FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-17-2010, 07:53 PM
Chris Adams
 
Default Sendmail on a LAN

Once upon a time, JD <jd1008@gmail.com> said:
> Well, that would require that sendmail would have to listen
> on that alternate port. How is that accomplished?

Change DaemonPortOptions.

If you are using the .mc (recommended) way of configuring sendmail, do
something like:

dnl for local connections
DAEMON_OPTIONS(`Port=smtp, Name=MTA')
dnl for outside connections redirected
DAEMON_OPTIONS(`Port=1234, Name=EMTA')

If your system has multiple IPs (e.g. a router with outside and inside
interfaces), you could restrict which IP and port combos are used (if
you do this, you usually want to listen on localhost as well):

dnl for local connections
DAEMON_OPTIONS(`Port=smtp, Address=192.168.1.1, Name=MTA')
DAEMON_OPTIONS(`Port=smtp, Address=127.0.0.1, Name=LMTA')
dnl for outside connections redirected
DAEMON_OPTIONS(`Port=1234, Address=10.1.1.1, Name=EMTA')

--
Chris Adams <cmadams@hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 08:13 PM
fred smith
 
Default Sendmail on a LAN

On Tue, Aug 17, 2010 at 11:26:11AM -0700, JD wrote:
> On 08/17/2010 11:12 AM, fred smith wrote:
> > On Tue, Aug 17, 2010 at 10:09:55AM -0700, JD wrote:
> >> On 08/17/2010 09:36 AM, Tim wrote:
> >>> On Mon, 2010-08-16 at 15:24 -0400, Gregory Woodbury wrote:
> >>>> Get a dyndns.com name for your router public ip address and set up at
> >>>> dyndns to get mail delivered to that name.
> >>> Of course, if your IP changes, then mail is going to get screwed up
> >>> during the time it takes for next delivery attempt to go to your new IP
> >>> address, instead of the old one.
> >>>
> >>> Dyndns, and other such things, are useful for giving yourself a hostname
> >>> that you can control, to a static IP. But aren't going to be much good
> >>> if you have a dynamic IP. Private webserving's easy enough with a
> >>> varying IP, mail serving's another matter.
> >>>
> >>>
> >> My router's public IP address is static. So that is not a problem.
> >> But per other replies on this list, it sounds like
> >> a complicated puzzle to solve.
> >> I have a dyndns name. and it maps onto my router's static IP
> >> address. But I think at&t is blocking port 25.
> >> I will have to talk to them and see if they will open it up.
> >> I really need a tutorial on how I can accomplish this when
> >> my sendmail machine is on a LAN.
> > some years ago, one of those dynamic dns providers (it might have been
> > dyndns--I can't really remember with any certainty) offered a non-free
> > service where they would reroute smtp traffic for your domain to some
> > port other than 25, so you could put your sendmail (or whatever) on some
> > non-standard port, the whole point being to foil the gestapo-like rules
> > of some ISPs
> Well, that would require that sendmail would have to listen
> on that alternate port. How is that accomplished?

In my case, I'd port-forward (on my dd-wrt router) that alternate port
to port 25 on the system actually hosting sendmail. I imagine most of
you would have a router/firewall of some sort between your internal
servers and the wild-n-wooly internet.

but if not, there's bound to be a sendmail.mc rule tochange ports.
i've just not looked it up.


--
---- Fred Smith -- fredex@fcshome.stoneham.ma.us -----------------------------
The Lord detests the way of the wicked
but he loves those who pursue righteousness.
----------------------------- Proverbs 15:9 (niv) -----------------------------
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 08:27 PM
Gordon Messmer
 
Default Sendmail on a LAN

On 08/17/2010 09:33 AM, JD wrote:
> Re: a.b.c.d ==> valid.host.name
> and valid.host.name ==> a.b.c.d
> does not seem to apply to the google smtp server I use for Thunderbird.

You did your test entirely backward. You did a forward lookup first,
and then checked the PTR of the IP which was returned. There is no
requirement for a PTR to match every hostname that resolves to its IP
address.

Let's finish your test:

$ host smtp.gmail.com
smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
gmail-smtp-msa.l.google.com has address 74.125.155.109

The result of this test merely identifies an IP address. Now, let's
test to validate that the IP returns a PTR that resolves to the same IP:

$ host 74.125.155.109
109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
$ host px-in-f109.1e100.net.
px-in-f109.1e100.net has address 74.125.155.109

Yep, totally valid. That IP address has a PTR record, and the hostname
contained in that PTR resolves back to the same IP address. This host
is properly configured.

> So, Thunderbird client does not seem to mind that
> reverse lookup does not match the name smtp.gmail.com

Clients rarely do. It's the servers to which you're going to try to
deliver mail that will mind.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 08:29 PM
Gordon Messmer
 
Default Sendmail on a LAN

On 08/17/2010 11:26 AM, JD wrote:
> Well, that would require that sendmail would have to listen
> on that alternate port. How is that accomplished?

That's probably a step you don't need to take. You just need your
router to forward a port other than 25 to your sendmail server's port
25. The ports you forward probably don't need to match (unless that's
an odd limitation of your firewall).
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 08:30 PM
Gordon Messmer
 
Default Sendmail on a LAN

On 08/17/2010 10:09 AM, JD wrote:
> But I think at&t is blocking port 25.

Normally they will, and that's good. It prevents infected Windows
desktops from sending spam directly.

You'll want to arrange a smart-host through which you can route all of
your outbound mail.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 09:21 PM
JD
 
Default Sendmail on a LAN

On 08/17/2010 12:53 PM, Chris Adams wrote:
> Once upon a time, JD<jd1008@gmail.com> said:
>> Well, that would require that sendmail would have to listen
>> on that alternate port. How is that accomplished?
> Change DaemonPortOptions.
>
> If you are using the .mc (recommended) way of configuring sendmail, do
> something like:
>
> dnl for local connections
> DAEMON_OPTIONS(`Port=smtp, Name=MTA')
> dnl for outside connections redirected
> DAEMON_OPTIONS(`Port=1234, Name=EMTA')
>
> If your system has multiple IPs (e.g. a router with outside and inside
> interfaces), you could restrict which IP and port combos are used (if
> you do this, you usually want to listen on localhost as well):
>
> dnl for local connections
> DAEMON_OPTIONS(`Port=smtp, Address=192.168.1.1, Name=MTA')
> DAEMON_OPTIONS(`Port=smtp, Address=127.0.0.1, Name=LMTA')
> dnl for outside connections redirected
> DAEMON_OPTIONS(`Port=1234, Address=10.1.1.1, Name=EMTA')
>
Thanx - will try this.
I am having big problems with the router though!
This AT&T Uverse router is made by 2-wire
and it has the worst configuration firmware I have ever
had the displeasure of using.

Currently, when a remote host tries to connect on port 25,
the router (which is configured to forward all ports to my
lan ip address), and which is configure to let in connection
requests on port 25), is rejecting these connections with the
message logged:

INF 2010-08-17T09:38:01-07:00 fw,fwmon
src=74.125.83.47 dst=x.y.y.z ipprot=6 sport=49645 dport=25 Unknown
inbound session stopped

The source IP is google. How could google mail server possible start an
Unknown inbound session?

What the heck is Unknown inbound session anyway, when the firewall rules
are set up to
ALLOW smtp ??

I think this routers firmware is a piece of dog sh*t.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 09:25 PM
JD
 
Default Sendmail on a LAN

On 08/17/2010 01:27 PM, Gordon Messmer wrote:
> On 08/17/2010 09:33 AM, JD wrote:
>> Re: a.b.c.d ==> valid.host.name
>> and valid.host.name ==> a.b.c.d
>> does not seem to apply to the google smtp server I use for Thunderbird.
> You did your test entirely backward. You did a forward lookup first,
> and then checked the PTR of the IP which was returned. There is no
> requirement for a PTR to match every hostname that resolves to its IP
> address.
>
> Let's finish your test:
>
> $ host smtp.gmail.com
> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
> gmail-smtp-msa.l.google.com has address 74.125.155.109
>
> The result of this test merely identifies an IP address. Now, let's
> test to validate that the IP returns a PTR that resolves to the same IP:
>
> $ host 74.125.155.109
> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
> $ host px-in-f109.1e100.net.
> px-in-f109.1e100.net has address 74.125.155.109
>
> Yep, totally valid. That IP address has a PTR record, and the hostname
> contained in that PTR resolves back to the same IP address. This host
> is properly configured.
>
>> So, Thunderbird client does not seem to mind that
>> reverse lookup does not match the name smtp.gmail.com
> Clients rarely do. It's the servers to which you're going to try to
> deliver mail that will mind.
I see! Thanks for the heads up!
At any rate, I am having serious problem with an unwieldy router.
I just posted a message about that.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 09:28 PM
JD
 
Default Sendmail on a LAN

On 08/17/2010 01:29 PM, Gordon Messmer wrote:
> On 08/17/2010 11:26 AM, JD wrote:
>> Well, that would require that sendmail would have to listen
>> on that alternate port. How is that accomplished?
> That's probably a step you don't need to take. You just need your
> router to forward a port other than 25 to your sendmail server's port
> 25. The ports you forward probably don't need to match (unless that's
> an odd limitation of your firewall).
So, why would any mail client/server send an email message
to my ip address on a port other than 25?
Seems that I would need to configure the dydns account to
forward the email to me on that alternate port, no?
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 09:31 PM
JD
 
Default Sendmail on a LAN

On 08/17/2010 01:30 PM, Gordon Messmer wrote:
> On 08/17/2010 10:09 AM, JD wrote:
>> But I think at&t is blocking port 25.
> Normally they will, and that's good. It prevents infected Windows
> desktops from sending spam directly.
>
> You'll want to arrange a smart-host through which you can route all of
> your outbound mail.
I talked to them, and I am able to at least send out email.
But still the router will not recognize/handle incoming
port 25 connections (which is supposed to accept, and which
it is supposed to forward to my machine on the lan).
I just sent out a message about this crappy router.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 10:35 PM
"Daniel B. Thurman"
 
Default Sendmail on a LAN

On 08/17/2010 02:25 PM, JD wrote:
> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
>> On 08/17/2010 09:33 AM, JD wrote:
>>> Re: a.b.c.d ==> valid.host.name
>>> and valid.host.name ==> a.b.c.d
>>> does not seem to apply to the google smtp server I use for Thunderbird.
>> You did your test entirely backward. You did a forward lookup first,
>> and then checked the PTR of the IP which was returned. There is no
>> requirement for a PTR to match every hostname that resolves to its IP
>> address.
>>
>> Let's finish your test:
>>
>> $ host smtp.gmail.com
>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
>> gmail-smtp-msa.l.google.com has address 74.125.155.109
>>
>> The result of this test merely identifies an IP address. Now, let's
>> test to validate that the IP returns a PTR that resolves to the same IP:
>>
>> $ host 74.125.155.109
>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
>> $ host px-in-f109.1e100.net.
>> px-in-f109.1e100.net has address 74.125.155.109
>>
>> Yep, totally valid. That IP address has a PTR record, and the hostname
>> contained in that PTR resolves back to the same IP address. This host
>> is properly configured.
>>> So, Thunderbird client does not seem to mind that
>>> reverse lookup does not match the name smtp.gmail.com
>> Clients rarely do. It's the servers to which you're going to try to
>> deliver mail that will mind.
> I see! Thanks for the heads up!
> At any rate, I am having serious problem with an unwieldy router.
> I just posted a message about that.
1) Make sure your ISP is not interfering with your traffic, to direct
all traffic to/from your primary router static IP address. You can
call them and ask about it. Mine was very helpful and cooperative
(spiritone.com) and their rates are good compared with many I have
checked.

2) If your ISP router allows, you might be able to set up your router
as a pass-through router forwarded to a more robust FW router,
or directly to your fedora box to handle the public firewall/NAT.
I have a hardware firewall appliance (SonicWall), so my dumb ISP
provided router is simply a pass-through router to SonicWall.

3) You state that you have static public IP addresse(s), but do
you have a domain name? If so, make sure at the domain
name provider (DNP) website that you define your name
server addresses and most DNP require at minimum, 2
name servers. I set my name servers to ns1.mydomain.x1
and ns2.mydomain.x2 which is handled by my own domain
name servers. Just make sure you configure your name servers
properly (forwarders to your ISP name servers).

Make sure your sendmail is also properly configured. Since
you use Thunderbird as I do, it is IMAP capable, so sendmail
needs special setup to support IMAP/Mailldir (as opposed to mbox)
handling and I use dovecot as my IMAP server As for the many
spams that DO come through, I use sendmail for that - I get VERY
MINIMAL spams - and this requires that you carefully and properly
setup your sendmail configuration.


Once you get though all of this and to make it work, it is well worth it,
at least it is for me.

FWIW,
Dan

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 03:48 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org