Re: [suse-security] Mailing Trouble ?!
Thanks for the replies. I posted it to SuSE-security because it´s the only SuSE forum I subscribe to, also I believed that my problem might be the result of either an over-eager anti-spam software or my firewall.
Your mx records show 0 router.leat.ruhr-uni-bochum.de 20 mi.ruhr-uni-bochum.de
router.leat.ruhr-uni-bochum.de points to two A records 134.147.162.39 and 134.147.55.1, both of which accept connections on port 25, but just timeout, no error message or anything.
134.147.162.39 is my external NIC, 134.147.55.1 my internal NIC. Communication from outside my domain to 134.147.55.1 is blocked by the firewall, this is intended. Where can I change that so that my servers gives back the appropiate message ? I looked at sendmail.cf but didn´t find anything I deemed useful in that matter. Also, my knowledge of sendmail is pretty limited.
mi.ruhr-uni-bochum.de points to two A records 127.147.64.30 and 134.147.32.86, both of which accept connections on port 25 and give back a 220 message.
I am guessing that because router.leat.ruhr-uni-bochum.de is accepting connections, but giving out a 220 message or any message for that matter, they may well be correct in not going to the backup mx.
So, how come I sometimes have mail communications from and to that specific site, and sometimes don´t ? Also, this mail server has been running continuously for two years now, and I never missed any mail that I know of.
One other quick question, what does this problem have to do with Suse Security???
See above :) Thanks for the help, Jörg
----- Original Message ----- From: "remote"
To: "SuSE-Security-Liste" Sent: Tuesday, September 07, 2004 10:07 AM Subject: [suse-security] Mailing Trouble ?! Hi !
I run a mail server at a university institute. Recently I noticed that mails from and to a certain site disappeared without notification. After mailing to the sysadmin of that site he told me that his mail server software had given up sending mail to my server after having received an error code 421 whichhe says means that the server is temporarily unable to accept SMTP connections. His system seems to be either unwilling or unable to switch to the alternate mail server in my MX records. My problem is, I don´t know if there is anything wrong with my system. As far as I know, this is the only case where my domain had trouble receiving or sending mail. We experience sluggish mail traffic at times here, but according to my university´s computing center that is their problem because their server are running near full capacity. As far as I have been able to find out, my DNS service is configured correctly (Name resolution and reverse resolution work, my MX records are correct and can be accessed from outside) and my domain is not listed on a blacklist. My questions : 1) Is the inability to establish mail communication to and from this specific site my problem or theirs ? 2) How can I check if my system yields this error-code 421 message ? If so, what can I do to correct it ? . My server is a Linux box running SuSE 8.0, sendmail version is 8.12.2.
Thanks for the help,
Jörg
The Wednesday 2004-09-08 at 10:33 +0200, remote wrote:
I posted it to SuSE-security because it´s the only SuSE forum I subscribe to, also I believed that my problem might be the result of either an over-eager anti-spam software or my firewall.
But you would get more answers at other list. I'm the only one answering (at list on-list), and I'm not an expert on sendmail.
Your mx records show 0 router.leat.ruhr-uni-bochum.de 20 mi.ruhr-uni-bochum.de
router.leat.ruhr-uni-bochum.de points to two A records 134.147.162.39 and 134.147.55.1, both of which accept connections on port 25, but just timeout, no error message or anything.
134.147.162.39 is my external NIC, 134.147.55.1 my internal NIC. Communication from outside my domain to 134.147.55.1 is blocked by the firewall, this is intended.
Then you should remove 134.147.55.1 from the DNS - at least, the one reachable from outside. If you want to receive mail at 'leat.ruhr-uni-bochum.de', the IPs listed there should all respond. As your correspondent did not post to the list, I don't know what he said, and I'm probably repeating info. Look: cer@nimrodel:~> host -t MX leat.ruhr-uni-bochum.de leat.ruhr-uni-bochum.de mail is handled by 20 mi.ruhr-uni-bochum.de. leat.ruhr-uni-bochum.de mail is handled by 0 router.leat.ruhr-uni-bochum.de. Ie, both 'mi.ruhr-uni-bochum.de' and 'router.leat.ruhr-uni-bochum.de' are reported to handle your incoming mail, with different priorities: the router is the primary server, 'mi' is the secondary (I assume 0 is a valid priority). Lets find the IPs: cer@nimrodel:~> host -t MX mi.ruhr-uni-bochum.de. cer@nimrodel:~> host -t MX router.leat.ruhr-uni-bochum.de router.leat.ruhr-uni-bochum.de mail is handled by 20 mi.ruhr-uni-bochum.de. router.leat.ruhr-uni-bochum.de mail is handled by 0 router.leat.ruhr-uni-bochum.de. cer@nimrodel:~> host mi.ruhr-uni-bochum.de. mi.ruhr-uni-bochum.de has address 134.147.64.30 mi.ruhr-uni-bochum.de has address 134.147.32.86 cer@nimrodel:~> host router.leat.ruhr-uni-bochum.de router.leat.ruhr-uni-bochum.de has address 134.147.162.39 router.leat.ruhr-uni-bochum.de has address 134.147.55.1 In my opinion, all those four IP addresses should be able to handle mail requests (SMTP) to your domain, although with different priorities - ie, both your router addresses should answer (primary mail server). If any one fails, you may have problems. If any one is not intended to handle mail, you have to remove it from the name chain. I'm not a DNS expert, I can not recommend how you should define your DNS entries. But I don't think they are correct.
So, how come I sometimes have mail communications from and to that specific site, and sometimes don´t ? Also, this mail server has been running continuously for two years now, and I never missed any mail that I know of.
Probably because it works if they get the first IP listed for your primary mail server, they get your external router address. But some times they might prefer the second address listed, ie, the internal.
One other quick question, what does this problem have to do with Suse Security???
See above :)
He is right. If you want more answers, this is not the correct place. We are disturbing others. -- Cheers, Carlos Robinson
participants (2)
-
Carlos E. R.
-
remote