Re: rblsmtpd and mail-abuse.org's DNS servers
On Thu, 2 Aug 2001, Derek Callaway wrote: Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else From the manual page at http://cr.yp.to/ucspi-tcp/rblsmtpd.html: -C: (Default.) Handle RBL lookups in a ``fail-open'' mode. If an RBL lookup fails temporarily, assume that the address is not listed; if an anti-RBL lookup fails temporarily, assume that the address is anti-listed. Unfortunately, a knowledgeable attacker can force an RBL lookup or an anti-RBL lookup to fail temporarily, so that his mail is not blocked. -- Work: It's not just a job, it's an indenture.
Re: rblsmtpd and mail-abuse.org's DNS servers
2) Did you actually pay MAPS for use of their mail-abuse.org servers? They started charging on August 1st so you are not going to have much luck using them to block spam if you aren't paying them. Have you looked at the price list? The price for individual users is $0. If you want to keep using the RBL, RSS, an DUL, they want a written agreement from you, but if you can't afford to pay, they don't demand money. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: rblsmtpd and mail-abuse.org's DNS servers
I list some alternatives to MAPS's RBLs, along with some other spam-prevention techniques, here: http://www.summersault.com/chris/techno/qmail/qmail-antispam.html http://www.summersault.com/chris/techno/qmail/qmail-antispam.html#resources Chris On Thu, 2 Aug 2001, Derek Callaway wrote: On Thu, 2 Aug 2001, Chin Fang wrote: Right, I guess I should have said that I already read those pages before I posted this message. I'm looking for a _free_ workaround to this problem. TIA You will need to pay MAPS to use one of its three RBLs, or the combined RBL+. Please see http://www.mail-abuse.org/subscription.html and http://www.mail-abuse.org/feestructure.html even you are with an educational institution. Dr. Dan Bernstein himself has given up on MAPS's RBLs: Please see: http://cr.yp.to/ucspi-tcp/rblsmtpd.html Regards, Chin Fang [EMAIL PROTECTED] Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else had this problem? I'd like to blindy accept e-mail if the RBL nameservers cannot be contacted. Here's how I'm starting the SMTP server: /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio /usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org /usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21 | /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100 /var/log/smtp -- //Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;, http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/ -- Chris Hardie - - mailto:[EMAIL PROTECTED] -- http://www.summersault.com/chris/ --
Re: rblsmtpd and mail-abuse.org's DNS servers
You will need to pay MAPS to use one of its three RBLs, or the combined RBL+. Please see http://www.mail-abuse.org/subscription.html and http://www.mail-abuse.org/feestructure.html even you are with an educational institution. Dr. Dan Bernstein himself has given up on MAPS's RBLs: Please see: http://cr.yp.to/ucspi-tcp/rblsmtpd.html Regards, Chin Fang [EMAIL PROTECTED] Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else had this problem? I'd like to blindy accept e-mail if the RBL nameservers cannot be contacted. Here's how I'm starting the SMTP server: /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio /usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org /usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21 | /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100 /var/log/smtp -- //Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;, http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/
Re: rblsmtpd and mail-abuse.org's DNS servers
On Thu, Aug 02, 2001 at 02:58:08PM -0400, Derek Callaway wrote: /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio /usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org /usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21 | /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100 /var/log/smtp Two quick observations: [1] A single rblsmtpd instance can take multiple -r options, so your command line can be /much/ shorter and more efficiently executed. [2] Are you actually most concerned about quickly accepting mail from /local/ (or known-good) clients? If so, set up your own anti-RBL list and make it the first list to be checked. Read http://cr.yp.to/ucspi-tcp/rblsmtpd.html for more details on both the above. -- Adrian HoTinker, Drifter, Fixer, Bum [EMAIL PROTECTED] ListArchive: http://marc.theaimsgroup.com/?l=qmail Useful URLs: http://cr.yp.to/qmail.html http://www.qmail.org http://www.lifewithqmail.org/ http://qmail.faqts.com/
rblsmtpd and mail-abuse.org's DNS servers
Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else had this problem? I'd like to blindy accept e-mail if the RBL nameservers cannot be contacted. Here's how I'm starting the SMTP server: /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio /usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org /usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21 | /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100 /var/log/smtp -- //Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;, http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/
RE: rblsmtpd and mail-abuse.org's DNS servers
Derek, I see a number of problems with the text you copied in there, it's very confusing. Here's the questions and issues: 1) On line 2, you're calling rblsmtpd and having it call rblsmtpd, which then calls rblsmtpd for a third time on line 3. The first instance doesn't even have arguments so I have no idea why you're doing that. Combine all of those into one rblsmtpd with multiple -r arguments for all the servers to test against. 2) Did you actually pay MAPS for use of their mail-abuse.org servers? They started charging on August 1st so you are not going to have much luck using them to block spam if you aren't paying them. 3) You will need to call rblsmtpd with a -C argument to allow email through if it can't do the lookups against the servers you specify. This is the default so having it or not is okay. Dave -Original Message- From: Derek Callaway [mailto:[EMAIL PROTECTED]] Sent: Thursday, August 02, 2001 2:58 PM To: [EMAIL PROTECTED] Subject: rblsmtpd and mail-abuse.org's DNS servers Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else had this problem? I'd like to blindy accept e-mail if the RBL nameservers cannot be contacted. Here's how I'm starting the SMTP server: /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio /usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org /usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21 | /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100 /var/log/smtp -- //Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;, http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/
Re: rblsmtpd and mail-abuse.org's DNS servers
On Thu, 2 Aug 2001, Chin Fang wrote: Right, I guess I should have said that I already read those pages before I posted this message. I'm looking for a _free_ workaround to this problem. TIA You will need to pay MAPS to use one of its three RBLs, or the combined RBL+. Please see http://www.mail-abuse.org/subscription.html and http://www.mail-abuse.org/feestructure.html even you are with an educational institution. Dr. Dan Bernstein himself has given up on MAPS's RBLs: Please see: http://cr.yp.to/ucspi-tcp/rblsmtpd.html Regards, Chin Fang [EMAIL PROTECTED] Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. Has anyone else had this problem? I'd like to blindy accept e-mail if the RBL nameservers cannot be contacted. Here's how I'm starting the SMTP server: /usr/local/bin/tcpserver -x /etc/tcp.smtp.cdb -u 7791 -g 2108 -v 0 smtp fixcrio /usr/local/bin/rblsmtpd -t 7 /usr/local/bin/rblsmtpd -t 7 -r dialups.mail-abuse.org /usr/local/bin/rblsmtpd -t 7 -r 'relays.mail-abuse.org:Open relay problem - see URL:http://www.mail-abuse.org/cgi-bin/nph-rss?%IP%' /var/qmail/bin/qmail-smtpd 21 | /usr/local/bin/setuidgid qmaill /usr/local/bin/multilog t n100 s100 /var/log/smtp -- //Derek Callaway [EMAIL PROTECTED] * Programmer: CISC, LLC - S@IRC char *sites[]={http://www.freezersearch.com/index.cfm?aff=dhc;, http://www.ciscllc.com,http://www.freezemail.com,0}; /*KDR AB 249*/
Re: rblsmtpd and mail-abuse.org's DNS servers
Hi, I'm having a problem with my qmail smtpd server becoming unresponsive when rblsmtpd cannot communiate with the RBL nameservers. http://www.mail-abuse.org/subscription.html Mads
Re: rblsmtpd and mail-abuse.org's DNS servers
On Thu, 2 Aug 2001, Derek Callaway wrote: Right, I guess I should have said that I already read those pages before I posted this message. I'm looking for a _free_ workaround to this problem. TIA There is no workaround. The resolver is going to wait for the connection to time out, thus causing your delay. The workaround is to either find another RBL list source that runs a reliable, free network, or when it does have hiccups, remove them, or suffer through the delays. -- John Gonzalez / [EMAIL PROTECTED] / [EMAIL PROTECTED] Tularosa Communications, Inc. (505) 439-0200 voice / (505) 443-1228 fax http://www.tularosa.net / ASN 11711 / JG6416 [--[ sys info ]---] 1:45pm up 329 days, 19:14, 5 users, load average: 0.07, 0.18, 0.15
qmail-remote hanging on DNS query?
I've hit an odd problem with qmail-remote. With one of our ISP's DNS servers set as primary, qmail-remote will hang indefinitely on some addresses. The DNS server in question responds fine to dig queries. Example: First DNS server in resolv.conf is 205.152.0.20 Run the following command: (testfile contains a email message) cat testfile | /var/qmail/bin/qmail-remote mindspring.com [EMAIL PROTECTED] [EMAIL PROTECTED] qmail-remote will hang forever. If I change the primary DNS server to another one then everything works fine. An strace of qmail-remote shows: connect(3, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(205.152.0.20)}}, 16) = 0 send(3, \250t\1\0\0\1\0\0\0\0\0\0\nmindspring\3com\0\0\377\0\1..., 32, 0) = 32 time(NULL) = 996696004 poll([{fd=3, events=POLLIN, revents=POLLIN}], 1, 5000) = 1 recvfrom(3, \250t\203\200\0\1\0\25\0\0\0\0\nmindspring\3com\0\0\377..., 513, 0, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(205.152.0.20)}}, [16]) = 503 close(3)= 0 socket(PF_INET, SOCK_STREAM, IPPROTO_IP) = 3 connect(3, {sin_family=AF_INET, sin_port=htons(53), sin_addr=inet_addr(205.152.0.20)}}, 16) = 0 writev(3, [{\0 , 2}, {\250t\1\0\0\1\0\0\0\0\0\0\nmindspring\3com\0\0\377\0\1..., 32}], 2) = 34 read(3, and dies there. I wouldn't expect a DNS server to be able to kill qmail-remote. Make it exit with an error, sure. Our setup is qmail-1.03 on a Linux server. The DNS patch has been applied. Any thoughts appreciated... --Brian -- FarPoint Technologies Phones: Tech Supt. - 919-460-1887 Sales - 800-645-5913Main - 919-460-4551 FTP - ftp.fpoint.com /fpoint.com WEB - www.fpoint.com Sales email: [EMAIL PROTECTED] Technical support: [EMAIL PROTECTED] ---
Re: dns for qmail only??
You avoid a second machine for internal/external DNS bu using BIND 9.1.x which supports multiply view. Jeff Sweeten Sr. Internet Engineer Aon 200 E Randolph Chicago, Il 60601 Kourosh Ghassemieh [EMAIL PROTECTED] on 07/26/2001 02:21:43 PM To: Gary MacKay [EMAIL PROTECTED], [EMAIL PROTECTED] cc:(bcc: Jeff D Sweeten/ASC/US/AON) Subject: Re: dns for qmail only?? You need to run a separate DNS server for internal queries, that's how I have my DNS set up. We use a separate DNS server for the internal addresses and we don't have any problems. qmail ignores /etc/hosts, it needs a DNS server. At 12:22 PM 7/26/2001 -0400, you wrote: bind-9.1.0-10 Ricardo SIGNES wrote: In a message dated Thu, Jul 26, 2001 at 08:53:57AM -0400, Gary MacKay wrote: I moved qmail off of a 'do it all' box to it's own box. It's running great. My problem is that the old machine is still the DNS for my domain. When it sends status messages to me, it, I'm guessing, checks DNS and gets the public IP of the new box, can't connect to it from behind the firewall (both boxes are 192. ), so it sends it to the secondary MX record, which is my old ISP. I then get it via getmail cron job, but I'd like for it to deliver internally. I've changed the /etc/hosts to point to the 192. address, but qmail must not look at that. How can I have DNS giving out the public IP for the world, yet tell qmail the 192. addr?? What DNS server are you running? -- rjbs Part 1.2Type: application/pgp-signature - Kourosh Ghassemieh MindWare Information Systems Technologies 9255 Sunset Blvd, Penthouse West Hollywood CA 90069 (310) 729-1784 [EMAIL PROTECTED] Networking Solutions for Your Business
Re: dns for qmail only??
Thanks Jeff. I'll check into it. For now I was able to solve the problem, with help from another user, by putting the ip addr of the new qmail server in the /var/qmail/control/smtproutes file. Now the old machine just dumps all mail to the new machine and lets it sort it out. Works great! - Gary You avoid a second machine for internal/external DNS bu using BIND 9.1.x which supports multiply view. Jeff Sweeten Sr. Internet Engineer Aon 200 E Randolph Chicago, Il 60601 Kourosh Ghassemieh [EMAIL PROTECTED] on 07/26/2001 02:21:43 PM To: Gary MacKay [EMAIL PROTECTED], [EMAIL PROTECTED] cc:(bcc: Jeff D Sweeten/ASC/US/AON) Subject: Re: dns for qmail only?? You need to run a separate DNS server for internal queries, that's how I have my DNS set up. We use a separate DNS server for the internal addresses and we don't have any problems. qmail ignores /etc/hosts, it needs a DNS server. At 12:22 PM 7/26/2001 -0400, you wrote: bind-9.1.0-10 Ricardo SIGNES wrote: In a message dated Thu, Jul 26, 2001 at 08:53:57AM -0400, Gary MacKay wrote: I moved qmail off of a 'do it all' box to it's own box. It's running great. My problem is that the old machine is still the DNS for my domain. When it sends status messages to me, it, I'm guessing, checks DNS and gets the public IP of the new box, can't connect to it from behind the firewall (both boxes are 192. ), so it sends it to the secondary MX record, which is my old ISP. I then get it via getmail cron job, but I'd like for it to deliver internally. I've changed the /etc/hosts to point to the 192. address, but qmail must not look at that. How can I have DNS giving out the public IP for the world, yet tell qmail the 192. addr?? What DNS server are you running? -- rjbs - --- Part 1.2Type: application/pgp-signature - Kourosh Ghassemieh MindWare Information Systems Technologies 9255 Sunset Blvd, Penthouse West Hollywood CA 90069 (310) 729-1784 [EMAIL PROTECTED] Networking Solutions for Your Business
dns for qmail only??
I moved qmail off of a 'do it all' box to it's own box. It's running great. My problem is that the old machine is still the DNS for my domain. When it sends status messages to me, it, I'm guessing, checks DNS and gets the public IP of the new box, can't connect to it from behind the firewall (both boxes are 192. ), so it sends it to the secondary MX record, which is my old ISP. I then get it via getmail cron job, but I'd like for it to deliver internally. I've changed the /etc/hosts to point to the 192. address, but qmail must not look at that. How can I have DNS giving out the public IP for the world, yet tell qmail the 192. addr?? qmail box -- hub OpenBSD firewall DSL ^ dns box ---| - Gary
Re: dns for qmail only??
In a message dated Thu, Jul 26, 2001 at 08:53:57AM -0400, Gary MacKay wrote: I moved qmail off of a 'do it all' box to it's own box. It's running great. My problem is that the old machine is still the DNS for my domain. When it sends status messages to me, it, I'm guessing, checks DNS and gets the public IP of the new box, can't connect to it from behind the firewall (both boxes are 192. ), so it sends it to the secondary MX record, which is my old ISP. I then get it via getmail cron job, but I'd like for it to deliver internally. I've changed the /etc/hosts to point to the 192. address, but qmail must not look at that. How can I have DNS giving out the public IP for the world, yet tell qmail the 192. addr?? What DNS server are you running? -- rjbs PGP signature
Re: dns for qmail only??
bind-9.1.0-10 Ricardo SIGNES wrote: In a message dated Thu, Jul 26, 2001 at 08:53:57AM -0400, Gary MacKay wrote: I moved qmail off of a 'do it all' box to it's own box. It's running great. My problem is that the old machine is still the DNS for my domain. When it sends status messages to me, it, I'm guessing, checks DNS and gets the public IP of the new box, can't connect to it from behind the firewall (both boxes are 192. ), so it sends it to the secondary MX record, which is my old ISP. I then get it via getmail cron job, but I'd like for it to deliver internally. I've changed the /etc/hosts to point to the 192. address, but qmail must not look at that. How can I have DNS giving out the public IP for the world, yet tell qmail the 192. addr?? What DNS server are you running? -- rjbs Part 1.2Type: application/pgp-signature
Re: dns for qmail only??
You need to run a separate DNS server for internal queries, that's how I have my DNS set up. We use a separate DNS server for the internal addresses and we don't have any problems. qmail ignores /etc/hosts, it needs a DNS server. At 12:22 PM 7/26/2001 -0400, you wrote: bind-9.1.0-10 Ricardo SIGNES wrote: In a message dated Thu, Jul 26, 2001 at 08:53:57AM -0400, Gary MacKay wrote: I moved qmail off of a 'do it all' box to it's own box. It's running great. My problem is that the old machine is still the DNS for my domain. When it sends status messages to me, it, I'm guessing, checks DNS and gets the public IP of the new box, can't connect to it from behind the firewall (both boxes are 192. ), so it sends it to the secondary MX record, which is my old ISP. I then get it via getmail cron job, but I'd like for it to deliver internally. I've changed the /etc/hosts to point to the 192. address, but qmail must not look at that. How can I have DNS giving out the public IP for the world, yet tell qmail the 192. addr?? What DNS server are you running? -- rjbs Part 1.2Type: application/pgp-signature - Kourosh Ghassemieh MindWare Information Systems Technologies 9255 Sunset Blvd, Penthouse West Hollywood CA 90069 (310) 729-1784 [EMAIL PROTECTED] Networking Solutions for Your Business
Re: dns for qmail only??
In a message dated Thu, Jul 26, 2001 at 12:22:33PM -0400, Gary MacKay wrote: bind-9.1.0-10 I that case, I have no advice. I only grok djbdns. :-( -- rjbs PGP signature
Re: dns for qmail only??
man 8 qmail-remote Add your domain and 192 address to smtproutes and hup qmail. % cat /var/qmail/control/smtproutes your.domain.com:192.168.x.x .your.domain.com:192.168.x.x -- Mahlon Smith InternetCDS http://www.internetcds.com On Thu, Jul 26, 2001, Gary MacKay wrote: DNS and gets the public IP of the new box, can't connect to it from behind the firewall (both boxes are 192. ), How can I have DNS giving out the public IP for the world, yet tell qmail the 192. addr?? qmail box -- hub OpenBSD firewall DSL ^ dns box ---|
Re: dns for qmail only??
Bingo Thanks that was a whole lot easier than setting up two dns server, which is what I was in the process of doing when I got your reply. Thanks again, Gary Mahlon Smith wrote: man 8 qmail-remote Add your domain and 192 address to smtproutes and hup qmail. % cat /var/qmail/control/smtproutes your.domain.com:192.168.x.x .your.domain.com:192.168.x.x -- Mahlon Smith InternetCDS http://www.internetcds.com On Thu, Jul 26, 2001, Gary MacKay wrote: DNS and gets the public IP of the new box, can't connect to it from behind the firewall (both boxes are 192. ), How can I have DNS giving out the public IP for the world, yet tell qmail the 192. addr?? qmail box -- hub OpenBSD firewall DSL ^ dns box ---|
Re: DNS bug: CNAME_lookup_failed_temporarily
Thank you for everybody. I have succeeded. I have deleted all and install again, now it don't infor the error
DNS bug: CNAME_lookup_failed_temporarily
I am new with qmail. I have a proplem with DNS bug. I have used DNS patch at http://www.ckdhr.com/ckd/qmail-103.patch , but qmail still infor CNAME_lookup_failed_temporarily when I send mail to hotmail.com's email address. Please help me. Thank you very much
Re: DNS bug: CNAME_lookup_failed_temporarily
On Sun, Jul 22, 2001 at 06:57:58PM +0700, Vu Xuan Ngoc wrote: I am new with qmail. I have a proplem with DNS bug. I have used DNS patch at http://www.ckdhr.com/ckd/qmail-103.patch , but qmail still infor CNAME_lookup_failed_temporarily when I send mail to hotmail.com's email address. Please help me. Thank you very much Please post the results of the following commands: 1. head -2 /etc/resolv.conf 2. dnsqr mx yahoo.com (dig mx yahoo.com also acceptable) 3. dnsq mx yahoo.com ns1.yahoo.com (dig mx yahoo.com @ns1.yahoo.com also acceptable) Then maybe we'll see if this is a 'bug'. ;) -- Greg White
Re: DNS bug: CNAME_lookup_failed_temporarily
Greg White wrote: On Sun, Jul 22, 2001 at 06:57:58PM +0700, Vu Xuan Ngoc wrote: > I am new with qmail. > > I have a proplem with DNS bug. I have used DNS patch at > http://www.ckdhr.com/ckd/qmail-103.patch , but qmail still infor > "CNAME_lookup_failed_temporarily" when I send mail to hotmail.com's > email address. > > Please help me. > Thank you very much > Please post the results of the following commands: 1. head -2 /etc/resolv.conf 2. dnsqr mx yahoo.com (dig mx yahoo.com also acceptable) 3. dnsq mx yahoo.com ns1.yahoo.com (dig mx yahoo.com @ns1.yahoo.com also acceptable) Then maybe we'll see if this is a 'bug'. ;) -- Greg White 1. "head -2 /etc/resolv.conf" have result: search localdomain nameserver 203.162.0.11 2. "dnsqr mx yahoo.com" have result: 15 yahoo.com: 373 bytes, 1+4+3+12 records, response, noerror query: 15 yahoo.com answer: yahoo.com 1509 MX 1 mx2.mail.yahoo.com answer: yahoo.com 1509 MX 1 mx3.mail.yahoo.com answer: yahoo.com 1509 MX 9 mta-v18.mail.yahoo.com answer: yahoo.com 1509 MX 1 mx1.mail.yahoo.com authority: yahoo.com 172786 NS ns5.dcx.yahoo.com authority: yahoo.com 172786 NS ns1.yahoo.com authority: yahoo.com 172786 NS ns3.europe.yahoo.com additional: mx1.mail.yahoo.com 495 A 216.136.129.12 additional: mx1.mail.yahoo.com 495 A 216.136.129.13 additional: mx1.mail.yahoo.com 495 A 216.136.129.4 additional: mx2.mail.yahoo.com 495 A 216.136.129.15 additional: mx2.mail.yahoo.com 495 A 216.136.129.18 additional: mx2.mail.yahoo.com 495 A 216.136.129.14 additional: mx3.mail.yahoo.com 591 A 216.136.129.17 additional: mx3.mail.yahoo.com 591 A 216.136.129.16 additional: mta-v18.mail.yahoo.com 449 A 216.136.129.11 additional: ns1.yahoo.com 172596 A 204.71.200.33 additional: ns3.europe.yahoo.com 95688 A 217.12.4.71 additional: ns5.dcx.yahoo.com 109450 A 216.32.74.10 3. "dnsq mx yahoo.com ns1.yahoo.com" have result: 15 yahoo.com: 373 bytes, 1+4+3+12 records, response, authoritative, noerror query: 15 yahoo.com answer: yahoo.com 7200 MX 1 mx1.mail.yahoo.com answer: yahoo.com 7200 MX 1 mx2.mail.yahoo.com answer: yahoo.com 7200 MX 1 mx3.mail.yahoo.com answer: yahoo.com 7200 MX 9 mta-v18.mail.yahoo.com authority: yahoo.com 172800 NS ns1.yahoo.com authority: yahoo.com 172800 NS ns3.europe.yahoo.com authority: yahoo.com 172800 NS ns5.dcx.yahoo.com additional: mx1.mail.yahoo.com 1200 A 216.136.129.13 additional: mx1.mail.yahoo.com 1200 A 216.136.129.4 additional: mx1.mail.yahoo.com 1200 A 216.136.129.12 additional: mx2.mail.yahoo.com 1200 A 216.136.129.15 additional: mx2.mail.yahoo.com 1200 A 216.136.129.18 additional: mx2.mail.yahoo.com 1200 A 216.136.129.14 additional: mx3.mail.yahoo.com 1200 A 216.136.129.17 additional: mx3.mail.yahoo.com 1200 A 216.136.129.16 additional: mta-v18.mail.yahoo.com 1200 A 216.136.129.11 additional: ns1.yahoo.com 172800 A 204.71.200.33 additional: ns3.europe.yahoo.com 172800 A 217.12.4.71 additional: ns5.dcx.yahoo.com 172800 A 216.32.74.10 4."dnsqr mx hotmail.com" have result: 15 hotmail.com: 504 bytes, 1+12+5+8 records, response, noerror query: 15 hotmail.com answer: hotmail.com 3153 MX 10 mc6.law5.hotmail.com answer: hotmail.com 3153 MX 10 mc6.law13.hotmail.com answer: hotmail.com 3153 MX 10 mc7.law5.hotmail.com answer: hotmail.com 3153 MX 10 mc1.law5.hotmail.com answer: hotmail.com 3153 MX 10 mc1.law13.hotmail.com answer: hotmail.com 3153 MX 10 mc2.law5.hotmail.com answer: hotmail.com 3153 MX 10 mc2.law13.hotmail.com answer: hotmail.com 3153 MX 10 mc3.law13.hotmail.com answer: hotmail.com 3153 MX 10 mc4.law5.hotmail.com answer: hotmail.com 3153 MX 10 mc4.law13.hotmail.com answer: hotmail.com 3153 MX 10 mc5.law5.hotmail.com answer: hotmail.com 3153 MX 10 mc5.law13.hotmail.com authority: hotmail.com 3599 NS ns1.hotmail.com authority: hotmail.com 3599 NS ns2.hotmail.com authority: hotmail.com 3599 NS ns3.hotmail.com authority: hotmail.com 3599 NS ns4.hotmail.com authority: hotmail.com 3599 NS ns1.jsnet.com additional: mc1.law5.hotmail.com 188 A 64.4.55.71 additional: mc1.law13.hotmail.com 149 A 64.4.49.7 additional: mc2.law5.hotmail.com 198 A 64.4.55.135 additional: mc2.law13.hotmail.com 302 A 64.4.49.71 additional: mc3.law13.hotmail.com 352 A 64.4.49.135 additional: mc4.law5.hotmail.com 165 A 64.4.56.135 additional: mc4.law13.hotmail.com 396 A 64.4.49.199 additional: mc5.law5.hotmail.com 396 A 64.4.56.199 5. "dnsq mx hotmail.com ns1.hotmail.com" have result: 15 hotmail.com: 504 bytes, 1+12+5+8 records, response, authoritative, noerror query: 15 hotmail.com answer: hotmail.com 3600 MX 10 mc4.law13.hotmail.com answer: hotmail.com 3600 MX 10 mc5.law13.hotmail.com answer: hotmail.com 3600 MX 10 mc6.law13.hotmail.com answer: hotmail.com 3600 MX 10 mc4.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc5.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc6.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc7.law5.hotmail.com answer: hotmail.com 3600 MX 10 mc1.law5.hotmail.com an
Re: DNS bug: CNAME_lookup_failed_temporarily
For whatever it is worth: I started having the same problem with hotmail on Friday (could have started before then, but I know it was happening Friday), I am running the latest qmail-ldap (which has the dns patch). I have sent email to hotmail from the same box in the past. I sent some email from the server at work (exact some setup) and they went through fine. I am not sure why this problem just came up out of no where, the only thing I could figure would be that I only have 32MB of RAM and I have had a few minor problems with qmail-ldap dealing with the low amount of RAM in the past (although my swap is hardly ever used). In any event I had been planning on installing dnscache on the machine anyways, so I did and the problem went away after that. I doubt that the above information will be of much use, but I thought I would just throw it out since we had near to the same problem with the same domain. Kenny Austin [EMAIL PROTECTED] - Original Message - From: Greg White [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, July 22, 2001 11:02 PM Subject: Re: DNS bug: CNAME_lookup_failed_temporarily On Mon, Jul 23, 2001 at 09:53:19AM +0700, Vu Xuan Ngoc wrote: 1. head -2 /etc/resolv.conf have result: search localdomain nameserver 203.162.0.11 Good. A nameserver. ;) 2. dnsqr mx yahoo.comhave result: SNIP valid result. It apparently works. 3. dnsq mx yahoo.com ns1.yahoo.com have result: This was unnecessary, my fault. Apologies. My request should have been for hotmail. Thanks for realizing my mistake. (I always mix those two up -- giant free email service that causes lotsa problems). 4.dnsqr mx hotmail.com have result: 15 hotmail.com: 504 bytes, 1+12+5+8 records, response, noerror query: 15 hotmail.com This result is what I expected. hotmail intentionally keeps their MX response to under 512 bytes to avoid problems with, e.g., qmail. Your recursive resolver appears to provide the same additionals as a direct query to hotmail's ns (dnscache does not, which was why I asked for the dnsq output). So, now that Greg has his domains straight, we've proven that: 1. Your server successfully looks up hotmail's MX records. 2. The patch to qmail was unnecessary (but should not be a problem). Odd. Can we please get: qmail-showctl (unedited, please) and some log file snippets, from mail creation/injection to delivery attempt, of a failed hotmail delivery? -- Greg White
Re: Reverse DNS lookups
FYI, my ISP did add the reverse PTR records last night. I appreciate the suggestion from Andreas to get RIPE involved. I think it was my email to RIPE, cc'ing my ISP, that was the key to making this happen. I am really under ARIN, not RIPE. However, my ISP is expanding into Europe, so I thought my ISP would be sensitive to RIPE. Thanks for all of the feedback. From: Andreas Grip [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Reverse DNS lookups Date: Tue, 10 Jul 2001 15:44:36 +0200 I had problems to get my ISP to setup reverse DNS on my IP:s but then I turned to RIPE and they sended an e-mail to my ISP. The day after that the reverse was working :-) So maybe you should try go through RIPE... Andreas _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Re: Reverse DNS lookups
pop corn [EMAIL PROTECTED] writes: 2) If they don't add reverse PTR records for my virtual domains, I've been debating telling the Internic to change my DNS servers for the virtual domains to the base address of my own dedicated server. It's not as if my virtual domains are subdomains of my ISP's domain. The problem is that I only have the one dedicated machine. No, that's not the problem. The in-addr.arpa zones for your addresses are delegated to your ISP. *You* never get the chance to provide data for them until your ISP a) provides the date itself or b) delegates the zones for your addresses to you Regards, Frank
Re: Reverse DNS lookups
On Tue, Jul 10, 2001 at 06:07:59AM -, pop corn wrote: Their staff initially said 1) reverse PTR records were never necessary; Hell. Did you really say they call themselves an ISP? Uh-oh. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: Reverse DNS lookups
Wrong mailing list, my apologies, I meant to send this to [EMAIL PROTECTED] From: pop corn [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Reverse DNS lookups Date: Tue, 10 Jul 2001 06:07:59 - I'm dealing with a new ISP that has been pretty much ok until this problem. I realized that they didn't set up the reverse PTR records for my eight IP addresses on a dedicated server. (I will be creating 8 virtual domains - one per IP address). Their staff initially said 1) reverse PTR records were never necessary; 2) delegating my DNS info to my machine are out of the question (they won't admit they don't know how and they won't accept info). They are using BIND and insist that nslookup is never capable of returning the domain name for a given IP address. I've been pounding on them since last week, and just got an email saying that a PTR record is only necessary for the base IP address of the 8 addresses (the hostname is set to this base IP address) and they are going to update their DNS server tonight and promptly closed out the trouble ticket. I've been setting up DNS (classic BIND) for years and simply never heard of setting up A records without the associated PTR record for reverse address mapping. 1) I'm about to open up another trouble ticket to ask them to add PTR records for the remaining seven IP addresses. Am I not correct in telling the ISP that all my virtual domains require reverse DNS resolution? 2) If they don't add reverse PTR records for my virtual domains, I've been debating telling the Internic to change my DNS servers for the virtual domains to the base address of my own dedicated server. It's not as if my virtual domains are subdomains of my ISP's domain. The problem is that I only have the one dedicated machine. The Internic wants two DNS servers per domain. If I leave the existing DNS servers from my ISP, and add my own dedicated server as a third DNS server, will the reverse address search go through all three of my DNS servers until it has success? My hostname is a subdomain of my ISP's domain, so the PTR record for my base address will have to be served by my ISP's dns server and they are in fact doing that for me tonight. My virtual domains are independent domains immediately under .com and registered to the Internic. I'll use the exact same IP addresses that my ISP was serving on their DNS servers, just add the reverse DNS info. My ISP's info about my virtual domains will just be ignored once the Internic makes the change, right? I've been resisting this route because I don't want to create a loop of some kind. 3) If I proceed with step 2, I could use dnscache on 127.0.0.1, tinydns on one IP, and walldns on another IP, right? It doesn't matter which external IP, just so long as they are different IPs because dnscache, tinydns, and walldns are all looking at port 53, right? There is no firewall with this solution in 2) and 3), but these virtual domains don't have any national secrets anyway. However, I will be serving qmail to these domains, so it won't be the safest environment for the email. I'm sorry this post is so long, it's hard for me to verbalize these DNS issues succinctly. _ Get your FREE download of MSN Explorer at http://explorer.msn.com _ Get your FREE download of MSN Explorer at http://explorer.msn.com
Re: Reverse DNS lookups
I had problems to get my ISP to setup reverse DNS on my IP:s but then I turned to RIPE and they sended an e-mail to my ISP. The day after that the reverse was working :-) So maybe you should try go through RIPE... Andreas
Re: Reverse DNS lookups
This was the best advice! I emailed RIPE and cc'd my ISP, then called my ISP to make sure they saw my email to RIPE. My ISP just emailed me to say that my PTR records would be put on their DNS servers tonight at midnight. I don't know if RIPE emailed them, but I think my ISP didn't want to risk being on any possible nonconforming ISP lists. Before I sent the email to RIPE, I also called the Internic, but they told me that I would have to change to an Internic sponsored ISP to get PTR records. I'll see if my ISP actually did it tomorrow, but it was terrific to have an authority like RIPE on my side. After all, I did pay for that IP address block. The least they can do is put both A and PTR records in their DNS servers. From: Andreas Grip [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: Reverse DNS lookups Date: Tue, 10 Jul 2001 15:44:36 +0200 I had problems to get my ISP to setup reverse DNS on my IP:s but then I turned to RIPE and they sended an e-mail to my ISP. The day after that the reverse was working :-) So maybe you should try go through RIPE... Andreas _ Get your FREE download of MSN Explorer at http://explorer.msn.com
MX record in DNS and Qmail
Hello i added another MX record for my domain where and what i should add into qmail in order for qmail to act as a backup? Thanks in advance
Re: MX record in DNS and Qmail
On Sun, Jul 01, 2001 at 08:37:12PM -0400, alexus wrote: Hello i added another MX record for my domain where and what i should add into qmail in order for qmail to act as a backup? Put the domain(s) in question into /var/qmail/rcpthosts and nowhere else as you could have read in the archives athousand times. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: MX record in DNS and Qmail
the reason why i desided to post this question is 'cause i was also have been told that i need to create file smtproutes and add my domain there.. so i just wanted to double make sure, sorry for bothering anyone on the list - Original Message - From: Henning Brauer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Sunday, July 01, 2001 8:45 PM Subject: Re: MX record in DNS and Qmail On Sun, Jul 01, 2001 at 08:37:12PM -0400, alexus wrote: Hello i added another MX record for my domain where and what i should add into qmail in order for qmail to act as a backup? Put the domain(s) in question into /var/qmail/rcpthosts and nowhere else as you could have read in the archives athousand times. -- * Henning Brauer, [EMAIL PROTECTED], http://www.bsws.de * * Roedingsmarkt 14, 20459 Hamburg, Germany * Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
DNS related
Hi: I'm new 2 qmail. i've install it, run it, and love it. as a code builder and synth programer i've learn that the modular approach it's always the way 2 go. I have some teknical questions that are clearly DNS related is it o.k if i post those questions here? or does somebody knows about a good DNS mailing list? thanks 2 all raymond
Re: DNS related
In a message dated Thu, Jun 28, 2001 at 08:43:32PM -0500, raymond wrote: I'm new 2 qmail. i've install it, run it, and love it. as a code builder and synth programer i've learn that the modular approach it's always the way 2 go. You will go much further in life (or at least on mailing lists) if you learn that typing two keys (for example 't' and 'o') is only trivially more time-consuming than typing one (for example, '2'), but makes your English look far, far more pleasant. It also shows your audience that you care about what you are writing. I have some teknical questions that are clearly DNS related is it o.k if i post those questions here? or does somebody knows about a good DNS mailing list? I think you should post those to the cr.yp.to DNS list, which is found at this server. Send a message to [EMAIL PROTECTED] Otherwise, I'll be happy to help if you email me privately. -- rjbs PGP signature
qmail without dns
hi there, had followed Life With Qmail and setup qmail without dns. Was working fine since last month. But now when users in our lan use my qmail server with my ip addr in their mua's it delays for quite a long time and sometimes hangs or goes to the out box. and when I use it from the server itself it takes atleast 30 seconds to queue the mail. What could have gone wrong ? my relaying in /etc/tcp.smtp is set as below 172.16.28.:allow,RELAYCLIENT= 127.0.0.:allow,RELAYCLIENT= :allow -- Thanks in advance -- In the name of Allah, Most Gracious, Most Merciful -- Praise be to Allah, the Cherisher and Sustainer of the world; Most Gracious, Most Merciful; Master of the Day of Judgment. Thee do we worship, and Thine aid we seek. Show us the straight way, The way of those on whom Thou hast bestowed Thy Grace, those whose (portion) is not wrath, and who go not astray. Qur'aan Ch:1
Re: qmail without dns
ridhwan [EMAIL PROTECTED] wrote: But now when users in our lan use my qmail server with my ip addr in their mua's it delays for quite a long time and sometimes hangs or goes to the out box. and when I use it from the server itself it takes atleast 30 seconds to queue the mail. FAQ, FAQ, FAQ. `man tcpserver` and read the mailing list archive. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: qmail without dns
Hi, Make sure you /etc/hosts contains 127.0.0.1localhost.localdomain localhost 172.16.28.?? hostname1.whateverdomain.com hostname1 172.16.28.?? hostname2.whateverdomain.com hostname2 .. and soon .. ips, hostname make sure content of /etc/resolv.conf ... is proper ... and your default route ... and gateway settings Regards Santosh Pasi ---Original Message-- Mailing-List: contact [EMAIL PROTECTED]; run by ezmlm Precedence: bulk From: ridhwan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: qmail without dns Date: Tue, 29 May 2001 16:11:34 +0530 Content-Transfer-Encoding: 8bit hi there, had followed Life With Qmail and setup qmail without dns. Was working fine since last month. But now when users in our lan use my qmail server withmy ip addr in their mua's it delays for quite a long time and sometimes hangsor goes to the out box. and when I use it from the server itself it takesatleast 30 seconds to queue the mail. What could have gone wrong ? my relaying in /etc/tcp.smtp is set as below 172.16.28.:allow,RELAYCLIENT= 127.0.0.:allow,RELAYCLIENT= :allow -- Thanks in advance -- In the name of Allah, Most Gracious, Most Merciful -- Praise be to Allah, the Cherisher and Sustainer of the world; Most Gracious, Most Merciful; Master of the Day of Judgment. Thee do we worship, and Thine aid we seek. Show us the straight way, The way of those on whom Thou hast bestowed Thy Grace, those whose (portion) is not wrath, and who go not astray. Qur'aan Ch:1
tcpserver -p and smtpd and DNS
I have been running qmail for about 8 months, It works great. So far I have not been able to resolve on problem. When an smtp connection comes in we only want to connect with servers who have forward and reverse DNS that match. I managed to install a macro into sendmail (mail server we replaced) in about 15 minutes that takes the IP of the incoming smtp request looks up the name, then looks up the IP for the NAME. the IP should be the same as the connecting host. If this is not the case the smtp connection should be dropped. I use tcpserver to start smtpd. I use the -p (paranoid) option, (added the option a few days ago) which by my preliminary understanding was supposed to accomplish this task of DNS cross-matching. However I receieved an email recently whois headers are Received: from unknown (HELO www.somang.or.kr) ([EMAIL PROTECTED]) I noticed that there isn't a hostname. nslookup 211.38.3.100 will return no hostname. So back to the drawing board. http://cr.yp.to/ucspi-tcp/tcpserver.html ( -- drawing board) I notice -p: Paranoid. After looking up the remote host name in DNS, look up the IP addresses in DNS for that host name, and remove the environment variable $TCPREMOTEHOST if none of the addresses match the client's IP address. upon re-reading this option I notice it did what it says it does, It removed the $TCPREMOTEHOST, hence the Received: from unknown I still got the email. So now I figure that $TCPREMOTEHOST is passed to smtpd in the environment variables. so somehow I need to tell smtpd to close if condition is not met. Oh.. I have read the man pages. I have installed qmail, vpopmail, on more than a dozen servers for nearly that many clients. I understand quite abit. David Killingsworth.
Re: tcpserver -p and smtpd and DNS
On Mon, May 14, 2001 at 06:30:44AM -, David Killingsworth wrote: I have been running qmail for about 8 months, It works great. So far I have not been able to resolve on problem. When an smtp connection comes in we only want to connect with servers who have forward and reverse DNS that match. I allready anwered your question in alt.comp.mail.qmail some days ago. What is wrong with my answer? Gerrit. -- [EMAIL PROTECTED] innominate AG the linux architects tel: +49.30.308806-0 fax: -77 http://www.innominate.com
Re: tcpserver -p and smtpd and DNS
I have narrowed this to one simple item. Could someone, possibly you Gerrit I know you have answered one way to get around this I just wanna understand why I have to get around it, explain to me why qmail has delivered an email to me that contains the following header: Received: from unknown (HELO dali.onevision.de) (@212.77.172.50) by mail.myweb.net with SMTP; 14 May 2001 08:59:56 - I have tcpserver -DUvp wrapping smtpd for qmail. Shouldn't tcpserver drop the connection when $TCPREMOTEIP is DNS'd to a hostname and $TCPREMOTEHOST is DNS'd to an IP. if $TCPREMOTEIP can't be resolved or if $TCPREMOTEHOST can't be resolved, shouldn't this cause a FATAL in tcpserver? and it will drop the incoming connection? David. On Mon, 14 May 2001 10:51:33 +0200, Gerrit Pape [EMAIL PROTECTED] wrote : On Mon, May 14, 2001 at 06:30:44AM -, David Killingsworth wrote: I have been running qmail for about 8 months, It works great. So far I have not been able to resolve on problem. When an smtp connection comes in we only want to connect with servers who have forward and reverse DNS that match. I allready anwered your question in alt.comp.mail.qmail some days ago. What is wrong with my answer? Gerrit. -- [EMAIL PROTECTED] innominate AG the linux architects tel: +49.30.308806-0 fax: -77 http://www.innominate.com
Re: tcpserver -p and smtpd and DNS
On Mon, May 14, 2001 at 10:10:21AM -, David Killingsworth wrote: I have narrowed this to one simple item. Could someone, possibly you Gerrit I know you have answered one way to get around this I just wanna understand why I have to get around it, explain to me why qmail has delivered an email to me that contains the following header: Received: from unknown (HELO dali.onevision.de) (@212.77.172.50) by mail.myweb.net with SMTP; 14 May 2001 08:59:56 - I have tcpserver -DUvp wrapping smtpd for qmail. Shouldn't tcpserver drop the connection when $TCPREMOTEIP is DNS'd to a hostname and $TCPREMOTEHOST is DNS'd to an IP. if $TCPREMOTEIP can't be resolved or if $TCPREMOTEHOST can't be resolved, shouldn't this cause a FATAL in tcpserver? and it will drop the incoming connection? tcpserver *only* rejects connections if told to do so by the rules supplied with -x or -X. What rules have you tried? You should be able to get tcpserver to drop connections that do not have TCPREMOTEHOST set by putting these entries in your rules: =.:allow :deny Regards. David. On Mon, 14 May 2001 10:51:33 +0200, Gerrit Pape [EMAIL PROTECTED] wrote : On Mon, May 14, 2001 at 06:30:44AM -, David Killingsworth wrote: I have been running qmail for about 8 months, It works great. So far I have not been able to resolve on problem. When an smtp connection comes in we only want to connect with servers who have forward and reverse DNS that match. I allready anwered your question in alt.comp.mail.qmail some days ago. What is wrong with my answer? Gerrit. -- [EMAIL PROTECTED] innominate AG the linux architects tel: +49.30.308806-0 fax: -77 http://www.innominate.com
Re: tcpserver -p and smtpd and DNS
On Mon, May 14, 2001 at 10:10:21AM -, David Killingsworth wrote: Shouldn't tcpserver drop the connection when $TCPREMOTEIP is DNS'd to a hostname and $TCPREMOTEHOST is DNS'd to an IP. if $TCPREMOTEIP can't be resolved or if $TCPREMOTEHOST can't be resolved, shouldn't this cause a FATAL in tcpserver? and it will drop the incoming connection? No. The docs say, tcpserver will remove $TCPREMOTEHOST in that case. it is on You (your proc tcpserver is running) to decide to drop the connection. Gerrit. -- [EMAIL PROTECTED] innominate AG the linux architects tel: +49.30.308806-0 fax: -77 http://www.innominate.com
Re: tcpserver -p and smtpd and DNS
On Mon, May 14, 2001 at 12:35:32PM +, Mark Delany wrote: =.:allow :deny Close. To achieve this, the tcp.smtp file should actually contain: =:allow :deny I just experimented with both forms. With the dot, nothing matched, including hosts with good forward/reverse resolvability. Without it, only sites for which tcpserver didn't unset TCPREMOTEHOST matched. This, of course, is exactly the desired behavior. As already mentioned in this thread, tcpserver -p unsets TCPREMOTEHOST when the name obtained by reverse lookup can't be resolved to the original IP. Consequently, for such an (arguably) undesirable client IP, no match occurs at the =:allow line in the above tcp.smtp settings, since the = token only matches when TCPREMOTEHOST is defined. The :deny line then rejects those undesirable clients as they fall through. Just to be thorough, even if obvious, I'll also mention that these two lines must appear LAST in your tcp.smtp file.
DNS and local delivery
Hi ALL, I'm tring deliver messages localy thru qmail (smtp) and I have no DNS services configured at this time. It's not working and I read somewhere that qmail need DNS. My question is, even if for local domains ? Can you please send me indications with more detail about how create the mail boxes ? I am using Maildir and I have about 100 users. My problem is that my Linux box is a new server, I have no users configured in this, and users have mail boxes with four diferentISPs.I am tring to take this services into my department. I Know that some products let me create users mailboxes in an html page, I just don't know if it can be done with qmail. I woud be glad if you send me something about it (lwq is on my desk, and i have read that a lot but it is not enough...) Thanks in advance Aleixo Fernandes
DNS for a simple LAN?
Hello,I wonder if in my case could I get enhancements with qmail, installing a DNS (also just a cached DNS) into my linux server. Please consider that: I'have not a registered FQDN,my IP on the INTERNET is dynamic, I have only few machines into my LAN with their private hostnames and relative IPs. I red that if I wanna use RELAYCLIENT="" I have to start my qmail by tcpserver,actually I have csh -cf '/var/qmail/rc ' into my rc.local, upgrading to tcpserver should I just comment out the above line and put the tcpserver line? Sorry for my questions! -- Regards,: Marco Calistri [EMAIL PROTECTED] gpg key available on http://www.qsl.net/ik5bcu Xfmail 1.4.7p2 on linux RedHat 6.2
FW: DNS question
-Original Message- From: David T. Ashley [mailto:[EMAIL PROTECTED]] Sent: Wednesday, March 28, 2001 6:55 AM To: [EMAIL PROTECTED] Subject: DNS question I read the HOWTO for q-mail, but there is one thing I don't understand. It states that I need a DNS and that my machines have to be listed in the DNS for qmail to work. I have a hardware firewall (one of those $150 boxes) guarding my DSL line with a static IP. Is it good enough that my static IP has a reverse-DNS resolution, or do my "internal" addresses need to resolve as well. For example, my static IP is 64.129.57.5, but the server (internally, behind the firewall) is 192.168.0.33. Clearly, trying to reverse-DNS the latter will lead to trouble, whereas the former is OK. It isn't clear to me what is meant by the statements about DNS in the HOWTO or what qmail needs to be viable. Any insight would be appreciated. Thanks, Dave.
Re: FW: DNS question
firewall) is 192.168.0.33. Clearly, trying to reverse-DNS the latter will lead to trouble, whereas the former is OK. You are using NAT - if you only want to send email from your internal network to the world and get your mails by "polling" it somehow you get no problem (except that your netblock may be blocked by some mail servers). If you want to provide services like smtp to the world you have two choices: a) establish that service on your NAT box (I assume it's impossible on that $155 box) b) your box must be able to redirect defined ports to hosts at your internal network. Most NAT devices can do that, some cannot. Regarding DNS: If you provide services to the world always the address of your firewall box is visible to the world. Your internal addresses don't matter. Regards, Frank
patch file error for oversize dns
Hi, I got the following error when I use the oversize dns patch file. My command is : patch -p0 /usr/local/src/patchfile. the error are as follow: patching file 'qmail-1.03/dns.c' Hunk #1 failed at 21. Hunk #2 failed at 47. Hunk #3 failed at 83. Please reply directly to [EMAIL PROTECTED] I haven't subscribed yet. Thank you Mark
if this is duplicated ( Sorry !!) oversize dns patch failed.
Hi, I got the following error when I use the oversize dns patch file. My command is : patch -p0 /usr/local/src/patchfile. the error are as follow: patching file 'qmail-1.03/dns.c' Hunk #1 failed at 21. Hunk #2 failed at 47. Hunk #3 failed at 83. Please reply directly to [EMAIL PROTECTED] I haven't subscribed yet. Thank you Mark
RE: patch file error for oversize dns
I got it too. I still do not know why.. Hope someone responds. Kirt -Original Message- From: Mark Lo (Home Net) [mailto:[EMAIL PROTECTED]] Sent: Friday, March 23, 2001 1:52 PM To: [EMAIL PROTECTED] Subject: patch file error for oversize dns Hi, I got the following error when I use the oversize dns patch file. My command is : patch -p0 /usr/local/src/patchfile. the error are as follow: patching file 'qmail-1.03/dns.c' Hunk #1 failed at 21. Hunk #2 failed at 47. Hunk #3 failed at 83. Please reply directly to [EMAIL PROTECTED] I haven't subscribed yet. Thank you Mark
canonical name in DNS
When I follow the config command to configure the qmail, it's say something like this : ./configYour hostname is sanfransisco.hard errorSorry, I couldn't find your host's canonical name in DNS.You will have to set up control/me yourself. And here's is my DNS setting : $TTL 86400erakarsa.local. IN SOA sanfransisco.erakarsa.local. essy.erakarsa.local. ( 1 ; Serial 10800 ; Refresh after 3 hours 3600 ; Retry after 1 hour 604800 ; Expire after 1 week 14400 ); Minimum TTL of 1 day erakarsa.local. IN NS sanfransisco.erakarsa.local. localhost.erakarsa.local. IN A 127.0.0.1koni.erakarsa.local. IN A 192.168.1.23 erakarsa.local. IN MX 10 mail.erakarsa.local.mail.erakarsa.local. IN A 192.168.1.23 Can you help me
RE: canonical name in DNS
why don't you try adding sanfransisco to your DNS file? (i.e. sanfransisco IN A192.168.1.1) Esteban Javier Prspero -Original Message- From: Essy Ren [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, March 13, 2001 8:13 AM To: qmail Subject: canonical name in DNS When I follow the config command to configure the qmail, it's say something like this : ./config Your hostname is sanfransisco. hard error Sorry, I couldn't find your host's canonical name in DNS. You will have to set up control/me yourself. And here's is my DNS setting : $TTL 86400 erakarsa.local. IN SOA sanfransisco.erakarsa.local. essy.erakarsa.local. ( 1 ; Serial 10800 ; Refresh after 3 hours 3600; Retry after 1 hour 604800 ; Expire after 1 week 14400 ); Minimum TTL of 1 day erakarsa.local. IN NS sanfransisco.erakarsa.local. localhost.erakarsa.local. IN A 127.0.0.1 koni.erakarsa.local.IN A 192.168.1.23 erakarsa.local. IN MX 10 mail.erakarsa.local. mail.erakarsa.local.IN A 192.168.1.23 Can you help me
Re: canonical name in DNS
You can use ./config-fast to configure qmail. or add an A record for sanfransisco. On Tue, Mar 13, 2001 at 06:13:23PM +0700, Essy Ren wrote: When I follow the config command to configure the qmail, it's say something like this : ./config Your hostname is sanfransisco. hard error Sorry, I couldn't find your host's canonical name in DNS. You will have to set up control/me yourself. And here's is my DNS setting : $TTL 86400 erakarsa.local. IN SOA sanfransisco.erakarsa.local. essy.erakarsa.local. ( 1 ; Serial 10800 ; Refresh after 3 hours 3600; Retry after 1 hour 604800 ; Expire after 1 week 14400 ); Minimum TTL of 1 day erakarsa.local. IN NS sanfransisco.erakarsa.local. localhost.erakarsa.local. IN A 127.0.0.1 koni.erakarsa.local.IN A 192.168.1.23 erakarsa.local. IN MX 10 mail.erakarsa.local. mail.erakarsa.local.IN A 192.168.1.23 Can you help me -- Kirill
DNS problem may be ...
There's a failure notice send to [EMAIL PROTECTED] like this : Hi. This is the qmail-send program at sanfransisco.erakarsa.local.I'm afraid I wasn't able to deliver your message to the following addresses.This is a permanent error; I've given up. Sorry it didn't work out.[EMAIL PROTECTED]:Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4) I want to use [EMAIL PROTECTED] to send and receive mail rather than sanfransisco.erakarsa.local Where's the change I've should make to make it work ...???
Re: DNS problem may be ...
Do you have an mx record setup for the erakarsa.local domain? You can find out by issuing either of the following (where xxx.xxx.xxx.xxx is the ip of your dns server): djbdns way: dnsq mx erakarsa.local xxx.xxx.xxx.xxx dig way (bind tool): dig erakarsa.local mx If you can't find any mx records, there's your problem. If you do, add the domain to your rcpthosts and locals file. -sc On Wed, Mar 14, 2001 at 11:38:56AM +0700, Essy Ren wrote: [EMAIL PROTECTED]: Sorry, I couldn't find a mail exchanger or IP address. (#5.4.4) I want to use [EMAIL PROTECTED] to send and receive mail rather than sanfransisco.erakarsa.local Where's the change I've should make to make it work ...??? -- Sean Chittenden[EMAIL PROTECTED] PGP signature
Strange DNS problem
Hi, I've been setting up a mail server and I've run into a bit of a strange problem. The mail server is for "eeng.may.ie" and it receives mails fine except those from "may.ie". If I try and send mails from my machine through Outlook using smtp, it says it cannot find the domain, yet when I log into the machine the mail server is on and manual insert mails using "cat mailmessage.txt | /var/qmail/bin/qmail-inject" they are sent fine. Anyone have any pointers on how to fix this? Karl.
Re: reverse DNS?
Charles Cazabon [EMAIL PROTECTED] writes: John Conover [EMAIL PROTECTED] wrote: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Very political question. As long as you don't reject envelope senders of and #@[], you won't be violating any RFCs. It would be a violation of RFC 1123, which states: 5.2.5 HELO Command: RFC-821 Section 3.5 The sender-SMTP MUST ensure that the domain parameter in a HELO command is a valid principal host domain name for the client host. As a result, the receiver-SMTP will not have to perform MX resolution on this name in order to validate the HELO parameter. The HELO receiver MAY verify that the HELO parameter really corresponds to the IP address of the sender. However, the receiver MUST NOT refuse to accept a message, even if the sender's HELO command fails verification. It's still OK to deny a non-syntactically-correct HELO, though. -- "I live in the heart of the machine. We are one."
Re: reverse DNS?
Jenny Holmberg [EMAIL PROTECTED] wrote: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Very political question. As long as you don't reject envelope senders of and #@[], you won't be violating any RFCs. It would be a violation of RFC 1123, which states: [...] The HELO receiver MAY verify that the HELO parameter really corresponds to the IP address of the sender. However, the receiver MUST NOT refuse to accept a message, even if the sender's HELO command fails verification. Interesting; I have never agreed with refusing email based on the DNS of the HELO or envelope sender, but didn't realize that (at least for HELO) it was actually verboten. In real life, of course, there are thousands of domains which do this every day. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: reverse DNS?
On Thu, Mar 08, 2001 at 08:52:27AM -0600, Charles Cazabon wrote: [snip] It would be a violation of RFC 1123, which states: [...] The HELO receiver MAY verify that the HELO parameter really corresponds to the IP address of the sender. However, the receiver MUST NOT refuse to accept a message, even if the sender's HELO command fails verification. Interesting; I have never agreed with refusing email based on the DNS of the HELO or envelope sender, but didn't realize that (at least for HELO) it was actually verboten. In real life, of course, there are thousands of domains which do this every day. I actually had fights (over e-mail, luckily) with someone using a VAX/VMS mailer with lots of anality knobs. He had several complaints about my qmail boxes. I convinced him to turn off all knobs that rang alarms whenever one of my boxes mailed him. The HELO was indeed one of these. Greetz, Peter.
Re: reverse DNS?
Erwin Hoffmann [EMAIL PROTECTED] writes: However, it makes sense to do DNS lookup f=FCr the MAIL FROM: address.=20 If you have reliable DNS services - I've been on the other end of that, a site permanently rejecting each mail (a 5xx code) because they were having problems resolving the sending domain. Delegation and the nameservers were fine, as it was the second address I tried (which also failed with a 5xx code) Very messy, and not very good for their customers. James.
Re: reverse DNS?
Hi, At 09:49 7.3.2001 +, James R Grinter wrote: Erwin Hoffmann [EMAIL PROTECTED] writes: However, it makes sense to do DNS lookup f=FCr the MAIL FROM: address.=20 If you have reliable DNS services - I've been on the other end of that, a site permanently rejecting each mail (a 5xx code) because they were having problems resolving the sending domain. Delegation and the nameservers were fine, as it was the second address I tried (which also failed with a 5xx code) Very messy, and not very good for their customers. James. In particular to cope with this, my implementation lets you define for which Domains you dont want DNS Reverse Lookup: /var/qmail/control/nodnscheck. SPAMCONTROL does a logging on that, thus you easily can figure out, which Domains cause the problem. cheers. eh. +---+ | fffhh http://www.fehcom.deDr. Erwin Hoffmann | | ff hh| | ffeee ccc ooomm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln| | ff ee eee hh hh cc oo oo mm mm mm| | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff hh hhccc ooomm mm mm Fax 0221 484 4924 | +---+
Re: reverse DNS?
So, in my request for opinions, pls., some/most/many admins would like to refuse messages from non-local machines that do not have a valid RDNS for the HELO FQDN, but feel such a policy is inappropriate from the user's POV. I have a lot of users that have a common ~/.procmailrc, (mostly spam, MS/Outlook frailties, stuff-its an ln -s from my ~/.procmailrc,) and many of them agreed to participate in letting me put a header record "Sending-Machine: unknown" in such messages-as opposed to refusing to process the message. We'll see how it goes for a month, or so, and see how many messages would have been refused by such a policy, vs. how many should have been refused. Thanks to all for the opinions, John Erwin Hoffmann writes: Hi, At 09:49 7.3.2001 +, James R Grinter wrote: Erwin Hoffmann [EMAIL PROTECTED] writes: However, it makes sense to do DNS lookup f=FCr the MAIL FROM: address.=20 If you have reliable DNS services - I've been on the other end of that, a site permanently rejecting each mail (a 5xx code) because they were having problems resolving the sending domain. Delegation and the nameservers were fine, as it was the second address I tried (which also failed with a 5xx code) Very messy, and not very good for their customers. James. In particular to cope with this, my implementation lets you define for which Domains you dont want DNS Reverse Lookup: /var/qmail/control/nodnscheck. SPAMCONTROL does a logging on that, thus you easily can figure out, which Domains cause the problem. cheers. eh. +---+ | fffhh http://www.fehcom.deDr. Erwin Hoffmann | | ff hh| | ffeee ccc ooomm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln| | ff ee eee hh hh cc oo oo mm mm mm| | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff hh hhccc ooomm mm mm Fax 0221 484 4924 | +---+ -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/ Campbell, CA 95008 Fax. 408.379.9602
Re: reverse DNS?
Erwin Hoffmann [EMAIL PROTECTED] writes: Hi, I dont know, whether the HELO/EHLO from the MTA-Client means anything and whether it can be used for a reverse DNS lookup. However, it makes sense to do DNS lookup fr the MAIL FROM: address. This is alrady feasable by some qmail patches, including my SPAMCONTROL. Have a look at: http://www.fehcom.de/qmail_en.html It's not unreasonable to insist that that address be valid (including and such). I dont' think it's particularly *useful* for spam control either, though; most spam comes with forged by "valid" return addresses. By insisting that spammers do that, all we're doing is forcing them to pick some unlucky sysadmin to get the torrent of abuse and bounces. So the spam doesn't get blocked, *and* some innocent victim is hurt. No profit there! -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
dns?
hi. the problem i am experiencing is as follows:- if our mail server is receiving mail from our isp via etrn, local client connections to the server are slow (connected,waiting, waiting,waiting, then it finally connects - the send receive is really fast); when the server is not connected to our isp it's really, really fast. i have included the -H -R options in tcpserver. i have found that if i remove any entries from dns (the dns entries in there were the addesses of our isp's dns servers) this problem no longer persists, but when issuing the etrn command we cannot specify the server name we must use the ip address? our router does nat? any ideas? richard.
reverse DNS?
As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Good idea? Fascist idea? Opinions pls. John -- John ConoverTel. 408.370.2688 [EMAIL PROTECTED] 631 Lamont Ct. Cel. 408.772.7733 http://www.johncon.com/ Campbell, CA 95008 Fax. 408.379.9602
Re: reverse DNS?
John Conover [EMAIL PROTECTED] wrote: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Very political question. As long as you don't reject envelope senders of and #@[], you won't be violating any RFCs. However, you could reject legitimate mail due to temporary problems with connectivity of your machine or other organizations' DNS servers. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: reverse DNS?
On Tue, Mar 06, 2001 at 10:07:46AM -, John Conover [EMAIL PROTECTED] wrote: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? I don't think this buys you much in the way of spam protection and can block legitimate email. Many dialup and dsl connections will have a reverse DNS entry in the service providers domain space. If you want to block dialups, you are probably better off using the DUL list to do it.
Re: reverse DNS?
John Conover [EMAIL PROTECTED] writes: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Good idea? Fascist idea? Opinions pls. Do you relay for users running POP clients who send their outbound through you via smtp? Do you control the reverse DNS on the IPs they come in from? If "yes" and "no", then it's definitely a bad idea. (I'm assuming you're considering requiring only *some* reverse DNS, not one that matches what they HELO as?) -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
Re: reverse DNS?
John Conover writes: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? No. Neither is it reasonable to reject messages from a host whose reverse DNS hostname lacks an MX record. Neither is it reasonable to reject messages from a host which isn't running an SMTP server. Although I've been sorely tempted to implement both of these. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Watch out! He's got an 521 Pleasant Valley Rd. | +1 315 268 1925 voice | opinion, and he's not Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | afraid to share it!
Re: reverse DNS?
John Conover writes: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? No. Indeed. Nevertheless, I think some elaboration will make the following answers easier to understand to less experienced mail managers. Neither is it reasonable to reject messages from a host whose reverse DNS hostname lacks an MX record. For instance, if a sending machine is only known to an organization's internal name servers, but somehow its hostname is used in outgoing messages, is it reasonable to block it? I would like to :, but in fairness, I can't :( Neither is it reasonable to reject messages from a host which isn't running an SMTP server. Some organizations run incoming mail server(s) and outgoing mail server(s). The later often do not run SMTP. But they do send out messages. Can you block them, no. Although I've been sorely tempted to implement both of these. 8-) Likewise. I wish I could, it would make spam filtering a much easier (if less fun : job to do. Chin Fang [EMAIL PROTECTED] -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | Watch out! He's got an 521 Pleasant Valley Rd. | +1 315 268 1925 voice | opinion, and he's not Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | afraid to share it!
Re: reverse DNS?
At 10:07 AM 06-03-2001 -, John Conover wrote: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Well two of our service providers haven't arranged reverse DNS lookups for our Internet visible subnets. Our DNS servers are ready, but they either don't want to do it or don't know how to do it. So you can't look up names from our IPs. And it's been more than a year already. So I'm biased and I'd say it's not reasonable ;). Why would you want to do that anyway? Cheerio, Link.
Re: reverse DNS?
At 10:07 AM 06-03-2001 -, John Conover wrote: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Well two of our service providers haven't arranged reverse DNS lookups for our Internet visible subnets. Our DNS servers are ready, but they either don't want to do it or don't know how to do it. So you can't look up names from our IPs. And it's been more than a year already. So I'm biased and I'd say it's not reasonable ;). Why would you want to do that anyway? Spam prevention. Have had the same problem myself. It is indeed sad that we have to jump through these hoops because a few folks insisting on emailing everyone about their inkjet refills or lower mortgage rates necessitate this. Cheerio, Link.
Re: reverse DNS?
Hi, I dont know, whether the HELO/EHLO from the MTA-Client means anything and whether it can be used for a reverse DNS lookup. However, it makes sense to do DNS lookup fr the MAIL FROM: address. This is alrady feasable by some qmail patches, including my SPAMCONTROL. Have a look at: http://www.fehcom.de/qmail_en.html cheers. eh. At 01:29 7.3.2001 -0500, Peter Cavender wrote: At 10:07 AM 06-03-2001 -, John Conover wrote: As a matter of policy, is it reasonable to reject messages that fail a reverse DNS lookup on HELO's FQDN/authentication? Well two of our service providers haven't arranged reverse DNS lookups for our Internet visible subnets. Our DNS servers are ready, but they either don't want to do it or don't know how to do it. So you can't look up names from our IPs. And it's been more than a year already. So I'm biased and I'd say it's not reasonable ;). Why would you want to do that anyway? Spam prevention. Have had the same problem myself. It is indeed sad that we have to jump through these hoops because a few folks insisting on emailing everyone about their inkjet refills or lower mortgage rates necessitate this. Cheerio, Link. +---+ | fffhh http://www.fehcom.deDr. Erwin Hoffmann | | ff hh| | ffeee ccc ooomm mm mm Wiener Weg 8 | | fff ee ee hh hh cc oo oo mmm mm mm 50858 Koeln| | ff ee eee hh hh cc oo oo mm mm mm| | ff eee hh hh cc oo oo mm mm mm Tel 0221 484 4923 | | ff hh hhccc ooomm mm mm Fax 0221 484 4924 | +---+
Re: DNS Patch Unavailable
Yesbut, then the buffer takes 64K *every* time. It's not nearly that bad in practice. Thanks to the magic of demand paging, most of that space (uninitialized .bss, recall) is never touched, never paged in or out. Making the response array that size will probably cause one extra page to be resident (it does on Solaris 7, measured with pmap -x).
how can I do with DNS ?
Hi, All, I have a mail server frame named mail.xyz.com, and I want to set up a mail system with such address [EMAIL PROTECTED], butIcanonly get [EMAIL PROTECTED], it is all right to send and receive email with it. how can I set up with @xyz.com ??? I patched DNS with qmail-103.patch, but ./config does not work , so I set ./config-fast mail.xyz.com and what nslookup feed back is like that: my domain xyz.com's IP is 111.111.111.111 and two DNS IPare 123.123.123.123 321.321.321.321 set q=MX xyz.com xyz.com preference = 20, mail exchanger = dns2.OTHER.comxyz.com preference = 10, mail exchanger = mail.xyz.comxyz.com nameserver = dns1.OTHER.com xyz.com nameserver = dns2.OTHER.comdns2.OTHER.com internet address = 123.123.123.123mail.xyz.com internet address = 111.111.111.111dns1.xyz.com internet address = 321.321.321.321
Re: DNS Patch Unavailable
Jeremy Suo-Anttila writes: all you need to do to fix the dns problem is change a setting in your dns.c source for qmail change the word "PACKETZ" to "65536" this is according to running Qmail by sams publishing. Yesbut, then the buffer takes 64K *every* time. Just to handle the 0.0001% of hosts with overlarge DNS records. Carl's patch increases the buffer size until it stops returning an error. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | "This is Unix... 521 Pleasant Valley Rd. | +1 315 268 1925 voice | Stop acting so helpless." Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | --Daniel J. Bernstein
DNS Patch Unavailable
For several days, I have attempted to download the patch that is at http://www.ckdhr.com/ckd/qmail-103.patch but the server www.ckdhr.com has not been responding at all. Is this patch available from any other locations or mirror sites? -- John Evans
Re: DNS Patch Unavailable
On Fri, Feb 23, 2001 at 07:46:06PM -0500, John Evans wrote: For several days, I have attempted to download the patch that is at http://www.ckdhr.com/ckd/qmail-103.patch but the server www.ckdhr.com has not been responding at all. Is this patch available from any other locations or mirror sites? I have a copy of it at http://flounder.net/qmail/qmail-dns-patch --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 9:02pm up 5 days, 48 min, 7 users, load average: 0.01, 0.04, 0.04
Re: DNS Patch Unavailable
all you need to do to fix the dns problem is change a setting in your dns.c source for qmail change the word "PACKETZ" to "65536" this is according to running Qmail by sams publishing. i have hacked this code a few times with 0 problems on 5 of my servers thanks Jps For several days, I have attempted to download the patch that is at http://www.ckdhr.com/ckd/qmail-103.patch but the server www.ckdhr.com has not been responding at all. Is this patch available from any other locations or mirror sites? -- John Evans
qmail and DNS
Hi all, is there an remarkable performance improvement, if the mailserver has a local DNS cache (instead of contacting a external nameserver)? Best regards, Marcus -- Sent through GMX FreeMail - http://www.gmx.net
Re: qmail and DNS
Marcus Korte [EMAIL PROTECTED] wrote: is there an remarkable performance improvement, if the mailserver has a local DNS cache (instead of contacting a external nameserver)? Potentially. If your current nameserver is not very fast and you switch to a local dnscache that's properly configured, you should see good improvement. Since dnscache is so easy to install, why not just give it a shot and see if it helps? -Dave
dns and databytes patch for ofmipd
Just in case anyone is interested... I have made a patch to support two features I sorely missed in ofmipd - DNS envelope sender checking, and databytes size limiting. I have adapted Nagy Balazs' DNS mfcheck patch to work with ofmipd, and added qmail's databytes checking mechanism. If anyone wants the patch, it can be found at http://will.harris.ch/ofmipd-dns-databytes.tar.gz regards, Will Harris __ "I was going to be a Neo-Deconstructivist, but Mom wouldn't let me..." multimedia laboratorium [EMAIL PROTECTED] institut fuer informatik(pgp id)F703D035 der universitaet zuerich(office) +41 1 635 4346 winterthurerstr. 190(fax)+41 1 635 6809 ch-8057 zuerich (mobile) +41 76 372 0913 switzerland www.ifi.unizh.ch/~harris __
Deny for DNS Mismatch
Hello, Sorry to bring this to the list, as I'm sure that instructions for this are posted *somewhere*, but I can seem to find them. We are running Qmail with tcpserver, and would like to duplicate the sendmail feature of denying connections from mail servers which do not have DNS setup correctly for them. We are not so concerned with how a server IDs itself, (HELO) just as long as forward and reverse DNS for their hostname/IP matches. The last requirement is that we want to deny these connections with an error message. Denying with tcpserver directly just causes the remote host to contact the next highest preference MX server. Can anyone point me in teh direction of some good documentation on this? My inclanation at this point is to run tcpserver with -p and have it call a program that will deny the connection if $TCPREMOTEHOST is not set. Thanks for your time. Jamin - Jamin A. Brown Systems Operations Department [EMAIL PROTECTED] * Great Works Internet * 207.286.8686 x142 RSA PGP Key: http://www.gwi.net/~jamin/pgp/jamin.asc
RE: dns question
there is a list archive for BIND/DNS at: http://www.isc.org/ml-archives/bind-users/ ALso on there you can join the list, which is a crossover to the newsgroup: comp.protocols.dns.bind (i think that is what it's called). As for the MX record. The MX record is what tells the world to send mail to the domain being resolved, which you already know. You may be able to ping it, but can you see it via nslookup (on a 'NIX machine). First, if you do a NSLOOKUP and it says "non-authoritive answer", then it's cached in your DNS and won't be able to truly test the outside availability. The best way to tell if ppl can see it is find a UNIX box, and do the following (or email me directly, and I'll look it up): nslookup set type=mx mail.xyz.com and see what it gives you. Personally, I would make sure it's in the zone file of my serving DNS machines. It's only 1-2 lines in the zone files and may save future headaches down the road. Just my $.02 worth. Izzie
Re: dns question
On Mon, Jan 08, 2001 at 05:15:25AM +, Andrew Alford wrote: Is it necessary, even if you can ping on the internet your "mail.xyz.com or smtp.xyz.com", to have your mx server listed with your registrar? That depends. If your mail addresses are of the form [EMAIL PROTECTED], you will need either the host xyz.com "pingable" and running an SMTP server, or an MX record for xyz.com pointing to mail.xyz.com. If your mail addresses are [EMAIL PROTECTED], you will be fine without MX records - if the host mail.xyz.com is running an SMTP server. If you want _real_ help, give us the _real_ domain names. -Johan -- Johan Almqvist http://www.almqvist.net/johan/qmail/ PGP signature
dns question
Is it necessary, even if you can ping on the internet your "mail.xyz.com or smtp.xyz.com", to have your mx server listed with your registrar?
Re: dns question
--- Andrew Alford [EMAIL PROTECTED] wrote: Is it necessary, even if you can ping on the internet your "mail.xyz.com or smtp.xyz.com", to have your mx server listed with your registrar? Well, your question is vague. Are you pinging from outside or inside your intranet? You haven't done a true test if you don't ping from outside your intranet. What it comes down to, does the outside see those addresses. If the outside can then it's not "necessary". On the other hand, when you register your name with ICANN, you are required to provide 2 DNS servers you can be reached from. It's typical to place MX records on a DNS server that's outside your network as well as inside your network (though outside your firewall). If you have a lot of questions about DNS, you're probably better off finding a list that specializes in it, though I suspect there's plenty of expertise on this list. === Al __ Do You Yahoo!? Yahoo! Photos - Share your holiday photos online! http://photos.yahoo.com/
Help to solve DNS
I have a bunch of my mail stuck in the queue to vickers-systems.com I am 95% sure its an error on their end, but I don't want to contact them until I am 100% sure. Can anyone help me out to solve why I cannot send mail to them? Thanks, Tim Hunter -- [EMAIL PROTECTED] SysAdmin -- CIMx http://www.cimx.com
Re: Help to solve DNS
Tim Hunter [EMAIL PROTECTED] wrote: I have a bunch of my mail stuck in the queue to vickers-systems.com I am 95% sure its an error on their end, but I don't want to contact them until I am 100% sure. Can anyone help me out to solve why I cannot send mail to them? What Do The Logs Say?(TM) Your qmail logs will say exactly why messages are not being delivered to them. Post the relevant entries from your logs, and we can help you. Charles -- --- Charles Cazabon[EMAIL PROTECTED] GPL'ed software available at: http://www.qcc.sk.ca/~charlesc/software/ Any opinions expressed are just that -- my opinions. ---
Re: Help to solve DNS
On Tue, Dec 19, 2000 at 02:07:44PM -0500, Tim Hunter wrote: I have a bunch of my mail stuck in the queue to vickers-systems.com As Charles said: look at the logs. That's what they are for. You will probably see "cannot connect" errors, as: dig mx vickers-systems.com - no MX records dig a vickers-systems.com - 206.242.77.113 telnet 206.242.77.113 smtp Trying 206.242.77.113... telnet: Unable to connect to remote host: Connection refused Their mailserver is down. \Maex -- SpaceNet AG | http://www.Space.Net/ | Stress is when you wake Research Development| mailto:[EMAIL PROTECTED] | up screaming and you Joseph-Dollinger-Bogen 14 | Tel: +49 (89) 32356-0| realize you haven't D-80807 Muenchen | Fax: +49 (89) 32356-299 | fallen asleep yet.
DNS lookup
Hello Sorry to ask this but I couldn't find an answer in LWQ or FAQs... how do I determine qmail not to perform dns lookups for incoming pop3 clients? They get huge timeouts Thanks -- Stefan Laudat http://www.pepsicola.ro/~stefan --- Two sure ways to tell a sexy male; the first is, he has a bad memory. I forgot the second.
Re: DNS lookup
Stefan Laudat [EMAIL PROTECTED] writes on 8 December 2000 at 22:12:48 +0200 Hello Sorry to ask this but I couldn't find an answer in LWQ or FAQs... how do I determine qmail not to perform dns lookups for incoming pop3 clients? They get huge timeouts If you're running qmail-popup under tcpserver, you need to use the -R (and probably -H) switches to turn off some checking that often results in delays. If you're running something else, perhaps this isn't the solution; more information on your configuration would have helped us guess what's wrong, and no doubt some people didn't venture an answer since we have to guess your configuration to speculate about what might be wrong with it. Ideally, showing us the line that runs your pop client would have let us answer in terms of exactly what you're actually running. For example, here's the run file from my service directory for pop: exec env - PATH="/var/qmail/bin:/usr/local/bin:/usr/bin" \ tcpserver -H -R 0 pop3 \ qmail-popup gw.dd-b.net \ checkvpw qmail-pop3d Maildir/ (I'm using vmailmgr, hence the checkvpw). -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
Re: Oversize DNS Patch
Russell Nelson [EMAIL PROTECTED] writes on 10 November 2000 at 16:31:26 -0500 Eric Wang writes: Do I still need the Oversize DNS Patch? No. why don't need anymore? Because AOL realized their mistake. Not even AOL can get away with DNS replies larger than 512 bytes. They've flopped back and forth a few times, though. And while they seem to be okay at the moment, I wouldn't consider this closed. I want to keep the oversize DNS patch in my system. -- David Dyer-Bennet / Welcome to the future! / [EMAIL PROTECTED] SF: http://www.dd-b.net/dd-b/ Minicon: http://www.mnstf.org/minicon/ Photos: http://dd-b.lighthunters.net/
Re: Oversize DNS Patch
On Mon, Nov 13, 2000 at 01:58:48PM -0600, David Dyer-Bennet wrote: Russell Nelson [EMAIL PROTECTED] writes on 10 November 2000 at 16:31:26 -0500 Eric Wang writes: Do I still need the Oversize DNS Patch? No. why don't need anymore? Because AOL realized their mistake. Not even AOL can get away with DNS replies larger than 512 bytes. They've flopped back and forth a few times, though. And while they seem to be okay at the moment, I wouldn't consider this closed. I want to keep the oversize DNS patch in my system. Also, AOL isn't the only one who has been doing this, there have been a few other places I've had this problem with, on-and-off. --Adam -- Adam McKenna [EMAIL PROTECTED] | "No matter how much it changes, http://flounder.net/publickey.html | technology's just a bunch of wires GPG: 17A4 11F7 5E7E C2E7 08AA| connected to a bunch of other wires." 38B0 05D0 8BF7 2C6D 110A| Joe Rogan, _NewsRadio_ 3:03pm up 156 days, 13:19, 10 users, load average: 0.09, 0.05, 0.01
Re: Oversize DNS Patch
why don't need anymore? On Wed, 8 Nov 2000 22:06:17 -0500 (EST) Russell Nelson [EMAIL PROTECTED] wrote: Mark Lo writes: Hi, Do I still need the Oversize DNS Patch? No. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | 521 Pleasant Valley Rd. | +1 315 268 1925 voice | This space for rent Potsdam, NY 13676-3213 | +1 315 268 9201 FAX |
Re: Oversize DNS Patch
Eric Wang writes: Do I still need the Oversize DNS Patch? No. why don't need anymore? Because AOL realized their mistake. Not even AOL can get away with DNS replies larger than 512 bytes. -- -russ nelson [EMAIL PROTECTED] http://russnelson.com Crynwr sells support for free software | PGPok | The best way to help the poor 521 Pleasant Valley Rd. | +1 315 268 1925 voice | is to help the rich build Potsdam, NY 13676-3213 | +1 315 268 9201 FAX | up their capital.
Oversize DNS Patch
Hi, I would like to know that Do I still need the Oversize DNS Patch from now on. Thank you so much, Mark Lo
can send but not receive??? dns mx records???
ok i'm lost!!! i've installed qmail twice now, following lwq, but i am a total newbie to linux :-( i'm running redhat 6.2, i have a static ip of 12.7.223.212 which my isp is pointing 4 domains to (they are my primary secondary name servers, but they won't host ). I can send using qmail-inject but when i try to send to [EMAIL PROTECTED] from another machine it bounces back to me??? i realize this is a dns problem but i've been trying for 2 weeks and i've run out of ideas... i tried setting resolv.conf to nameserver 127.0.0.1 nameserver blkft.com but when the machine rebooted because of a power failure it went back to my isp address??? can someone point me to any good resources for dumbies??? or give me any advice??? Thanks!!! Terry Thomas (sorry no signature!!!)