I have successfully set up my DMZ, registered a domain, compiled a custom version of
ez-ipupdate to handle a non standard service, reconfigured weblet to act as a basic
web content server.
I now need to get Qmail up and running so I can host my own email.
I followed the "qmail LEAF/LRP user's gu
Kory,
I haven't set up Qmail on a LEAF system, but from regular Linux distributions
I'm not sure your likely looking for the most common problems. Typically, each
user must have a directory that contains a ~/Maildir folder rather than a
global directory (one user?). POP3 is quite a bit of a PITA w
Kory -- Because (I think) your setup involves two separate LEAF systems --
one running as a router/firewall, the other as a DMZ/Qmail server -- you
might want to be a bit clearer about which system you are reporting each
detail about. For example:
> Local mail client is at 192.168.1.1 qmail is
Lynn,
Please forgive my lack of experience but I don't quite follow all the terms.
I have the proper Maildir set up for the admin account (lrpqmail) and it receives the
mail sent to it from the internet as proven by my ability to see the message in the
~Maildir/new directory. I believe I may have
Ray,
Sorry I was not clearer about the overall config. Comments inline.
>Kory -- Because (I think) your setup involves two separate LEAF
>systems --
>one running as a router/firewall, the other as a DMZ/Qmail server --
>you
>might want to be a bit clearer about which system you are reporting
>each
At 04:37 PM 12/21/2003 -0500, Kory Krofft wrote:
[...]
If you make it through all this you are way to nice a guy. But I
appreciate your help.:-)
No, just a fast reader. Anyway, the bulk of it was the Shorewall output,
and that's highly structured, making it easy to find the relevant parts.
Now t
Ray,
I was able to connect to the pop server using telnet it seemed to take quite a while
to get a response but I was able to retreive and read the test message sent to
lrpqmail.
>
>I don't know your setup well enough to tell you what is going on in
>the
>Shorewall DROP log, but since it involv
On Sunday 21 December 2003 08:32 pm, Kory Krofft wrote:
> Ray,
>
> I was able to connect to the pop server using telnet it seemed to take
> quite a while to get a response but I was able to retreive and read the
> test message sent to lrpqmail.
Then the mail server is working correctly and you hav
Kory Krofft <[EMAIL PROTECTED]> [2003:12:21:12:53:56-0500] scribed:
> I have successfully set up my DMZ, registered a domain, compiled a
> custom version of ez-ipupdate to handle a non standard service,
> reconfigured weblet to act as a basic web content server.
>
> I now need to get Qmail up and
Sorry to disagree with Lynn, but the magic words here are "quite a while".
This strongly suggests to me that an earlier guess, that the observed
"failures" actually are DNS-based delays, is the right guess ... and that
"quite a while" is around 3 minutes.
What to do about it?
First, maybe your
Michael,
Thanks for the response. See below...
>Kory Krofft <[EMAIL PROTECTED]> [2003:12:21:12:53:56-0500] scribed:
>>I now need to get Qmail up and running so I can host my own email.
>>I followed the "qmail LEAF/LRP user's guide" but I am missing
>>something. If I use a windows mail client to
Ray,
See below
>"failures" actually are DNS-based delays, is the right guess ... and
>that
>"quite a while" is around 3 minutes.
It takes about a minute and a half to get a response with telnet.
>What to do about it?
>
>First, maybe your mail server can be configured not to do reverse
>loo
On Monday 22 December 2003 07:24 pm, Kory Krofft wrote:
> I believe as Ray has mentioned that the major issue may be a reverse
> lookup that qmail is doing which causes the timeout error on the mail
> client. I am still looking into what dns settings I need to change to fix
> that possibility.
I
Kory Krofft <[EMAIL PROTECTED]> [2003:12:22:20:24:44-0500] scribed:
> I believe as Ray has mentioned that the major issue may be a reverse
> lookup that qmail is doing which causes the timeout error on the mail
> client. I am still looking into what dns settings I need to change to
> fix that po
Kory Krofft <[EMAIL PROTECTED]> [2003:12:22:20:24:44-0500] scribed:
> >What is in these files:
> >
> >/var/qmail/control/defaultdomain
> kroffts.com
> >/var/qmail/control/locals
> kroffts.com
> >/var/qmail/control/rcpthosts
> kroffts.com
> >
> >Try watching output from the following while you att
At 09:47 PM 12/22/2003 -0600, Michael D Schleif wrote:
[...]
Currently, you are *NOT* authoritative and *CANNOT* assume authority for
the kroffts.com domain:
Actually, he can ... in a limited sense. In a way that matters, DNS is just
a shared delusion, and as long as he lies about it only when tal
Lynn,
See below
>
>>I believe as Ray has mentioned that the major issue may be a
>>reverse
>>lookup that qmail is doing which causes the timeout error on the
>>mail
>>client. I am still looking into what dns settings I need to change
>>to fix
>>that possibility.
>
>I was assuming that all the
Michael,
cat /etc/tcp.smtp gives
127.:allow,RELAYCLIENT=""
192.168.:allow,RELAYCLIENT=""
Kory
On Mon, 22 Dec 2003 21:51:31 -0600, Michael D Schleif wrote:
>Kory Krofft <[EMAIL PROTECTED]> [2003:12:22:20:24:44-0500] scribed:
>
>
>>>What is in these files:
>>>
>>>/var/qmail/control/defaultdom
I understand much better now. I will try your suggestions tomorrow and report back.
So the DMZ domain should NOT match the internet domain since the name itself ti
registered at dnsexit.
I take it then that the domain on the dmz could be kroffts.dmz as well as anything
else I could choose to cal
Ray Olszewski <[EMAIL PROTECTED]> [2003:12:22:20:08:14-0800] scribed:
> At 09:47 PM 12/22/2003 -0600, Michael D Schleif wrote:
> [...]
> >Currently, you are *NOT* authoritative and *CANNOT* assume authority for
> >the kroffts.com domain:
>
> Actually, he can ... in a limited sense. In a way that m
Kory Krofft <[EMAIL PROTECTED]> [2003:12:22:23:30:12-0500] scribed:
> I understand much better now. I will try your suggestions tomorrow and
> report back.
> So the DMZ domain should NOT match the internet domain since the name
> itself ti registered at dnsexit.
> I take it then that the domain on
Michael,
I set up the /etc/tinydns-private/root/data file per your suggestion,
=localhost:127.0.0.1
.localhost:127.0.0.1:a
.1.0.0.127.in-addr.arpa:127.0.0.1:a
.kroffts.home:127.0.0.1:a
.1.168.192.in-addr.arpa:127.0.0.1:a
=markii.kroffts.home:192.168.1.254
=coventry.kroffts.hom
Kory.
As Michael and Ray have pretty much explained, it can be very difficult
and technically improper to run both private and public dns entries on
the same server. The easiest and technically correct configuration would
be to run one authoritive nameserver for the internet and a seperate server
On Tue, 23 Dec 2003 22:13:34 -0600, Lynn Avants wrote:
>Kory.
>
It took me about 4 days to get everything setup correctly
>the first
>time then life got much easier. This may not be much comfort,
>but you
>might want to take a day off and let your mind clear. Reading all the
>different docs
On Thu, 25 Dec 2003, Kory Krofft wrote:
I'll comment on the Shorewall configuration.
>
> /etc/shorewall/rules
>
> #ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL
> # PORTPORT(S) DEST
> #
> # Accept DN
OK. Reading through the router stuff, it looks OK. The two small errors in
the rulesets are probably inconsequential in this context.
One, this rule is unneeded --
DNATnet dmz:192.168.10.1 udp25
-- (you only need tcp for SMTP) but it is harmless.
Two, this rule
>Now, from here, I can conenct to your Web home page. I can also
>connect to
>your SMTP server, but with a long delay:
>
>[EMAIL PROTECTED]:~$ telnet kroffts.com 25
>Trying [a.b.c.d - address deleted]...
>Connected to dhcp024-210-193-152.woh.rr.com.
>Escape character is '^]'.
>[delay between 2 and
At 06:04 PM 12/26/2003 -0500, Kory Krofft wrote:
>Now, from here, I can conenct to your Web home page. I can also
>connect to
>your SMTP server, but with a long delay:
[...]
>THis is a test of my ability to send a message from an
>offsite
>location to the test user on the mail server. Kory -- see
Ray,
>[...]
>OK. The problem here is that qmail does not know that mail to
>[EMAIL PROTECTED] is mail for local delivery, so it tries to relay
>it to I
>can't-guess-where (can that host resolve kroffts.com?). This is, no
>doubt,
>a side effect of moving from kroffts.com to kroffts.dmz (or whatever
Since most of the detail in your latest message is about how you did get
things working, I'll skip over that to the one problem that remains --
reverse lookup of on-LAN IP addresses. The tcpdump output says that the
mail server is querying a DNS server that does not exist. Edited to
highlight w
On Friday 26 December 2003 10:15 pm, Ray Olszewski wrote:
> Since most of the detail in your latest message is about how you did get
> things working, I'll skip over that to the one problem that remains --
> reverse lookup of on-LAN IP addresses. The tcpdump output says that the
> mail server is qu
Kory Krofft <[EMAIL PROTECTED]> [2003:12:26:21:47:40-0500] scribed:
> using the host command, I can get the dmz host to resolve other names
> and reverse lookup other ips but not it's own. I altered the
> /etc/tinydns-private/root/data file to read:
>
> =localhost:127.0.0.1
> localhost:127.0.0.1
Kory Krofft <[EMAIL PROTECTED]> [2003:12:27:19:01:19-0500] scribed:
> Michael, Ray, Lynn,
>
> What you are all saying makes sense. I have tried reversing the
> interfaces that dnscache and tinydns bind to with no improvement. I
> believe Michael is correct that I need 2 instances of tinydns but I
Michael, Ray, Lynn,
What you are all saying makes sense. I have tried reversing the interfaces that
dnscache and tinydns bind to with no improvement. I believe Michael is correct that I
need 2 instances of tinydns but I have no idea how to accomplish this in a lrp
environment. i would guess tha
Hello Kory,
sorry I haven't read the whole thread.
But as I understand, you have a mail server in the dmz
running on a leaf box.
called DMZ_BOX
DMZ = 192.168.10.0/24
route will be 192.168.10.0/24 via 192.168.10.x
default via 192.168.10.254 ( DMZ address on LEAFBOX)
and a leaf router connected to
Michael D Schleif wrote:
Kory Krofft <[EMAIL PROTECTED]> [2003:12:26:21:47:40-0500] scribed:
using the host command, I can get the dmz host to resolve other names
and reverse lookup other ips but not it's own. I altered the
/etc/tinydns-private/root/data file to read:
=localhost:127.0.0.1
loca
36 matches
Mail list logo