Michael D Schleif wrote:
Kory Krofft [EMAIL PROTECTED] [2003:12:26:21:47:40-0500] scribed:
snip /
using the host command, I can get the dmz host to resolve other names
and reverse lookup other ips but not it's own. I altered the
/etc/tinydns-private/root/data file to read:
=localhost:127.0.0.1
Hello Kory,
sorry I haven't read the whole thread.
But as I understand, you have a mail server in the dmz
running on a leaf box.
called DMZ_BOX
DMZ = 192.168.10.0/24
route will be 192.168.10.0/24 via 192.168.10.x
default via 192.168.10.254 ( DMZ address on LEAFBOX)
and a leaf router connected
On Friday 26 December 2003 10:15 pm, Ray Olszewski wrote:
Since most of the detail in your latest message is about how you did get
things working, I'll skip over that to the one problem that remains --
reverse lookup of on-LAN IP addresses. The tcpdump output says that the
mail server is
Kory Krofft [EMAIL PROTECTED] [2003:12:26:21:47:40-0500] scribed:
snip /
using the host command, I can get the dmz host to resolve other names
and reverse lookup other ips but not it's own. I altered the
/etc/tinydns-private/root/data file to read:
=localhost:127.0.0.1
Kory Krofft [EMAIL PROTECTED] [2003:12:27:19:01:19-0500] scribed:
Michael, Ray, Lynn,
What you are all saying makes sense. I have tried reversing the
interfaces that dnscache and tinydns bind to with no improvement. I
believe Michael is correct that I need 2 instances of tinydns but I
have
Michael, Ray, Lynn,
What you are all saying makes sense. I have tried reversing the interfaces that
dnscache and tinydns bind to with no improvement. I believe Michael is correct that I
need 2 instances of tinydns but I have no idea how to accomplish this in a lrp
environment. i would guess
SNIP
Now, from here, I can conenct to your Web home page. I can also
connect to
your SMTP server, but with a long delay:
[EMAIL PROTECTED]:~$ telnet kroffts.com 25
Trying [a.b.c.d - address deleted]...
Connected to dhcp024-210-193-152.woh.rr.com.
Escape character is '^]'.
[delay between 2 and 3
At 06:04 PM 12/26/2003 -0500, Kory Krofft wrote:
SNIP
Now, from here, I can conenct to your Web home page. I can also
connect to
your SMTP server, but with a long delay:
[...]
THis is a test of my ability to send a message from an
offsite
location to the test user on the mail server. Kory -- see
Ray,
[...]
OK. The problem here is that qmail does not know that mail to
[EMAIL PROTECTED] is mail for local delivery, so it tries to relay
it to I
can't-guess-where (can that host resolve kroffts.com?). This is, no
doubt,
a side effect of moving from kroffts.com to kroffts.dmz (or whatever
you
Since most of the detail in your latest message is about how you did get
things working, I'll skip over that to the one problem that remains --
reverse lookup of on-LAN IP addresses. The tcpdump output says that the
mail server is querying a DNS server that does not exist. Edited to
highlight
On Tue, 23 Dec 2003 22:13:34 -0600, Lynn Avants wrote:
Kory.
SNIP
It took me about 4 days to get everything setup correctly
the first
time then life got much easier. This may not be much comfort,
but you
might want to take a day off and let your mind clear. Reading all the
different docs (I
On Thu, 25 Dec 2003, Kory Krofft wrote:
I'll comment on the Shorewall configuration.
/etc/shorewall/rules
#ACTION SOURCE DESTPROTO DESTSOURCE ORIGINAL
# PORTPORT(S) DEST
#
# Accept DNS
OK. Reading through the router stuff, it looks OK. The two small errors in
the rulesets are probably inconsequential in this context.
One, this rule is unneeded --
DNATnet dmz:192.168.10.1 udp25
-- (you only need tcp for SMTP) but it is harmless.
Two, this
Michael,
I set up the /etc/tinydns-private/root/data file per your suggestion,
=localhost:127.0.0.1
.localhost:127.0.0.1:a
.1.0.0.127.in-addr.arpa:127.0.0.1:a
.kroffts.home:127.0.0.1:a
.1.168.192.in-addr.arpa:127.0.0.1:a
=markii.kroffts.home:192.168.1.254
Sorry to disagree with Lynn, but the magic words here are quite a while.
This strongly suggests to me that an earlier guess, that the observed
failures actually are DNS-based delays, is the right guess ... and that
quite a while is around 3 minutes.
What to do about it?
First, maybe your mail
Michael,
Thanks for the response. See below...
Kory Krofft [EMAIL PROTECTED] [2003:12:21:12:53:56-0500] scribed:
Snip
I now need to get Qmail up and running so I can host my own email.
I followed the qmail LEAF/LRP user's guide but I am missing
something. If I use a windows mail client to send
Ray,
See below
snipped
failures actually are DNS-based delays, is the right guess ... and
that
quite a while is around 3 minutes.
It takes about a minute and a half to get a response with telnet.
What to do about it?
First, maybe your mail server can be configured not to do reverse
Kory Krofft [EMAIL PROTECTED] [2003:12:22:20:24:44-0500] scribed:
snip /
I believe as Ray has mentioned that the major issue may be a reverse
lookup that qmail is doing which causes the timeout error on the mail
client. I am still looking into what dns settings I need to change to
fix that
Kory Krofft [EMAIL PROTECTED] [2003:12:22:20:24:44-0500] scribed:
snip /
What is in these files:
/var/qmail/control/defaultdomain
kroffts.com
/var/qmail/control/locals
kroffts.com
/var/qmail/control/rcpthosts
kroffts.com
Try watching output from the following while you attempt to
At 09:47 PM 12/22/2003 -0600, Michael D Schleif wrote:
[...]
Currently, you are *NOT* authoritative and *CANNOT* assume authority for
the kroffts.com domain:
Actually, he can ... in a limited sense. In a way that matters, DNS is just
a shared delusion, and as long as he lies about it only when
Lynn,
See below
I believe as Ray has mentioned that the major issue may be a
reverse
lookup that qmail is doing which causes the timeout error on the
mail
client. I am still looking into what dns settings I need to change
to fix
that possibility.
I was assuming that all the qmail doc I've
Michael,
cat /etc/tcp.smtp gives
127.:allow,RELAYCLIENT=
192.168.:allow,RELAYCLIENT=
Kory
On Mon, 22 Dec 2003 21:51:31 -0600, Michael D Schleif wrote:
Kory Krofft [EMAIL PROTECTED] [2003:12:22:20:24:44-0500] scribed:
snip /
What is in these files:
/var/qmail/control/defaultdomain
I understand much better now. I will try your suggestions tomorrow and report back.
So the DMZ domain should NOT match the internet domain since the name itself ti
registered at dnsexit.
I take it then that the domain on the dmz could be kroffts.dmz as well as anything
else I could choose to
Ray Olszewski [EMAIL PROTECTED] [2003:12:22:20:08:14-0800] scribed:
At 09:47 PM 12/22/2003 -0600, Michael D Schleif wrote:
[...]
Currently, you are *NOT* authoritative and *CANNOT* assume authority for
the kroffts.com domain:
Actually, he can ... in a limited sense. In a way that matters,
Kory Krofft [EMAIL PROTECTED] [2003:12:22:23:30:12-0500] scribed:
I understand much better now. I will try your suggestions tomorrow and
report back.
So the DMZ domain should NOT match the internet domain since the name
itself ti registered at dnsexit.
I take it then that the domain on the
I have successfully set up my DMZ, registered a domain, compiled a custom version of
ez-ipupdate to handle a non standard service, reconfigured weblet to act as a basic
web content server.
I now need to get Qmail up and running so I can host my own email.
I followed the qmail LEAF/LRP user's
Kory,
I haven't set up Qmail on a LEAF system, but from regular Linux distributions
I'm not sure your likely looking for the most common problems. Typically, each
user must have a directory that contains a ~/Maildir folder rather than a
global directory (one user?). POP3 is quite a bit of a PITA
Lynn,
Please forgive my lack of experience but I don't quite follow all the terms.
I have the proper Maildir set up for the admin account (lrpqmail) and it receives the
mail sent to it from the internet as proven by my ability to see the message in the
~Maildir/new directory. I believe I may
Ray,
Sorry I was not clearer about the overall config. Comments inline.
Kory -- Because (I think) your setup involves two separate LEAF
systems --
one running as a router/firewall, the other as a DMZ/Qmail server --
you
might want to be a bit clearer about which system you are reporting
each
Ray,
I was able to connect to the pop server using telnet it seemed to take quite a while
to get a response but I was able to retreive and read the test message sent to
lrpqmail.
I don't know your setup well enough to tell you what is going on in
the
Shorewall DROP log, but since it involves
On Sunday 21 December 2003 08:32 pm, Kory Krofft wrote:
Ray,
I was able to connect to the pop server using telnet it seemed to take
quite a while to get a response but I was able to retreive and read the
test message sent to lrpqmail.
Then the mail server is working correctly and you have
Kory Krofft [EMAIL PROTECTED] [2003:12:21:12:53:56-0500] scribed:
I have successfully set up my DMZ, registered a domain, compiled a
custom version of ez-ipupdate to handle a non standard service,
reconfigured weblet to act as a basic web content server.
I now need to get Qmail up and
32 matches
Mail list logo
