From owner-freebsd-questions@FreeBSD.ORG Tue May 27 13:30:32 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A64C337B401 for ; Tue, 27 May 2003 13:30:32 -0700 (PDT) Received: from smtp.infracaninophile.co.uk (ns0.infracaninophile.co.uk [81.2.69.218]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4886D43F85 for ; Tue, 27 May 2003 13:30:30 -0700 (PDT) (envelope-from m.seaman@infracaninophile.co.uk) Received: from happy-idiot-talk.infracaninophile.co.uk (localhost [127.0.0.1]) h4RKUNLR030920 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 27 May 2003 21:30:23 +0100 (BST) (envelope-from matthew@happy-idiot-talk.infracaninophile.co.uk) Received: (from matthew@localhost)h4RKUNqv030919; Tue, 27 May 2003 21:30:23 +0100 (BST) (envelope-from matthew) Date: Tue, 27 May 2003 21:30:23 +0100 From: Matthew Seaman To: phillip.smith@sympatico.ca Message-ID: <20030527203023.GC28933@happy-idiot-talk.infracaninophile.co.uk> Mail-Followup-To: Matthew Seaman , phillip.smith@sympatico.ca, freebsd-questions@freebsd.org References: <20030527135004.OBOG5319.tomts13-srv.bellnexxia.net@[209.226.175.20]> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="p2kqVDKq5asng8Dg" Content-Disposition: inline In-Reply-To: <20030527135004.OBOG5319.tomts13-srv.bellnexxia.net@[209.226.175.20]> User-Agent: Mutt/1.5.4i X-Spam-Status: No, hits=-7.5 required=5.0 tests=EMAIL_ATTRIBUTION,IN_REP_TO,PGP_SIGNATURE_2, QUOTED_EMAIL_TEXT,REFERENCES,REPLY_WITH_QUOTES, USER_AGENT_MUTT version=2.55 X-Spam-Checker-Version: SpamAssassin 2.55 (1.174.2.19-2003-05-19-exp) cc: freebsd-questions@freebsd.org Subject: Re: config error: mail loops back to me? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 27 May 2003 20:30:33 -0000 --p2kqVDKq5asng8Dg Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Tue, May 27, 2003 at 09:50:03AM -0400, phillip.smith@sympatico.ca wrote: >=20 > Hi there, hoping this is a common issue with a simple fix... >=20 > Someone is trying to use my box for a relay, which sendmail is taking car= e of nicely, but I keep getting=20 > A) my inbox filled with messages that for some reason it's trying to deli= ver locally and B) these strange=20 > log messages.... >=20 > > May 24 22:43:37 freedom sm-mta[62410]: h4P2hbFs062410: SYSERR(root): > fre.sg.co.nz.mydomainname.com. config error: mail loops back to me (MX pr= oblem?) >=20 > If I do an nslookup on this fre.sg.co.nz, i get the following: >=20 > Server: tor-ns1.netcom.ca > Address: 207.181.101.4 <- my upstream nameserver that I use >=20 > Non-authoritative answer: > Name: fre.sg.co.nz.muydomainname.com > Addresses: 209.82.123.456, 209.167.123.456 >=20 > Why is my upstream returning this as my domain? I'm not clear on where th= e issue lies? >=20 > If you have an idea, please let me know. Also, if you could CC me it woul= d be great, as I'm not currently=20 > subscribed to the list. Yeah --- the fre.sg.co.nz scuzzbags are always showing up in my rejected e-mail logs. [I mean to cast aspersions only on those that are attaching that address to e-mails, who are not necessarily the same people as the owners of the quite valid sg.co.nz domain]. Usually it appears in the mail logs like this: May 26 18:16:50 happy-idiot-talk sm-mta[18628]: h4QHGmLQ018628: ruleset= =3Dcheck_mail, arg1=3D, relay=3D[218.70.117.225], reject= =3D553 5.1.8 ... Domain of sender address bss@fre.sg.co.n= z does not exist May 26 18:16:50 happy-idiot-talk sm-mta[18628]: h4QHGmLQ018628: from=3D= , size=3D0, class=3D0, nrcpts=3D0, proto=3DESMTP, daemon= =3DIPv4, relay=3D[218.70.117.225] Now, those IP numbers they're relaying through in this instance are =66rom somewhere in China -- probably badly configured open relays. Anyhow, the e-mail is rejected because there's no such host as fre.sg.co.nz in the DNS -- the default FreeBSD sendmail configuration should do that automatically for you. If not, then /etc/mail/access will swiftly remove them from your perception. (If you're not feeding the mails from fetchmail locally into sendmail, then you're probably using a MDA with equivalent filtering capabilities). However, the problem you're seeing is actually to do with your local DNS configuration, rather than anything to do with the remote senders. Because you or your service provider have set up the DNS using wildcard records, and because 'fre.sg.co.nz' doesn't really exist, your providers' DNS is doing as it has been told and applying that wild card rule. In general, the rule on wildcards in the DNS is *don't use them*. They will cause you a great deal of misery. However, I suspect that it's actually your ISP that's using the wildcard record, and they're possibly going to be resistant to stopping doing that on just your request. One thing you might do is just put 'fre.sg.co.nz.muydomainname.com' directly into your access database. Or run a local DNS and put in a dummy zone with A and MX records for fre.sg.co.nz --- that will stop the problems with the wildcard thing --- and then add fre.sg.co.nz into /etc/mail/access to reject the messages. Cheers, Matthew --=20 Dr Matthew J Seaman MA, D.Phil. 26 The Paddocks Savill Way PGP: http://www.infracaninophile.co.uk/pgpkey Marlow Tel: +44 1628 476614 Bucks., SL7 1TH UK --p2kqVDKq5asng8Dg Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (FreeBSD) iD8DBQE+08rfdtESqEQa7a0RAvR6AJ0T1PHZmH20uDxUNQtloJKXlLr1ZgCeKd76 UkxDy0LkYF2F6zlZAPuDxtg= =t+u0 -----END PGP SIGNATURE----- --p2kqVDKq5asng8Dg--