[xmail] Re: Relaying Issue
On Tue, 18 May 2004, Jeffrey Laramie wrote: Morning All, The last 2 days it appears my mail server has incorrectly forwarded (or at least attempted to forward) a message to the wrong IP. This is on a system that had been running for months without change. Some additional info: SuSE 8.2 fully updated XMail 1.17 Contents of custdomain tab file ubaight.com.tab: smtprelay smtp.ubaight.com Entry in smtp log file: Trans-Star.net81.215.123.23 2004-05-17 20:38:06 dsl81-215-31511.adsl.ttnet.net.tr ubaight.com [EMAIL PROTECTED] [EMAIL PROTECTED] SC214 RCPT=OK 0 dsl81-215-31511.adsl.ttnet.net.tr Trans-Star.net81.215.123.23 2004-05-17 20:38:07 dsl81-215-31511.adsl.ttnet.net.tr ubaight.com [EMAIL PROTECTED] [EMAIL PROTECTED] SC214 RECV=OK 1839 dsl81-215-31511.adsl.ttnet.net.tr First 3 entries in firewall log of receiving server: May 17 20:38:10 LServer1 kernel: Lan-Host: IN=eth0 OUT= MAC=00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=192.168.0.2 DST=192.168.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4638 DF PROTO=TCP SPT=32861 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 May 17 20:46:12 LServer1 kernel: Lan-Host: IN=eth0 OUT= MAC=00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=192.168.0.2 DST=192.168.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=4909 DF PROTO=TCP SPT=32862 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 May 17 20:54:47 LServer1 kernel: Lan-Host: IN=eth0 OUT= MAC=00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=192.168.0.2 DST=192.168.0.1 LEN=60 TOS=0x00 PREC=0x00 TTL=64 ID=5154 DF PROTO=TCP SPT=32863 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 This hasn't happened before and I probably wouldn't have even noticed except that it tried to send to one of my internal firewalled servers and the packets were logged and dropped. There shouldn't be a problem with DNS since the box XMail is on is also the authoritative name server for ubaight.com. The rest of the mail for this domain is forwarded without problems and has been for months. Any ideas why this is happening or any other info I can provide? Well, the only thing XMail does with such smtprelay handling is to use a gethostbyname() (read *system* DNS lookup) of smtp.ubaight.com and relay the message to it. If you see it sending to places it shouldn't, it means the DNS or the routing infrastructure did something funny. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Relaying Issue
Does a dns lookup for smtp.ubaight.com on the xmail machine give the = good ip ? If ok, see your xmail smail log to see where xmail connected to send = the mails ... If bad IP, try this (clear xmail dns cache) : stop xmail empty xmail 'dnscache/mx' empty xmail 'dnscache/ns' restart xmail if good IP : Did you change anything on the receiving machine ? or in a firewall or nat device ? Francis -Message d'origine- De : Jeffrey Laramie [mailto:[EMAIL PROTECTED] Envoy=E9 : mardi 18 mai 2004 15:43 =C0 : [EMAIL PROTECTED] Objet : [xmail] Relaying Issue =20 =20 Morning All, =20 The last 2 days it appears my mail server has incorrectly=20 forwarded (or at=20 least attempted to forward) a message to the wrong IP. This=20 is on a system=20 that had been running for months without change. Some additional = info: =20 SuSE 8.2 fully updated XMail 1.17 =20 Contents of custdomain tab file ubaight.com.tab: smtprelay smtp.ubaight.com =20 Entry in smtp log file: Trans-Star.net81.215.123.23 2004-05-17 20:38:06=09 dsl81-215-31511.adsl.ttnet.net.tr ubaight.com=09 [EMAIL PROTECTED]=09 [EMAIL PROTECTED] SC214 RCPT=3DOK 0=09 dsl81-215-31511.adsl.ttnet.net.tr Trans-Star.net81.215.123.23 2004-05-17 20:38:07=09 dsl81-215-31511.adsl.ttnet.net.tr ubaight.com=09 [EMAIL PROTECTED]=09 [EMAIL PROTECTED] SC214 RECV=3DOK 1839=09 dsl81-215-31511.adsl.ttnet.net.tr =20 First 3 entries in firewall log of receiving server: May 17 20:38:10 LServer1 kernel: Lan-Host: IN=3Deth0 OUT=3D=20 MAC=3D00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=3D192.168.0.2=20 DST=3D192.168.0.1=20 LEN=3D60 TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D4638 DF PROTO=3DTCP=20 SPT=3D32861 DPT=3D25=20 WINDOW=3D5840 RES=3D0x00 SYN URGP=3D0 May 17 20:46:12 LServer1 kernel: Lan-Host: IN=3Deth0 OUT=3D=20 MAC=3D00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=3D192.168.0.2=20 DST=3D192.168.0.1=20 LEN=3D60 TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D4909 DF PROTO=3DTCP=20 SPT=3D32862 DPT=3D25=20 WINDOW=3D5840 RES=3D0x00 SYN URGP=3D0 May 17 20:54:47 LServer1 kernel: Lan-Host: IN=3Deth0 OUT=3D=20 MAC=3D00:c0:f0:57:af:cc:00:0c:76:3a:30:94:08:00 SRC=3D192.168.0.2=20 DST=3D192.168.0.1=20 LEN=3D60 TOS=3D0x00 PREC=3D0x00 TTL=3D64 ID=3D5154 DF PROTO=3DTCP=20 SPT=3D32863 DPT=3D25=20 WINDOW=3D5840 RES=3D0x00 SYN URGP=3D0 =20 This hasn't happened before and I probably wouldn't have even=20 noticed except=20 that it tried to send to one of my internal firewalled=20 servers and the=20 packets were logged and dropped. There shouldn't be a problem=20 with DNS since=20 the box XMail is on is also the authoritative name server for=20 ubaight.com.=20 The rest of the mail for this domain is forwarded without=20 problems and has=20 been for months. Any ideas why this is happening or any other=20 info I can=20 provide? =20 Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] =20 - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Relaying Issue
On Tuesday 18 May 2004 12:31, CLEMENT Francis wrote: Does a dns lookup for smtp.ubaight.com on the xmail machine give the = good ip ? Yes If ok, see your xmail smail log to see where xmail connected to send = the mails ... If bad IP, try this (clear xmail dns cache) : stop xmail empty xmail 'dnscache/mx' empty xmail 'dnscache/ns' restart xmail if good IP : Did you change anything on the receiving machine ? or in a firewall or nat device ? There is no entry in the smail logs that correspond to this message. Maybe a cached lookup got corrupted somehow. I'll clear the cached records and see if that fixes it. Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
At 10:38 1/13/2004, Jeffrey Laramie wrote: That's kinda interesting. You have multiple A records pointing to 66.219.172.36. We're getting a little OT here but why do you use A records instead of CNAMEs? I know there was some debate about this years ago and at that time the conventional wisdom was that CNAMEs were better. I don't know what the 'preferred ' configuration is these days. Because RFC2822 specifies that A records for mail servers should not be CNAMEs...:) - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
At 10:38 1/13/2004, Jeffrey Laramie wrote: Right, but getting back to Dale's original concern, his virtual domains won't fail the remote server's RDNS check if the DNS for his SMTP server is configured correctly. And he shouldn't be afraid to use RDNS to check the validity of a remote server. Even a couple of years ago spoofing was relatively rare and a mail server that failed RDNS was not a big deal. Today about half of the spam I see is rejected by RDNS before my users see it. IMHO any SMTP server that fails RDNS is broken and should be fixed. True. However, most RDNS checks today are to determine that a mail server (ie. a connecting IP address) *has* a PTR record, not to match the PTR record with the HELO or MAIL FROM domain. However, with that said, I do match the PTR record against a number of known spam source DNS names, and reject if I find it in that list... - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
Tracy wrote: At 10:38 1/13/2004, Jeffrey Laramie wrote: That's kinda interesting. You have multiple A records pointing to 66.219.172.36. We're getting a little OT here but why do you use A records instead of CNAMEs? I know there was some debate about this years ago and at that time the conventional wisdom was that CNAMEs were better. I don't know what the 'preferred ' configuration is these days. Because RFC2822 specifies that A records for mail servers should not be CNAMEs...:) Good reason! - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
Tracy [EMAIL PROTECTED] wrote: Because RFC2822 specifies that A records for mail servers should not be CNAMEs...:) You mean, rcf 2821. Here is an extract: Once an SMTP client lexically identifies a domain to which mail will be delivered for processing (as described in sections 3.6 and 3.7), a DNS lookup MUST be performed to resolve the domain name [22]. [.] The lookup first attempts to locate an MX record associated with the name. If a CNAME record is found instead, the resulting name is processed as if it were the initial name. If no MX records are found, but an A RR is found, the A RR is treated as if it was associated with an implicit MX RR, with a preference of 0, pointing to that host. If one or more MX RRs are found for a given name, SMTP systems MUST NOT utilize any A RRs associated with that name unless they are located using the MX RRs; the implicit MX rule above applies only if there are no MX records present. If MX records are present, but none of them are usable, this situation MUST be reported as an error. regards, chabral - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
chabral wrote: Jeffrey Laramie [EMAIL PROTECTED] wrote: Would you by any chance have a link to this document? This is something I really need to keep up on. Here you can find all rfcs: http://www.rfc-index.com/ Great, thanks. You've provided a valuable resource *and* cured my insomnia with a single link ;-) Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
So it has nothing to do with my server setup? Is there anything I can do to force Xmail to send the message? Thanks in advance, and great software. This beats the heck outta = eXtremail. Glad I made the jump. [EMAIL PROTECTED] 01/12/04 04:29PM On Mon, 12 Jan 2004, Dale Qualls wrote: I'm receiving this reply for a few messages that we send (not all, only = a =3D couple). =20 With the exception of our domain name being changed to mydomain.org = and =3D Xing out the subject and organization, this snip is exactly what = XMail =3D returned to the senders. =20 Could this be because the linuxmail.localdomain doesn't actually say = =3D linuxmail.mydomain.org ?? Where can I change the localdomain info?. =20 Could this be a reverse pointer problem? I'm not sure if the DNS record = =3D has a reverse pointer for the domain name. =20 Any help would be most appreciated. It's an error in their setup. The MX record for ci.aurora.il.us is=20 really mail002.chicago.lightfirst.com, but they do not handle mail = for=20 the ci.aurora.il.us domain. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
On Mon, 12 Jan 2004, Dale Qualls wrote: So it has nothing to do with my server setup? Is there anything I can do to force Xmail to send the message? You can try to use the ESMTP extension: MAIL FROM:... I-REALLY-BEG-YOU=1 but I don't think is gonna work :-) Seriously, you can't. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
Great, thank you. I was wondering about the reverse DNS lookup that some mailservers do. If my xmailserver has a default domain of mydomain.org and a reverse DNS = lookup pointing to mydomain.org all is well. But, if myseconddomain.org = users send a message to a place that does reverse DNS lookups and it = resolves back to mydomain.org, is it common for the receiving server to = reject the message for relaying? Just wondering...it strays from the intention of my original post and from = the list. [EMAIL PROTECTED] 01/12/04 05:03PM On Mon, 12 Jan 2004, Dale Qualls wrote: Hmmm, ok. =20 I'm not even gonna try if you don't think it'll work :) =20 I'm having the reverse DNS setup for the mydomain.org through the ISP = =3D issuing the IPs. =20 Will this affect my other domains on the server not being able to send = =3D messages to hosts that do a reverse DNS lookup? Such as myseconddomain.o= rg=3D and mythirddomain.org? No, it is not your fault (at least if you are not handling ci.aurora.il.us)= .. - Davide - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
Dale Qualls wrote: Great, thank you. I was wondering about the reverse DNS lookup that some mailservers do. If my xmailserver has a default domain of mydomain.org and a reverse DNS = lookup pointing to mydomain.org all is well. But, if myseconddomain.org = users send a message to a place that does reverse DNS lookups and it = resolves back to mydomain.org, is it common for the receiving server to = reject the message for relaying? In a standard DNS configuration you would have a domain 'zone' file for each domain name and a 'reverse lookup' zone file for each block of IPs. The zone file typically has records that resolve a name to an IP address: myhost A 12.34.56.78 The reverse lookup zone file has the opposite record: 78 PTR myhost.mydomain.org The reverse lookup zone file knows what domain each IP is in. If a remote mail server does a reverse lookup and gets mydomain instead of myseconddomain, then it's configured wrong and you need to contact the ISP or whomever handles DNS for these domains. It would be good policy for the remote mail server to reject any address that fails RDNS lookup since it's most likely either spoofed or broken. Jeff - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
At 19:47 1/12/2004, Jeffrey Laramie wrote: In a standard DNS configuration you would have a domain 'zone' file for each domain name and a 'reverse lookup' zone file for each block of IPs. The zone file typically has records that resolve a name to an IP address: myhost A 12.34.56.78 The reverse lookup zone file has the opposite record: 78 PTR myhost.mydomain.org The reverse lookup zone file knows what domain each IP is in. If a remote mail server does a reverse lookup and gets mydomain instead of myseconddomain, then it's configured wrong and you need to contact the ISP or whomever handles DNS for these domains. It would be good policy for the remote mail server to reject any address that fails RDNS lookup since it's most likely either spoofed or broken. There are cases where there is overlap between multiple domains and the same IP space (web hosting comes most prominently to mind, but there are other situations). For instance, if you look up the following DNS names: mail.vbot.org mail.arisiasoft.com You will find they both resolve as 66.219.172.36 - if you look up 66.219.172.36, it should resolve as: karen.arisiasoft.com You'll note that neither of the mail names match the PTR record (one matches at the primary domain level, but not a complete match). Both of the mail. DNS names point to the same machine - mail for both domains is hosted there (on the same copy of Xmail). If a remote mail server does a reverse lookup and gets mydomain instead of myseconddomain, then it's configured wrong and you need to contact the ISP or whomever handles DNS for these domains. If I understand your logic here, you are saying that because mail.vbot.org -- 66.219.172.36 -- karen.arisiasoft.com, you would recommend rejecting all mail from mail.vbot.org? Even though it has a valid RDNS (even if it doesn't match the original DNS name), and a valid MX record for the domain pointing to the same IP address? I think if you followed through on that, you would end up rejecting a lot of mail from a lot of places... - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
[xmail] Re: relaying issue
That's exactly my question. How does an ISP handle this? I have one name = for my xmail server that if you telnet to it you get mydomain.org and a = RDNS will match mydomain.org, but if I'm sending mail from mythirddomain= ..org and a RDNS is looked at it will see mydomain.organd therefore get = rejected (assuming that they require RDNS for e-mail acceptance). I just don't want to have a problem with 2 of my 3 domains being rejected = by places like the college I listed in my original post which appears to = requires RDNS lookups. [EMAIL PROTECTED] 01/12/04 08:01PM At 19:47 1/12/2004, Jeffrey Laramie wrote: In a standard DNS configuration you would have a domain 'zone' file for each domain name and a 'reverse lookup' zone file for each block of IPs. The zone file typically has records that resolve a name to an IP address: myhost A 12.34.56.78 The reverse lookup zone file has the opposite record: 78 PTR myhost.mydomain.org The reverse lookup zone file knows what domain each IP is in. If a remote mail server does a reverse lookup and gets mydomain instead of myseconddomain, then it's configured wrong and you need to contact the ISP or whomever handles DNS for these domains. It would be good policy for the remote mail server to reject any address that fails RDNS lookup since it's most likely either spoofed or broken. There are cases where there is overlap between multiple domains and the=20 same IP space (web hosting comes most prominently to mind, but there = are=20 other situations). For instance, if you look up the following DNS names: mail.vbot.org mail.arisiasoft.com You will find they both resolve as 66.219.172.36 - if you look up=20 66.219.172.36, it should resolve as: karen.arisiasoft.com You'll note that neither of the mail names match the PTR record (one=20 matches at the primary domain level, but not a complete match). Both of = the=20 mail. DNS names point to the same machine - mail for both domains is = hosted=20 there (on the same copy of Xmail). If a remote mail server does a reverse lookup and gets mydomain instead of myseconddomain, then it's configured wrong and you need to contact the ISP or whomever handles DNS for these domains. If I understand your logic here, you are saying that because mail.vbot.org= =20 -- 66.219.172.36 -- karen.arisiasoft.com, you would recommend = rejecting=20 all mail from mail.vbot.org? Even though it has a valid RDNS (even if = it=20 doesn't match the original DNS name), and a valid MX record for the = domain=20 pointing to the same IP address? I think if you followed through on that, you would end up rejecting a = lot=20 of mail from a lot of places... - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line unsubscribe xmail in the body of a message to [EMAIL PROTECTED] For general help: send the line help in the body of a message to [EMAIL PROTECTED]
