Date: Wed, 21 Jul 1999 10:13:28 +0930 From: Greg Lehey <grog@lemis.com> To: Michael Hill <Michael_Hill@csgsystems.com> Cc: FreeBSD Questions <questions@FreeBSD.org> Subject: Mail behind firewalls (was: Warning: could not send message for past 4 hours (fwd)) Message-ID: <19990721101328.H84734@freebie.lemis.com> In-Reply-To: <19990720084645.48476@habanero.co.csgsystems.com>; from Michael Hill on Tue, Jul 20, 1999 at 08:46:45AM -0600 References: <19990719152426.53394@qadas.com> <19990720094345.O72885@freebie.lemis.com> <19990720084645.48476@habanero.co.csgsystems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tuesday, 20 July 1999 at 8:46:45 -0600, Michael Hill wrote: > On Tue, Jul 20, 1999 at 09:43:46AM +0930, Greg Lehey wrote: >> On Monday, 19 July 1999 at 15:24:26 -0600, Michael Hill wrote: >>> I am trying to send a message asking for help with a kernel error message >>> I'm seeing. Unfortunately, your domain seems to be refusing my contact >>> because it's originating from a machine whose DNS information is not >>> published outside our corporate firewall. How am I supposed to get mail >>> through if my sendmail is configured to contact the destination address >>> directly, and your sendmail is refusing it because it can't do a reverse >>> lookup? >> >> How do you expect to get a reply if you're behind a corporate >> firewall? > > I beg your pardon? I *did* receive your reply to "Michael Hill > <Michael_Hill@csgsystems.com>"; Correct. But that's not the address that you sent the message from. In any case, it looks as if your firewall does allow sending mail from inside the firewall. The real problem is your DNS, which is misconfigured. > as you can see, that is what my Reply-To header is set to. I have > no problems whatsoever receiving mail. All my headers, in fact, are > rewritten by sendmail to obscure my sending host. > >> But, as the message says, the real problem is that your >> system habanero.co.csgsystems.com is not known to DNS: > > That's a problem only to a sendmail that assumes any host it can't look > up by name is illegal. Well, it's not limited to sendmail. The mailer at FreeBSD.org refuses mail from a non-listed system. > There's this little thing called "security", and a lot of > corporations protect their internal networks behind transparent > firewalls and don't advertise any but a few hosts in their external > DNS. There's this thing called "spam", and a lot of organizations protect their mailing lists and refuse mail from unlisted domain names. > firewalls and don't advertise any but a few hosts in their external > DNS. > > IOW, it's not a bug, it's a feature! It's a bug. Your host name appears to be a CNAME; it has a perfectly valid and advertised name, lucy.csgsystems.com, which is also listed in the headers: From Michael_Hill@csgsystems.com Wed Jul 21 00:17:24 1999 Received: from habanero.co.csgsystems.com (lucy.csgsystems.com [207.15.61.3]) This gives away more information than you could possibly save by not listing habanero.co. > The real problem, given the corporate reality of not publicizing > one's entire internal network in external DNS, is the simplistic > sendmail assumption that any hostname it can't resolve is by > definition a spammer. Give us a better solution, and we'll gladly accept it. > At any rate, may I resend my original question to you? No. As I said in the original message, When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html The relevant quotation from that web page is: 6. Don't do a group reply; lots of people send messages with hundreds of CCs. Unless there's a good reason to do otherwise, just reply to the person and copy FreeBSD-questions. The background to this is that many people on the FreeBSD-questions are "lurkers": they learn by reading messages sent and replied to by others. If you take a message which is of general interest off the list, you're depriving these people of their information. Apart from this, I've long forgotten what your question was about, and your subject line wasn't exactly helpful. There's a good chance that somebody else will be in a better position to answer the question. You should fix your DNS (or get your machine to claim to be lucy rather than habanero) and send the message to -questions. Greg -- When replying to this message, please copy the original recipients. For more information, see http://www.lemis.com/questions.html See complete headers for address, home page and phone numbers finger grog@lemis.com for PGP public key To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19990721101328.H84734>