date:20040121

Graham Smith writes:

delivering into maildirs. I have backups of the maildirs and I was 
wondering how I can put the backup mail back into the system.
Restore them.

I notice that there are control files such as courierimapsubscribed and 
courierimapuiddb which contain lists of messages and folders. The 
folders on looks quite obvious but the db file is a little confusing. My 
main concern is that the format of the message name is a little 
different between what I get now eg

1074616521.M124960P4905V0303I0003036D_9.compost,S=2603:2,RS

and what I used to get

1039268525.4279_2604.compost.home.crazysquirrel.com,S=16015

although they are superficially similar.
Ignore that.  Just restore the backups.



pgp0.pgp
Description: PGP signature

[courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

First off:  Courier-mta is the BEST!

Question:  Does courier iterate through all available MX records even if
the first few are broken and possibly violate RFC1035?

I have been getting a complaint from someone trying to send an email to
me.  She gets an error from her mailserver thus:

--

  Mail Delivery Subsystem 
[EMAIL PROTECTED]  1/6/2004 3:43:24 PM
The original message was received at Tue, 6 Jan 2004 15:43:14 -0600
(CST)
from 12-23-34-45.otherguysisp.com [12.23.34.45] (may be forged)
- The following addresses had permanent fatal errors -
 [EMAIL PROTECTED] 
(reason: 517-MX records for brokendomain.com violate section 3.3.9 of RFC
1035.)
- Transcript of session follows -
... while talking to mail.! mydomain.net.:
MAIL From: [EMAIL PROTECTED]  SIZE=1911517-MX records for
brokendomain.com violate section 3.3.9 of RFC 1035.
 517 Invalid domain, see URL: ftp://ftp.isi.edu/in-notes/rfc1035.txt 
554 5.0.0 Service unavailable

---

It was explained to me that the other guy's ISP (otherguysisp.com) has the
broken domain's entries purposely broken for the first few MX records
(brokendomain.com).  He says that his ISP wants to keep the first few MX
records broken, and that the problem is with MY mailserver.

I am running Courier-mta 0.43.2 and it was compiled on my redhat 8.0 box
with the ldap auth module loaded and running.

- Kirk





---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

2004-01-21 Thread Anand Buddhdev

On Tue, Jan 20, 2004 at 11:20:51PM -0600, Kirk A Wolff wrote:

 First off:  Courier-mta is the BEST!
 
 Question:  Does courier iterate through all available MX records even if
 the first few are broken and possibly violate RFC1035?

No. All the MX records have to be correct; even if one is wrong,
courier will refuse to accept mail from that domain.

 I have been getting a complaint from someone trying to send an email to
 me.  She gets an error from her mailserver thus:
 
 --
 
   Mail Delivery Subsystem 
 [EMAIL PROTECTED]  1/6/2004 3:43:24 PM
 The original message was received at Tue, 6 Jan 2004 15:43:14 -0600
 (CST)
 from 12-23-34-45.otherguysisp.com [12.23.34.45] (may be forged)
 - The following addresses had permanent fatal errors -
  [EMAIL PROTECTED] 
 (reason: 517-MX records for brokendomain.com violate section 3.3.9 of RFC
 1035.)
 - Transcript of session follows -
 ... while talking to mail.! mydomain.net.:
 MAIL From: [EMAIL PROTECTED]  SIZE=1911517-MX records for
 brokendomain.com violate section 3.3.9 of RFC 1035.
  517 Invalid domain, see URL: ftp://ftp.isi.edu/in-notes/rfc1035.txt 
 554 5.0.0 Service unavailable
 
 ---
 
 It was explained to me that the other guy's ISP (otherguysisp.com) has the
 broken domain's entries purposely broken for the first few MX records
 (brokendomain.com).  He says that his ISP wants to keep the first few MX
 records broken, and that the problem is with MY mailserver.
 
 I am running Courier-mta 0.43.2 and it was compiled on my redhat 8.0 box
 with the ldap auth module loaded and running.

-- 
Anand Buddhdev


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain


Thank you Gerardo for your reply.  I have some additional information
regarding WHY the MX RRs are broken.  The mailserver admin does not intend
to keep these broken.  I also have a comment about how RFC1035 is
implemented in Courier.

Regarding RFC1035 in Courier;  I looked through the most recent source code
for Courier-mta and have discovered that my revision contains the same code
that exists today.  I have lightly reviewed the code in the file
courier/courier/rfc1035/rfc1035mxlist.c.  It seems to me that what is
happening is only the first three MX entries are used.  Please correct me on
this!

In my case, the first two MX entries were intentionally broken, but the
THIRD was an rfc1035 violation!  The third entry contained an IP address.
There were three additional lower priority entries also for the domain, all
adding up to a total of six MX entries.  Is it possible that courier is
ignoring the fourth, fifth, and sixth entries?

  It was explained to me that the other guy's ISP (otherguysisp.com) has
  the broken domain's entries purposely broken for the first few MX
records
  (brokendomain.com).  He says that his ISP wants to keep the first few MX
  records broken, and that the problem is with MY mailserver.

 If he broke the mx entries on purpose then ask him where in the RFC it
 states that type of methadology, or what best business practice is he
 following here.

He does not seem to be concerned about following the full intent of the
RFCs, but is still concerned about being 'standards-based'.  Please read the
following fromt he guy:

The intention of this was to hide the domain's real SMTP servers from
the internet (we have been seeing spammers pick MX records at random,
rather than just the highest preference, for the past year and a half).
brokendomain.com did not choose to make use of this feature, so their real
SMTP
server is listed, after the anti-spam boxes.  We also preferred using
the MX's for choosing final delivery because it was standards-based, and
wouldn't require us to do any sort of nasty munging in Sendmail.


 Keep the first few MX records broken?  If they want to break these then
 tell him to keep them internal, and tell them to run a sandbox DNS
 solution.  If he wants to play the game of interconnectivity then he
 needs to play along with everyone else, and the standards (and
 suggestions) provided in the RFC's.

You are right about the sandbox approach.  It seems that he's trying to a
sandbox approach, but is still exposing the first few MXs.  Read his
explanation:

They need to have their mail routed through an anti-spam system before
it gets to their SMTP servers.  By having the 1st 2 records
unresolvable, mail from the internet is delivered to MX 30, the
anti-spam boxes.  The anti-spam boxes *are* able to resolve the
*.mx.otherguysisp.com records (MX 10 and 20), and MX 10 just points to
brokendomain.com's primary SMTP server.

I'll recommend that he read the 'sandbox' section of the RFC



 I have ran into admins in the past who have done the same thing.  Blame
 the software I am running because they dont follow the RFC.  One big
 example is IP addresses in the MX record, and then they defend their
 stance by stating to me Well I can get mail from everyone else.  As it
 happens everyone else is Hotmail or Yahoo Mail, it is a sad thing
 that some admins use such services as the measuring stick for
 interconnections.

You are right about this, however it is possible that Courier isn't checking
more than three MX RRs, which isn't a violation of RFC, but isn't complete
compliance either.  His nameserver entries may be messed up, but courier
should be able to look at the fourth, fifth, etc. MX entries.


 It is hard sometimes to make idiots that think like this to even see
 reason.  Where I work I am not even the Systems Administrator, it just
 happens that I have taken some system responsabilities (email being one)
 because of the staffing issues presented in my department.


He's actually being very cooperative.  He made some changes to the domain
until we get these issues further resolved:

This is probably left over from the last time they renumbered.  Put in
place temporarily and meant to be fixed when things had stabilized.  You
know how that goes :)  I can get this fixed, but I'd like to see if the
change I made yesterday fixes it first.  That will tell us which issue
it was.


 Esperience has taught me to take these issues to the individuals
 supervisor's, or superiors and reference the RFC to them, explaining
 where they are not being net frinedly and also what solutions they can
 do in turn [sadly enough you have to think for them also].

 I still see no reasoning as to what they are gaining by breaking an MX
 record.  Escept that the guy misconfigured something and now wants to
 act that it was done like that for some meaningless purpose as to not
 admit that he had no idea what he was doing.

Although he seems fairly familiar with


 Good Luck getting those MX

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

2004-01-21 Thread Dan Melomedman

Gerardo Gregory wrote:
 If he broke the mx entries on purpose then ask him where in the RFC it 
 states that type of methadology, or what best business practice is he 
 following here.

Too bad some RFCs don't always make sense. DSN is a good example. What
a waste of bandwidth and disk space.


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

2004-01-21 Thread Federico Baraldi

Il 06:20, mercoledì 21 gennaio 2004, Kirk A Wolff ha scritto:

 First off:  Courier-mta is the BEST!
 Question:  Does courier iterate through all available MX records even if
 the first few are broken and possibly violate RFC1035?

I agree with Gerardo Gregory and i also have had some issues regarding
this topic  nevertheless i needed to send/receive mail from the misconfigured
domain.

Here is the solution:

1) to send mail you have to add all MX records in your esmtproutes file
Eg.
area.ra.it: [213.209.214.65]
area.ra.it: mail.area.ra.it

2) to receive mail you have to add all MX recorda in your smtpaccess file
Eg.
213.209.214.65  allow,BOFHCHECKDNS=0,BOFHCHECKHELO=0
130.186.250.195 allow,BOFHCHECKDNS=0,BOFHCHECKHELO=0

and then run makesmtpaccess.

I hope this help ..

Federico.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

 First off:  Courier-mta is the BEST!
 Question:  Does courier iterate through all available MX records even
if
 the first few are broken and possibly violate RFC1035?

I agree with Gerardo Gregory and i also have had some issues regarding
this topic  nevertheless i needed to send/receive mail from the
misconfigured
domain.

Here is the solution:

1) to send mail you have to add all MX records in your esmtproutes file
Eg.
area.ra.it: [213.209.214.65]
area.ra.it: mail.area.ra.it

2) to receive mail you have to add all MX recorda in your smtpaccess
file
Eg.
213.209.214.65  allow,BOFHCHECKDNS=0,BOFHCHECKHELO=0
130.186.250.195 allow,BOFHCHECKDNS=0,BOFHCHECKHELO=0

and then run makesmtpaccess.

I hope this help ..

Federico.

Thank you for the suggestion.

I was already aware of this from the courier-faq.  What I am asking is if
courier is checking more than three MX records during the verification
process.  Do you know if it does?

Kirk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain



Anand wrote:
 On Tue, Jan 20, 2004 at 11:20:51PM -0600, Kirk A Wolff wrote:

  First off:  Courier-mta is the BEST!
 
  Question:  Does courier iterate through all available MX records even if
  the first few are broken and possibly violate RFC1035?

 No. All the MX records have to be correct; even if one is wrong,
 courier will refuse to accept mail from that domain.

So if one record does not resolve, courier will reject the domain?

Is this the case if the MX entry is a 'real' entry, but doesn't resolve to
an IP address?

Kirk



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

Dan,

Read - RFC 1796 first;

Just cause it is mentioned as/or referenced to an RFC does not make it a 
standard.

If it is a standard and you still have a better way to accomplish what 
the standard is implying then RFC 2926
is for you.

The standards is what I am very critical about [I find it humorous that 
they are reffered to as STD's].

DNS [commonly refered to as RFC 1035 (previous 1034)] is actualy STD 0013

Mail Routing and the Domain System [commonly refered to as RFC 974] is 
expressed in STD 0014

This is not a Facist state, if anyone feels the need to propose any 
different then the floor is open once again RFC 2926 comes to mind.

Gerardo Gregory

Dan Melomedman wrote:

Gerardo Gregory wrote:

If he broke the mx entries on purpose then ask him where in the RFC it 
states that type of methadology, or what best business practice is he 
following here.


Too bad some RFCs don't always make sense. DSN is a good example. What
a waste of bandwidth and disk space.
---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

Kirk worte;

Is this the case if the MX entry is a 'real' entry, but doesn't resolve 
to an IP address?

---

If you are saying that the MX record has a domain name that has no valid 
A record associated then it is not a legitimate entry - it violates the RFC.

If you are saying that the MX record has a domain name with an 
associated A record, but that system is unreachable then the host is 
ureachable, next MX

Too bad he doesnt post on the MERIT NANOG list Perry Metzger, or Paul 
Vixie will certainly set him straight, ofcourse he might have no idea 
who they are.

Gerardo A. Gregory
Manager Network Administration and Security
-
Affinitas - Latin for Relationship
Helping Businesses Acquire, Retain, and Cultivate
Customers
Visit us at http://www.affinitas.net


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

2004-01-21 Thread Dan Melomedman

Gerardo Gregory wrote:
 Dan,
 
 Read - RFC 1796 first;
 
 Just cause it is mentioned as/or referenced to an RFC does not make it a 
 standard.

Precisely, or vice versa, but what people should be worrying about isn't
RFC compliance, but interoperability and better design. Whether it means
RFC compliance, standards compliance, or neither.

Furthermore, some things in RFCs are just plain wrong or bad by design,
DSN (ugly design, plus you can't control it, and you can't do
anything about it, so why bother in the first place?) and MIME included
(Email should have been designed to be 8-bit clean from the start). The
the job of email servers should have been to copy messages around,
not parse them. Welcome to the Internet: it sort-of works.

-- 
The crowd neither wants nor seeks knowledge, and the leaders of the crowd, in
their own interests, try to strengthen its fear and dislike of everything new
and unknown. The slavery in which mankind lives is based upon this fear.
--George Gurdjieff


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] RFC 1035 error V.S. First two MX entries BAD for domain

Precisely, or vice versa, but what people should be worrying about isn't
RFC compliance, but interoperability and better design.
Exactly...this is what the proposed RFC's and the IETF is attempting to 
do.  But these is no ESP, so there has to be a consortium to make 
standards to ease interoperability.

I agree with you, but I have to accept what's what unless I am willing 
to draft a different approcah, submit it, etc.

Gerardo

Dan Melomedman wrote:

Gerardo Gregory wrote:

Dan,

Read - RFC 1796 first;

Just cause it is mentioned as/or referenced to an RFC does not make it a 
standard.


Precisely, or vice versa, but what people should be worrying about isn't
RFC compliance, but interoperability and better design. Whether it means
RFC compliance, standards compliance, or neither.
Furthermore, some things in RFCs are just plain wrong or bad by design,
DSN (ugly design, plus you can't control it, and you can't do
anything about it, so why bother in the first place?) and MIME included
(Email should have been designed to be 8-bit clean from the start). The
the job of email servers should have been to copy messages around,
not parse them. Welcome to the Internet: it sort-of works.




---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain

Kirk A Wolff writes:

(brokendomain.com).  He says that his ISP wants to keep the first few MX
records broken, and that the problem is with MY mailserver.
How exactly does his ISP's decision to keep broken DNS become your problem?



pgp0.pgp
Description: PGP signature

[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain

Kirk A Wolff writes:

that exists today.  I have lightly reviewed the code in the file
courier/courier/rfc1035/rfc1035mxlist.c.  It seems to me that what is
happening is only the first three MX entries are used.  Please correct me on
this!
There's nothing in rfc1035mxlist.c that discards fourth, and subsequent, MX 
records.



pgp0.pgp
Description: PGP signature

[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain

Roger B.A. Klorese writes:

How exactly does his ISP's decision to keep broken DNS become 
your problem?
Simple -- he'd make the case that you should only refuse to deliver mail if
there are no correct MX records, not if there are any broken ones.
And I'll make a case that broken DNS records are a sign of an 
incompetently-administered ISP, and that it's been historically shown that 
incompetently-administered ISPs typically have other problems, such as open 
relays and hacked proxies, and zombies.




pgp0.pgp
Description: PGP signature

RE: [courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain

2004-01-21 Thread Roger B.A. Klorese

 And I'll make a case that broken DNS records are a sign of an 
 incompetently-administered ISP, and that it's been 
 historically shown that 
 incompetently-administered ISPs typically have other 
 problems, such as open 
 relays and hacked proxies, and zombies.

Great -- now we have *software* that wages preemptive war.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain

Simple -- he'd make the case that you should only refuse to deliver mail if there are no correct MX records, not if there are any broken ones.
So explain to me the difference between a broken MX record and an
incorrect one? Their is none...is there?

Explain me your ideology here...it is either a CORRECT one or NOT.

It either points to a domain name, which has an associated A record
(Correct)

or it does not (incorrect)

Now if you want the acceptance of broken MX records are being legitimate DNS
entries by the internet community then I refer this again RFC 2926

So your statement makes as much sense as the ISP's in question MX records
/dev/null

Gerardo

Roger B.A. Klorese writes:

And I'll make a case that broken DNS records are a sign of an
incompetently-administered ISP, and that it's been
historically shown that
incompetently-administered ISPs typically have other
problems, such as open
relays and hacked proxies, and zombies.
Great -- now we have *software* that wages preemptive war.

---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Gerardo A. Gregory
Manager Network Administration and Security

Affinitas - Latin for Relationship
Helping Businesses Acquire, Retain, and Cultivate
Customers
Visit us at http://www.affinitas.net

[courier-users] RE: RFC 1035 error V.S. First two MX entries BAD for domain

2004-01-21 Thread Roger B.A. Klorese

 Explain me your ideology here...it is either a CORRECT one or NOT. 

It doesn't matter if any of them are incorrect/broken.  It only matters if
*all* of them are.  Just as you shouldn't refuse to access foo.bar.com
because an A record for zap.bar.com is malformed, you shouldn't refuse to
try the 7th MX for bar.com because the 3rd one is malformed.

 Now if you want the acceptance of broken MX records are being 
 legitimate DNS 
 entries by the internet community then I refer this again  RFC 2926 

What does 2926 have at all to do with MX records?





---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

RE: [courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain

2004-01-21 Thread Mitch \(WebCob\)

 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED] Behalf Of Roger
 B.A. Klorese
 Sent: January 21, 2004 4:21 PM
 To: 'Sam Varshavchik'; [EMAIL PROTECTED]
 Subject: RE: [courier-users] Re: RFC 1035 error V.S. First two MX
 entries BAD for domain

  And I'll make a case that broken DNS records are a sign of an
  incompetently-administered ISP, and that it's been
  historically shown that
  incompetently-administered ISPs typically have other
  problems, such as open
  relays and hacked proxies, and zombies.

 Great -- now we have *software* that wages preemptive war.

It took me a while Roger, but I've come to agree (with the occasional client
inspired nagging doubt). A solid product that works and follows the rules vs.
one that accepts anything remotely appropriate thrown at it and muddles through.
The problem here, is not courier, but that people got used to sendmail and
others that were too permissive and allowed people to get sloppy in their
structure. How much work should one do to allow others to be sloppy?

General statement - not meant to directly slam anyone.

m/

---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Backup MX configuration

2004-01-21 Thread Pierre Ossman



Patrick O'Reilly wrote:

From: Pierre Ossman [EMAIL PROTECTED]

 

Ok, I've tried this now and either I'm missing something or the
semantics aren't quite as you explained.
I'll try to explain my total configuration to give you a better view of
what I'm trying to acheive.
The machine is called mail.craffe.se. It is a MX for the domain
craffe.se. Sending mail to the domain works fine (it is later forwarded
to an internal server using esmptroutes). It is also a backup MX for the
domain mathias.nu. Being a backup MX I have the machine's name in locals
in order for the backup MX semantics to function properly. Sending mail
to the domain mathias.nu also works perfectly fine.
Now for the problem. Sending mail to, for example, [EMAIL PROTECTED]
results in the machine trying to deliver the mail to the local user
account 'luser'. I added mail.craffe.se to esmtproutes in an attempt to
redirect the mail, but the locals file seems to have priority. What I'd
like is that mail would have been redirected to [EMAIL PROTECTED] (i.e. to
the domain, not the machine) or have it rejected (with '550 User
unknown' or similar).
From what I can gather the only system that has priority over locals is
the aliases. And I doesn't seem to be a syntax that gives me what I want
(except one aliases for each and every user on the machine).
So, what are my options? I don't like the current situation where the
local users can receive mail but I can't figure out how to stop it.
Regards Pierre

   

Aha.

I think the whole secondary MX thing is a red herring...

Do you actually have local accounts which match the email addresses? -
'luser' in your above example.  If these are local shell accounts, perhaps
you should remove 'authvchkpw' from the authmodulelist in 'authdaemonrc'?!?
The fact that the account exists locally might interfere with any attempt to
use esmptroutes - but I'm guessing here.
I don't have any box configured the way you are describing, so here's my
best guess:
esmptroutes:
craffe.se:internalrelay.craffe.se
.craffe.se:internalrelay.craffe.se
locals:
craffe.se
.craffe.se
mathias.nu
esmtpacceptmailfor:
craffe.se
.craffe.se
mathias.nu
That's all I can think of.

 

Yes! It finally works! =)
Thanks for the help. Removing everything from authmodulelist effectively 
blocks all user. Should have thought of that one...
I also noticed another weird behaviour. If I send a mail to 
[EMAIL PROTECTED], the machine realises it's a local account and 
strips it down to just 'root'. I have also specified 'craffe.se' as the 
default domain (/etc/courier/defaultdomain) so when it aplies the 
standard alias 'root: postmaster' it becomes '[EMAIL PROTECTED]' and 
goes away to the internal server. Just the way I wanted, and I didn't 
have to touch a thing =)

So a question to you and/or anyone else who knows (probably only *Sam 
Varshavchik):
*Is this the intended behaviour (default domain being added when 
resolving aliases) or should I expect to have to change this alias to 
'root: [EMAIL PROTECTED]' at some point?

Regards
Pierre


---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

Re: [courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain

2004-01-21 Thread Roger B.A. Klorese

Mitch (WebCob) wrote:
It took me a while Roger, but I've come to agree (with the occasional client
inspired nagging doubt). A solid product that works and follows the rules vs.
one that accepts anything remotely appropriate thrown at it and muddles through.
The problem here, is not courier, but that people got used to sendmail and
others that were too permissive and allowed people to get sloppy in their
structure. How much work should one do to allow others to be sloppy?
Accept liberally should still be the watchword for anything not 
constituting an attack pathway.

What you propose would be like making an auto bumper 1/4 high and 
saying that if everyone followed the spec there would be no non-bumper 
collisions.

The purpose of an MTA is not to be a literal implementation of RFCs but 
to receive and deliver mail successfully.



---
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
___
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users

[courier-users] Re: RFC 1035 error V.S. First two MX entries BAD for domain