At 10:26 PM 9/15/2001 -0500, [EMAIL PROTECTED] wrote:
>On Sat, 15 Sep 2001, Stevie O wrote:
>
> > When the NYC disaster took out the route to my box, whisper.qrpff.net, I
> > asked my friend on the west coast to setup his machine,
> zlotnik.oilcan.org,
> > as a backup mx for qrpff.net. The problem: Mail kept bouncing with
> messages
> > stating that there were too many hops. zlotnik's syslog clearly indicated
> > that qmail was delivering mail to itself, which is obviously a dumb thing
> > to do. The thing was, I was fairly certain that qmail was guarded against
> > that. It wasn't until just now that I figured out the problem.
> >
> > backup mx for qrpff.net: 65.85.11.85
> > zlotnik.oilcan.org ip: 192.168.1.105
>
> ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
>
> >
> > Zlotnik's IP address is really a private one, because it's located
> behind a
> > NAT firewall. 65.85.11.85 traffic is routed to it.
>
>okay, so out onf the BBI I see...
>
>
>so? mail.illuin.org is behind a NAT firewall, but you can't tell that --
>its supposed to be transparent.
NAT is only transparent until protocols start involving IP addresses.
>you need entries in the DNS zone for qpff.net like this:
>
>
>whisper.qpff.net IN MX 10 whisper.qpff.net.
> IN MX 20 zlotnik.oilcan.org.
> IN A whatever.its.ip-address.is
Wtf is this? tinydns doesn't have anything like this.
>and add whisper.qpff.net to rcpthosts on zlotnik.oilcan.org
That's been done.
>now, we'll try to connect to whisper, discover its not there and send mail
>to oilcan. oilcal will accept it and try to forward it to whisper.
>oilcan removes itself and any higher preference MX hosts from the list of
>machine it will try to forward mail to.
zlotnik ("oilcan") doesn't remove itself from the list, because zlotnik is
192.168.1.105,
which isn't anywhere on the mx list.
--
Stevie-O
Real programmers use COPY CON PROGRAM.EXE
