From owner-freebsd-isp Wed Oct 17 15:26:55 2001 Delivered-To: freebsd-isp@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-116.citlink.net [207.173.226.116]) by hub.freebsd.org (Postfix) with ESMTP id AFF9837B40B for ; Wed, 17 Oct 2001 15:26:20 -0700 (PDT) Received: from bigdaddy (bigdaddy [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id D9260EE64D; Sat, 13 Oct 2001 08:36:02 -0700 (PDT) Message-ID: <02aa01c153fc$c3fa0150$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: "ISP Questions" , References: <001a01c153a0$69e3e3e0$1505010a@daylight.net> Subject: Re: Bad Network Config? - Mail Refused Date: Sat, 13 Oct 2001 08:33:21 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "John Brooks" To: "'Drew Tomlinson'" Sent: Friday, October 12, 2001 9:34 PM Subject: RE: Bad Network Config? - Mail Refused > You do realize that by not "replying to all" you have bypassed any other > input from the list into our talk here... Sorry. I meant to include the list in my reply. > I do all of my firewall needs with OpenBSD and run all network services > with FreeBSD, I do it this way for all of the networks I build. Sendmail > has always caused configuration problems and headaches. > > ============================= > Lets fix your postfix setup on the server box first: > > myhostname = blacklamb.mykitchentable.net > mydomain = mykitchentable.net > myorigin = $mydomain > mydestination = $myhostname, localhost.$mydomain, $mydomain > mynetworks_style = subnet > mynetworks = 192.168.1.0/24, 127.0.0.0/8 > relayhost = smtp_host_at_isp > disable_dns_lookups = yes > local_recipient_maps = $alias_maps unix:passwd.byname > alias_maps = hash:/etc/aliases > alias_database = hash:/etc/aliases > > (all other items are default) > (keep your local network limited to what's behind the firewall, don't > include 64,000+ possible hosts outside the firewall) > (make sure you adjust the path to match where the alias file is) > (set relayhost to the smtp server at your isp, push the work off to them > ;-), it has to go thru their system anyway) OK, I did the above. > ============================ > Now fix your aliases file: > > root: drew > > (my.logon is meant to be an actual logon username) > It is (and was) set to the my logon account name. After completing the above, I tried again but still get the connection refused errors. > ============================= > Now the firewall box: > > make sure that inbound mail is redirected to the mail server at > 192.168.1.4 from the firewall > make sure that inbound mail is redirected to the firewall at > ???.???.???.??? from the adsl > make sure your ruleset provides for smtp traffic > > (since I use OpenBSD, ipfilter, & ipnat you're on your own for the > above) All of my tests have been with the firewall wide-open. blacksheep# ipfw show 65535 84751 10731358 allow ip from any to any And if I can telnet to port 25 on the mail server, doesn't that also eliminate any firewall problems? > ============================= > my postfix config on the firewall: > > myhostname = blacksheep.mykitchentable.net > mydomain = mykitchentable.net > myorigin = $myhostname > relayhost = [192.168.1.4] > disable_dns_lookups = yes > alias_maps = hash:/etc/postfix/aliases > alias_database = hash:/etc/postfix/aliases > mynetworks = 127.0.0.0/8 > > (no mail uses this box except for stuff generated on the box itself, not > listening on any interface) > (mail goes to only one location, the mail server behind the firewall) I will try this. > ============================== > > try this and see what happens, I am presuming that you replaced sendmail > entirely when you installed postfix - if that is not the case then all > bets are off. I think I have replaced sendmail. I set sendmail_enable="NO" in rc.conf and ps -acux | grep sendmail returns nothing. Does that do it or is there more required? I really appreciate your help and have tried all of your suggestions (with the exception of Postfix on the firewall -- I'll try it next). However, I really believe that I have a network problem of some kind. Here's what I suspect is happening: 1. The firewall does a MX lookup for mykitchentable.net. blacksheep# dig mx mykitchentable.net ;; ANSWER SECTION: mykitchentable.net. 5M IN MX 0 blacklamb.mykitchentable.net. 2. Now the firewall does a lookup on blacklamb.mykitchentable.net. I have a static DNS entry to point blacklamb's address (192.168.1.4) in my private network. If you were to do a lookup on it, you would get my public DHCP address (207.173.x.x) assigned by my ISP. blacksheep# dig blacklamb.mykitchentable.net ;; ANSWER SECTION: blacklamb.mykitchentable.net. 0S IN A 192.168.1.4 3. For whatever reason, instead of sending mail to 192.168.1.4, the firewall attempts to connect to mykitchentable.net at 207.173.x.x which is my ADSL modem/router and then the connection fails because the modem does not accept any connections to port 25. So before I install Postfix on the firewall, how can I tell sendmail to relay all mail to 192.168.1.4? Thanks again. You've been a BIG help! Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message