Comments inside...
Charles Cazabon wrote:
>
> Judson Main <[EMAIL PROTECTED]> wrote:
> >
> > I have a firewall with qmail installed and is set up as a dumb relayer
> > for domain.com to another, internal qmail server. This is working
> > perfectly.
>
> Good.
>
> > The inside mail server, (NAT also) is host.domain.com,
> > and has this in its /var/qmail/control/locals file:
> >
> > domain.com
> > host.domain.com
> > localhost.domain.com
> >
> > However, if I try to send an e-mail to [EMAIL PROTECTED],
> > the mail server bounces it back to the firewall, which
> > bounces it back to the mail server, and etc., with the
> > mail server eventually giving up with this error:
> [...]
>
> Did you restart qmail-send after changing locals?
>
Yup.
> Show us the unedited output of qmail-showctl, and the real bounce
> message -- don't obscure your domain information.
>
Well, now, that's never a good idea in a open forum, y'know.
*Always* obscure information, else you wish to invite attacks
against your network. I realize that I'm shooting myself in
the foot a bit here when asking for help.
Any long-time subscriber to the checkpoint firewall mailinglist
would see that ips, hostnames, and network architecture is
a vanilla as the poster can make. This is just one example.
> > ...so it appears that my internal mail server doesn't know who
> > [EMAIL PROTECTED] is, which doesn't make any sense whatsoever.
>
> We can't tell if you obscure this.
same as above. My choice and loss. I understand.
>
> > rcpthosts has many entries, as essentially I use qmail on the
> > internal server as a relay (which is fine since it's behind
> > the firewall) allowing me to e-mail out to anyone I like
> > (otherwise it gives me the standard rcpthosts error - which is also
> > probably indicative of the mail server not understanding what
> > domain it's supposed to be within).
>
> Nope. This is indicative that you have failed to understand the purpose
> of the rcpthosts file. You want to enable selective relaying -- search
> the list archives.
>
Actually, I thought understood it pretty well, as I've tried really
hard to make /etc/tcp.smtp to work right.
[root@host bin]# more /etc/tcp.smtp
192.168.1.:allow,RELAYCLIENT=""
*.domain.com:allow,RELAYCLIENT=""
127.:allow,RELAYCLIENT=""
which is supposed to allow me to e-mail out, correct? Yes, it
never worked; therefore I did a hack with the rcpthosts just to
be able to send an e-mail to anything not domain.com!
> The rcpthosts file should only list domains for which you are
> responsible for mail, not domains you want to send mail to.
>
> > /etc/hosts file has:
>
> Doesn't matter. As is well documented, qmail never uses /etc/hosts.
> Ever.
Cool. Must have missed it.
>
> > My only guess is that somehow, since I'm running NAT, and that the
> > nattd IPs aren't technically part of the domain, that the mail server
> > isn't getting the right answer on the domain resolution. In sum, it's
> > a DNS problem via NAT.
>
> I think it's a much more basic configuration error.
>
I sure hope so. I've been hammering on this thing for weeks myself and
my
local guru can't figure it out either.
Thanks. The output of qmail-showtcl is below. Scrubbed, of course.
Jud.
[root@host bin]# ./qmail-showctl
qmail home directory: /var/qmail.
user-ext delimiter: -.
paternalism (in decimal): 2.
silent concurrency limit: 120.
subdirectory split: 23.
user ids: 500, 501, 502, 0, 503, 504, 505, 506.
group ids: 500, 501.
badmailfrom: (Default.) Any MAIL FROM is allowed.
bouncefrom: (Default.) Bounce user name is MAILER-DAEMON.
bouncehost: (Default.) Bounce host name is host.domain.com.
concurrencylocal: (Default.) Local concurrency is 10.
concurrencyremote: (Default.) Remote concurrency is 20.
databytes: (Default.) SMTP DATA limit is 0 bytes.
defaultdomain: Default domain name is domain.com.
defaulthost: (Default.) Default host name is host.domain.com.
doublebouncehost: (Default.) 2B recipient host: host.domain.com.
doublebounceto: (Default.) 2B recipient user: postmaster.
envnoathost: (Default.) Presumed domain name is host.domain.com.
helohost: (Default.) SMTP client HELO host name is host.domain.com.
idhost: (Default.) Message-ID host name is host.domain.com.
localiphost: (Default.) Local IP address becomes host.domain.com.
locals:
Messages for domain.com are delivered locally.
Messages for localhost.domain.com are delivered locally.
Messages for host.domain.com are delivered locally.
me: My name is host.domain.com.
percenthack: (Default.) The percent hack is not allowed.
plusdomain: Plus domain name is domain.com.
qmqpservers: (Default.) No QMQP servers.
queuelifetime: (Default.) Message lifetime in the queue is 604800
seconds.
rcpthosts:
SMTP clients may send messages to recipients at localhost.domain.com.
SMTP clients may send messages to recipients at hostname.domain.com.
SMTP clients may send messages to recipients at .domain.com.
(and etc. as there's quite a few entries as a result of my hack)
morercpthosts: (Default.) No effect.
morercpthosts.cdb: (Default.) No effect.
smtpgreeting: (Default.) SMTP greeting: 220 host.domain.com.
smtproutes: (Default.) No artificial SMTP routes.
timeoutconnect: (Default.) SMTP client connection timeout is 60 seconds.
timeoutremote: (Default.) SMTP client data timeout is 1200 seconds.
timeoutsmtpd: (Default.) SMTP server data timeout is 1200 seconds.
virtualdomains: (Default.) No virtual domains.
concurrencyincoming: I have no idea what this file does.
[root@host bin]#
