[heroes] network issue prevents @microfocus.com addresses from subscribing to lists
See https://progress.opensuse.org/issues/10594
We have a static route, but traffic appears to be blocked.
baloo: ~ # ip route get 10.120.11.247 10.120.11.247 via 149.44.161.126 dev eth2 src 149.44.161.55 cache baloo:~ # telnet 10.120.11.247 25 Trying 10.120.11.247... telnet: connect to address 10.120.11.247: No route to host baloo:~ # ping 10.120.11.247 PING 10.120.11.247 (10.120.11.247) 56(84) bytes of data. From 149.44.161.125 icmp_seq=1 Packet filtered From 149.44.161.125 icmp_seq=3 Packet filtered
I am not sure who to address this to. -- Per Jessen, Zürich (8.2°C) http://www.hostsuisse.com/ - virtual servers, made in Switzerland. -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Hi On Mon, 01 May 2017 09:38:36 +0200 Per Jessen wrote:
See https://progress.opensuse.org/issues/10594
We have a static route, but traffic appears to be blocked.
baloo: ~ # ip route get 10.120.11.247 10.120.11.247 via 149.44.161.126 dev eth2 src 149.44.161.55 cache baloo:~ # telnet 10.120.11.247 25 Trying 10.120.11.247... telnet: connect to address 10.120.11.247: No route to host baloo:~ # ping 10.120.11.247 PING 10.120.11.247 (10.120.11.247) 56(84) bytes of data. From 149.44.161.125 icmp_seq=1 Packet filtered From 149.44.161.125 icmp_seq=3 Packet filtered
I am not sure who to address this to.
I wonder if this every worked? From my point of view, you should use relay.suse.de also for Emails to microfocus.com (or .net). So adding a transport map for those domains should IMHO be enough to solve the ticket. Regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Lars Vogdt wrote:
Hi
On Mon, 01 May 2017 09:38:36 +0200 Per Jessen wrote:
See https://progress.opensuse.org/issues/10594
We have a static route, but traffic appears to be blocked.
baloo: ~ # ip route get 10.120.11.247 10.120.11.247 via 149.44.161.126 dev eth2 src 149.44.161.55 cache baloo:~ # telnet 10.120.11.247 25 Trying 10.120.11.247... telnet: connect to address 10.120.11.247: No route to host baloo:~ # ping 10.120.11.247 PING 10.120.11.247 (10.120.11.247) 56(84) bytes of data. From 149.44.161.125 icmp_seq=1 Packet filtered From 149.44.161.125 icmp_seq=3 Packet filtered
I am not sure who to address this to.
I wonder if this every worked?
From my point of view, you should use relay.suse.de also for Emails to microfocus.com (or .net). So adding a transport map for those domains should IMHO be enough to solve the ticket.
Lars, that would be a work-around, sure. The behaviour seems intentional though - internally, the MX for microfocus.com is "wgateout.microfocus.com", externally it is "prvmx0[12].microfocus.com". baloo has a static route for "10.0.0.0/8" via 149.44.161.126, at least since March 2016. (last time the routing config was changed). I don't mind adding the transport map, no big deal, but it seems to me to be just working around the real issue - that the internal MX for "microfocus.com" isn't reachable when it (presumably) should be. -- Per Jessen, Zürich (8.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Hi On Tue, 02 May 2017 10:13:47 +0200 Per Jessen wrote:
Lars, that would be a work-around, sure. The behaviour seems intentional though -
internally, the MX for microfocus.com is "wgateout.microfocus.com", externally it is "prvmx0[12].microfocus.com". baloo has a static route for "10.0.0.0/8" via 149.44.161.126, at least since March 2016. (last time the routing config was changed).
Mysterious to me. But I don't know who added this route.
I don't mind adding the transport map, no big deal, but it seems to me to be just working around the real issue - that the internal MX for "microfocus.com" isn't reachable when it (presumably) should be.
The question to me is more: why do you get the "wrong" (as it's internal) DNS answer... I think that openSUSE machines should be treated as external machines, that have no access to internal networks. That might be not 100% true for baloo, as it has (needs?) access to the relay.suse.de host. Anyway: using the prvmx*.microfocus.com mail servers (or relay.suse.de as fallback) for mails to any microfocus.com address seems the right way for me. With kind regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Lars Vogdt wrote:
I don't mind adding the transport map, no big deal, but it seems to me to be just working around the real issue - that the internal MX for "microfocus.com" isn't reachable when it (presumably) should be.
The question to me is more: why do you get the "wrong" (as it's internal) DNS answer...
I guess there is a named daemon somewhere with two different views for "microfocus.com".
I think that openSUSE machines should be treated as external machines, that have no access to internal networks. That might be not 100% true for baloo, as it has (needs?) access to the relay.suse.de host.
I also think openSUSE boxes ought to be seen as external, but baloo has a network interface for 149.44.161.0/25 - that network seems to be internal? (at least not reachable externally).
Anyway: using the prvmx*.microfocus.com mail servers (or relay.suse.de as fallback) for mails to any microfocus.com address seems the right way for me.
Okay, I'll add that. /Per -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Am Tue, 02 May 2017 10:53:51 +0200 schrieb "Per Jessen" <per@computer.org>:
The question to me is more: why do you get the "wrong" (as it's internal) DNS answer...
I guess there is a named daemon somewhere with two different views for "microfocus.com".
Right. That's also my impression - and something we should fix.
I think that openSUSE machines should be treated as external machines, that have no access to internal networks. That might be not 100% true for baloo, as it has (needs?) access to the relay.suse.de host.
I also think openSUSE boxes ought to be seen as external, but baloo has a network interface for 149.44.161.0/25 - that network seems to be internal? (at least not reachable externally).
This interface gives baloo access to a DMZ - to reach relay.suse.de and maybe the SMT server, I guess.
Anyway: using the prvmx*.microfocus.com mail servers (or relay.suse.de as fallback) for mails to any microfocus.com address seems the right way for me.
Okay, I'll add that.
Thanks! We might check later if other domains (like suse.com) are also affected, but one step after the other ;-) With kind regards, Lars -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
Lars Vogdt wrote:
I think that openSUSE machines should be treated as external machines, that have no access to internal networks. That might be not 100% true for baloo, as it has (needs?) access to the relay.suse.de host.
I also think openSUSE boxes ought to be seen as external, but baloo has a network interface for 149.44.161.0/25 - that network seems to be internal? (at least not reachable externally).
This interface gives baloo access to a DMZ - to reach relay.suse.de and maybe the SMT server, I guess.
Anyway: using the prvmx*.microfocus.com mail servers (or relay.suse.de as fallback) for mails to any microfocus.com address seems the right way for me.
Okay, I'll add that.
Thanks! We might check later if other domains (like suse.com) are also affected, but one step after the other ;-)
"suse.com" and "suse.de" both have a slightly different view internally/externally, but the MXs are almost the same. I've added "prvmx01.microfocus.com" as the transport for microfocus.com. (multiple destinations not supported). "relay.suse.de" (149.44.160.157) nor "relay2.suse.de" (149.44.160.134) can be accessed from baloo. MfG Per -- Per Jessen, Zürich (9.7°C) http://www.dns24.ch/ - your free DNS host, made in Switzerland. -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org
participants (3)
-
Lars Vogdt -
Lars Vogdt -
Per Jessen