in-addr.arpa"
and should contain an SOA and PTR records only (certain optional records
-- like LOC are OK, but there is no need for the likes of NS or MX
records in a reverse-DNS zone file). This seems counter-intuitive, but
has to do with the database hierarchy that the Internet DNS system uses.
(Basically, it is your network address with the bytes reversed -- so,
your network address being 192.168.1[.0] (assuming a 24-bit netmask of
255.255.255.0), you reverse that to 1.168.192. Then, tell the system
that this is a REVERSE zone by ending the name with "in-addr.arpa").
I hope this helps.... someone!
Dan
Daniel McAllister, President
IT4SOHO, LLC
224 - 13th Avenue N
St. Petersburg, FL 33701
877-IT4SOHO: Toll Free
727-647-7646 In Pinellas
813-464-2093 In Hillsborough
727-507-9435 Fax Only
"When did you do your last backup?"
Ask me about unattended offsite backup solutions...
to protect your business, not just your data!
Eric Shubert wrote:
Kent Busbee wrote:
See response below; Eric Shubert wrote:
spamdyke is filtering because the sender isn't authorizing itself.
The simplest (and safest) solution is to have all senders authorize
themselves. If they're authorized then all spamdyke filters are bypassed,
and you don't have to worry about rDNS for your local network (which is
otherwise fruitless). You may need to add smtp authorization to
squirrelmail
configuration if you have people using the toaster's squirrelmail.
I keep forgetting to mention that Auth does not seem to be an option. The
accounting package does not seem to work with it. I tried setting to
submission port 587 and CRAM-MD5, but it says auth failed. I believe the
software is at fault, so I hope to get it to work the standard way.
Unless you think it is possible Auth is not working do to r-dns. If you
think we could more easily trouble shoot the Auth, let me know.
On a positive note, I did convert SM to use port 587 (submission) and Auth
CRAM-MD5. After installing spamdyke, submissions had slowed in squirrel
mail - you would click send and then watch the hourglass for a minute
before "message successfully sent". After converting to use submission,
messages again go right through. I would recommend for anyone using
spamdyke and squirrel mail.
This slowness with SM is indicative of a dns/rbl problem, typically a dns
timeout caused by who knows what. I'd have a look at the contents of
/etc/resolv.conf. Since you're running a local dns server, the first
nameserver entry should be 127.0.0.1. You should be using a static IP
address on your toaster so that DHCP doesn't overwrite this file. If you can
dig some sample external domains in quick fashion, then you probably are
using an rbl which is having problems.
If your dns server is just a localcache (recursive) server and not
authoritative, I'd recommend using bind instead of djbdns. To use bind,
remove what you have for djbdns, then
# yum -y install bind bind-chroot caching-nameserver
That's all there is to it.
As for the errant submitter @192.168.1.19, have you tried adding this
address to the /etc/spamdyke/whitelist_ip file?
