From nobody Mon May 22 21:45:40 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QQ9xB21HMz4CV5P for ; Mon, 22 May 2023 21:45:50 +0000 (UTC) (envelope-from vagabond@blackfoot.net) Received: from mx1.blackfoot.net (mx1.blackfoot.net [216.14.232.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mx1.blackfoot.net", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QQ9x93Vntz4GWP for ; Mon, 22 May 2023 21:45:49 +0000 (UTC) (envelope-from vagabond@blackfoot.net) Authentication-Results: mx1.freebsd.org; none Received: from bmfe4.blackfoot.net ([66.109.128.164]) by mx1.blackfoot.net ({9cf3d135-7b6e-4041-a57b-61a932741f4e}) via TCP (outbound) with ESMTP id 20230522214541026_0000; Mon, 22 May 2023 15:45:41 -0600 X-RC-FROM: Received: from webmail.blackfoot.net (unknown [192.168.100.133]) by bmfe4.blackfoot.net (Postfix) with ESMTP id C56C66081B; Mon, 22 May 2023 15:45:39 -0600 (MDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Date: Mon, 22 May 2023 14:45:40 -0700 From: vagabond To: Dewayne Cc: questions@freebsd.org Subject: Re: sendmail error, "MX list for mydomain.com points back to server.mydomain.com" In-Reply-To: <5b4ca761-c980-cb47-df3d-fe675a52700e@heuristicsystems.com.au> References: <303e35e4d89e68dcd9863239dcda568e@blackfoot.net> <30b97aa95162c163c1781ba1a0fa8e25@blackfoot.net> <15AF7ED7-BBD9-428D-939F-4AA5B349C578@gushi.org> <66db9ba3bd66fcc56affdbf7a2621021@blackfoot.net> <2f8bca59462afe206043bea73241bbf2@blackfoot.net> <3da26eb675ecd5d10947fb53fcf3524a@blackfoot.net> <6068541D-A81B-45F0-B961-FD5CD6969FA0@gushi.org> <5b4ca761-c980-cb47-df3d-fe675a52700e@heuristicsystems.com.au> User-Agent: Roundcube Webmail/1.4.11 Message-ID: X-Sender: vagabond@blackfoot.net Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-MAG-OUTBOUND: blackfoot.redcondor.net@66.109.128.164/32 DKIM-Signature: a=rsa-sha256; b=fopXc5zWQT+24QSr7noPp3Q3fO6myzWcWP1wnCzQKZkpenR1w+snMlLMWpGsAgSMB26MYiB6mPlULY910bwYKGytecoJdwi/TNA8753V0HPHlWkPWeuzuOhIHYgm9gSAWDpHWzfIhNDHLpbcOfjsPAgq0aLUPp0lqutGU21Y+0ED5IwboE/LroN/D/56eu5f5hlWBfafntMcSQ5PufOLHXh6EvGWI9ZfaAqQpU1seZrzF4acCA0fsPA7BOBeSZJTxbojVwLznDm+dTDeuq0J6ib/unKYoNNBmecxTOgRJpuotDdH9daWJBQwXSxbG0TE0Iarkfia3vRxS4mkPu+bhQ==; s=ew; c=relaxed/relaxed; d=blackfoot.net; v=1; bh=EyrXlgiLHcUymGHOS0uFAPdVWcqMbwvOvmovTVV+ZPw=; h=from:to:message-id; X-Rspamd-Queue-Id: 4QQ9x93Vntz4GWP X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:21947, ipnet:216.14.224.0/19, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On 2023-05-21 16:14, Dewayne wrote: >>> On Thu, May 18, 2023 at 03:36:52PM -0700, vagabond wrote: >> >>>> ;; res_nquerydomain(ns.dreamchaser.org, dreamchaser.org, 1, 28) >>>> ;; res_query(ns.dreamchaser.org.dreamchaser.org, 1, 28) >>>> ;; res_nmkquery(QUERY, ns.dreamchaser.org.dreamchaser.org, IN, AAAA) >>>> ;; res_send() >>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45481 >>>> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 >>>> ;;      ns.dreamchaser.org.dreamchaser.org, type = AAAA, class = IN >>>> ;; Querying server (# 1) address = 127.0.0.1 > > I run sendmail ipv4. Though unless you can correctly resolve ns and > mx, per the following: > > # host -t mx dreamchaser.org; host mail.dreamchaser.org. > dreamchaser.org mail is handled by 10 mail.dreamchaser.org. > mail.dreamchaser.org is an alias for ns.dreamchaser.org. > ns.dreamchaser.org has address 66.109.141.57 Not sure what you're saying here. Are you saying that on the system having problems, it needs to resolve as above? If so, it does; that resolution is ultimately from the server having the mail problems; it's also the dns primary. The secondaries mirror that, and a walk from a root-server ends up at the primary. > sendmail won't receive. From an earlier email in this thread, > querying your dns @localhost suggest that where-ever your internet > addresses are resolved has something wrong. Sometimes a dot can make > the difference ;) > > 1. To expedite, change /etc/resolv.conf > nameserver WhereYourDNSisPubliclyResolvedNotLocalhost > # EOF Since my server is where it's publicly resolved, the public resolve is the same as the localhost resolve. Unsurprisingly, it fails whether resolv.conf is set to localhost or the external ip or the ip of my upstream isp. > 2. Use host or dig to resolve what's required for your sendmail. host, > mx > 3. if (2) is working then look at other things natd, firewall rules, > routing and finally sendmail (its usually an innocent bystander) I keep wanting to believe sendmail is an innocent bystander, but I'm less and less convinced. Unfortunately, despite its debug instrumentation, its not easy to trace the call stack, or at least I haven't figured out what to turn on to do it. I've installed postfix and it works fine, but I it may not have the same strick checks -- or else it doesn't trip over itself. > 4. Fix your local dns, res_query(ns.dreamchaser.org.dreamchaser.org... > is wrong. I agree that is wrong; I don't see what's wrong with the local dns; it is the same as external dns. > As aside, when setting up other businesses, most sendmail problems > that I've experienced were dns resolution issues. I note your PTR > record is also correct. :) At least something is right... > PS From bitter experience, I place dnl at the end of every sendmail.mc > statement. Thanks, did that, no change. I configured sendmail to leave out my dnsbl, milter-greylist, and STARTTLS, unplug the network connection to the dsl modem, and start sendmail like so: # sendmail -d0.8 -d6.99 -d7.99 -d8.99 -d9.99 -d10.99 -d11.99 -d12.99 -d13.99 -d15.99 -d16.99 -d17.99 -d18.99 -d19.99 -d24.99 -d26.99 -d27.99 -d29.99 -d48.99 -d49.99 -d61.99 -d64.99 -d67.99 -d71.100 -v -L sm-dbg -X ~me/tmp/sm_handshake.log -bD >~me/tmp/sm_debug.tmp then send a mail from me on the server machine to me@dreamchaser.org, I see this: /var/log/maillog: 34M4Micp003026: Authentication-Warning: ns.dreamchaser.org: Host localhost.my.domain [127.0.0.1] claimed to be ns.dreamchaser.org ... 34M4Micp003026: SYSERR(root): mail.dreamchaser.org. config error: mail loops back to me (MX problem ?) 34M4Mn69003027: ns.dreamchaser.org [66.109.141.57] (may be forged) did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4 34M4Micp003026: to=, ctladdr= (1001/1001), delay=00:00:05, xdelay=00:00:05, mailer=esmtp, pri=30458, relay=mail.dreamchaser.org. [66.109.141.57], dsn=5.3.5, stat=Local configuration error me/tmp/sm_debug.tmp: getreq: got name localhost.my.domain getrequests: returning sm_gethostbyname(localhost.my.domain, 2)... localhost.my.domain alias: localhost addr: 127.0.0.1 getauthinfo: localhost.my.domain [127.0.0.1] validate_connection(localhost.my.domain, 127.0.0.1) rscheck(check_relay, localhost.my.domain, 127.0.0.1) ... validate_connection: OK getrequests: forking (fd = 8) getreq: got name ns.dreamchaser.org getreq: got addr 66.109.141.57 and family 2 getrequests: returning sm_gethostbyname(ns.dreamchaser.org, 2)... ns.dreamchaser.org alias: ns addr: 192.168.151.101 getauthinfo: ns.dreamchaser.org [66.109.141.57] (may be forged) validate_connection([66.109.141.57], 66.109.141.57) rscheck(check_relay, [66.109.141.57], 66.109.141.57) ... validate_connection: OK At this point I think I can set up a "trivial" test case for this, using example.com as my domain, but in order to do that I need to bring up a new system. Gary