getting mail to work
I use freebsd on an older computer in my home network to run a webserver, a few web apps (bugzilla, tikiwiki), and samba. I just installed postfix via the ports collection so I can use the mail functionality of bugzilla. Bugzilla does its part correctly; I can see the message in the mailq, but all messages time out. From the postfix site, I learned about the MTU black hole issue (http://www.postfix.org/faq.html#timeouts). After spending some time messing both with my bsd machine's hostname and my home network gateway's settings (domain name and mtu size), I got nowhere. But then I read somewhere (sorry, I don't have the reference) that the handshake that goes on between my MTA and the destination machine includes a check that I'm not spoofing a domain that I don't control. Makes sense! So, I figured that I don't have an MTU problem at all, but a hostname/domain name problem. What I'm a little weak on is understanding is this... I own my_domain.com. I've paid a hoster for the last couple years, but that's ending in a week or so. Meanwhile, I've used dyndns to point foo.homedns.org to my IP. Originally, I had left the gateway's domain as the default (something based on my isp's domain), and set the bsd machine's hostname to foo.my_domain.com. But that's why mail was failing (I think) because dns was reporting that my_domain.com was not the same as my IP. Is this correct? Also, what are valid entries then for hostname then? Anything I want, as long as it's not some domain already known in the dns? Does it matter if I change my domain name on my LAN router? Finally, what I'd really like to do is just manage all this myself. I'm not providing any services to anyone but myself. (I don't have users, and don't need to receive mail.) My plan had been to pay dyndns to handle pointing to my_domain.com for me, but now I'm wondering if I can't just do that too. So, last question: does setting up dns on my bsd box mean I can propogate my IP for my_domain.com myself? Thanks in advance for help! e. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: getting mail to work
Thanks Bill, Josh and Jeffrey for answering my question. It was my ISP. (So easy, I wish I had thought of that. I somehow managed to figure out they were blocking 80 a month or so ago.) I'm still a little fuzzy on legal entries for hostname and domain. I set them to be mine, and it worked, and then for kicks, set it to google.com, and that worked too. I looked at the headers, and can see that the source can be traced back to my machine, but that still seems kind of easy to spoof. Anyway, it's not something I'm overly worried about; I'm just not clear on what I SHOULD be using for hostname and domain. Any words of wisdom appreciated. Otherwise, thanks again for the already super help! e. On 3/11/07, Jeffrey Goldberg [EMAIL PROTECTED] wrote: On Mar 11, 2007, at 8:27 PM, jekillen wrote: If you will allow me to break in on this exchange; Does this advise [don't run your own direct to MX mail server] apply if you have static ip service and are running web servers from these addresses, with the ISP's blessing? (meaning you also have at least two name servers running for the registered sites) First let's separate questions. One is dealing with your own incoming mail. The other is with sending mail out direct to MX. These two can (and often should) be separated. For the question of hosting your own MX there are positives and negatives. Here is a list off of the top of my head. It is far from complete. Positive: (1) You get to fully control your rejection/acceptance policy from the beginning. (2) You get the learn about running such a system. (3) You dramatically reduce your lock-in with an ISP (who can change their email policy or practice at any time. (4) You don't have to pay for some outside service (I use fastmail.fm) for hosting your incoming mail if you want something better than the free email service your ISP provides. Negatives: (a) You have to maintain what is really a surprisingly complex system for such a simple protocol. (b) You have to defend your system against attacks it otherwise wouldn't receive, including DoS attacks. (c) Damage of being overwhelmed (either by deliberate attack or spam blowback) may be harder to contain. (d) Your system needs to fail appropriately. For example, if you use something like LDAP to maintain username or email address information, you need to make sure that if your LDAP service fails your mail server fails in an appropriate way (say a complete shutdown) or issuing temporary (4xx) rejections instead of in an inappropriately issuing 5xx for mail that would be accepted normally. If (1) (or (2)) is really important to you, then go ahead. But probably the best way to see whether (1) really matters is to ask yourself what things you would like to do that you couldn't do unless you ran your own MX. For example, if you have strong feelings about whether DNSbls should be used prior to content filtering or as part of it. Or whether you want spam and virus rejections to occur at SMTP time or later. Whether you want SPF failures to generate immediate rejections. Whether you want to make use of sophisticated IMAP features that ISPs can't provide. If you don't have strong feelings about these sorts of questions, then I doubt that (1) applies to you. Now there is the second question about doing direct to MX for mail sending instead of going through your ISP or some third party service. Positives (i) You control queing and retry rates. (ii) For bulk mailing (mailing lists) there is an advantage of how out-going STMP session are organized. (iii) You are not as dependent on your ISP or a third party for getting your mail out, if they are slow or unreliable with mail (iv) If your ISP's mail server provide crappy bounce information and you need better information. (v) If your ISP adds junk to your mail or sends out mail in unfriendly so as to get itself on blacklists or leads to other forms of needless rejections. (vi) You get to learn about running such systems Negatives: (A) Even with a static IP address, your assigned address may look dynamic to other servers who may then reject mail coming directly from you. (B) Your ISP blocks/disallows this sort of thing (not a problem in your case) (C) The reverse DNS records for your IP need to correspond reasonably well to your domain name, otherwise lots of servers will reject mail from you. (D) You need to follow the RFCs and conventions strictly so that you don't get yourself added to blacklists (E) It is probably a little less network efficient for you to talk directly to servers all over the planet when you could just talk to your ISPs server which will be much closer to you. Here again, if (vi) is your primary reason for wanting to run your own direct to MX system, then use it just for one of your
Re: getting mail to work
Jeffrey, what you've suggested is what I've done. Thanks for the explanation! e. On 3/11/07, Jeffrey Goldberg [EMAIL PROTECTED] wrote: [mailed and posted] On Mar 11, 2007, at 10:36 PM, Ed Zwart wrote: I'm still a little fuzzy on legal entries for hostname and domain. I set them to be mine, and it worked, and then for kicks, set it to google.com, and that worked too. I looked at the headers, and can see that the source can be traced back to my machine, but that still seems kind of easy to spoof. It is extremely easy to spoof, but google has taken steps to make it easy for mail servers to detect if mail is spoofed. So if you send mail from google.com without it coming from your network, than any server making use of SPF (Sender Policy Framewokr) would immediately identify it as a spoof, and will be blocked. To learn more about this system, see http://www.openspf.org/ Anyway, it's not something I'm overly worried about; I'm just not clear on what I SHOULD be using for hostname and domain. Well, what is a hostname for the machine that is sending the mail. Since you are now going through your ISPs mailserver, it doesn't need to be a hostname that can be looked up. So something like mailout.my.dom.ain should do fine. Use your real domain for the my.dom.ain part. The more correct information you provide, the less mail from your system will look like spam. But even localhost.local would be OK (though a useful domain name would be better). Using google.com would make it look like you are up to no good. -j -- Jeffrey Goldberghttp://www.goldmark.org/jeff/ ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
searching archives broken?
Hi there, I'm new to the list, and have been trying to search the archives at http://lists.freebsd.org/pipermail/freebsd-questions/. No matter what I search for, I get no results (even one-word searches that should definitely have hits; eg, 'mail', 'hostname', etc). I want to search the archives before asking the group, but the archive is way too large to make browsing feasible. Is search broken, or am I missing something? e. ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: searching archives broken?
Thanks Randy, I use google's advanced search all the time! The trouble with limiting to freebsd.org is that it's a bigger search space than just this list's archive. I've been reading the freebsd handbook for quite some time, and have learned a lot there. But I've got a few dots left that need connecting that I think you all will be able to set me straight on very quickly. So, I'm off to start another thread on what I really came here for... (but making the archive search work would be great still!) e. On 3/10/07, Randy Pratt [EMAIL PROTECTED] wrote: On Sat, 10 Mar 2007 12:51:03 -0800 Ed Zwart [EMAIL PROTECTED] wrote: Hi there, I'm new to the list, and have been trying to search the archives at http://lists.freebsd.org/pipermail/freebsd-questions/. No matter what I search for, I get no results (even one-word searches that should definitely have hits; eg, 'mail', 'hostname', etc). I want to search the archives before asking the group, but the archive is way too large to make browsing feasible. Is search broken, or am I missing something? I use google to search the FreeBSD site. Do your google search as usual but add site:freebsd.org at the end and it limits the searches to freebsd.org. Other operators can be used for google also: http://www.google.com/intl/en/help/operators.html HTH some, Randy -- ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: searching archives broken?
Jon, where are you searching from? The link I gave in my initial question does not have the 'recent' limiter you mentioned. thanks e. On 3/10/07, Jon Wolfgang [EMAIL PROTECTED] wrote: Ed Zwart wrote: Hi there, I'm new to the list, and have been trying to search the archives at http://lists.freebsd.org/pipermail/freebsd-questions/. No matter what I search for, I get no results (even one-word searches that should definitely have hits; eg, 'mail', 'hostname', etc). I want to search the archives before asking the group, but the archive is way too large to make browsing feasible. Is search broken, or am I missing something? e. I have noticed this too. The fix I found is changing the search field from all to recent. For example, if I search for mount, and search all, nothing is displayed. However, searching for mount with recent selected, returns results. I think it has to do with how many results it finds. Hope this helps, Jon ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED] ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to [EMAIL PROTECTED]