On Sat, 15 Sep 2001, Stevie O wrote:
> When the NYC disaster took out the route to my box, whisper.qrpff.net, I
> asked my friend on the west coast to setup his machine, zlotnik.oilcan.org,
> as a backup mx for qrpff.net. The problem: Mail kept bouncing with messages
> stating that there were too many hops. zlotnik's syslog clearly indicated
> that qmail was delivering mail to itself, which is obviously a dumb thing
> to do. The thing was, I was fairly certain that qmail was guarded against
> that. It wasn't until just now that I figured out the problem.
>
> backup mx for qrpff.net: 65.85.11.85
> zlotnik.oilcan.org ip: 192.168.1.105
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> Zlotnik's IP address is really a private one, because it's located behind a
> NAT firewall. 65.85.11.85 traffic is routed to it.
okay, so out onf the BBI I see...
so? mail.illuin.org is behind a NAT firewall, but you can't tell that --
its supposed to be transparent.
you need entries in the DNS zone for qpff.net like this:
whisper.qpff.net IN MX 10 whisper.qpff.net.
IN MX 20 zlotnik.oilcan.org.
IN A whatever.its.ip-address.is
and add whisper.qpff.net to rcpthosts on zlotnik.oilcan.org
now, we'll try to connect to whisper, discover its not there and send mail
to oilcan. oilcal will accept it and try to forward it to whisper.
oilcan removes itself and any higher preference MX hosts from the list of
machine it will try to forward mail to.
it won't try to deliver locally because whisper isn't in its locals.
note the complete lack of IP addresses on the MX lines: that is a BAD
IDEA.
now, split DNS is a different matter and needs to be discussed elsewhere,
since that allows you to get
answer: illuin.org 86400 MX 12801 illuin.illuin.org
additional: illuin.illuin.org 86400 A 216.30.73.135
and me to get
answer: illuin.org 86400 MX 12801 illuin.illuin.org.
additional: illuin.illuin.org 86400 A 192.168.0.135
RjL
==================================================================
You know that. I know that. But when || Austin, Texas
you talk to a monkey you have to || Email: [EMAIL PROTECTED]
grunt and wave your arms -ck ||
