Sendmail on a LAN

Craig White craigwhite at azapple.com
Tue Aug 17 23:56:12 UTC 2010 

On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
> >   On 08/17/2010 02:25 PM, JD wrote:
> >>    On 08/17/2010 01:27 PM, Gordon Messmer wrote:
> >>> On 08/17/2010 09:33 AM, JD wrote:
> >>>> Re:  a.b.c.d ==>    valid.host.name
> >>>> and valid.host.name ==>    a.b.c.d
> >>>> does not seem to apply to the google smtp server I use for Thunderbird.
> >>> You did your test entirely backward.  You did a forward lookup first,
> >>> and then checked the PTR of the IP which was returned.  There is no
> >>> requirement for a PTR to match every hostname that resolves to its IP
> >>> address.
> >>>
> >>> Let's finish your test:
> >>>
> >>> $ host smtp.gmail.com
> >>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
> >>> gmail-smtp-msa.l.google.com has address 74.125.155.109
> >>>
> >>> The result of this test merely identifies an IP address.  Now, let's
> >>> test to validate that the IP returns a PTR that resolves to the same IP:
> >>>
> >>> $ host 74.125.155.109
> >>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
> >>> $ host px-in-f109.1e100.net.
> >>> px-in-f109.1e100.net has address 74.125.155.109
> >>>
> >>> Yep, totally valid.  That IP address has a PTR record, and the hostname
> >>> contained in that PTR resolves back to the same IP address.  This host
> >>> is properly configured.
> >>>> So, Thunderbird client does not seem to mind that
> >>>> reverse lookup does not match the name smtp.gmail.com
> >>> Clients rarely do.  It's the servers to which you're going to try to
> >>> deliver mail that will mind.
> >> I see! Thanks for the heads up!
> >> At any rate, I am having serious problem with an unwieldy router.
> >> I just posted a message about that.
> > 1) Make sure your ISP is not interfering with your traffic, to direct
> >      all traffic to/from your primary router static IP address.  You can
> >      call them and ask about it.  Mine was very helpful and cooperative
> >      (spiritone.com) and their rates are good compared with many I have
> >      checked.
> >
> > 2) If your ISP router allows, you might be able to set up your router
> >      as a pass-through router forwarded to a more robust FW router,
> >      or directly to your fedora box to handle the public firewall/NAT.
> >      I have a hardware firewall appliance (SonicWall), so my dumb ISP
> >      provided router is simply a pass-through router to SonicWall.
> >
> > 3) You state that you have static public IP addresse(s), but do
> >      you have a domain name?  If so, make sure at the domain
> >      name provider (DNP) website that you define your name
> >      server addresses and most DNP require at minimum, 2
> >      name servers. I set my name servers to ns1.mydomain.x1
> >      and ns2.mydomain.x2 which is handled by my own domain
> >      name servers. Just make sure you configure your name servers
> >      properly (forwarders to your ISP name servers).
> >
> >      Make sure your sendmail is also properly configured.  Since
> >      you use Thunderbird as I do, it is IMAP capable, so sendmail
> >      needs special setup to support IMAP/Mailldir (as opposed to mbox)
> >      handling and I use dovecot as my IMAP server As for the many
> >      spams that DO come through, I use sendmail for that - I get VERY
> >      MINIMAL spams - and this requires that you carefully and properly
> >      setup your sendmail configuration.
> >
> >
> > Once you get though all of this and to make it work, it is well worth it,
> > at least it is for me.
> >
> > FWIW,
> > Dan
> >
> I have done all that. Really. ISP (at&t) has unblocked port 25
> per my request. So I can indeed smtp out. But when an smtp request
> comes in to the router, the router seems to get confused as to the
> session type - and calls is an Unknown session type, and blocks
> the request. Router has no settings as to what session types are
> and what types can be blocked, and what types can be accepted.
> Session types are opaque to the user as far as configuration goes.
> There are no means to admin session types.
> What else can one expect from a thuggish isp?
----
configure your router to forward inward port 25 (TCP) to your mail
server. Shouldn't be that hard to do.

Craig


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the users mailing list