Re: Need help with configuration using DNS aliases
Yes it can. However, By default, when connecting to a remote server, smtpd(8) advertises its default server name. A hostname parameter may be specified to advertise the alternate hostname name. If the source parameter is used, the hostnames parameter may be specified to advertise a hostname based on the source address. Table names contains a mapping of IP addresses to hostnames and smtpd(8) will automatically select the name that matches its source address when connected to the remote server. The hostname and hostnames parameters are mutually exclusive. You need separate ip's for hostname selection in relay context. Sent from my iPhone > On Feb 12, 2016, at 5:08 PM, Michael Burk wrote: > > After some experimentation I think I can compress this problem down to one > question: > > Is it possible for an OpenSMTPD host to process email addressed to two > different host names, both of which resolve to the same address? > > When I set "mailname," any mail sent to that name works fine. Mail addressed > to the alternate host name loops. > > I thought the "virtual" keyword would be for this purpose, but I've had no > luck with it. > > Thanks, > >> On Tue, Feb 9, 2016 at 10:44 AM, Michael Burk wrote: >> Thanks Craig for the reply. >> >> I changed the CNAME to an A record as you suggested. Sadly, it still loops >> when I send the email to the "alternate" name. It seems that OpenSMTPD >> doesn't realize that the two names are the same server. >> >> I should mention that the whole reason we have an alias is that I have two >> servers setup as mail servers, and the alias gives us an easy way to switch >> hosts if one goes down (all mail is addressed to the alias). Also, I have no >> MX records. I don't know if I should, but Sendmail has always worked without >> it. >> >>> On Tue, Feb 9, 2016 at 4:42 AM, Craig Skinner >>> wrote: >>> Hi Michael, >>> >>> On 2016-02-08 Mon 16:49 PM |, Michael Burk wrote: >>> > >>> > If I send a message to the server's CNAME, it goes into a loop which is >>> > eventually detected and shut down: >>> > >>> >>> Try switching from DNS CNAMES to DNS A records: >>> >>> RFC2181 has: >>> >>> "10.3. MX and NS records >>> >>> The domain name used as the value of a NS resource record, or part of >>> the value of a MX resource record must not be an alias. Not only is the >>> specification clear on this point, but using an alias in either of these >>> positions neither works as well as might be hoped, nor well fulfills the >>> ambition that may have led to this approach. This domain name must have >>> as its value one or more address records. Currently those will be A >>> records, however in the future other record types giving addressing >>> information may be acceptable. It can also have other RRs, >>> but never a CNAME RR. " >>> >>> http://tools.ietf.org/html/rfc2181#section-10.3 >>> >>> -- >>> You received this mail because you are subscribed to misc@opensmtpd.org >>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >
Re: Need help with configuration using DNS aliases
After some experimentation I think I can compress this problem down to one question: Is it possible for an OpenSMTPD host to process email addressed to two different host names, both of which resolve to the same address? When I set "mailname," any mail sent to that name works fine. Mail addressed to the alternate host name loops. I thought the "virtual" keyword would be for this purpose, but I've had no luck with it. Thanks, On Tue, Feb 9, 2016 at 10:44 AM, Michael Burk wrote: > Thanks Craig for the reply. > > I changed the CNAME to an A record as you suggested. Sadly, it still loops > when I send the email to the "alternate" name. It seems that OpenSMTPD > doesn't realize that the two names are the same server. > > I should mention that the whole reason we have an alias is that I have two > servers setup as mail servers, and the alias gives us an easy way to switch > hosts if one goes down (all mail is addressed to the alias). Also, I have > no MX records. I don't know if I should, but Sendmail has always worked > without it. > > On Tue, Feb 9, 2016 at 4:42 AM, Craig Skinner > wrote: > >> Hi Michael, >> >> On 2016-02-08 Mon 16:49 PM |, Michael Burk wrote: >> > >> > If I send a message to the server's CNAME, it goes into a loop which is >> > eventually detected and shut down: >> > >> >> Try switching from DNS CNAMES to DNS A records: >> >> RFC2181 has: >> >> "10.3. MX and NS records >> >> The domain name used as the value of a NS resource record, or part of >> the value of a MX resource record must not be an alias. Not only is the >> specification clear on this point, but using an alias in either of these >> positions neither works as well as might be hoped, nor well fulfills the >> ambition that may have led to this approach. This domain name must have >> as its value one or more address records. Currently those will be A >> records, however in the future other record types giving addressing >> information may be acceptable. It can also have other RRs, >> but never a CNAME RR. " >> >> http://tools.ietf.org/html/rfc2181#section-10.3 >> >> -- >> You received this mail because you are subscribed to misc@opensmtpd.org >> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org >> >> >
Re: Need help with configuration using DNS aliases
Thanks Craig for the reply. I changed the CNAME to an A record as you suggested. Sadly, it still loops when I send the email to the "alternate" name. It seems that OpenSMTPD doesn't realize that the two names are the same server. I should mention that the whole reason we have an alias is that I have two servers setup as mail servers, and the alias gives us an easy way to switch hosts if one goes down (all mail is addressed to the alias). Also, I have no MX records. I don't know if I should, but Sendmail has always worked without it. On Tue, Feb 9, 2016 at 4:42 AM, Craig Skinner wrote: > Hi Michael, > > On 2016-02-08 Mon 16:49 PM |, Michael Burk wrote: > > > > If I send a message to the server's CNAME, it goes into a loop which is > > eventually detected and shut down: > > > > Try switching from DNS CNAMES to DNS A records: > > RFC2181 has: > > "10.3. MX and NS records > > The domain name used as the value of a NS resource record, or part of > the value of a MX resource record must not be an alias. Not only is the > specification clear on this point, but using an alias in either of these > positions neither works as well as might be hoped, nor well fulfills the > ambition that may have led to this approach. This domain name must have > as its value one or more address records. Currently those will be A > records, however in the future other record types giving addressing > information may be acceptable. It can also have other RRs, > but never a CNAME RR. " > > http://tools.ietf.org/html/rfc2181#section-10.3 > > -- > You received this mail because you are subscribed to misc@opensmtpd.org > To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org > >
Re: Need help with configuration using DNS aliases
Hi Michael, On 2016-02-08 Mon 16:49 PM |, Michael Burk wrote: > > If I send a message to the server's CNAME, it goes into a loop which is > eventually detected and shut down: > Try switching from DNS CNAMES to DNS A records: RFC2181 has: "10.3. MX and NS records The domain name used as the value of a NS resource record, or part of the value of a MX resource record must not be an alias. Not only is the specification clear on this point, but using an alias in either of these positions neither works as well as might be hoped, nor well fulfills the ambition that may have led to this approach. This domain name must have as its value one or more address records. Currently those will be A records, however in the future other record types giving addressing information may be acceptable. It can also have other RRs, but never a CNAME RR. " http://tools.ietf.org/html/rfc2181#section-10.3 -- You received this mail because you are subscribed to misc@opensmtpd.org To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
Need help with configuration using DNS aliases
Hello, We have a departmental server that serves as a simple mail hub mostly to keep track of internal mailing lists. The /etc/mail/aliases file expands names to our corporate emails or things like mail-SMS gateways. We've used sendmail for years, but I want to switch to OpenSMTPD. The following configuration works fine as long as I use the server's actual name in the destination: listen on lo0 listen on em0 table aliases db:/etc/mail/aliases.db pki selenium.abc.example.com certificate "/etc/ssl/selenium.pem" pki selenium.abc.example.com key "/etc/ssl/private/selenium.key" pki selenium.abc.example.com ca "/etc/ssl/abcchain2.pem" accept for local alias deliver to mbox accept from any for any relay Example successful session (translates my first name to my corporate email address): Feb 8 16:12:17 selenium smtpd[30548]: smtp-in: New session 4b0dece7604e2ab4 from host ytterbium.abc.example.com[10.1.217.70] Feb 8 16:12:17 selenium smtpd[30548]: smtp-in: Accepted message a4d2ba61 on session 4b0dece7604e2ab4: from=, to=< mich...@selenium.abc.example.com>, size=488, ndest=1, proto=ESMTP Feb 8 16:12:17 selenium smtpd[30548]: smtp-in: Closing session 4b0dece7604e2ab4 Feb 8 16:12:17 selenium smtpd[30548]: smtp-out: Connecting to smtp+tls:// 10.1.217.34:25 (selenium.abc.example.com) on session 4b0decea9465f088... Feb 8 16:12:17 selenium smtpd[30548]: smtp-out: Connected on session 4b0decea9465f088 Feb 8 16:12:17 selenium smtpd[30548]: smtp-in: New session 4b0deceb7185e55e from host selenium.abc.example.com[10.1.217.34] Feb 8 16:12:17 selenium smtpd[30548]: smtp-in: Accepted message 63dd05ac on session 4b0deceb7185e55e: from=, to=< mich...@selenium.abc.example.com>, size=719, ndest=1, proto=ESMTP Feb 8 16:12:17 selenium smtpd[30548]: relay: Ok for a4d2ba611f5d69f3: session=4b0decea9465f088, from=, to=< mich...@selenium.abc.example.com>, rcpt=<->, source=10.1.217.34, relay=10.1.217.34 (selenium.abc.example.com), delay=0s, stat=250 2.0.0: 63dd05ac Message accepted for delivery Feb 8 16:12:17 selenium smtpd[30548]: smtp-out: Connecting to smtp+tls:// 10.2.33.34:25 (mailhost.example.com) on session 4b0deceed4ae1a78... Feb 8 16:12:17 selenium smtpd[30548]: smtp-out: Connected on session 4b0deceed4ae1a78 Feb 8 16:12:17 selenium smtpd[30548]: smtp-out: Started TLS on session 4b0deceed4ae1a78: version=TLSv1/SSLv3, cipher=DHE-RSA-AES256-SHA, bits=256 Feb 8 16:12:17 selenium smtpd[30548]: smtp-out: Server certificate verification succeeded on session 4b0deceed4ae1a78 Feb 8 16:12:17 selenium smtpd[30548]: relay: Ok for 63dd05ac3126ba1f: session=4b0deceed4ae1a78, from=, to=< michael.b...@example.com>, rcpt=, source=10.1.217.34, relay=10.2.33.34 (mailhost.example.com), delay=0s, stat=250 2.0.0 Ok: queued as AC2FBCA1FE Feb 8 16:12:27 selenium smtpd[30548]: smtp-in: Closing session 4b0deceb7185e55e Feb 8 16:12:27 selenium smtpd[30548]: smtp-out: Closing session 4b0decea9465f088: 1 message sent. Feb 8 16:12:27 selenium smtpd[30548]: smtp-out: Closing session 4b0deceed4ae1a78: 1 message sent. If I send a message to the server's CNAME, it goes into a loop which is eventually detected and shut down: ... Feb 8 16:14:17 selenium smtpd[30548]: warn: loop detected Feb 8 16:14:17 selenium smtpd[30548]: smtp-in: Failed command on session 4b0decf39bd54111: "DATA" => 500 5.4.6 Routing loop detected: Loop detected Feb 8 16:14:17 selenium smtpd[30548]: relay: PermFail for 63bffc06b4c44cec: session=4b0decf2a712e432, from=< bu...@ytterbium.abc.example.com>, to=, rcpt=<->, source=10.1.217.34, relay=10.1.217.34 (selenium.abc.example.com), delay=1s, stat=500 5.4.6 Routing loop detected: Loop detected Feb 8 16:14:18 selenium smtpd[30548]: smtp-in: New session 4b0decf71e1730a5 from host selenium.abc.example.com [local] Feb 8 16:14:18 selenium smtpd[30548]: smtp-in: Accepted message 293cbf9d on session 4b0decf71e1730a5: from=<>, to=, size=23050, ndest=1, proto=ESMTP Feb 8 16:14:18 selenium smtpd[30548]: smtp-in: Closing session 4b0decf71e1730a5 Feb 8 16:14:27 selenium smtpd[30548]: smtp-in: Closing session 4b0decf39bd54111 Feb 8 16:14:27 selenium smtpd[30548]: smtp-out: Closing session 4b0decf2a712e432: 98 messages sent. Feb 8 16:14:45 selenium smtpd[30548]: smtp-out: Error on session 4b0decf6733a5e76: IO Error: No route to host Feb 8 16:14:45 selenium smtpd[30548]: smtp-out: Disabling route [] <-> 10.1.217.70 (ytterbium.abc.example.com) for 800s Feb 8 16:14:45 selenium smtpd[30548]: smtp-out: No valid route for [connector:[]->[relay:ytterbium.abc.example.com],0x0] Feb 8 16:14:51 selenium smtpd[30548]: relay: TempFail for 195cd84d2faa71d4: session=, from=<>, to=< bu...@ytterbium.abc.example.com>, rcpt=<->, source=-, relay= ytterbium.abc.example.com, delay=8m1s, stat=Network error on destination MXs Feb 8 16:14:51 selenium smtpd[30548]: relay: TempFail for 293cbf9db63406a8: session=, from=<>, to=< bu...@ytterbium.abc.example.com>, rcpt=<->, source=-, relay= ytterbium.abc.example.co