Okay, so, per my last thread, Courier on FreeBSD seems to have trouble
doing ident to local IPs. Remote IPs are fine.
I've got a box with about 12 VIPs on it. esmptd(8) binds to one via
LISTEN=. The same IP seems to be honored for outbound ESMTP mail
deliveries (fine) as the source address. Great.
Here's a tcpdump of an SMTP request from a foriegn client in a remote
network:
Feb 28 13:13:03 ravage courieresmtpd: started,ip=[192.168.97.132]
13:13:03.012051 IP 192.168.96.54.56303 > 192.168.97.132.113: S
2391570017:2391570017(0) win 65535 <mss 1460,nop,wscal,nop,nop,timestamp
59887511 0,sackOK,eol> 13:13:03.013475 IP 192.168.97.132.113 >
192.168.96.54.56303: R 879099511:879099511(0) ack 2391570018 win 0
Simple SYN + RST = No Ident
Now here's a tcpdump of an SMTP request sourced from the *PRIMARY* IP fo
the box to the SERVICE VIRTUAL IP of Courier on the box:
13:13:56.784005 IP 192.168.96.54.50709 > 192.168.96.54.113: S
3116745398:3116745398(0) win 65535 <mss 1460,nop,wscale
1,nop,nop,timestamp 59941284 0,sackOK,eol> 13:13:56.784024 IP
192.168.96.54.113 > 192.168.96.54.50709: R 0:0(0) ack 3116745399 win 0
Exact same thing, SYN + RST.
Now here's a TCPDUMP if a source a Telnet to the serivce IP from the
Service IP.
13:20:24.979931 IP 192.168.96.54.57576 > 192.168.96.54.113: S
1596352757:1596352757(0) win 65535 <mss 1460,nop,wscale
1,nop,nop,timestamp 60329485 0,sackOK,eol>
13:20:24.979951 IP 192.168.96.54.113 > 192.168.96.54.57576: R 0:0(0) ack
1596352758 win 0
All the same. Yet when I open the socket from a local IP, I get an
immediate socket open, socket close, no errors to the logs, no indication
that esmtpd(8) is even being spawned by couriertcpd(8):
# telnet -s 192.168.96.54 192.168.96.54 25
Trying 192.168.96.54...
Connected to relay.blah.blah.com
Escape character is '^]'.
Connection closed by foreign host.
The problem is only resolved by setting:
TCPDOPTS="-stderrlogger=/usr/local/sbin/courierlogger -noidentlookup"
Note:
Setting -nodnslookup *DOES NOT* solve the issue.
However this is all irrelevant. The problem here is that couriertcpd(8)
is disqualifying the TCP connection and not passing it to esmptd(8) on
some condition related to the presence or lack of presence of
"-noidentlookup".
However, it is failing to indicate the stipulations behind it's decision
making and failing to log it. That makes sense since courierlogger(8)
isn't spawned until esmptd(8) is spawned, as courierlogger(8) as they are
both spawned as child procs of couriertcpd(8), courierlogger(8) recieving
the stderr(4) of esmptd(8) via a pipe?
Correct? So how can one enable couriertcpd(8) debugging?
So we essentially whave a chicken-and-egg scenario where we can't debug
couriertcpd(8) because there's no logging or debugging mechanism for
couriertcpd(8).
The way I see it with FreeBSD, /usr/local/etc/rc.d/courier.sh calls
"/usr/local/sbin/esmptd start".
Howevever:
# file /usr/local/sbin/esmtpd
/usr/local/sbin/esmtpd: symbolic link to `/usr/local/share/courier/esmtpd'
And /usr/local/share/courier/esmtpd calls:
===
echo "ulimit -d $ULIMIT"
echo ${sbindir}/couriertcpd $TCPDOPTS $PORT \
${sbindir}/courieresmtpd'>/dev/null 2>&1 </dev/null'
With:
TCPDOPTS="$TCPDOPTS -user=$MAILUSER -group=$MAILGROUP $ADDRESS $BLACKLISTS
$ACCESSFILE -maxprocs=$MAXDAEMONS -maxperc
=$MAXPERC -maxperip=$MAXPERIP -pid=$PIDFILE"
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
courier-users mailing list
[email protected]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
