FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 08-18-2010, 10:31 AM
Tim
 
Default Sendmail on a LAN

Tim:
>> Dyndns, and other such things, are useful for giving yourself a hostname
>> that you can control, to a static IP. But aren't going to be much good
>> if you have a dynamic IP. Private webserving's easy enough with a
>> varying IP, mail serving's another matter.


PaulCartwright:
> You can update dyndns every month even if your ip changes. MY IP lease
> used to last a month.. YMMV
> I decided to go the extra mile & $5 a month & get a static IP..

Whether it be monthly, or more rapidly, SMTP servers aren't supposed to
change (numerical IP) addresses. It's not a good idea to run a SMTP
server from a dynamic address. When your address changes, you lose mail
(from anything that cached your IP, and keeps on using the cached
address), and someone else (who gets your old one) get spammed.

Though the original poster has clarified that they have a static IP, so
this issue won't apply to then.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 10:48 AM
Ed Greshko
 
Default Sendmail on a LAN

On 08/18/2010 06:31 PM, Tim wrote:
> Whether it be monthly, or more rapidly, SMTP servers aren't supposed to
> change (numerical IP) addresses. It's not a good idea to run a SMTP
> server from a dynamic address. When your address changes, you lose mail
> (from anything that cached your IP, and keeps on using the cached
> address), and someone else (who gets your old one) get spammed.

Actually, that shouldn't happen. You may not get the email but it
shouldn't get lost and the person that gets the previous IP address
shouldn't get spammed. I would expect the emails to be rejected with
"User Unknown".

--
We cannot command nature except by obeying her. -- Sir Francis Bacon 葛
斯克 愛德華 / 台北市八德路四段

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 10:57 AM
Ed Greshko
 
Default Sendmail on a LAN

On 08/18/2010 06:28 PM, Tim wrote:
> Are you aware that if your SMTP server is on an IP in the range of
> addresses your ISP doles out to its private customers, you may be on a
> blacklist of IPs to ignore. It's a common practice for many other mail
> servers, or their incoming mail filters, to only accept mail sent from
> ISP mail servers, and other large networks.

I believe you are speaking of RBL services such as spamhaus.org. Yes,
indeed they try to keep a list of IP address ranges that are used by
ISP's to be dynamically allocated. And, indeed there can be problems
when the list they keep doesn't match with reality. In the case of
"good" RBL services like spamhaus they will fix the issue quickly with
the proper evidence that the IP in question really isn't allocated
dynamically.

--
The rule on staying alive as a forecaster is to give 'em a number or
give 'em a date, but never give 'em both at once. -- Jane Bryant Quinn
葛斯克 愛德華 / 台北市八德路四段

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 01:06 PM
Tim
 
Default Sendmail on a LAN

Tim:
>> Whether it be monthly, or more rapidly, SMTP servers aren't supposed to
>> change (numerical IP) addresses. It's not a good idea to run a SMTP
>> server from a dynamic address. When your address changes, you lose mail
>> (from anything that cached your IP, and keeps on using the cached
>> address), and someone else (who gets your old one) get spammed.

Ed Greshko:
> Actually, that shouldn't happen. You may not get the email but it
> shouldn't get lost and the person that gets the previous IP address
> shouldn't get spammed. I would expect the emails to be rejected with
> "User Unknown".

While the next person to get your IP mayn't actually receive mail,
they'll still get attempts to connect to their SMTP server, whether or
not they even have them, until other people's systems find out about
your new IP.

Now, if that person doesn't have a mail server, your second MX record
should be consulted by SMTP servers, and deliver your mail through that.
But, people doing the home SMTP game, probably don't have a second,
separate, SMTP server. And those that do, will probably have to go to
that second server, deliberately, to get unreceived mail. The second
mail server mayn't automatically pass the mail it's holding over to the
main one, when the main one does become available.

Long ago, I decided that trying to be my own SMTP server was too much
trouble to bother with. You really want a static IP, that costs more.
You need to handle all the spam, that a dedicated mail host is much more
proficient at dealing with. You really need a second backup server,
that costs more, and since that's external, why not have both external.

I settled for running my own server for our outgoing mail, and let my
domain's hosting equipment handling my incoming mail.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 01:13 PM
Tim
 
Default Sendmail on a LAN

Tim:
>> Are you aware that if your SMTP server is on an IP in the range of
>> addresses your ISP doles out to its private customers, you may be on a
>> blacklist of IPs to ignore. It's a common practice for many other mail
>> servers, or their incoming mail filters, to only accept mail sent from
>> ISP mail servers, and other large networks.

Ed Greshko:
> I believe you are speaking of RBL services such as spamhaus.org. Yes,
> indeed they try to keep a list of IP address ranges that are used by
> ISP's to be dynamically allocated. And, indeed there can be problems
> when the list they keep doesn't match with reality. In the case of
> "good" RBL services like spamhaus they will fix the issue quickly with
> the proper evidence that the IP in question really isn't allocated
> dynamically.

The trouble is that the problem is external, and out of your control.
Others can use any number of filtering techniques, good or bad. If your
on just one black list, that's a problem.

You can also strike the other blacklisting issue. e.g. One of my former
ISPs, Optus, was on many blacklists for doing sweet Fanny Adams about
spam coming through their systems. Any IP associated with them was
tarred with that brush, and your mail could get rejected, no matter how
you tried sending (your own SMTP server, their SMTP server...). To make
matters worse, they're one of the big ISPs and telcos in this country,
and the backbone for many smaller ISPs. That situation went on for
years and years. Long after I left them they were still in that boat,
and I've given up checking to see if it is still the case.


--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 02:07 PM
Bill Davidsen
 
Default Sendmail on a LAN

JD wrote:

> I have done all that. Really. ISP (at&t) has unblocked port 25
> per my request. So I can indeed smtp out. But when an smtp request
> comes in to the router, the router seems to get confused as to the
> session type - and calls is an Unknown session type, and blocks
> the request. Router has no settings as to what session types are
> and what types can be blocked, and what types can be accepted.
> Session types are opaque to the user as far as configuration goes.
> There are no means to admin session types.
> What else can one expect from a thuggish isp?
>
You have run tcpdump on port 25 inbound to verify that the router is the
problem, right? Suggest saving all packets to a file for a few hours, then using
either tcpdump or wireshark to look at them, or not look at them if your router
is doing what you think it is.

And be sure that the unwanted packets are inbound and not the result of your
sendmail sending back something unexpected.

--
Bill Davidsen <davidsen@tmr.com>
"We have more to fear from the bungling of the incompetent than from
the machinations of the wicked." - from Slashdot
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 02:13 PM
Ed Greshko
 
Default Sendmail on a LAN

On 08/18/2010 09:13 PM, Tim wrote:
> The trouble is that the problem is external, and out of your control.
> Others can use any number of filtering techniques, good or bad. If your
> on just one black list, that's a problem.

Yes, many things are external to ones system and out of ones control.
And, yes, it may be problem...but it may only be a minor annoyance.
> You can also strike the other blacklisting issue. e.g. One of my former
> ISPs, Optus, was on many blacklists for doing sweet Fanny Adams about
> spam coming through their systems. Any IP associated with them was
> tarred with that brush, and your mail could get rejected, no matter how
> you tried sending (your own SMTP server, their SMTP server...). To make
> matters worse, they're one of the big ISPs and telcos in this country,
> and the backbone for many smaller ISPs. That situation went on for
> years and years. Long after I left them they were still in that boat,
> and I've given up checking to see if it is still the case.
>

I know what you mean about being tarred with a brush. That is why I
used the term "good" RBL service. I know of at least one RBL service
that blacklists on a country basis. For those persons/companies
subscribing to that server my emails are blocked since I happen to live
in one of the "bad" countries.

FWIW, I'm not a fan of RBL services and while many of them exist I've
not seen any data as to how widely used they are.

--
You are only young once, but you can stay immature indefinitely. 葛斯克
愛德華 / 台北市八德路四段

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 02:21 PM
"Daniel B. Thurman"
 
Default Sendmail on a LAN

On 08/17/2010 08:28 PM, JD wrote:
> On 08/17/2010 07:50 PM, Daniel B. Thurman wrote:
>> On 08/17/2010 05:10 PM, JD wrote:
>>> On 08/17/2010 04:56 PM, Craig White wrote:
>>>> On Tue, 2010-08-17 at 16:47 -0700, JD wrote:
>>>>> On 08/17/2010 03:35 PM, Daniel B. Thurman wrote:
>>>>>> On 08/17/2010 02:25 PM, JD wrote:
>>>>>>> On 08/17/2010 01:27 PM, Gordon Messmer wrote:
>>>>>>>> On 08/17/2010 09:33 AM, JD wrote:
>>>>>>>>> Re: a.b.c.d ==> valid.host.name
>>>>>>>>> and valid.host.name ==> a.b.c.d
>>>>>>>>> does not seem to apply to the google smtp server I use for Thunderbird.
>>>>>>>> You did your test entirely backward. You did a forward lookup first,
>>>>>>>> and then checked the PTR of the IP which was returned. There is no
>>>>>>>> requirement for a PTR to match every hostname that resolves to its IP
>>>>>>>> address.
>>>>>>>>
>>>>>>>> Let's finish your test:
>>>>>>>>
>>>>>>>> $ host smtp.gmail.com
>>>>>>>> smtp.gmail.com is an alias for gmail-smtp-msa.l.google.com.
>>>>>>>> gmail-smtp-msa.l.google.com has address 74.125.155.109
>>>>>>>>
>>>>>>>> The result of this test merely identifies an IP address. Now, let's
>>>>>>>> test to validate that the IP returns a PTR that resolves to the same IP:
>>>>>>>>
>>>>>>>> $ host 74.125.155.109
>>>>>>>> 109.155.125.74.in-addr.arpa domain name pointer px-in-f109.1e100.net.
>>>>>>>> $ host px-in-f109.1e100.net.
>>>>>>>> px-in-f109.1e100.net has address 74.125.155.109
>>>>>>>>
>>>>>>>> Yep, totally valid. That IP address has a PTR record, and the hostname
>>>>>>>> contained in that PTR resolves back to the same IP address. This host
>>>>>>>> is properly configured.
>>>>>>>>> So, Thunderbird client does not seem to mind that
>>>>>>>>> reverse lookup does not match the name smtp.gmail.com
>>>>>>>> Clients rarely do. It's the servers to which you're going to try to
>>>>>>>> deliver mail that will mind.
>>>>>>> I see! Thanks for the heads up!
>>>>>>> At any rate, I am having serious problem with an unwieldy router.
>>>>>>> I just posted a message about that.
>>>>>> 1) Make sure your ISP is not interfering with your traffic, to direct
>>>>>> all traffic to/from your primary router static IP address. You can
>>>>>> call them and ask about it. Mine was very helpful and cooperative
>>>>>> (spiritone.com) and their rates are good compared with many I have
>>>>>> checked.
>>>>>>
>>>>>> 2) If your ISP router allows, you might be able to set up your router
>>>>>> as a pass-through router forwarded to a more robust FW router,
>>>>>> or directly to your fedora box to handle the public firewall/NAT.
>>>>>> I have a hardware firewall appliance (SonicWall), so my dumb ISP
>>>>>> provided router is simply a pass-through router to SonicWall.
>>>>>>
>>>>>> 3) You state that you have static public IP addresse(s), but do
>>>>>> you have a domain name? If so, make sure at the domain
>>>>>> name provider (DNP) website that you define your name
>>>>>> server addresses and most DNP require at minimum, 2
>>>>>> name servers. I set my name servers to ns1.mydomain.x1
>>>>>> and ns2.mydomain.x2 which is handled by my own domain
>>>>>> name servers. Just make sure you configure your name servers
>>>>>> properly (forwarders to your ISP name servers).
>>>>>>
>>>>>> Make sure your sendmail is also properly configured. Since
>>>>>> you use Thunderbird as I do, it is IMAP capable, so sendmail
>>>>>> needs special setup to support IMAP/Mailldir (as opposed to mbox)
>>>>>> handling and I use dovecot as my IMAP server As for the many
>>>>>> spams that DO come through, I use sendmail for that - I get VERY
>>>>>> MINIMAL spams - and this requires that you carefully and properly
>>>>>> setup your sendmail configuration.
>>>>>>
>>>>>>
>>>>>> Once you get though all of this and to make it work, it is well worth it,
>>>>>> at least it is for me.
>>>>>>
>>>>>> FWIW,
>>>>>> Dan
>>>>>>
>>>>> I have done all that. Really. ISP (at&t) has unblocked port 25
>>>>> per my request. So I can indeed smtp out. But when an smtp request
>>>>> comes in to the router, the router seems to get confused as to the
>>>>> session type - and calls is an Unknown session type, and blocks
>>>>> the request. Router has no settings as to what session types are
>>>>> and what types can be blocked, and what types can be accepted.
>>>>> Session types are opaque to the user as far as configuration goes.
>>>>> There are no means to admin session types.
>>>>> What else can one expect from a thuggish isp?
>>>> ----
>>>> configure your router to forward inward port 25 (TCP) to your mail
>>>> server. Shouldn't be that hard to do.
>>>>
>>>> Craig
>>>>
>>>>
>>> I have done more than that.
>>> For all incoming requests (ports 1-65535) are forwarded to my fedora
>>> machine,
>>> for both tcp and udp.
>>>
>>> Problem seems to be the firmware of the router (made by 2wire for at&t).
>>> it is absulutely the most horible router firmware I have ever used.
>>>
>>> here's an example of it's brain dead operation:
>>>
>>> src=74.125.83.47 dst=76.218.80.172 ipprot=6 sport=49645 dport=25 Unknown
>>> inbound session stopped
>>>
>>> And yet, it is confugured to ACCEPT smtp packets.
>>>
>>> It makes the lame excuse it does not know the inbound session?
>>>
>>> What a bunch of unmentionable stuff!!
>> What is this router you are talking about? Are
>> you sure it isn't broken or is in need of a firmware
>> update? I have no clue what this router is that you
>> are dealing with... care to provide a bit of details
>> since you are bitterly complaining about it?
>>
>> If all else, consider getting another router that you
>> know how to configure?
>>
> Hi Dan,
> probably you did not catch the earlier stuff on this thread....
> The router is a 2-wire, but AT&T sells it as their Uverse
> router, which handles internet and TV.
> You will not find this on the market, because I do not
> know which 2-wire model it is. People who have at&t
> Uverse know what I'm talking about - but then perhaps
> at&t uses different routers in different market zones.
>
> At any rate, I got things to almost work...
> so I am still at it....
>
> Cheers,
>
> JD
Ok, well good luck with the router!

Dan

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 02:28 PM
Ed Greshko
 
Default Sendmail on a LAN

On 08/18/2010 09:06 PM, Tim wrote:
> While the next person to get your IP mayn't actually receive mail,
> they'll still get attempts to connect to their SMTP server, whether or
> not they even have them, until other people's systems find out about
> your new IP.

Sure. As a matter of fact, I did run an SMTP server on my domain with
dynamic IPs about 8 years ago. I didn't run into any problems probably
due to several factors.

1. My system rarely disconnected but when it did it seems the lease
lifetime was set to a high value and I almost always got the same IP
upon reconnection.

2. Even when I didn't get the same IP the demographics were such that
99% of the time the system that got my IP was a PC running windows and
no SMTP service.

> Long ago, I decided that trying to be my own SMTP server was too much
> trouble to bother with. You really want a static IP, that costs more.
> You need to handle all the spam, that a dedicated mail host is much more
> proficient at dealing with. You really need a second backup server,
> that costs more, and since that's external, why not have both external.

I've run my own SMTP server for many years and have not found it too
much trouble....

For a small set up there really is no value to having a second server
and MX record. I would only put up a secondary server if I had multiple
internet connections into the enterprise. If my single server dies I
can live without email for the time it takes me to fix the problem and
I'd be too busy fixing it to read email even if I had a backup. :-) My
DNS provider offers to act as a backup email server free of charge but
I've never taken them up on the offer.

> I settled for running my own server for our outgoing mail, and let my
> domain's hosting equipment handling my incoming mail.
>
I'll admit it, I'm a control freak. :-)

FWIW, I've given up trying to follow the rest of this thread....seems
nobody knows how to trim. :-)




--
Politics are almost as exciting as war, and quite as dangerous. In war,
you can only be killed once. -- Winston Churchill 葛斯克 愛德華 / 台北市
八德路四段

--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 
Old 08-18-2010, 04:46 PM
JD
 
Default Sendmail on a LAN

On 08/18/2010 03:28 AM, Tim wrote:
> Are you aware that if your SMTP server is on an IP in the range of
> addresses your ISP doles out to its private customers, you may be on a
> blacklist of IPs to ignore. It's a common practice for many other mail
> servers, or their incoming mail filters, to only accept mail sent from
> ISP mail servers, and other large networks.
>
> A few years back my ISP increased the number of IPs that they use
> (dynamically allocated to their customers). And, apparently, there's
> still a problem with us using those newer IPs, as many other services
> don't have them in their database of acceptable IPs.
I am aware of that. So far it has not been a problem.

> Can't you get a better one?
Not an option when you are on AT&T Uverse.
> If not, can you set it up in bridge mode? Then you can use it as a
> simple modem, and the completely configurable computer as the router
No, not this router.
--
users mailing list
users@lists.fedoraproject.org
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
 

Thread Tools




All times are GMT. The time now is 07:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org