Sendmail on a LAN
craigwhite at azapple.com
Tue Aug 17 23:56:12 UTC 2010
On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
> > On 08/17/2010 02:25 PM, JD wrote:
> >> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
> >>> On 08/17/2010 09:33 AM, JD wrote:
> >>>> Re: a.b.c.d ==> valid.host.name
> >>>> and valid.host.name ==> a.b.c.d
> >>>> does not seem to apply to the google smtp server I use for Thunderbird.
> >>> You did your test entirely backward. You did a forward lookup first,
> >>> and then checked the PTR of the IP which was returned. There is no
> >>> requirement for a PTR to match every hostname that resolves to its IP
> >>> address.
> >>> Let's finish your test:
> >>> $ host smtp.gmail.com
> >>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
> >>> gmail-smtp-msa.l.google.com has address 22.214.171.124
> >>> The result of this test merely identifies an IP address. Now, let's
> >>> test to validate that the IP returns a PTR that resolves to the same IP:
> >>> $ host 126.96.36.199
> >>> 188.8.131.52.in-addr.arpa domain name pointer px-in-f109.1e100.net.
> >>> $ host px-in-f109.1e100.net.
> >>> px-in-f109.1e100.net has address 184.108.40.206
> >>> Yep, totally valid. That IP address has a PTR record, and the hostname
> >>> contained in that PTR resolves back to the same IP address. This host
> >>> is properly configured.
> >>>> So, Thunderbird client does not seem to mind that
> >>>> reverse lookup does not match the name smtp.gmail.com
> >>> Clients rarely do. It's the servers to which you're going to try to
> >>> deliver mail that will mind.
> >> I see! Thanks for the heads up!
> >> At any rate, I am having serious problem with an unwieldy router.
> >> I just posted a message about that.
> > 1) Make sure your ISP is not interfering with your traffic, to direct
> > all traffic to/from your primary router static IP address. You can
> > call them and ask about it. Mine was very helpful and cooperative
> > (spiritone.com) and their rates are good compared with many I have
> > checked.
> > 2) If your ISP router allows, you might be able to set up your router
> > as a pass-through router forwarded to a more robust FW router,
> > or directly to your fedora box to handle the public firewall/NAT.
> > I have a hardware firewall appliance (SonicWall), so my dumb ISP
> > provided router is simply a pass-through router to SonicWall.
> > 3) You state that you have static public IP addresse(s), but do
> > you have a domain name? If so, make sure at the domain
> > name provider (DNP) website that you define your name
> > server addresses and most DNP require at minimum, 2
> > name servers. I set my name servers to ns1.mydomain.x1
> > and ns2.mydomain.x2 which is handled by my own domain
> > name servers. Just make sure you configure your name servers
> > properly (forwarders to your ISP name servers).
> > Make sure your sendmail is also properly configured. Since
> > you use Thunderbird as I do, it is IMAP capable, so sendmail
> > needs special setup to support IMAP/Mailldir (as opposed to mbox)
> > handling and I use dovecot as my IMAP server As for the many
> > spams that DO come through, I use sendmail for that - I get VERY
> > MINIMAL spams - and this requires that you carefully and properly
> > setup your sendmail configuration.
> > Once you get though all of this and to make it work, it is well worth it,
> > at least it is for me.
> > FWIW,
> > Dan
> I have done all that. Really. ISP (at&t) has unblocked port 25
> per my request. So I can indeed smtp out. But when an smtp request
> comes in to the router, the router seems to get confused as to the
> session type - and calls is an Unknown session type, and blocks
> the request. Router has no settings as to what session types are
> and what types can be blocked, and what types can be accepted.
> Session types are opaque to the user as far as configuration goes.
> There are no means to admin session types.
> What else can one expect from a thuggish isp?
configure your router to forward inward port 25 (TCP) to your mail
server. Shouldn't be that hard to do.
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the users