Re: Sendmail on a LAN

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2010-08-17 at 17:10 -0700, JD wrote:
> On 08/17/2010 04:56 PM, Craig White wrote:
> > On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
> >> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
> >>>    On 08/17/2010 02:25 PM, JD wrote:
> >>>>     On 08/17/2010 01:27 PM, Gordon Messmer wrote:
> >>>>> On 08/17/2010 09:33 AM, JD wrote:
> >>>>>> Re:  a.b.c.d ==>     valid.host.name
> >>>>>> and valid.host.name ==>     a.b.c.d
> >>>>>> does not seem to apply to the google smtp server I use for Thunderbird.
> >>>>> You did your test entirely backward.  You did a forward lookup first,
> >>>>> and then checked the PTR of the IP which was returned.  There is no
> >>>>> requirement for a PTR to match every hostname that resolves to its IP
> >>>>> address.
> >>>>>
> >>>>> Let's finish your test:
> >>>>>
> >>>>> $ host smtp.gmail.com
> >>>>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
> >>>>> gmail-smtp-msa.l.google.com has address 74.125.155.109
> >>>>>
> >>>>> The result of this test merely identifies an IP address.  Now, let's
> >>>>> test to validate that the IP returns a PTR that resolves to the same IP:
> >>>>>
> >>>>> $ host 74.125.155.109
> >>>>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
> >>>>> $ host px-in-f109.1e100.net.
> >>>>> px-in-f109.1e100.net has address 74.125.155.109
> >>>>>
> >>>>> Yep, totally valid.  That IP address has a PTR record, and the hostname
> >>>>> contained in that PTR resolves back to the same IP address.  This host
> >>>>> is properly configured.
> >>>>>> So, Thunderbird client does not seem to mind that
> >>>>>> reverse lookup does not match the name smtp.gmail.com
> >>>>> Clients rarely do.  It's the servers to which you're going to try to
> >>>>> deliver mail that will mind.
> >>>> I see! Thanks for the heads up!
> >>>> At any rate, I am having serious problem with an unwieldy router.
> >>>> I just posted a message about that.
> >>> 1) Make sure your ISP is not interfering with your traffic, to direct
> >>>       all traffic to/from your primary router static IP address.  You can
> >>>       call them and ask about it.  Mine was very helpful and cooperative
> >>>       (spiritone.com) and their rates are good compared with many I have
> >>>       checked.
> >>>
> >>> 2) If your ISP router allows, you might be able to set up your router
> >>>       as a pass-through router forwarded to a more robust FW router,
> >>>       or directly to your fedora box to handle the public firewall/NAT.
> >>>       I have a hardware firewall appliance (SonicWall), so my dumb ISP
> >>>       provided router is simply a pass-through router to SonicWall.
> >>>
> >>> 3) You state that you have static public IP addresse(s), but do
> >>>       you have a domain name?  If so, make sure at the domain
> >>>       name provider (DNP) website that you define your name
> >>>       server addresses and most DNP require at minimum, 2
> >>>       name servers. I set my name servers to ns1.mydomain.x1
> >>>       and ns2.mydomain.x2 which is handled by my own domain
> >>>       name servers. Just make sure you configure your name servers
> >>>       properly (forwarders to your ISP name servers).
> >>>
> >>>       Make sure your sendmail is also properly configured.  Since
> >>>       you use Thunderbird as I do, it is IMAP capable, so sendmail
> >>>       needs special setup to support IMAP/Mailldir (as opposed to mbox)
> >>>       handling and I use dovecot as my IMAP server As for the many
> >>>       spams that DO come through, I use sendmail for that - I get VERY
> >>>       MINIMAL spams - and this requires that you carefully and properly
> >>>       setup your sendmail configuration.
> >>>
> >>>
> >>> Once you get though all of this and to make it work, it is well worth it,
> >>> at least it is for me.
> >>>
> >>> FWIW,
> >>> Dan
> >>>
> >> I have done all that. Really. ISP (at&t) has unblocked port 25
> >> per my request. So I can indeed smtp out. But when an smtp request
> >> comes in to the router, the router seems to get confused as to the
> >> session type - and calls is an Unknown session type, and blocks
> >> the request. Router has no settings as to what session types are
> >> and what types can be blocked, and what types can be accepted.
> >> Session types are opaque to the user as far as configuration goes.
> >> There are no means to admin session types.
> >> What else can one expect from a thuggish isp?
> > ----
> > configure your router to forward inward port 25 (TCP) to your mail
> > server. Shouldn't be that hard to do.
> >
> > Craig
> >
> >
> I have done more than that.
> For all incoming requests (ports 1-65535) are forwarded to my fedora 
> machine,
> for both tcp and udp.
> 
> Problem seems to be the firmware of the router (made by 2wire for at&t).
> it is absulutely the most horible router firmware I have ever used.
> 
> here's an example of it's brain dead operation:
> 
> src=74.125.83.47 dst=76.218.80.172 ipprot=6 sport=49645 dport=25 Unknown 
> inbound session stopped
> 
> And yet, it is confugured to ACCEPT smtp packets.
> 
> It makes the lame excuse it does not know the inbound session?
> 
> What a bunch of unmentionable stuff!!
----
I have found the 2-wire modem/routers rather helpfully painful too but
they will do what you want to do. You don't want to forward the whole
packet range - if you want to do that, you would want to set it up as a
DMZ host and that would take more than 1 public ip address. In addition,
then you have to completely worry about security on the Linux box,
something that not everyone is up to.

You should just start over and forward only the ports you want to your
internal system - i.e. port 25. The 2-wire should NOT accept smtp
packets, that is what the port forwarding is supposed to do.

There should be vast amounts of support pages for your particular 2-wire
modem/router.

I see someone flailing.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux