From owner-freebsd-current Thu Mar 8 0:57: 2 2001 Delivered-To: freebsd-current@freebsd.org Received: from fw.mccons.net (adsl-65-64-105-41.dsl.kscymo.swbell.net [65.64.105.41]) by hub.freebsd.org (Postfix) with ESMTP id 8A69337B719; Thu, 8 Mar 2001 00:56:57 -0800 (PST) (envelope-from root@mccons.maxbaud.net) Received: from localhost (root@localhost) by fw.mccons.net (8.11.1/8.11.2) with SMTP id f288usK54865; Thu, 8 Mar 2001 02:56:56 -0600 (CST) (envelope-from root@mccons.maxbaud.net) Date: Thu, 8 Mar 2001 02:56:53 -0600 (CST) From: Wm Brian McCane X-Sender: root@fw.mccons.net To: Gregory Neil Shapiro Cc: freebsd-current@FreeBSD.ORG Subject: Re: Email being rejected In-Reply-To: <15014.62278.946401.639910@horsey.gshapiro.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-current@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Wed, 7 Mar 2001, Gregory Neil Shapiro wrote: > root> I am using the standard freebsd.mc created during a buildworld. I > root> have started noticing that I am missing/rejecting a lot of emails > root> from places like: yahoogroups.com. > > It would be helpful to show the actual log message so we can determine why > it is being rejected. If it is something like: > > Mar 7 18:45:51 horsey sendmail[69643]: f282jdlg069643: ruleset=check_mail, arg1=, relay=gshapiro@yahoogroups.com [10.0.1.1], reject=501 5.1.8 ... Domain of sender address gshapiro@yahoogroups.com does not exist Yes, that is it. I actually started noticing the problem in my email for the daily (nightly) run. I went to look in the maillog, however, and that is the essence of the error (I think the PID might have been different ;). > Then at the time the mail came in, yahoogroups.com was not resolvable. You > can check with: > > nslookup -q=AAAA yahoogroups.com. > nslookup -q=A yahoogroups.com. > nslookup -q=MX yahoogroups.com. I did this and it does resolve for that one, but it doesn't for an ISP that one of my clients is trying to receive an email from. I emailed the owner of the ISP who promptly informed me that you should never setup an IP for your domain name, just for things like the www..org ;). However, the MX does (and has all along) resolved for his domain. I thought sendmail would do the DNS lookup/RDNS double-check thing for the MX machine instead of the origination machine, which was why I was so confused. > root> I have been looking in the sendmail config stuff, and I have not yet > root> figured out what rule I would need to change, but I need it fixed > root> soon, customers are complaining. I think what needs to be done is > root> add a rule that says (if it is a TLD, go ahead and accept it). And, > root> yes, I realize that means I will get a lot of emails from places > root> like: akjasdkfhaskhdf.com, but a "whois" lookup would be WAY TOO > root> SLOW. > > >From /usr/share/sendmail/cf/README: > > FEATURE(accept_unresolvable_domains) > Normally, MAIL FROM: commands in the SMTP session will be > refused if the host part of the argument to MAIL FROM: > cannot be located in the host name service (e.g., an A or > MX record in DNS). If you are inside a firewall that has > only a limited view of the Internet host name space, this > could cause problems. In this case you probably want to > use this feature to accept all domains on input, even if > they are unresolvable. Saw this, and didn't like the sound of it one darn bit. I am on a AT&T T1, which has been extremely reliable, and have never (that I know of) had problems resolving names unless the other persons bind or connection to the net is shakey. > ... > An ``access'' database can be created to accept or reject mail from > selected domains. For example, you may choose to reject all mail > originating from known spammers. To enable such a database, use > > FEATURE(`access_db') > ... > OK Accept mail even if other rules in the > running ruleset would reject it, for example, > if the domain name is unresolvable. Okay, just call me stupid :). I use this feature already to allow relays from/to my various domain names, reject email from spammers, etc. I can even control it directly from webmin instead of looking at all those strange rules in the .cf file. thanks, - brian To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-current" in the body of the message