From owner-freebsd-chat Sun Apr 28 17:53:42 2002 Delivered-To: freebsd-chat@freebsd.org Received: from gull.prod.itd.earthlink.net (gull.mail.pas.earthlink.net [207.217.120.84]) by hub.freebsd.org (Postfix) with ESMTP id 11B2E37B41C for ; Sun, 28 Apr 2002 17:53:37 -0700 (PDT) Received: from pool0509.cvx22-bradley.dialup.earthlink.net ([209.179.199.254] helo=mindspring.com) by gull.prod.itd.earthlink.net with esmtp (Exim 3.33 #2) id 171zPi-000369-00; Sun, 28 Apr 2002 17:53:10 -0700 Message-ID: <3CCC9958.C1D60BBD@mindspring.com> Date: Sun, 28 Apr 2002 17:52:40 -0700 From: Terry Lambert X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: groggy11@mail.com Cc: freebsd-chat@freebsd.org Subject: Re: bad isp - dns References: <200204282328.g3SNSih60070@groggy.anc.acsalaska.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-chat@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org groggy11@mail.com wrote: > > > Use nat so that the outside world only sees one IP that has proper forward > > > and reverse mapping. > > i do use "user ppp" -nat. > i don't understand fully. > i would guess that the freebsd > mailserver checks the mail headers, > or the smtp server trying to send, > and i don't see how nat affects this? example.com ,-------. | other | | host | `-------' IP #2 | ,-------. | NAT | | host | `-------' IP #1 | ---+----------------------+---- Internet | ,-------. | mail | | host | `-------' mail.example.com. A IP #2 gateway.example.com. A IP #1 IP #2.in-addr.arpa. some.bogus.reverse.delegation IP #1.in-addr.arpa. gateway.example.com. He's saying that the NAT machine has a valid reverse address record (one that matches the forward name). Because IP #2 is NAT'ed to IP #1, and you set the Cw on "other host" to be "gateway.example.com", then the: gethostbyaddr(getpeername()) :== gethostbyname() Which passes the crosscheck, and lets you send mail. It assumes that the forward and reverse addresses will match. The current failure of your email server is that the forward and reverse do not match. His suggestion *assumes* that the NAT machine's IP address has a valid reverse mapping configured. Setting the ISP mail server as your "SMART_HOST()" in your sendmail configuration would also guarantee that all email is relayed through the outbound mail server for your ISP. This assumes that your ISP, though too stupid to be able to set your DNS records properly, is smart enough to set their own DNS records properly (i.e. they are pervesely and selectively stupid, rather than simply generally stupid and/or incompetent and/or lazy). Another possibility is to have your forward address match your reverse address... e.g. whatever the ISP has as the reverse, make sure that there is a forward record that matches it. This is unlikely to work, since the most common problem is that your ISP simply failed to set up reverse records at all, rather than failing to set up correct reverse records for static delegations. If that's not the case, though, then you need to look up the reverse record, and find the canonical host name there, and then find whoever owns the DNS server for the reverse name (probably the ISP), and make sure they have a matching forward record for it. If your ISP is too stupid to do that, and too stupid to set up their own forward and reverse records correctly, well, then there is always the approach I already suggested: pay some third party to provide SMTP AUTH based relay services for your mail server, and implement SMTP AUTH to the relay server from your internal mail server. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message