FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-17-2010, 11:35 PM
Gordon Messmer
 
Default Sendmail on a LAN

On 08/17/2010 02:28 PM, JD wrote:
> So, why would any mail client/server send an email message
> to my ip address on a port other than 25?

They never would.

> Seems that I would need to configure the dydns account to
> forward the email to me on that alternate port, no?

Yes. I merely meant that if you configured the firewall to direct port
8025 to your sendmail server's port 25, you wouldn't have to take the
step of reconfiguring sendmail. You'd only need to set up an external
MX at DynDNS, configure your dns MX record to point to their servers,
and configure your router to forward the appropriate port. No small
configuration, but one that doesn't modify sendmail.

On the other hand, if your ATT firewall's configuration is simply to
forward all ports, then you *would* have to modify sendmail. I normally
don't do that. I forward only specific ports, and most firewall will
allow you to set the destination port to something other than the original.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 11:47 PM
JD
 
Default Sendmail on a LAN

On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
> On 08/17/2010 02:25 PM, JD wrote:
>> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
>>> On 08/17/2010 09:33 AM, JD wrote:
>>>> Re: a.b.c.d ==> valid.host.name
>>>> and valid.host.name ==> a.b.c.d
>>>> does not seem to apply to the google smtp server I use for Thunderbird.
>>> You did your test entirely backward. You did a forward lookup first,
>>> and then checked the PTR of the IP which was returned. There is no
>>> requirement for a PTR to match every hostname that resolves to its IP
>>> address.
>>>
>>> Let's finish your test:
>>>
>>> $ host smtp.gmail.com
>>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
>>> gmail-smtp-msa.l.google.com has address 74.125.155.109
>>>
>>> The result of this test merely identifies an IP address. Now, let's
>>> test to validate that the IP returns a PTR that resolves to the same IP:
>>>
>>> $ host 74.125.155.109
>>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
>>> $ host px-in-f109.1e100.net.
>>> px-in-f109.1e100.net has address 74.125.155.109
>>>
>>> Yep, totally valid. That IP address has a PTR record, and the hostname
>>> contained in that PTR resolves back to the same IP address. This host
>>> is properly configured.
>>>> So, Thunderbird client does not seem to mind that
>>>> reverse lookup does not match the name smtp.gmail.com
>>> Clients rarely do. It's the servers to which you're going to try to
>>> deliver mail that will mind.
>> I see! Thanks for the heads up!
>> At any rate, I am having serious problem with an unwieldy router.
>> I just posted a message about that.
> 1) Make sure your ISP is not interfering with your traffic, to direct
> all traffic to/from your primary router static IP address. You can
> call them and ask about it. Mine was very helpful and cooperative
> (spiritone.com) and their rates are good compared with many I have
> checked.
>
> 2) If your ISP router allows, you might be able to set up your router
> as a pass-through router forwarded to a more robust FW router,
> or directly to your fedora box to handle the public firewall/NAT.
> I have a hardware firewall appliance (SonicWall), so my dumb ISP
> provided router is simply a pass-through router to SonicWall.
>
> 3) You state that you have static public IP addresse(s), but do
> you have a domain name? If so, make sure at the domain
> name provider (DNP) website that you define your name
> server addresses and most DNP require at minimum, 2
> name servers. I set my name servers to ns1.mydomain.x1
> and ns2.mydomain.x2 which is handled by my own domain
> name servers. Just make sure you configure your name servers
> properly (forwarders to your ISP name servers).
>
> Make sure your sendmail is also properly configured. Since
> you use Thunderbird as I do, it is IMAP capable, so sendmail
> needs special setup to support IMAP/Mailldir (as opposed to mbox)
> handling and I use dovecot as my IMAP server As for the many
> spams that DO come through, I use sendmail for that - I get VERY
> MINIMAL spams - and this requires that you carefully and properly
> setup your sendmail configuration.
>
>
> Once you get though all of this and to make it work, it is well worth it,
> at least it is for me.
>
> FWIW,
> Dan
>
I have done all that. Really. ISP (at&t) has unblocked port 25
per my request. So I can indeed smtp out. But when an smtp request
comes in to the router, the router seems to get confused as to the
session type - and calls is an Unknown session type, and blocks
the request. Router has no settings as to what session types are
and what types can be blocked, and what types can be accepted.
Session types are opaque to the user as far as configuration goes.
There are no means to admin session types.
What else can one expect from a thuggish isp?

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 11:50 PM
JD
 
Default Sendmail on a LAN

On 08/17/2010 04:35 PM, Gordon Messmer wrote:
> On 08/17/2010 02:28 PM, JD wrote:
>> So, why would any mail client/server send an email message
>> to my ip address on a port other than 25?
> They never would.
>
>> Seems that I would need to configure the dydns account to
>> forward the email to me on that alternate port, no?
> Yes. I merely meant that if you configured the firewall to direct port
> 8025 to your sendmail server's port 25, you wouldn't have to take the
> step of reconfiguring sendmail. You'd only need to set up an external
> MX at DynDNS, configure your dns MX record to point to their servers,
> and configure your router to forward the appropriate port. No small
> configuration, but one that doesn't modify sendmail.
>
> On the other hand, if your ATT firewall's configuration is simply to
> forward all ports, then you *would* have to modify sendmail. I normally
> don't do that. I forward only specific ports, and most firewall will
> allow you to set the destination port to something other than the original.
This router does not provide for a port to forward to.
It only provides for forwarding a port or range of ports
to a lan ip address.
As I said, it is a crappy router.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 11:56 PM
Craig White
 
Default Sendmail on a LAN

On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
> > On 08/17/2010 02:25 PM, JD wrote:
> >> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
> >>> On 08/17/2010 09:33 AM, JD wrote:
> >>>> Re: a.b.c.d ==> valid.host.name
> >>>> and valid.host.name ==> a.b.c.d
> >>>> does not seem to apply to the google smtp server I use for Thunderbird.
> >>> You did your test entirely backward. You did a forward lookup first,
> >>> and then checked the PTR of the IP which was returned. There is no
> >>> requirement for a PTR to match every hostname that resolves to its IP
> >>> address.
> >>>
> >>> Let's finish your test:
> >>>
> >>> $ host smtp.gmail.com
> >>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
> >>> gmail-smtp-msa.l.google.com has address 74.125.155.109
> >>>
> >>> The result of this test merely identifies an IP address. Now, let's
> >>> test to validate that the IP returns a PTR that resolves to the same IP:
> >>>
> >>> $ host 74.125.155.109
> >>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
> >>> $ host px-in-f109.1e100.net.
> >>> px-in-f109.1e100.net has address 74.125.155.109
> >>>
> >>> Yep, totally valid. That IP address has a PTR record, and the hostname
> >>> contained in that PTR resolves back to the same IP address. This host
> >>> is properly configured.
> >>>> So, Thunderbird client does not seem to mind that
> >>>> reverse lookup does not match the name smtp.gmail.com
> >>> Clients rarely do. It's the servers to which you're going to try to
> >>> deliver mail that will mind.
> >> I see! Thanks for the heads up!
> >> At any rate, I am having serious problem with an unwieldy router.
> >> I just posted a message about that.
> > 1) Make sure your ISP is not interfering with your traffic, to direct
> > all traffic to/from your primary router static IP address. You can
> > call them and ask about it. Mine was very helpful and cooperative
> > (spiritone.com) and their rates are good compared with many I have
> > checked.
> >
> > 2) If your ISP router allows, you might be able to set up your router
> > as a pass-through router forwarded to a more robust FW router,
> > or directly to your fedora box to handle the public firewall/NAT.
> > I have a hardware firewall appliance (SonicWall), so my dumb ISP
> > provided router is simply a pass-through router to SonicWall.
> >
> > 3) You state that you have static public IP addresse(s), but do
> > you have a domain name? If so, make sure at the domain
> > name provider (DNP) website that you define your name
> > server addresses and most DNP require at minimum, 2
> > name servers. I set my name servers to ns1.mydomain.x1
> > and ns2.mydomain.x2 which is handled by my own domain
> > name servers. Just make sure you configure your name servers
> > properly (forwarders to your ISP name servers).
> >
> > Make sure your sendmail is also properly configured. Since
> > you use Thunderbird as I do, it is IMAP capable, so sendmail
> > needs special setup to support IMAP/Mailldir (as opposed to mbox)
> > handling and I use dovecot as my IMAP server As for the many
> > spams that DO come through, I use sendmail for that - I get VERY
> > MINIMAL spams - and this requires that you carefully and properly
> > setup your sendmail configuration.
> >
> >
> > Once you get though all of this and to make it work, it is well worth it,
> > at least it is for me.
> >
> > FWIW,
> > Dan
> >
> I have done all that. Really. ISP (at&t) has unblocked port 25
> per my request. So I can indeed smtp out. But when an smtp request
> comes in to the router, the router seems to get confused as to the
> session type - and calls is an Unknown session type, and blocks
> the request. Router has no settings as to what session types are
> and what types can be blocked, and what types can be accepted.
> Session types are opaque to the user as far as configuration goes.
> There are no means to admin session types.
> What else can one expect from a thuggish isp?
----
configure your router to forward inward port 25 (TCP) to your mail
server. Shouldn't be that hard to do.

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-17-2010, 11:56 PM
Craig White
 
Default Sendmail on a LAN

On Tue, 2010-08-17 at 16:50 -0700, JD wrote:
> On 08/17/2010 04:35 PM, Gordon Messmer wrote:
> > On 08/17/2010 02:28 PM, JD wrote:
> >> So, why would any mail client/server send an email message
> >> to my ip address on a port other than 25?
> > They never would.
> >
> >> Seems that I would need to configure the dydns account to
> >> forward the email to me on that alternate port, no?
> > Yes. I merely meant that if you configured the firewall to direct port
> > 8025 to your sendmail server's port 25, you wouldn't have to take the
> > step of reconfiguring sendmail. You'd only need to set up an external
> > MX at DynDNS, configure your dns MX record to point to their servers,
> > and configure your router to forward the appropriate port. No small
> > configuration, but one that doesn't modify sendmail.
> >
> > On the other hand, if your ATT firewall's configuration is simply to
> > forward all ports, then you *would* have to modify sendmail. I normally
> > don't do that. I forward only specific ports, and most firewall will
> > allow you to set the destination port to something other than the original.
> This router does not provide for a port to forward to.
> It only provides for forwarding a port or range of ports
> to a lan ip address.
> As I said, it is a crappy router.
----
that's all you need

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 12:10 AM
JD
 
Default Sendmail on a LAN

On 08/17/2010 04:56 PM, Craig White wrote:
> On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
>> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
>>> On 08/17/2010 02:25 PM, JD wrote:
>>>> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
>>>>> On 08/17/2010 09:33 AM, JD wrote:
>>>>>> Re: a.b.c.d ==> valid.host.name
>>>>>> and valid.host.name ==> a.b.c.d
>>>>>> does not seem to apply to the google smtp server I use for Thunderbird.
>>>>> You did your test entirely backward. You did a forward lookup first,
>>>>> and then checked the PTR of the IP which was returned. There is no
>>>>> requirement for a PTR to match every hostname that resolves to its IP
>>>>> address.
>>>>>
>>>>> Let's finish your test:
>>>>>
>>>>> $ host smtp.gmail.com
>>>>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
>>>>> gmail-smtp-msa.l.google.com has address 74.125.155.109
>>>>>
>>>>> The result of this test merely identifies an IP address. Now, let's
>>>>> test to validate that the IP returns a PTR that resolves to the same IP:
>>>>>
>>>>> $ host 74.125.155.109
>>>>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
>>>>> $ host px-in-f109.1e100.net.
>>>>> px-in-f109.1e100.net has address 74.125.155.109
>>>>>
>>>>> Yep, totally valid. That IP address has a PTR record, and the hostname
>>>>> contained in that PTR resolves back to the same IP address. This host
>>>>> is properly configured.
>>>>>> So, Thunderbird client does not seem to mind that
>>>>>> reverse lookup does not match the name smtp.gmail.com
>>>>> Clients rarely do. It's the servers to which you're going to try to
>>>>> deliver mail that will mind.
>>>> I see! Thanks for the heads up!
>>>> At any rate, I am having serious problem with an unwieldy router.
>>>> I just posted a message about that.
>>> 1) Make sure your ISP is not interfering with your traffic, to direct
>>> all traffic to/from your primary router static IP address. You can
>>> call them and ask about it. Mine was very helpful and cooperative
>>> (spiritone.com) and their rates are good compared with many I have
>>> checked.
>>>
>>> 2) If your ISP router allows, you might be able to set up your router
>>> as a pass-through router forwarded to a more robust FW router,
>>> or directly to your fedora box to handle the public firewall/NAT.
>>> I have a hardware firewall appliance (SonicWall), so my dumb ISP
>>> provided router is simply a pass-through router to SonicWall.
>>>
>>> 3) You state that you have static public IP addresse(s), but do
>>> you have a domain name? If so, make sure at the domain
>>> name provider (DNP) website that you define your name
>>> server addresses and most DNP require at minimum, 2
>>> name servers. I set my name servers to ns1.mydomain.x1
>>> and ns2.mydomain.x2 which is handled by my own domain
>>> name servers. Just make sure you configure your name servers
>>> properly (forwarders to your ISP name servers).
>>>
>>> Make sure your sendmail is also properly configured. Since
>>> you use Thunderbird as I do, it is IMAP capable, so sendmail
>>> needs special setup to support IMAP/Mailldir (as opposed to mbox)
>>> handling and I use dovecot as my IMAP server As for the many
>>> spams that DO come through, I use sendmail for that - I get VERY
>>> MINIMAL spams - and this requires that you carefully and properly
>>> setup your sendmail configuration.
>>>
>>>
>>> Once you get though all of this and to make it work, it is well worth it,
>>> at least it is for me.
>>>
>>> FWIW,
>>> Dan
>>>
>> I have done all that. Really. ISP (at&t) has unblocked port 25
>> per my request. So I can indeed smtp out. But when an smtp request
>> comes in to the router, the router seems to get confused as to the
>> session type - and calls is an Unknown session type, and blocks
>> the request. Router has no settings as to what session types are
>> and what types can be blocked, and what types can be accepted.
>> Session types are opaque to the user as far as configuration goes.
>> There are no means to admin session types.
>> What else can one expect from a thuggish isp?
> ----
> configure your router to forward inward port 25 (TCP) to your mail
> server. Shouldn't be that hard to do.
>
> Craig
>
>
I have done more than that.
For all incoming requests (ports 1-65535) are forwarded to my fedora
machine,
for both tcp and udp.

Problem seems to be the firmware of the router (made by 2wire for at&t).
it is absulutely the most horible router firmware I have ever used.

here's an example of it's brain dead operation:

src=74.125.83.47 dst=76.218.80.172 ipprot=6 sport=49645 dport=25 Unknown
inbound session stopped

And yet, it is confugured to ACCEPT smtp packets.

It makes the lame excuse it does not know the inbound session?

What a bunch of unmentionable stuff!!


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 12:17 AM
Craig White
 
Default Sendmail on a LAN

On Tue, 2010-08-17 at 17:10 -0700, JD wrote:
> On 08/17/2010 04:56 PM, Craig White wrote:
> > On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
> >> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
> >>> On 08/17/2010 02:25 PM, JD wrote:
> >>>> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
> >>>>> On 08/17/2010 09:33 AM, JD wrote:
> >>>>>> Re: a.b.c.d ==> valid.host.name
> >>>>>> and valid.host.name ==> a.b.c.d
> >>>>>> does not seem to apply to the google smtp server I use for Thunderbird.
> >>>>> You did your test entirely backward. You did a forward lookup first,
> >>>>> and then checked the PTR of the IP which was returned. There is no
> >>>>> requirement for a PTR to match every hostname that resolves to its IP
> >>>>> address.
> >>>>>
> >>>>> Let's finish your test:
> >>>>>
> >>>>> $ host smtp.gmail.com
> >>>>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
> >>>>> gmail-smtp-msa.l.google.com has address 74.125.155.109
> >>>>>
> >>>>> The result of this test merely identifies an IP address. Now, let's
> >>>>> test to validate that the IP returns a PTR that resolves to the same IP:
> >>>>>
> >>>>> $ host 74.125.155.109
> >>>>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
> >>>>> $ host px-in-f109.1e100.net.
> >>>>> px-in-f109.1e100.net has address 74.125.155.109
> >>>>>
> >>>>> Yep, totally valid. That IP address has a PTR record, and the hostname
> >>>>> contained in that PTR resolves back to the same IP address. This host
> >>>>> is properly configured.
> >>>>>> So, Thunderbird client does not seem to mind that
> >>>>>> reverse lookup does not match the name smtp.gmail.com
> >>>>> Clients rarely do. It's the servers to which you're going to try to
> >>>>> deliver mail that will mind.
> >>>> I see! Thanks for the heads up!
> >>>> At any rate, I am having serious problem with an unwieldy router.
> >>>> I just posted a message about that.
> >>> 1) Make sure your ISP is not interfering with your traffic, to direct
> >>> all traffic to/from your primary router static IP address. You can
> >>> call them and ask about it. Mine was very helpful and cooperative
> >>> (spiritone.com) and their rates are good compared with many I have
> >>> checked.
> >>>
> >>> 2) If your ISP router allows, you might be able to set up your router
> >>> as a pass-through router forwarded to a more robust FW router,
> >>> or directly to your fedora box to handle the public firewall/NAT.
> >>> I have a hardware firewall appliance (SonicWall), so my dumb ISP
> >>> provided router is simply a pass-through router to SonicWall.
> >>>
> >>> 3) You state that you have static public IP addresse(s), but do
> >>> you have a domain name? If so, make sure at the domain
> >>> name provider (DNP) website that you define your name
> >>> server addresses and most DNP require at minimum, 2
> >>> name servers. I set my name servers to ns1.mydomain.x1
> >>> and ns2.mydomain.x2 which is handled by my own domain
> >>> name servers. Just make sure you configure your name servers
> >>> properly (forwarders to your ISP name servers).
> >>>
> >>> Make sure your sendmail is also properly configured. Since
> >>> you use Thunderbird as I do, it is IMAP capable, so sendmail
> >>> needs special setup to support IMAP/Mailldir (as opposed to mbox)
> >>> handling and I use dovecot as my IMAP server As for the many
> >>> spams that DO come through, I use sendmail for that - I get VERY
> >>> MINIMAL spams - and this requires that you carefully and properly
> >>> setup your sendmail configuration.
> >>>
> >>>
> >>> Once you get though all of this and to make it work, it is well worth it,
> >>> at least it is for me.
> >>>
> >>> FWIW,
> >>> Dan
> >>>
> >> I have done all that. Really. ISP (at&t) has unblocked port 25
> >> per my request. So I can indeed smtp out. But when an smtp request
> >> comes in to the router, the router seems to get confused as to the
> >> session type - and calls is an Unknown session type, and blocks
> >> the request. Router has no settings as to what session types are
> >> and what types can be blocked, and what types can be accepted.
> >> Session types are opaque to the user as far as configuration goes.
> >> There are no means to admin session types.
> >> What else can one expect from a thuggish isp?
> > ----
> > configure your router to forward inward port 25 (TCP) to your mail
> > server. Shouldn't be that hard to do.
> >
> > Craig
> >
> >
> I have done more than that.
> For all incoming requests (ports 1-65535) are forwarded to my fedora
> machine,
> for both tcp and udp.
>
> Problem seems to be the firmware of the router (made by 2wire for at&t).
> it is absulutely the most horible router firmware I have ever used.
>
> here's an example of it's brain dead operation:
>
> src=74.125.83.47 dst=76.218.80.172 ipprot=6 sport=49645 dport=25 Unknown
> inbound session stopped
>
> And yet, it is confugured to ACCEPT smtp packets.
>
> It makes the lame excuse it does not know the inbound session?
>
> What a bunch of unmentionable stuff!!
----
I have found the 2-wire modem/routers rather helpfully painful too but
they will do what you want to do. You don't want to forward the whole
packet range - if you want to do that, you would want to set it up as a
DMZ host and that would take more than 1 public ip address. In addition,
then you have to completely worry about security on the Linux box,
something that not everyone is up to.

You should just start over and forward only the ports you want to your
internal system - i.e. port 25. The 2-wire should NOT accept smtp
packets, that is what the port forwarding is supposed to do.

There should be vast amounts of support pages for your particular 2-wire
modem/router.

I see someone flailing.

Craig


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 02:50 AM
"Daniel B. Thurman"
 
Default Sendmail on a LAN

On 08/17/2010 05:10 PM, JD wrote:
> On 08/17/2010 04:56 PM, Craig White wrote:
>> On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
>>> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
>>>> On 08/17/2010 02:25 PM, JD wrote:
>>>>> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
>>>>>> On 08/17/2010 09:33 AM, JD wrote:
>>>>>>> Re: a.b.c.d ==> valid.host.name
>>>>>>> and valid.host.name ==> a.b.c.d
>>>>>>> does not seem to apply to the google smtp server I use for Thunderbird.
>>>>>> You did your test entirely backward. You did a forward lookup first,
>>>>>> and then checked the PTR of the IP which was returned. There is no
>>>>>> requirement for a PTR to match every hostname that resolves to its IP
>>>>>> address.
>>>>>>
>>>>>> Let's finish your test:
>>>>>>
>>>>>> $ host smtp.gmail.com
>>>>>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
>>>>>> gmail-smtp-msa.l.google.com has address 74.125.155.109
>>>>>>
>>>>>> The result of this test merely identifies an IP address. Now, let's
>>>>>> test to validate that the IP returns a PTR that resolves to the same IP:
>>>>>>
>>>>>> $ host 74.125.155.109
>>>>>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
>>>>>> $ host px-in-f109.1e100.net.
>>>>>> px-in-f109.1e100.net has address 74.125.155.109
>>>>>>
>>>>>> Yep, totally valid. That IP address has a PTR record, and the hostname
>>>>>> contained in that PTR resolves back to the same IP address. This host
>>>>>> is properly configured.
>>>>>>> So, Thunderbird client does not seem to mind that
>>>>>>> reverse lookup does not match the name smtp.gmail.com
>>>>>> Clients rarely do. It's the servers to which you're going to try to
>>>>>> deliver mail that will mind.
>>>>> I see! Thanks for the heads up!
>>>>> At any rate, I am having serious problem with an unwieldy router.
>>>>> I just posted a message about that.
>>>> 1) Make sure your ISP is not interfering with your traffic, to direct
>>>> all traffic to/from your primary router static IP address. You can
>>>> call them and ask about it. Mine was very helpful and cooperative
>>>> (spiritone.com) and their rates are good compared with many I have
>>>> checked.
>>>>
>>>> 2) If your ISP router allows, you might be able to set up your router
>>>> as a pass-through router forwarded to a more robust FW router,
>>>> or directly to your fedora box to handle the public firewall/NAT.
>>>> I have a hardware firewall appliance (SonicWall), so my dumb ISP
>>>> provided router is simply a pass-through router to SonicWall.
>>>>
>>>> 3) You state that you have static public IP addresse(s), but do
>>>> you have a domain name? If so, make sure at the domain
>>>> name provider (DNP) website that you define your name
>>>> server addresses and most DNP require at minimum, 2
>>>> name servers. I set my name servers to ns1.mydomain.x1
>>>> and ns2.mydomain.x2 which is handled by my own domain
>>>> name servers. Just make sure you configure your name servers
>>>> properly (forwarders to your ISP name servers).
>>>>
>>>> Make sure your sendmail is also properly configured. Since
>>>> you use Thunderbird as I do, it is IMAP capable, so sendmail
>>>> needs special setup to support IMAP/Mailldir (as opposed to mbox)
>>>> handling and I use dovecot as my IMAP server As for the many
>>>> spams that DO come through, I use sendmail for that - I get VERY
>>>> MINIMAL spams - and this requires that you carefully and properly
>>>> setup your sendmail configuration.
>>>>
>>>>
>>>> Once you get though all of this and to make it work, it is well worth it,
>>>> at least it is for me.
>>>>
>>>> FWIW,
>>>> Dan
>>>>
>>> I have done all that. Really. ISP (at&t) has unblocked port 25
>>> per my request. So I can indeed smtp out. But when an smtp request
>>> comes in to the router, the router seems to get confused as to the
>>> session type - and calls is an Unknown session type, and blocks
>>> the request. Router has no settings as to what session types are
>>> and what types can be blocked, and what types can be accepted.
>>> Session types are opaque to the user as far as configuration goes.
>>> There are no means to admin session types.
>>> What else can one expect from a thuggish isp?
>> ----
>> configure your router to forward inward port 25 (TCP) to your mail
>> server. Shouldn't be that hard to do.
>>
>> Craig
>>
>>
> I have done more than that.
> For all incoming requests (ports 1-65535) are forwarded to my fedora
> machine,
> for both tcp and udp.
>
> Problem seems to be the firmware of the router (made by 2wire for at&t).
> it is absulutely the most horible router firmware I have ever used.
>
> here's an example of it's brain dead operation:
>
> src=74.125.83.47 dst=76.218.80.172 ipprot=6 sport=49645 dport=25 Unknown
> inbound session stopped
>
> And yet, it is confugured to ACCEPT smtp packets.
>
> It makes the lame excuse it does not know the inbound session?
>
> What a bunch of unmentionable stuff!!
What is this router you are talking about? Are
you sure it isn't broken or is in need of a firmware
update? I have no clue what this router is that you
are dealing with... care to provide a bit of details
since you are bitterly complaining about it?

If all else, consider getting another router that you
know how to configure?

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 03:28 AM
JD
 
Default Sendmail on a LAN

On 08/17/2010 07:50 PM, Daniel B. Thurman wrote:
> On 08/17/2010 05:10 PM, JD wrote:
>> On 08/17/2010 04:56 PM, Craig White wrote:
>>> On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
>>>> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
>>>>> On 08/17/2010 02:25 PM, JD wrote:
>>>>>> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
>>>>>>> On 08/17/2010 09:33 AM, JD wrote:
>>>>>>>> Re: a.b.c.d ==> valid.host.name
>>>>>>>> and valid.host.name ==> a.b.c.d
>>>>>>>> does not seem to apply to the google smtp server I use for Thunderbird.
>>>>>>> You did your test entirely backward. You did a forward lookup first,
>>>>>>> and then checked the PTR of the IP which was returned. There is no
>>>>>>> requirement for a PTR to match every hostname that resolves to its IP
>>>>>>> address.
>>>>>>>
>>>>>>> Let's finish your test:
>>>>>>>
>>>>>>> $ host smtp.gmail.com
>>>>>>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
>>>>>>> gmail-smtp-msa.l.google.com has address 74.125.155.109
>>>>>>>
>>>>>>> The result of this test merely identifies an IP address. Now, let's
>>>>>>> test to validate that the IP returns a PTR that resolves to the same IP:
>>>>>>>
>>>>>>> $ host 74.125.155.109
>>>>>>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
>>>>>>> $ host px-in-f109.1e100.net.
>>>>>>> px-in-f109.1e100.net has address 74.125.155.109
>>>>>>>
>>>>>>> Yep, totally valid. That IP address has a PTR record, and the hostname
>>>>>>> contained in that PTR resolves back to the same IP address. This host
>>>>>>> is properly configured.
>>>>>>>> So, Thunderbird client does not seem to mind that
>>>>>>>> reverse lookup does not match the name smtp.gmail.com
>>>>>>> Clients rarely do. It's the servers to which you're going to try to
>>>>>>> deliver mail that will mind.
>>>>>> I see! Thanks for the heads up!
>>>>>> At any rate, I am having serious problem with an unwieldy router.
>>>>>> I just posted a message about that.
>>>>> 1) Make sure your ISP is not interfering with your traffic, to direct
>>>>> all traffic to/from your primary router static IP address. You can
>>>>> call them and ask about it. Mine was very helpful and cooperative
>>>>> (spiritone.com) and their rates are good compared with many I have
>>>>> checked.
>>>>>
>>>>> 2) If your ISP router allows, you might be able to set up your router
>>>>> as a pass-through router forwarded to a more robust FW router,
>>>>> or directly to your fedora box to handle the public firewall/NAT.
>>>>> I have a hardware firewall appliance (SonicWall), so my dumb ISP
>>>>> provided router is simply a pass-through router to SonicWall.
>>>>>
>>>>> 3) You state that you have static public IP addresse(s), but do
>>>>> you have a domain name? If so, make sure at the domain
>>>>> name provider (DNP) website that you define your name
>>>>> server addresses and most DNP require at minimum, 2
>>>>> name servers. I set my name servers to ns1.mydomain.x1
>>>>> and ns2.mydomain.x2 which is handled by my own domain
>>>>> name servers. Just make sure you configure your name servers
>>>>> properly (forwarders to your ISP name servers).
>>>>>
>>>>> Make sure your sendmail is also properly configured. Since
>>>>> you use Thunderbird as I do, it is IMAP capable, so sendmail
>>>>> needs special setup to support IMAP/Mailldir (as opposed to mbox)
>>>>> handling and I use dovecot as my IMAP server As for the many
>>>>> spams that DO come through, I use sendmail for that - I get VERY
>>>>> MINIMAL spams - and this requires that you carefully and properly
>>>>> setup your sendmail configuration.
>>>>>
>>>>>
>>>>> Once you get though all of this and to make it work, it is well worth it,
>>>>> at least it is for me.
>>>>>
>>>>> FWIW,
>>>>> Dan
>>>>>
>>>> I have done all that. Really. ISP (at&t) has unblocked port 25
>>>> per my request. So I can indeed smtp out. But when an smtp request
>>>> comes in to the router, the router seems to get confused as to the
>>>> session type - and calls is an Unknown session type, and blocks
>>>> the request. Router has no settings as to what session types are
>>>> and what types can be blocked, and what types can be accepted.
>>>> Session types are opaque to the user as far as configuration goes.
>>>> There are no means to admin session types.
>>>> What else can one expect from a thuggish isp?
>>> ----
>>> configure your router to forward inward port 25 (TCP) to your mail
>>> server. Shouldn't be that hard to do.
>>>
>>> Craig
>>>
>>>
>> I have done more than that.
>> For all incoming requests (ports 1-65535) are forwarded to my fedora
>> machine,
>> for both tcp and udp.
>>
>> Problem seems to be the firmware of the router (made by 2wire for at&t).
>> it is absulutely the most horible router firmware I have ever used.
>>
>> here's an example of it's brain dead operation:
>>
>> src=74.125.83.47 dst=76.218.80.172 ipprot=6 sport=49645 dport=25 Unknown
>> inbound session stopped
>>
>> And yet, it is confugured to ACCEPT smtp packets.
>>
>> It makes the lame excuse it does not know the inbound session?
>>
>> What a bunch of unmentionable stuff!!
> What is this router you are talking about? Are
> you sure it isn't broken or is in need of a firmware
> update? I have no clue what this router is that you
> are dealing with... care to provide a bit of details
> since you are bitterly complaining about it?
>
> If all else, consider getting another router that you
> know how to configure?
>
Hi Dan,
probably you did not catch the earlier stuff on this thread....
The router is a 2-wire, but AT&T sells it as their Uverse
router, which handles internet and TV.
You will not find this on the market, because I do not
know which 2-wire model it is. People who have at&t
Uverse know what I'm talking about - but then perhaps
at&t uses different routers in different market zones.

At any rate, I got things to almost work...
so I am still at it....

Cheers,

JD
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 10:28 AM
Tim
 
Default Sendmail on a LAN

Gordon Messmer:
>> You'll want to arrange a smart-host through which you can route all of
>> your outbound mail.

JD:
> I talked to them, and I am able to at least send out email.

Are you aware that if your SMTP server is on an IP in the range of
addresses your ISP doles out to its private customers, you may be on a
blacklist of IPs to ignore. It's a common practice for many other mail
servers, or their incoming mail filters, to only accept mail sent from
ISP mail servers, and other large networks.

A few years back my ISP increased the number of IPs that they use
(dynamically allocated to their customers). And, apparently, there's
still a problem with us using those newer IPs, as many other services
don't have them in their database of acceptable IPs.

> I just sent out a message about this crappy router.

Can't you get a better one?

If not, can you set it up in bridge mode? Then you can use it as a
simple modem, and the completely configurable computer as the router.




--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 02:54 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org