[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Mailing Trouble ?!



The Wednesday 2004-09-08 at 10:33 +0200, remote wrote:

> I posted it to SuSE-security because it´s the only SuSE forum I
> subscribe to, also I believed that my problem might be the result of
> either an over-eager anti-spam software or my firewall.

But you would get more answers at other list. I'm the only one answering 
(at list on-list), and I'm not an expert on sendmail.


> > Your mx records show
> > 0 router.leat.ruhr-uni-bochum.de
> > 20 mi.ruhr-uni-bochum.de
> >
> > router.leat.ruhr-uni-bochum.de points to two A records  134.147.162.39 and
> > 134.147.55.1, both of which accept connections on port 25, but just timeout,
> > no error message or anything.
> 
> 134.147.162.39 is my external NIC, 134.147.55.1 my internal NIC.
> Communication from outside my domain to 134.147.55.1 is blocked by the
> firewall, this is intended.


Then you should remove 134.147.55.1 from the DNS - at least, the one 
reachable from outside. If you want to receive mail at 
'leat.ruhr-uni-bochum.de', the IPs listed there should all respond.

As your correspondent did not post to the list, I don't know what he said, 
and I'm probably repeating info.

Look:

cer@nimrodel:~> host -t MX leat.ruhr-uni-bochum.de
leat.ruhr-uni-bochum.de mail is handled by 20 mi.ruhr-uni-bochum.de.
leat.ruhr-uni-bochum.de mail is handled by 0 router.leat.ruhr-uni-bochum.de.


Ie, both 'mi.ruhr-uni-bochum.de' and 'router.leat.ruhr-uni-bochum.de' are
reported to handle your incoming mail, with different priorities: the
router is the primary server, 'mi' is the secondary (I assume 0 is a valid
priority).

Lets find the IPs:


cer@nimrodel:~> host -t MX mi.ruhr-uni-bochum.de.
cer@nimrodel:~> host -t MX router.leat.ruhr-uni-bochum.de
router.leat.ruhr-uni-bochum.de mail is handled by 20 mi.ruhr-uni-bochum.de.
router.leat.ruhr-uni-bochum.de mail is handled by 0 router.leat.ruhr-uni-bochum.de.

cer@nimrodel:~> host mi.ruhr-uni-bochum.de.
mi.ruhr-uni-bochum.de has address 134.147.64.30
mi.ruhr-uni-bochum.de has address 134.147.32.86

cer@nimrodel:~> host router.leat.ruhr-uni-bochum.de
router.leat.ruhr-uni-bochum.de has address 134.147.162.39
router.leat.ruhr-uni-bochum.de has address 134.147.55.1


In my opinion, all those four IP addresses should be able to handle mail
requests (SMTP) to your domain, although with different priorities - ie, 
both your router addresses should answer (primary mail server). If any
one fails, you may have problems. If any one is not intended to handle
mail, you have to remove it from the name chain.

I'm not a DNS expert, I can not recommend how you should define your DNS 
entries. But I don't think they are correct.


> So, how come I sometimes have mail communications from and to that specific
> site, and sometimes don´t ? Also, this mail server has been running
> continuously for two years now, and I never missed any mail that I know of.

Probably because it works if they get the first IP listed for your primary 
mail server, they get your external router address. But some times they 
might prefer the second address listed, ie, the internal.


> > One other quick question, what does this problem have to do with Suse
> > Security???
> 
> See above :)

He is right. If you want more answers, this is not the correct place. We 
are disturbing others.

-- 
Cheers,
       Carlos Robinson


-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here