At 7:15 PM -0700 4/26/01, Joe Wagner imposed structure on a stream of electrons, yielding: >Hi all, > the other day I was adding a domain to a backup SIMS mail >server. The DNS records for the domain's mailservers are: > domain1.com. 0S IN MX 10 mail.domain1.com. > domain1.com. 0S IN MX 20 mail2.domain1.com. > domain1.com. 0S IN MX 30 mail3.domain1.com. > > >I keep mail3 on a completely separate network located on the other >side of the country. Normally my router table for a domain's >secondary has just one line: > >domain1.com = domain1.com.smtp > >For some reason, no doubt the full moon plus a cut and paste I used >in two lines: > >domain1.com = domain1.com.smtp >*.domain1.com = *.domain1.com.smtp Do you have any other idea why you added the second line? Do you really get mail aimed at [EMAIL PROTECTED] addresses where you don't know what <foo> might be? Note that this makes mail3 a usable backup MX for any host anywhere under the domain1.com zone. If you don't control that zone absolutely (i.e. someone else runs DNS for sub.domain1.com) you are enabling stuff you might not like. >As chance and network problems would have (darn the Northpoint going >offline, PacBell DSL just isn't as stable) for a time only mail3 was >online. Today I received a helpful automated warning from a mailing >list showing a mail loop: > >Received: from mail3.domain1.com ([65.105.116.89] verified) by >mail3.domain1.com (Stalker SMTP Server 1.8b5) with ESMTP id >S.0000006564 for <[EMAIL PROTECTED]>; Sun, 15 Apr 2001 02:31:13 >-0500 >Received: from mail3.domain1.com ([65.105.116.89] verified) by >mail3.domain1.com (Stalker SMTP Server 1.8b5) with ESMTP id >S.0000006566 for <[EMAIL PROTECTED]>; Sun, 15 Apr 2001 02:31:15 >-0500 >Received: from mail3.domain1.com ([65.105.116.89] verified) by >mail3.domain1.com (Stalker SMTP Server 1.8b5) with ESMTP id >S.0000006568 for <[EMAIL PROTECTED]>; Sun, 15 Apr 2001 02:31:17 >-0500 >Received: from mail3.domain1.com ([65.105.116.89] verified) by >mail3.domain1.com (Stalker SMTP Server 1.8b5) with ESMTP id >S.0000006570 for <[EMAIL PROTECTED]>; Sun, 15 Apr 2001 02:31:19 >-0500 > >Can someone help me understand why that looped. When the outside >world couldn't find mail.domain1.com and mail2.domain1.com, it sent >messages to mail3.domain1.com. So why didn't mail3.domain1.com just >accept the email, follow the first router line and hold the messages >until mail.domain1.com came back online? Why would the second >router line have been followed at all? Presumable that is what >happened so it began routing messages to itself. The following is a guess based on empirical analysis, not on knowledge of how exactly the router works internally... It loops because DNS says that domain1.com.smtp is effectively mail3.domain1.com, if mail and mail2 are unreachable. You end up trying to deliver to what looks to SIMS internally like [EMAIL PROTECTED], which will match that second router line, which tells SIMS to do what normal DNS usage would direct for delivery. That is usually an MX record, but I'm betting not in this case, so SIMS follws the A record and gets an IP address that it probably doesn't consider itself, and tries to deliver. You can probably test this theory by turning up logging on mail3 to "all info" and taking the other boxes offline. Mail something and watch what exactly the router is doing. Stalker should probably consider addressing this as a bug, even thought it is very obscure and could be fixed by reworking your router and (if you want) MX records. If a server's one true name is foo.bar then it should trust that setting absolutely and never try to map the name to something else with the router or DNS. Assuming that your munging of the names is complete and accurate, it seems that under some circumstances SIMS will not see that its own name is local, and that is bad. -- Bill Cole [EMAIL PROTECTED] Geek seeks work! For details see: http://scconsult.com/bill/resume.html ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
