Date: Sat, 13 Oct 2001 08:33:21 -0700 From: "Drew Tomlinson" <drew@mykitchentable.net> To: "ISP Questions" <isp@freebsd.org>, <john@day-light.com> Subject: Re: Bad Network Config? - Mail Refused Message-ID: <02aa01c153fc$c3fa0150$0301a8c0@bigdaddy> References: <001a01c153a0$69e3e3e0$1505010a@daylight.net>
next in thread | previous in thread | raw e-mail | index | archive | help
----- Original Message ----- From: "John Brooks" <john@day-light.com> To: "'Drew Tomlinson'" <drew@mykitchentable.net> Sent: Friday, October 12, 2001 9:34 PM Subject: RE: Bad Network Config? - Mail Refused > You do realize that by not "replying to all" you have bypassed any other > input from the list into our talk here... Sorry. I meant to include the list in my reply. > I do all of my firewall needs with OpenBSD and run all network services > with FreeBSD, I do it this way for all of the networks I build. Sendmail > has always caused configuration problems and headaches. > > ============================= > Lets fix your postfix setup on the server box first: > > myhostname = blacklamb.mykitchentable.net > mydomain = mykitchentable.net > myorigin = $mydomain > mydestination = $myhostname, localhost.$mydomain, $mydomain > mynetworks_style = subnet > mynetworks = 192.168.1.0/24, 127.0.0.0/8 > relayhost = smtp_host_at_isp > disable_dns_lookups = yes > local_recipient_maps = $alias_maps unix:passwd.byname > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > > (all other items are default) > (keep your local network limited to what's behind the firewall, don't > include 64,000+ possible hosts outside the firewall) > (make sure you adjust the path to match where the alias file is) > (set relayhost to the smtp server at your isp, push the work off to them > ;-), it has to go thru their system anyway) OK, I did the above. > ============================ > Now fix your aliases file: > > root: drew > > (my.logon is meant to be an actual logon username) > It is (and was) set to the my logon account name. After completing the above, I tried again but still get the connection refused errors. > ============================= > Now the firewall box: > > make sure that inbound mail is redirected to the mail server at > 192.168.1.4 from the firewall > make sure that inbound mail is redirected to the firewall at > ???.???.???.??? from the adsl > make sure your ruleset provides for smtp traffic > > (since I use OpenBSD, ipfilter, & ipnat you're on your own for the > above) All of my tests have been with the firewall wide-open. blacksheep# ipfw show 65535 84751 10731358 allow ip from any to any And if I can telnet to port 25 on the mail server, doesn't that also eliminate any firewall problems? > ============================= > my postfix config on the firewall: > > myhostname = blacksheep.mykitchentable.net > mydomain = mykitchentable.net > myorigin = $myhostname > relayhost = [192.168.1.4] > disable_dns_lookups = yes > alias_maps = hash:/etc/postfix/aliases > alias_database = hash:/etc/postfix/aliases > mynetworks = 127.0.0.0/8 > > (no mail uses this box except for stuff generated on the box itself, not > listening on any interface) > (mail goes to only one location, the mail server behind the firewall) I will try this. > ============================== > > try this and see what happens, I am presuming that you replaced sendmail > entirely when you installed postfix - if that is not the case then all > bets are off. I think I have replaced sendmail. I set sendmail_enable="NO" in rc.conf and ps -acux | grep sendmail returns nothing. Does that do it or is there more required? I really appreciate your help and have tried all of your suggestions (with the exception of Postfix on the firewall -- I'll try it next). However, I really believe that I have a network problem of some kind. Here's what I suspect is happening: 1. The firewall does a MX lookup for mykitchentable.net. blacksheep# dig mx mykitchentable.net ;; ANSWER SECTION: mykitchentable.net. 5M IN MX 0 blacklamb.mykitchentable.net. 2. Now the firewall does a lookup on blacklamb.mykitchentable.net. I have a static DNS entry to point blacklamb's address (192.168.1.4) in my private network. If you were to do a lookup on it, you would get my public DHCP address (207.173.x.x) assigned by my ISP. blacksheep# dig blacklamb.mykitchentable.net ;; ANSWER SECTION: blacklamb.mykitchentable.net. 0S IN A 192.168.1.4 3. For whatever reason, instead of sending mail to 192.168.1.4, the firewall attempts to connect to mykitchentable.net at 207.173.x.x which is my ADSL modem/router and then the connection fails because the modem does not accept any connections to port 25. So before I install Postfix on the firewall, how can I tell sendmail to relay all mail to 192.168.1.4? Thanks again. You've been a BIG help! Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?02aa01c153fc$c3fa0150$0301a8c0>