Re: Need help with configuration using DNS aliases

2016-02-12 Thread Edgar Pettijohn 
Yes it can. However, 

By default, when connecting to a remote server, smtpd(8) advertises its default 
server name. A hostname parameter may be specified to advertise the alternate 
hostname name. If the source parameter is used, the hostnames parameter may be 
specified to advertise a hostname based on the source address. Table names 
contains a mapping of IP addresses to hostnames and smtpd(8) will automatically 
select the name that matches its source address when connected to the remote 
server. The hostname and hostnames parameters are mutually exclusive.

You need separate ip's for hostname selection in relay context.

Sent from my iPhone

> On Feb 12, 2016, at 5:08 PM, Michael Burk  wrote:
> 
> After some experimentation I think I can compress this problem down to one 
> question:
> 
> Is it possible for an OpenSMTPD host to process email addressed to two 
> different host names, both of which resolve to the same address?
> 
> When I set "mailname," any mail sent to that name works fine. Mail addressed 
> to the alternate host name loops.
> 
> I thought the "virtual" keyword would be for this purpose, but I've had no 
> luck with it.
> 
> Thanks,
> 
>> On Tue, Feb 9, 2016 at 10:44 AM, Michael Burk  wrote:
>> Thanks Craig for the reply.
>> 
>> I changed the CNAME to an A record as you suggested. Sadly, it still loops 
>> when I send the email to the "alternate" name. It seems that OpenSMTPD 
>> doesn't realize that the two names are the same server.
>> 
>> I should mention that the whole reason we have an alias is that I have two 
>> servers setup as mail servers, and the alias gives us an easy way to switch 
>> hosts if one goes down (all mail is addressed to the alias). Also, I have no 
>> MX records. I don't know if I should, but Sendmail has always worked without 
>> it.
>> 
>>> On Tue, Feb 9, 2016 at 4:42 AM, Craig Skinner  
>>> wrote:
>>> Hi Michael,
>>> 
>>> On 2016-02-08 Mon 16:49 PM |, Michael Burk wrote:
>>> >
>>> > If I send a message to the server's CNAME, it goes into a loop which is
>>> > eventually detected and shut down:
>>> >
>>> 
>>> Try switching from DNS CNAMES to DNS A records:
>>> 
>>> RFC2181 has:
>>> 
>>> "10.3. MX and NS records
>>> 
>>> The domain name used as the value of a NS resource record, or part of
>>> the value of a MX resource record must not be an alias.  Not only is the
>>> specification clear on this point, but using an alias in either of these
>>> positions neither works as well as might be hoped, nor well fulfills the
>>> ambition that may have led to this approach.  This domain name must have
>>> as its value one or more address records.  Currently those will be A
>>> records, however in the future other record types giving addressing
>>> information may be acceptable.  It can also have other RRs,
>>> but never a CNAME RR. "
>>> 
>>> http://tools.ietf.org/html/rfc2181#section-10.3
>>> 
>>> --
>>> You received this mail because you are subscribed to misc@opensmtpd.org
>>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>

Re: Need help with configuration using DNS aliases

2016-02-12 Thread Michael Burk 
After some experimentation I think I can compress this problem down to one
question:

Is it possible for an OpenSMTPD host to process email addressed to two
different host names, both of which resolve to the same address?

When I set "mailname," any mail sent to that name works fine. Mail
addressed to the alternate host name loops.

I thought the "virtual" keyword would be for this purpose, but I've had no
luck with it.

Thanks,

On Tue, Feb 9, 2016 at 10:44 AM, Michael Burk  wrote:

> Thanks Craig for the reply.
>
> I changed the CNAME to an A record as you suggested. Sadly, it still loops
> when I send the email to the "alternate" name. It seems that OpenSMTPD
> doesn't realize that the two names are the same server.
>
> I should mention that the whole reason we have an alias is that I have two
> servers setup as mail servers, and the alias gives us an easy way to switch
> hosts if one goes down (all mail is addressed to the alias). Also, I have
> no MX records. I don't know if I should, but Sendmail has always worked
> without it.
>
> On Tue, Feb 9, 2016 at 4:42 AM, Craig Skinner 
> wrote:
>
>> Hi Michael,
>>
>> On 2016-02-08 Mon 16:49 PM |, Michael Burk wrote:
>> >
>> > If I send a message to the server's CNAME, it goes into a loop which is
>> > eventually detected and shut down:
>> >
>>
>> Try switching from DNS CNAMES to DNS A records:
>>
>> RFC2181 has:
>>
>> "10.3. MX and NS records
>>
>> The domain name used as the value of a NS resource record, or part of
>> the value of a MX resource record must not be an alias.  Not only is the
>> specification clear on this point, but using an alias in either of these
>> positions neither works as well as might be hoped, nor well fulfills the
>> ambition that may have led to this approach.  This domain name must have
>> as its value one or more address records.  Currently those will be A
>> records, however in the future other record types giving addressing
>> information may be acceptable.  It can also have other RRs,
>> but never a CNAME RR. "
>>
>> http://tools.ietf.org/html/rfc2181#section-10.3
>>
>> --
>> You received this mail because you are subscribed to misc@opensmtpd.org
>> To unsubscribe, send a mail to: misc+unsubscr...@opensmtpd.org
>>
>>
>

Need help with configuration using DNS aliases

2016-02-08 Thread Michael Burk 
Hello,


We have a departmental server that serves as a simple mail hub mostly to
keep track of internal mailing lists. The /etc/mail/aliases file expands
names to our corporate emails or things like mail-SMS gateways. We've used
sendmail for years, but I want to switch to OpenSMTPD.

The following configuration works fine as long as I use the server's actual
name in the destination:


listen on lo0
listen on em0

table aliases db:/etc/mail/aliases.db

pki selenium.abc.example.com certificate "/etc/ssl/selenium.pem"
pki selenium.abc.example.com key "/etc/ssl/private/selenium.key"
pki selenium.abc.example.com ca "/etc/ssl/abcchain2.pem"

accept for local alias  deliver to mbox
accept from any for any relay


Example successful session (translates my first name to my corporate email
address):

Feb  8 16:12:17 selenium smtpd[30548]: smtp-in: New session
4b0dece7604e2ab4 from host ytterbium.abc.example.com[10.1.217.70]
Feb  8 16:12:17 selenium smtpd[30548]: smtp-in: Accepted message a4d2ba61
on session 4b0dece7604e2ab4: from=, to=<
mich...@selenium.abc.example.com>, size=488, ndest=1, proto=ESMTP
Feb  8 16:12:17 selenium smtpd[30548]: smtp-in: Closing session
4b0dece7604e2ab4
Feb  8 16:12:17 selenium smtpd[30548]: smtp-out: Connecting to smtp+tls://
10.1.217.34:25 (selenium.abc.example.com) on session 4b0decea9465f088...
Feb  8 16:12:17 selenium smtpd[30548]: smtp-out: Connected on session
4b0decea9465f088
Feb  8 16:12:17 selenium smtpd[30548]: smtp-in: New session
4b0deceb7185e55e from host selenium.abc.example.com[10.1.217.34]
Feb  8 16:12:17 selenium smtpd[30548]: smtp-in: Accepted message 63dd05ac
on session 4b0deceb7185e55e: from=, to=<
mich...@selenium.abc.example.com>, size=719, ndest=1, proto=ESMTP
Feb  8 16:12:17 selenium smtpd[30548]: relay: Ok for a4d2ba611f5d69f3:
session=4b0decea9465f088, from=, to=<
mich...@selenium.abc.example.com>, rcpt=<->, source=10.1.217.34,
relay=10.1.217.34 (selenium.abc.example.com), delay=0s, stat=250 2.0.0:
63dd05ac Message accepted for delivery
Feb  8 16:12:17 selenium smtpd[30548]: smtp-out: Connecting to smtp+tls://
10.2.33.34:25 (mailhost.example.com) on session 4b0deceed4ae1a78...
Feb  8 16:12:17 selenium smtpd[30548]: smtp-out: Connected on session
4b0deceed4ae1a78
Feb  8 16:12:17 selenium smtpd[30548]: smtp-out: Started TLS on session
4b0deceed4ae1a78: version=TLSv1/SSLv3, cipher=DHE-RSA-AES256-SHA, bits=256
Feb  8 16:12:17 selenium smtpd[30548]: smtp-out: Server certificate
verification succeeded on session 4b0deceed4ae1a78
Feb  8 16:12:17 selenium smtpd[30548]: relay: Ok for 63dd05ac3126ba1f:
session=4b0deceed4ae1a78, from=, to=<
michael.b...@example.com>, rcpt=,
source=10.1.217.34, relay=10.2.33.34 (mailhost.example.com), delay=0s,
stat=250 2.0.0 Ok: queued as AC2FBCA1FE
Feb  8 16:12:27 selenium smtpd[30548]: smtp-in: Closing session
4b0deceb7185e55e
Feb  8 16:12:27 selenium smtpd[30548]: smtp-out: Closing session
4b0decea9465f088: 1 message sent.
Feb  8 16:12:27 selenium smtpd[30548]: smtp-out: Closing session
4b0deceed4ae1a78: 1 message sent.


If I send a message to the server's CNAME, it goes into a loop which is
eventually detected and shut down:

...
Feb  8 16:14:17 selenium smtpd[30548]: warn: loop detected
Feb  8 16:14:17 selenium smtpd[30548]: smtp-in: Failed command on session
4b0decf39bd54111: "DATA" => 500 5.4.6 Routing loop detected: Loop detected
Feb  8 16:14:17 selenium smtpd[30548]: relay: PermFail for
63bffc06b4c44cec: session=4b0decf2a712e432, from=<
bu...@ytterbium.abc.example.com>, to=,
rcpt=<->, source=10.1.217.34, relay=10.1.217.34 (selenium.abc.example.com),
delay=1s, stat=500 5.4.6 Routing loop detected: Loop detected
Feb  8 16:14:18 selenium smtpd[30548]: smtp-in: New session
4b0decf71e1730a5 from host selenium.abc.example.com [local]
Feb  8 16:14:18 selenium smtpd[30548]: smtp-in: Accepted message 293cbf9d
on session 4b0decf71e1730a5: from=<>, to=,
size=23050, ndest=1, proto=ESMTP
Feb  8 16:14:18 selenium smtpd[30548]: smtp-in: Closing session
4b0decf71e1730a5
Feb  8 16:14:27 selenium smtpd[30548]: smtp-in: Closing session
4b0decf39bd54111
Feb  8 16:14:27 selenium smtpd[30548]: smtp-out: Closing session
4b0decf2a712e432: 98 messages sent.
Feb  8 16:14:45 selenium smtpd[30548]: smtp-out: Error on session
4b0decf6733a5e76: IO Error: No route to host
Feb  8 16:14:45 selenium smtpd[30548]: smtp-out: Disabling route [] <->
10.1.217.70 (ytterbium.abc.example.com) for 800s
Feb  8 16:14:45 selenium smtpd[30548]: smtp-out: No valid route for
[connector:[]->[relay:ytterbium.abc.example.com],0x0]
Feb  8 16:14:51 selenium smtpd[30548]: relay: TempFail for
195cd84d2faa71d4: session=, from=<>, to=<
bu...@ytterbium.abc.example.com>, rcpt=<->, source=-, relay=
ytterbium.abc.example.com, delay=8m1s, stat=Network