Date: Mon, 22 May 2023 14:45:40 -0700 From: vagabond <vagabond@blackfoot.net> To: Dewayne <dewayne@heuristicsystems.com.au> Cc: questions@freebsd.org Subject: Re: sendmail error, "MX list for mydomain.com points back to server.mydomain.com" Message-ID: <da2d30110e7fa16c90898600229f5b75@blackfoot.net> In-Reply-To: <5b4ca761-c980-cb47-df3d-fe675a52700e@heuristicsystems.com.au> References: <303e35e4d89e68dcd9863239dcda568e@blackfoot.net> <fc362386-aabd-618f-4dcd-9be14dbe89a5@heuristicsystems.com.au> <30b97aa95162c163c1781ba1a0fa8e25@blackfoot.net> <A118A90A-14E6-409B-AC25-FE2704A19741@gushi.org> <b427a49877034f7407545744b4446744@blackfoot.net> <15AF7ED7-BBD9-428D-939F-4AA5B349C578@gushi.org> <66db9ba3bd66fcc56affdbf7a2621021@blackfoot.net> <2f8bca59462afe206043bea73241bbf2@blackfoot.net> <D387452C-FEB0-4C39-9B24-983973E1DF70@gushi.org> <3da26eb675ecd5d10947fb53fcf3524a@blackfoot.net> <6068541D-A81B-45F0-B961-FD5CD6969FA0@gushi.org> <C9A9BACD-DBE4-44BE-8D12-DD040D9EF53C@gushi.org> <c4044d2d973bfa3865c87400dc05b782@blackfoot.net> <5b4ca761-c980-cb47-df3d-fe675a52700e@heuristicsystems.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2023-05-21 16:14, Dewayne wrote:
>>> On Thu, May 18, 2023 at 03:36:52PM -0700, vagabond wrote:
>>
>>>> ;; res_nquerydomain(ns.dreamchaser.org, dreamchaser.org, 1, 28)
>>>> ;; res_query(ns.dreamchaser.org.dreamchaser.org, 1, 28)
>>>> ;; res_nmkquery(QUERY, ns.dreamchaser.org.dreamchaser.org, IN, AAAA)
>>>> ;; res_send()
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45481
>>>> ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
>>>> ;; ns.dreamchaser.org.dreamchaser.org, type = AAAA, class = IN
>>>> ;; Querying server (# 1) address = 127.0.0.1
>
> I run sendmail ipv4. Though unless you can correctly resolve ns and
> mx, per the following:
>
> # host -t mx dreamchaser.org; host mail.dreamchaser.org.
> dreamchaser.org mail is handled by 10 mail.dreamchaser.org.
> mail.dreamchaser.org is an alias for ns.dreamchaser.org.
> ns.dreamchaser.org has address 66.109.141.57
Not sure what you're saying here.
Are you saying that on the system having problems,
it needs to resolve as above?
If so, it does; that resolution is ultimately from the server
having the mail problems; it's also the dns primary.
The secondaries mirror that, and a walk from a root-server
ends up at the primary.
> sendmail won't receive. From an earlier email in this thread,
> querying your dns @localhost suggest that where-ever your internet
> addresses are resolved has something wrong. Sometimes a dot can make
> the difference ;)
>
> 1. To expedite, change /etc/resolv.conf
> nameserver WhereYourDNSisPubliclyResolvedNotLocalhost
> # EOF
Since my server is where it's publicly resolved, the public resolve is
the same as the localhost resolve.
Unsurprisingly, it fails whether resolv.conf is set to localhost or the
external ip or the ip of my upstream isp.
> 2. Use host or dig to resolve what's required for your sendmail. host,
> mx
> 3. if (2) is working then look at other things natd, firewall rules,
> routing and finally sendmail (its usually an innocent bystander)
I keep wanting to believe sendmail is an innocent bystander, but I'm
less
and less convinced.
Unfortunately, despite its debug instrumentation, its not easy to trace
the
call stack, or at least I haven't figured out what to turn on to do it.
I've installed postfix and it works fine, but I it may not have the same
strick
checks -- or else it doesn't trip over itself.
> 4. Fix your local dns, res_query(ns.dreamchaser.org.dreamchaser.org...
> is wrong.
I agree that is wrong; I don't see what's wrong with the local dns;
it is the same as external dns.
> As aside, when setting up other businesses, most sendmail problems
> that I've experienced were dns resolution issues. I note your PTR
> record is also correct. :)
At least something is right...
> PS From bitter experience, I place dnl at the end of every sendmail.mc
> statement.
Thanks, did that, no change.
I configured sendmail to leave out my dnsbl, milter-greylist, and
STARTTLS,
unplug the network connection to the dsl modem, and start sendmail like
so:
# sendmail -d0.8 -d6.99 -d7.99 -d8.99 -d9.99 -d10.99 -d11.99 -d12.99
-d13.99 -d15.99 -d16.99 -d17.99 -d18.99 -d19.99 -d24.99 -d26.99 -d27.99
-d29.99 -d48.99 -d49.99
-d61.99 -d64.99 -d67.99 -d71.100 -v -L sm-dbg -X
~me/tmp/sm_handshake.log -bD >~me/tmp/sm_debug.tmp
then send a mail from me on the server machine to me@dreamchaser.org, I
see this:
/var/log/maillog:
34M4Micp003026: Authentication-Warning: ns.dreamchaser.org: Host
localhost.my.domain [127.0.0.1] claimed to be ns.dreamchaser.org
...
34M4Micp003026: SYSERR(root): mail.dreamchaser.org. config error:
mail loops back to me (MX problem ?)
34M4Mn69003027: ns.dreamchaser.org [66.109.141.57] (may be forged)
did not issue MAIL/EXPN/VRFY/ETRN during connection to IPv4
34M4Micp003026: to=<garya@dreamchaser.org>,
ctladdr=<garya@ns.dreamchaser.org> (1001/1001), delay=00:00:05,
xdelay=00:00:05, mailer=esmtp, pri=30458, relay=mail.dreamchaser.org.
[66.109.141.57], dsn=5.3.5, stat=Local configuration error
me/tmp/sm_debug.tmp:
getreq: got name localhost.my.domain
getrequests: returning
sm_gethostbyname(localhost.my.domain, 2)... localhost.my.domain
alias: localhost
addr: 127.0.0.1
getauthinfo: localhost.my.domain [127.0.0.1]
validate_connection(localhost.my.domain, 127.0.0.1)
rscheck(check_relay, localhost.my.domain, 127.0.0.1)
... validate_connection: OK
getrequests: forking (fd = 8)
getreq: got name ns.dreamchaser.org
getreq: got addr 66.109.141.57 and family 2
getrequests: returning
sm_gethostbyname(ns.dreamchaser.org, 2)... ns.dreamchaser.org
alias: ns
addr: 192.168.151.101
getauthinfo: ns.dreamchaser.org [66.109.141.57] (may be forged)
validate_connection([66.109.141.57], 66.109.141.57)
rscheck(check_relay, [66.109.141.57], 66.109.141.57)
... validate_connection: OK
At this point I think I can set up a "trivial" test case for this,
using example.com as my domain, but in order to do that I need to bring
up
a new system.
Gary
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?da2d30110e7fa16c90898600229f5b75>