From owner-freebsd-isp Sun Sep 2 16:25:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from postal.admin.gil.com.au (postal.admin.gil.com.au [202.47.47.23]) by hub.freebsd.org (Postfix) with ESMTP id B476637B409 for ; Sun, 2 Sep 2001 16:25:20 -0700 (PDT) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Subject: RE: Broken SU X-MimeOLE: Produced By Microsoft Exchange V6.0.4712.0 Date: Mon, 3 Sep 2001 09:25:18 +1000 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: RE: Broken SU Thread-Index: AcE0BocgiffoIYtmS92iY7xxDncyRg== From: "Glen Hollings" To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Thanks to all those that reponded! In no particular order. Brian Reichert F. Even fAsTy Konstantin Stepanenkov Tony McCrory 'Don' Mark Murray Troy Bell Thanks for all your help The problem ended up being with Syslog, for some reason Syslog to a = serial console can do some weird things sometimes. I commented out the line #*.err;kern.debug;auth.notice;mail.crit /dev/console HUP'd Syslog and off it went! (Well with a little bit of playing :) ) Thanks to Brian Reichert for this. ********************************************** *Glen Hollings | There Cant Be * *Network Administrator | a Crisis Today,* *Global Info Links | my schedule is * *ghollings@admin.gil.com.au | already full. * ********************************************** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Sep 2 20: 5:40 2001 Delivered-To: freebsd-isp@freebsd.org Received: from nexusinternetsolutions.net (nx1.nexusinternetsolutions.net [204.50.158.10]) by hub.freebsd.org (Postfix) with SMTP id DECEC37B403 for ; Sun, 2 Sep 2001 20:05:36 -0700 (PDT) Received: (qmail 5702 invoked from network); 3 Sep 2001 03:03:34 -0000 Received: from unknown (HELO WS1) (204.50.158.15) by nx1.nexusinternetsolutions.net with SMTP; 3 Sep 2001 03:03:34 -0000 From: "Dave" To: Subject: assign more than 1 ip address to otherwise standard jail environment Date: Sun, 2 Sep 2001 23:04:03 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org have a standard jail environment working perfectly as per the routing setup detailed in man pages... am looking to assign more than 1 ip address to this jail... possible? if so, any sample rc.conf and rc.local settings? thanks Dave To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sun Sep 2 20:22:57 2001 Delivered-To: freebsd-isp@freebsd.org Received: from shell.devco.net (shell.devco.net [196.15.188.7]) by hub.freebsd.org (Postfix) with ESMTP id 8CAF137B401 for ; Sun, 2 Sep 2001 20:22:52 -0700 (PDT) Received: from bvi by shell.devco.net with local (Exim 3.20 #2) id 15dkKi-000Kty-00; Mon, 03 Sep 2001 05:23:32 +0200 Date: Mon, 3 Sep 2001 05:23:31 +0200 From: Barry Irwin To: Glen Hollings Cc: freebsd-isp@freebsd.org Subject: Re: Broken SU Message-ID: <20010903052331.B54124@itouchlabs.com> References: Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from GHollings@admin.gil.com.au on Mon, Sep 03, 2001 at 09:25:18AM +1000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all THis isnt only on serial consoles. I had this happen on a 4.0 and 4.1 box. Same symptoms. su hanging. A kill adn restart of syslog fixed the problem. strangely enough syslog appeared to be logging other messages. Barry On Mon 2001-09-03 (09:25), Glen Hollings wrote: > Thanks to all those that reponded! > > In no particular order. > > Brian Reichert > F. Even > fAsTy > Konstantin Stepanenkov > Tony McCrory > 'Don' > Mark Murray > Troy Bell > > Thanks for all your help > > > > The problem ended up being with Syslog, for some reason Syslog to a serial > console can do some weird things sometimes. > > I commented out the line > > #*.err;kern.debug;auth.notice;mail.crit /dev/console > > HUP'd Syslog and off it went! > > (Well with a little bit of playing :) ) > > Thanks to Brian Reichert for this. > > > > ********************************************** > *Glen Hollings | There Cant Be * > *Network Administrator | a Crisis Today,* > *Global Info Links | my schedule is * > *ghollings@admin.gil.com.au | already full. * > ********************************************** > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-isp" in the body of the message > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Sep 3 21: 6:40 2001 Delivered-To: freebsd-isp@freebsd.org Received: from db.nexgen.com (db.nexgen.com [66.92.98.149]) by hub.freebsd.org (Postfix) with SMTP id D381F37B408 for ; Mon, 3 Sep 2001 21:06:37 -0700 (PDT) Received: (qmail 31392 invoked from network); 4 Sep 2001 04:06:17 -0000 Received: from localhost.nexgen.com (HELO alexus) (root@127.0.0.1) by localhost.nexgen.com with SMTP; 4 Sep 2001 04:06:17 -0000 Message-ID: <002a01c134f7$02321e50$0f00a8c0@alexus> From: "alexus" To: Subject: qmail+vpopmail(w/mysql) Date: Tue, 4 Sep 2001 00:06:42 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ----- Original Message ----- From: "alexus" To: Sent: Monday, September 03, 2001 11:53 PM > Hi > > I'm using Qmail w/ vpopmail (latest stable version) > > i compiled vpopmail with mysql option > > i assumed that this vpopmail option allow you to store some of information > into mysql then files, apparantly i assumed wrong 'cause it stores in mysql > and in files.. which is fine.. but! now i desided to move one domain from > one machine to another, i moved files and i moves data from mysql, now when > using qmailadmin i'm trying to logon on domain it authorizate me but if i > click on any options like pop accounts i get this error > > Error: could not change to directory > > not to mention i get this in logs > > vpopmail[31063]: vchkpw: No user found xxx@xxx.com:xxx.xx.xxx.xx > > every time user trying to retrive his/her email > > what else i missed? how do i fix it? and what's the proper way to move > domains from one vpopmail to another? > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Sep 3 21:50:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pit.lv (www.pit.lv [159.148.96.253]) by hub.freebsd.org (Postfix) with ESMTP id 15F8637B408 for ; Mon, 3 Sep 2001 21:50:40 -0700 (PDT) Received: from ysdh45 ([159.148.83.140]) by pit.lv (8.11.6/8.11.2) with SMTP id f844sZl04779 for ; Tue, 4 Sep 2001 07:54:35 +0300 Message-ID: <001701c134fd$9e2e76e0$0200a8c0@lv> From: =?windows-1257?Q?Mat=EEss_Elsbergs?= To: Subject: Reverse DNS Date: Tue, 4 Sep 2001 07:53:44 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0012_01C13516.B8E12500" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0012_01C13516.B8E12500 Content-Type: text/plain; charset="windows-1257" Content-Transfer-Encoding: quoted-printable I am very sorry about this non FreeBSD question, but, as BSD is ran by = professionals (almost always ;-) , and I want to get the answer.. So, = the question is: Is reverse in-addr.arpa authority necessary to normally operate a = nameserver and hold a domain name for a webserver, as an example? Thanks in advance,=20 Matiss Elsbergs ------=_NextPart_000_0012_01C13516.B8E12500 Content-Type: text/html; charset="windows-1257" Content-Transfer-Encoding: quoted-printable
I am very sorry about this non FreeBSD = question,=20 but, as BSD is ran by professionals (almost always ;-) , and I want to = get the=20 answer.. So, the question is:
 
Is reverse in-addr.arpa authority = necessary to=20 normally operate a nameserver and hold a domain name for a webserver, as = an=20 example?
 
Thanks in advance,
 
Matiss Elsbergs
 
------=_NextPart_000_0012_01C13516.B8E12500-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Mon Sep 3 22: 1:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from shell.devco.net (shell.devco.net [196.15.188.7]) by hub.freebsd.org (Postfix) with ESMTP id 1A07937B409 for ; Mon, 3 Sep 2001 22:01:44 -0700 (PDT) Received: from bvi by shell.devco.net with local (Exim 3.20 #2) id 15e8Lh-000PJV-00; Tue, 04 Sep 2001 07:02:09 +0200 Date: Tue, 4 Sep 2001 07:02:09 +0200 From: Barry Irwin To: =?iso-8859-1?Q?Mat=EEss_Elsbergs?= Cc: freebsd-isp@freebsd.org Subject: Re: Reverse DNS Message-ID: <20010904070208.Z54124@itouchlabs.com> References: <001701c134fd$9e2e76e0$0200a8c0@lv> Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Disposition: inline Content-Transfer-Encoding: 8bit User-Agent: Mutt/1.2.5i In-Reply-To: <001701c134fd$9e2e76e0$0200a8c0@lv>; from matiss@bkc.lv on Tue, Sep 04, 2001 at 07:53:44AM +0300 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Tue 2001-09-04 (07:53), Matīss Elsbergs wrote: > > Is reverse in-addr.arpa authority necessary to normally operate a > nameserver and hold a domain name for a webserver, as an example? No, but again that depends. DNS comes in two parts: \Forward DNS This is the process that takes the human readible format such as www.example.com and maps it to the "computer friendly" format of the IP address that the host has such as 192.192.10.1 An example of the line in a zone file that would to this is: www IN A 192.192.10.1 You can have many DNS names resolving to the SAME IP address using either A or CNAME records ( read up elsewhere on the specifices of when to use each -sorry I dont have a reference handy) \Reverse DNS This pportion of dns is used for mapping the IP address back to the textual name. In order to do this the 'special' zone of in-addr.arpa is used. so to look up the reverse (otherwise known as the PRT - Pointer) record for an IP you in effect do a lookup for the IP address A.B.C.D as D.C.B.A.in-addr.arpa. An example of a reverse line in the 10.192.192.in-addr.arpa file would be: 1 IN PTR www.example.com. (note the trailing dot, without it things get nasty and 192.192.10.1 will end up resolving to www.example.com.10.192.192.in-addr.arpa ) Now to your question: You should not need to have the reverse entry in orderto be able to host the DNS for a forward domain. The reverse entries are ususally managed by ones ISP or connectivity provider, although they may delegate authority for certain records to you. but in most cases they will do it for you. Hope this helps Barry Systems Administrator (Security) Itouch Labs To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Sep 4 14:46:11 2001 Delivered-To: freebsd-isp@freebsd.org Received: from aries.ai.net (aries.ai.net [205.134.163.4]) by hub.freebsd.org (Postfix) with ESMTP id C494F37B401; Tue, 4 Sep 2001 14:46:01 -0700 (PDT) Received: from blood (pool-138-88-75-252.res.east.verizon.net [138.88.75.252]) by aries.ai.net (8.9.3/8.9.3) with SMTP id RAA11869; Tue, 4 Sep 2001 17:52:49 -0400 (EDT) (envelope-from deepak@ai.net) Reply-To: From: "Deepak Jain" To: "freebsd-isp@FreeBSD. ORG" Cc: "freebsd-hackers@FreeBSD. ORG" Subject: Flow cache on FreeBSD? Date: Tue, 4 Sep 2001 17:50:05 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Is there a way to provide functionality similar to ip flow cache stats on a FreeBSD router? Let me clarify, I am talking about being able to easily see groupings of traffic go through a FreeBSD box. So if a downstream customer is being attacked, a simple table in realtime [or near real-time] will show the attack characteristics [ip ranges, packet types, general number of packets, etc].? Thanks, Deepak Jain AiNET To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Tue Sep 4 16:25:48 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mimer.webgiro.com (mailer2.webgiro.com [213.162.131.18]) by hub.freebsd.org (Postfix) with ESMTP id B9AB837B403; Tue, 4 Sep 2001 16:25:43 -0700 (PDT) Received: from webgiro.com (mailer2.webgiro.com [213.162.131.18]) by mimer.webgiro.com (Postfix) with ESMTP id 04D6C68469; Wed, 5 Sep 2001 01:25:38 +0200 (CEST) Message-ID: <3B95623F.B41731F6@webgiro.com> Date: Wed, 05 Sep 2001 01:22:39 +0200 From: Andrzej Bialecki Organization: WebGiro AB X-Mailer: Mozilla 4.77 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: deepak@ai.net Cc: "freebsd-isp@FreeBSD. ORG" , "freebsd-hackers@FreeBSD. ORG" Subject: Re: Flow cache on FreeBSD? References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Deepak Jain wrote: > > Is there a way to provide functionality similar to ip flow cache stats on a > FreeBSD router? > > Let me clarify, I am talking about being able to easily see groupings of > traffic go through a FreeBSD box. So if a downstream customer is being > attacked, a simple table in realtime [or near real-time] will show the > attack characteristics [ip ranges, packet types, general number of packets, > etc].? Yes. Please go and find the NeTraMet package on the web - it should compile cleanly on FreeBSD (if not the latest versions, then surely some older - I used them some time ago). It's very configurable, and comes with a lot of examples (among others, and XWindow application to watch the flows in real-time). -- Andrzej // ---------------------------------------------------------------- // Andrzej Bialecki , Chief System Architect // WebGiro AB, Sweden (http://www.webgiro.com) // ---------------------------------------------------------------- // FreeBSD developer (http://www.freebsd.org) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 6: 7:16 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.morning.ru (ns.morning.ru [195.161.98.5]) by hub.freebsd.org (Postfix) with ESMTP id B839137B401; Wed, 5 Sep 2001 06:07:10 -0700 (PDT) Received: from NDNM ([195.161.98.250]) by ns.morning.ru (8.11.5/8.11.5) with ESMTP id f85D78Y56072; Wed, 5 Sep 2001 21:07:09 +0800 (KRAST) Date: Wed, 5 Sep 2001 21:07:19 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <16615694707.20010905210719@morning.ru> To: freebsd-isp@FreeBSD.ORG Cc: hackers@FreeBSD.ORG Subject: auto relaying for subdomains -- why? MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org My greetings! I noticed that some mailers (sendmail, postfix) in case they allow relaying for somedomain.zone also allow relaying for subdomain-of.somedomain.zone. I can accept this as reasonable behavior but would like to know how to deny it! :) Also I wish to know what was the actual idea behind this? P.S. I searched for answers through Inet, digging RFCs but nothing have found yet... -- Best regards, Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 6:32:12 2001 Delivered-To: freebsd-isp@freebsd.org Received: from srv1.cosmo-project.de (srv1.cosmo-project.de [213.83.6.106]) by hub.freebsd.org (Postfix) with ESMTP id C63FD37B405; Wed, 5 Sep 2001 06:32:06 -0700 (PDT) Received: from mail.cicely.de (cicely20 [10.1.1.22]) by srv1.cosmo-project.de (8.11.0/8.11.0) with ESMTP id f85DW3P07331; Wed, 5 Sep 2001 15:32:03 +0200 (CEST) Received: (from ticso@localhost) by mail.cicely.de (8.11.0/8.11.0) id f85DWLb16852; Wed, 5 Sep 2001 15:32:21 +0200 (CEST) Date: Wed, 5 Sep 2001 15:32:20 +0200 From: Bernd Walter To: Igor Podlesny Cc: freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? Message-ID: <20010905153220.E16349@cicely20.cicely.de> References: <16615694707.20010905210719@morning.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <16615694707.20010905210719@morning.ru>; from poige@morning.ru on Wed, Sep 05, 2001 at 09:07:19PM +0800 X-Operating-System: NetBSD cicely20.cicely.de 1.5 sparc Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Wed, Sep 05, 2001 at 09:07:19PM +0800, Igor Podlesny wrote: > > My greetings! > > I noticed that some mailers (sendmail, postfix) in case they allow > relaying for somedomain.zone also allow relaying for > subdomain-of.somedomain.zone. > > I can accept this as reasonable behavior but would like to know how to > deny it! :) Also I wish to know what was the actual idea behind this? Allow domain.com disallow .domain.com -- B.Walter COSMO-Project http://www.cosmo-project.de ticso@cicely.de Usergroup info@cosmo-project.de To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 9: 9:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.amigo.net (smtp1.amigo.net [209.94.64.30]) by hub.freebsd.org (Postfix) with ESMTP id 9A1BF37B408 for ; Wed, 5 Sep 2001 09:09:28 -0700 (PDT) Received: from amigo.net (billing.amigo.net [209.94.67.250]) by smtp1.amigo.net (8.11.4/8.11.4) with ESMTP id f85GDhv64673 for ; Wed, 5 Sep 2001 10:13:43 -0600 (MDT) (envelope-from randys@amigo.net) Message-ID: <3B964E3C.5040906@amigo.net> Date: Wed, 05 Sep 2001 10:09:32 -0600 From: Randy Smith Organization: Amigo.Net User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.2) Gecko/20010810 X-Accept-Language: en-us MIME-Version: 1.0 To: freebsd-isp@freebsd.org Subject: Classless reverse DNS with BIND Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi all, I'm trying to delegate the reverse lookup for a block of IPs using BIND that comes with FreeBSD (4.3 in this case). Here's what I have in the in-addr.arpa. file for that class-c. 64-79 NS a.ns.my-cust.com. 64-79 NS b.ns.my-cust.com. $GENERATE 64-79 $ CNAME $.64-79 This is basically what is described in the documentation, but BIND reports this error (Line 72 is the $GENERATE line): db/primary/2/209.94.86:72:1.86.94.209.in-addr.arpa: CNAME and OTHER data error What am I missing here? Thanks in advance. -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 9:38:15 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.london-1.starlabs.net (mail.london-1.starlabs.net [212.125.75.12]) by hub.freebsd.org (Postfix) with SMTP id 5DAD037B410 for ; Wed, 5 Sep 2001 09:38:11 -0700 (PDT) Received: (qmail 16703 invoked from network); 5 Sep 2001 16:37:34 -0000 Received: from harp.dublin.wrdp.net (HELO harp.wrdp.net) (212.147.130.131) by server-9.tower-4.starlabs.net with SMTP; 5 Sep 2001 16:37:34 -0000 Received: from jraftery (jraftery.dublin.wrdp.net [172.16.4.52]) by harp.wrdp.net (Postfix) with SMTP id 58E332D781; Wed, 5 Sep 2001 16:38:08 +0000 (GMT) From: "James Raftery" To: "Randy Smith" , Subject: RE: Classless reverse DNS with BIND Date: Wed, 5 Sep 2001 17:38:08 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) In-Reply-To: <3B964E3C.5040906@amigo.net> X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, > -----Original Message----- > From: Randy Smith > Sent: 05 September 2001 17:10 > To: freebsd-isp@freebsd.org > Subject: Classless reverse DNS with BIND > > Here's what I have in the in-addr.arpa. file for that class-c. > 64-79 NS a.ns.my-cust.com. > 64-79 NS b.ns.my-cust.com. > $GENERATE 64-79 $ CNAME $.64-79 > > This is basically what is described in the documentation, but BIND > reports this error (Line 72 is the $GENERATE line): > db/primary/2/209.94.86:72:1.86.94.209.in-addr.arpa: CNAME and > OTHER data error Change the $GENERATE to: $GENERATE 65-79 $ CNAME $.64-79 The node 64-79.yourzone.in-addr.arpa cannot have both NS records and a CNAME record. Regards, james EMAIL DISCLAIMER The information in this message and any attachment is confidential and may be legally privileged. It is intended for the above named recipient(s) only and should not be disclosed, copied nor distributed. If this message is received in error, the sender should be notified and the message and any attachments deleted. Email transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 9:58:52 2001 Delivered-To: freebsd-isp@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id 71AB237B409; Wed, 5 Sep 2001 09:58:47 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [127.0.0.1]) by horsey.gshapiro.net (8.12.0.Gamma0/8.12.0.Gamma0) with ESMTP id f85GwkUN022165 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 5 Sep 2001 09:58:46 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.0.Gamma0/8.12.0.Gamma0/Submit) id f85Gwjmc022162; Wed, 5 Sep 2001 09:58:45 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Message-ID: <15254.22980.843972.348805@horsey.gshapiro.net> Date: Wed, 5 Sep 2001 09:58:44 -0700 From: Gregory Neil Shapiro To: Igor Podlesny Cc: freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? In-Reply-To: <16615694707.20010905210719@morning.ru> References: <16615694707.20010905210719@morning.ru> X-Mailer: VM 6.95 under 21.5 (beta1) "anise" XEmacs Lucid Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org poige> I noticed that some mailers (sendmail, postfix) in case they a= llow poige> relaying for somedomain.zone also allow relaying = for poige> subdomain-of.somedomain.zone. poige> I can accept this as reasonable behavior but would like to know ho= w to poige> deny it! :) Also I wish to know what was the actual idea behind th= is? =46rom /usr/share/sendmail/cf/README: +----------+ | FEATURES | +----------+ =2E.. Available features are: =2E.. relay_hosts_only By default, names that are listed as RELAY in the access db and class {R} are domain names, not host names. For example, if you specify ``foo.com'', then mail to or from foo.com, abc.foo.com, or a.very.deep.domain.foo.com will all be accepted for relaying. This feature changes the behaviour to lookup individual host names only. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 11: 2:27 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 0C18837B405 for ; Wed, 5 Sep 2001 11:02:23 -0700 (PDT) Received: from hades.hell.gr (patr530-b030.otenet.gr [195.167.121.158]) by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f85I2G719830; Wed, 5 Sep 2001 21:02:16 +0300 (EEST) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id f85FJVV00690; Wed, 5 Sep 2001 18:19:31 +0300 (EEST) (envelope-from charon@labs.gr) Date: Wed, 5 Sep 2001 18:19:31 +0300 From: Giorgos Keramidas To: Igor Podlesny Cc: freebsd-isp@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? Message-ID: <20010905181931.A436@hades.hell.gr> References: <16615694707.20010905210719@morning.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <16615694707.20010905210719@morning.ru>; from poige@morning.ru on Wed, Sep 05, 2001 at 09:07:19PM +0800 X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2 X-URL: http://students.ceid.upatras.gr/~keramida/index.html Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ Removed -hackers from Cc: header. Please do not cross-post. ] From: Igor Podlesny Subject: auto relaying for subdomains -- why? Date: Wed, Sep 05, 2001 at 09:07:19PM +0800 > My greetings! > > I noticed that some mailers (sendmail, postfix) in case they allow > relaying for somedomain.zone also allow relaying for > subdomain-of.somedomain.zone. > > I can accept this as reasonable behavior but would like to know how to > deny it! :) Also I wish to know what was the actual idea behind this? You mean like relaying based on envelope-from address? I think that this is *not* the default on most MTA installations. But then again, I might be mistaken for the specific MTA you have in mind. Yes, some mailers to have this feature. And you can usually get them to allow relaying from "domain.com", while also deny relaying from ".domain.com" at the same time. This will probably answer your questions, and you'll live happily ever-after. If you want to know how this is done in a specific MTA (sendmail or postfix, that you mentioned) you can always ask at questions@freebsd.org a more specific question. You will most certainly get rather informatice answers :-) Relaying based on envelope-addresses though is VERY dangerous, since that can be faked. A much safer ruleset for relaying would be based on envelope-to (i.e. the recipient is one that belongs to a local domain) on IP-address range (i.e. the sender is on one of the IP's that belong to the local network). In the first case, you are most likely the recipient of the message (it will be delivered to a local and/or virtual address). You dont want to 'lose' mail because it was blocked (unless of course some spam-filter catches the offending post, a bit further down its way, before it reaches a mailbox). In the second case, the sender of the message has to be one that comes from a well-known address. This way only certain hosts can relay through you, and all others are blocked. You dont want some silly spammer@from.a.random.domain to be able to fake his envelope-from and relay mail through your server now, do you? -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 11:53:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from hawk.mail.pas.earthlink.net (hawk.mail.pas.earthlink.net [207.217.120.22]) by hub.freebsd.org (Postfix) with ESMTP id 0427637B409; Wed, 5 Sep 2001 11:53:41 -0700 (PDT) Received: from mindspring.com (dialup-209.247.139.244.Dial1.SanJose1.Level3.net [209.247.139.244]) by hawk.mail.pas.earthlink.net (EL-8_9_3_3/8.9.3) with ESMTP id LAA07748; Wed, 5 Sep 2001 11:53:26 -0700 (PDT) Message-ID: <3B9674D1.2AB00B6D@mindspring.com> Date: Wed, 05 Sep 2001 11:54:09 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Igor Podlesny Cc: freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? References: <16615694707.20010905210719@morning.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Igor Podlesny wrote: > I noticed that some mailers (sendmail, postfix) in case they allow > relaying for somedomain.zone also allow relaying for > subdomain-of.somedomain.zone. > > I can accept this as reasonable behavior but would like to know how to > deny it! :) Also I wish to know what was the actual idea behind this? Sendmail does _not_ do this by default; you have to specifically allow it by adding entries to your M4 file from which you build your sendmail.cf. If I had to guess, I'd guess that you enabled the domain via a sendmail.cw file, rather than a virtusertable, or by setting yourself up as a promiscuous relay. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 15:16:30 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inu.net (mail.inu.net [63.151.4.24]) by hub.freebsd.org (Postfix) with ESMTP id 9409337B401 for ; Wed, 5 Sep 2001 15:16:26 -0700 (PDT) Received: from buckhorn.net [63.151.3.239] by inu.net with ESMTP (SMTPD32-5.05) id A43492E01EC; Wed, 05 Sep 2001 17:16:20 -0500 Message-ID: <3B96A412.DEED7AD8@buckhorn.net> Date: Wed, 05 Sep 2001 17:15:46 -0500 From: Bob Martin X-Mailer: Mozilla 4.73 [en] (X11; U; FreeBSD 4.4-PRERELEASE i386) X-Accept-Language: en MIME-Version: 1.0 Cc: isp@freebsd.org Subject: Non passwd logins References: <10F29E27A956D511B0940050DA8D86A908F7AB@chat.dagupan.com> <20010823101610.A69492@wantadilla.lemis.com> Content-Type: text/plain; charset=iso-8859-15 Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Any body know of a way I can completely bypass the system password file for user logins? Pam radius and pam mysql both need the password file to get the gid and home directory. The users will need ftp, pop3 and imap access. I'm open to any suggestion. TIA -- Bob Martin, CTO InterNet Unlimited http://www.inu.net mailto:bob@inu.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 15:34:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from smtp1.amigo.net (smtp1.amigo.net [209.94.64.30]) by hub.freebsd.org (Postfix) with ESMTP id 3CD6637B401 for ; Wed, 5 Sep 2001 15:34:22 -0700 (PDT) Received: from amigo.net (billing.amigo.net [209.94.67.250]) by smtp1.amigo.net (8.11.4/8.11.4) with ESMTP id f85McSv82489; Wed, 5 Sep 2001 16:38:29 -0600 (MDT) (envelope-from randys@amigo.net) Message-ID: <3B96A86A.9020902@amigo.net> Date: Wed, 05 Sep 2001 16:34:18 -0600 From: Randy Smith Organization: Amigo.Net User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:0.9.2) Gecko/20010810 X-Accept-Language: en-us MIME-Version: 1.0 To: James Raftery Cc: freebsd-isp@freebsd.org Subject: Re: Classless reverse DNS with BIND References: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org James Raftery wrote: > Hi, > > >>-----Original Message----- >>From: Randy Smith >>Sent: 05 September 2001 17:10 >>To: freebsd-isp@freebsd.org >>Subject: Classless reverse DNS with BIND >> >>Here's what I have in the in-addr.arpa. file for that class-c. >>64-79 NS a.ns.my-cust.com. >>64-79 NS b.ns.my-cust.com. >>$GENERATE 64-79 $ CNAME $.64-79 >> >>This is basically what is described in the documentation, but BIND >>reports this error (Line 72 is the $GENERATE line): >>db/primary/2/209.94.86:72:1.86.94.209.in-addr.arpa: CNAME and >>OTHER data error >> > > Change the $GENERATE to: > $GENERATE 65-79 $ CNAME $.64-79 > > The node 64-79.yourzone.in-addr.arpa cannot have both NS records and a > CNAME record. I don't think so. The $GENERATE line should translate to: 64 CNAME 64.64-79 65 CNAME 65.64-79 ... 79 CNAME 79.64-79 The NS lines then tell the requester to check the nameservers 'a.ns.my-cust.com.' or 'b.ns.my-cust.com.' for information in the domain '86.94.209.in-addr.arpa.'. I do not have any information about the host '64-79' in the domain '86.94.209.in-addr.arpa.' other than the NS lines. In any case. I discovered that I still had a record for 79... D'oh! Thanks for your response. > > Regards, > james > > > EMAIL DISCLAIMER > > The information in this message and any attachment is confidential and may be legally privileged. It is intended for the above named recipient(s) only and should not be disclosed, copied nor distributed. If this message is received in error, the sender should be notified and the message and any attachments deleted. > > Email transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission. > > -- Randy Smith Amigo.Net Systems Administrator 1-719-589-6100 x 4185 http://www.amigo.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 15:40:20 2001 Delivered-To: freebsd-isp@freebsd.org Received: from riker.skynet.be (riker.skynet.be [195.238.3.132]) by hub.freebsd.org (Postfix) with ESMTP id E191837B40B for ; Wed, 5 Sep 2001 15:40:11 -0700 (PDT) Received: from venus (adsl-33823.turboline.skynet.be [217.136.4.31]) by riker.skynet.be (8.11.6/8.11.6/Skynet-OUT-2.12) with SMTP id f85Mdu717965; Thu, 6 Sep 2001 00:39:56 +0200 (MET DST) (envelope-from ) From: "Sven Huster" To: "Bob Martin" Cc: Subject: RE: Non passwd logins Date: Thu, 6 Sep 2001 00:42:44 +0200 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2911.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 In-Reply-To: <3B96A412.DEED7AD8@buckhorn.net> Importance: Normal Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > -----Original Message----- > From: owner-freebsd-isp@FreeBSD.ORG > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Bob Martin > Sent: 06 September, 2001 00:16 > Cc: isp@freebsd.org > Subject: Non passwd logins > > > Any body know of a way I can completely bypass the system > password file > for user logins? Pam radius and pam mysql both need the > password file to > get the gid and home directory. The users will need ftp, pop3 and imap > access. > hi Bob, at least courier imap (and included pop3) can auth users against a mysql database. I am just eval this stuff. plus postfix can use mysql, too, to get e.g. valid local users. isn't there also a auth module for proftpd? all this maybe also works with ldap, but haven't checked. then you use one/multiple uid for all user? regards Sven Huster Senior Systems Engineer To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 19:40:29 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.morning.ru (ns.morning.ru [195.161.98.5]) by hub.freebsd.org (Postfix) with ESMTP id 0B0FE37B405; Wed, 5 Sep 2001 19:40:22 -0700 (PDT) Received: from NDNM ([195.161.98.250]) by ns.morning.ru (8.11.5/8.11.5) with ESMTP id f862eKY79830; Thu, 6 Sep 2001 10:40:20 +0800 (KRAST) Date: Thu, 6 Sep 2001 10:40:39 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <8264494448.20010906104039@morning.ru> To: Gregory Neil Shapiro Cc: freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re[2]: auto relaying for subdomains -- why? In-Reply-To: <15254.22980.843972.348805@horsey.gshapiro.net> References: <16615694707.20010905210719@morning.ru> <15254.22980.843972.348805@horsey.gshapiro.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org poige>> I noticed that some mailers (sendmail, postfix) in case they allow poige>> relaying for somedomain.zone also allow relaying for poige>> subdomain-of.somedomain.zone. poige>> I can accept this as reasonable behavior but would like to know how to poige>> deny it! :) Also I wish to know what was the actual idea behind this? >>From /usr/share/sendmail/cf/README: > +----------+ > | FEATURES | > +----------+ > .... > Available features are: > .... > relay_hosts_only > By default, names that are listed as RELAY in the access > db and class {R} are domain names, not host names. > For example, if you specify ``foo.com'', then mail to or > from foo.com, abc.foo.com, or a.very.deep.domain.foo.com > will all be accepted for relaying. This feature changes > the behaviour to lookup individual host names only. Yes, I saw this info here: http://www.sendmail.org/m4/features.html#relay_mail_from but most valuable part of my question was about the purpose or the idea behind this, cause it's not too clear to me why allowing relaying for domain FOO.BAR should allow relaying for SUB.FOO.BAR? I mentioned RFCs because I had a hope to find out the answer from it but still haven't yet... -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 20:14:25 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.morning.ru (ns.morning.ru [195.161.98.5]) by hub.freebsd.org (Postfix) with ESMTP id A0CD237B405; Wed, 5 Sep 2001 20:14:19 -0700 (PDT) Received: from NDNM ([195.161.98.250]) by ns.morning.ru (8.11.5/8.11.5) with ESMTP id f863EFY81124; Thu, 6 Sep 2001 11:14:16 +0800 (KRAST) Date: Thu, 6 Sep 2001 11:14:35 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <3566530585.20010906111435@morning.ru> To: Terry Lambert Cc: freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re[2]: auto relaying for subdomains -- why? In-Reply-To: <3B9674D1.2AB00B6D@mindspring.com> References: <16615694707.20010905210719@morning.ru> <3B9674D1.2AB00B6D@mindspring.com> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > Igor Podlesny wrote: >> I noticed that some mailers (sendmail, postfix) in case they allow >> relaying for somedomain.zone also allow relaying for >> subdomain-of.somedomain.zone. >> >> I can accept this as reasonable behavior but would like to know how to >> deny it! :) Also I wish to know what was the actual idea behind this? > Sendmail does _not_ do this by default; you have to specifically > allow it by adding entries to your M4 file from which you build > your sendmail.cf. > If I had to guess, I'd guess that you enabled the domain via a > sendmail.cw file, Ieh :) But what is wrong with that? it just says to sendmail that he is the end point for mail destined to @foo.bar. Now it's named /etc/mail/local-host-names > rather than a virtusertable, or by setting > yourself up as a promiscuous relay. no... no for these gueses :) > -- Terry -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 20:59:47 2001 Delivered-To: freebsd-isp@freebsd.org Received: from horsey.gshapiro.net (horsey.gshapiro.net [209.220.147.178]) by hub.freebsd.org (Postfix) with ESMTP id A12F637B405; Wed, 5 Sep 2001 20:59:42 -0700 (PDT) Received: from horsey.gshapiro.net (gshapiro@localhost [127.0.0.1]) by horsey.gshapiro.net (8.12.0.Gamma0/8.12.0.Gamma0) with ESMTP id f863xfUN028176 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO); Wed, 5 Sep 2001 20:59:41 -0700 (PDT) Received: (from gshapiro@localhost) by horsey.gshapiro.net (8.12.0.Gamma0/8.12.0.Gamma0/Submit) id f863xfgu028173; Wed, 5 Sep 2001 20:59:41 -0700 (PDT) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <15254.62636.867613.151378@horsey.gshapiro.net> Date: Wed, 5 Sep 2001 20:59:40 -0700 From: Gregory Neil Shapiro To: Igor Podlesny Cc: freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: Re[2]: auto relaying for subdomains -- why? In-Reply-To: <8264494448.20010906104039@morning.ru> References: <16615694707.20010905210719@morning.ru> <15254.22980.843972.348805@horsey.gshapiro.net> <8264494448.20010906104039@morning.ru> X-Mailer: VM 6.95 under 21.5 (beta1) "anise" XEmacs Lucid Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org poige> Yes, I saw this info here: poige> http://www.sendmail.org/m4/features.html#relay_mail_from but most poige> valuable part of my question was about the purpose or the idea behind poige> this, cause it's not too clear to me why allowing relaying for domain poige> FOO.BAR should allow relaying for SUB.FOO.BAR? Because some places have only one machine (firewall) that accepts mail from the outside world for all of the hosts inside the network. For example, in my previous life as a sysadmin at WPI, only smtp.wpi.edu would accept incoming mail for all of the machines (> 3000) on campus. I'd much rather say "wpi.edu" in one place instead of listing loads of subdomains (ee.wpi.edu, me.wpi.edu, res.wpi.edu, ...). poige> I mentioned RFCs because I had a hope to find out the answer from it poige> but still haven't yet... RFC's cover protocols over the Internet, not local configuration or policy. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 21: 0:44 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.morning.ru (ns.morning.ru [195.161.98.5]) by hub.freebsd.org (Postfix) with ESMTP id 260A837B40F; Wed, 5 Sep 2001 21:00:34 -0700 (PDT) Received: from NDNM ([195.161.98.250]) by ns.morning.ru (8.11.5/8.11.5) with ESMTP id f863xAW82889; Thu, 6 Sep 2001 11:59:10 +0800 (KRAST) Date: Thu, 6 Sep 2001 11:59:30 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <1969225581.20010906115930@morning.ru> To: Bernd Walter Cc: freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re[2]: auto relaying for subdomains -- why? In-Reply-To: <20010905153220.E16349@cicely20.cicely.de> References: <16615694707.20010905210719@morning.ru> <20010905153220.E16349@cicely20.cicely.de> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > On Wed, Sep 05, 2001 at 09:07:19PM +0800, Igor Podlesny wrote: >> >> My greetings! >> >> I noticed that some mailers (sendmail, postfix) in case they allow >> relaying for somedomain.zone also allow relaying for >> subdomain-of.somedomain.zone. >> >> I can accept this as reasonable behavior but would like to know how to >> deny it! :) Also I wish to know what was the actual idea behind this? > Allow domain.com > disallow .domain.com Which software use this syntax? :) or just an idea? -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Wed Sep 5 22:46:24 2001 Delivered-To: freebsd-isp@freebsd.org Received: from ns.morning.ru (ns.morning.ru [195.161.98.5]) by hub.freebsd.org (Postfix) with ESMTP id A7DB137B405; Wed, 5 Sep 2001 22:46:14 -0700 (PDT) Received: from NDNM ([195.161.98.250]) by ns.morning.ru (8.11.5/8.11.5) with ESMTP id f865kCd86951; Thu, 6 Sep 2001 13:46:13 +0800 (KRAST) Date: Thu, 6 Sep 2001 13:46:34 +0800 From: Igor Podlesny X-Mailer: The Bat! (v1.52 Beta/7) UNREG / CD5BF9353B3B7091 Organization: Morning Network X-Priority: 3 (Normal) Message-ID: <7575649117.20010906134634@morning.ru> To: Gregory Neil Shapiro Cc: freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re[4]: auto relaying for subdomains -- why? In-Reply-To: <15254.62636.867613.151378@horsey.gshapiro.net> References: <16615694707.20010905210719@morning.ru> <15254.22980.843972.348805@horsey.gshapiro.net> <8264494448.20010906104039@morning.ru> <15254.62636.867613.151378@horsey.gshapiro.net> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org poige>> Yes, I saw this info here: poige>> http://www.sendmail.org/m4/features.html#relay_mail_from but most poige>> valuable part of my question was about the purpose or the idea behind poige>> this, cause it's not too clear to me why allowing relaying for domain poige>> FOO.BAR should allow relaying for SUB.FOO.BAR? > Because some places have only one machine (firewall) that accepts mail from > the outside world for all of the hosts inside the network. For example, in > my previous life as a sysadmin at WPI, only smtp.wpi.edu would accept > incoming mail for all of the machines (> 3000) on campus. I'd much rather > say "wpi.edu" in one place instead of listing loads of subdomains > (ee.wpi.edu, me.wpi.edu, res.wpi.edu, ...). Not too close to question again... I understand this (this is the need to easily cover all the domain and as I wrote in the initial letter "...I can accept this as reasonable behavior..." having in mind just the same reason you're talking about). But that time I wasn't sure whether it is a SENDMAIL's feature (local configuration as you said after) or it's required/described in RFC. This was the start :) Now it's all clear :) and I understand that it was just a way SENDMAIL's is configured. Another question could be why not to use syntax .foo.bar instead of foo.bar but I'm quite ready to call it a rhetorical one ;-)) (regexps are also there ;-) poige>> I mentioned RFCs because I had a hope to find out the answer from it poige>> but still haven't yet... > RFC's cover protocols over the Internet, not local configuration or policy. But who could say these early hours that such behavior isn't dependant on protocol? :-)) P.S. Thank you everybody, your answers have thrown some additional light upon the subject deepness! ;-) ---------------------------------------------------------------------- P.P.S. I'm not quite sure should I start new thread or can remain within it with another question which is: What MTA software supports highly configurable relaying... One of the needed features is a support for using alternative mail routers (relays) in case when this MTA can't send a message by itself because of networks problem. For example situation could be: MTA is on a network A which is temporarily cut off from it's uplink so it can't transfer mail by itself, but it has a connection (permanent or dial-up) to another mailer. Are there such MTAs which can be said "if you can't send it by yourself (would be cool if additional parameters were some_time_period and failure_reason) then use that MTA (ip-addr) or that (another-ip)?". I suspect in common case such "system" could easily lead to loops and have other drawbacks but in such simple configuration it seems all should work fine... -- Igor mailto:poige@morning.ru To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Sep 6 2:36: 9 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mail.london-1.starlabs.net (mail.london-1.starlabs.net [212.125.75.12]) by hub.freebsd.org (Postfix) with SMTP id CB98B37B407 for ; Thu, 6 Sep 2001 02:36:04 -0700 (PDT) Received: (qmail 30565 invoked from network); 6 Sep 2001 09:35:07 -0000 Received: from harp.dublin.wrdp.net (HELO harp.wrdp.net) (212.147.130.131) by server-6.tower-4.starlabs.net with SMTP; 6 Sep 2001 09:35:07 -0000 Received: from jraftery (jraftery.dublin.wrdp.net [172.16.4.52]) by harp.wrdp.net (Postfix) with SMTP id 986232D781; Thu, 6 Sep 2001 09:35:53 +0000 (GMT) From: "James Raftery" To: "Randy Smith" Cc: Subject: RE: Classless reverse DNS with BIND Date: Thu, 6 Sep 2001 10:35:54 +0100 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4807.1700 Importance: Normal In-Reply-To: <3B96A86A.9020902@amigo.net> Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org > -----Original Message----- > From: Randy Smith > Sent: 05 September 2001 23:34 > To: James Raftery > Cc: freebsd-isp@freebsd.org > Subject: Re: Classless reverse DNS with BIND > > >>Here's what I have in the in-addr.arpa. file for that class-c. > >>64-79 NS a.ns.my-cust.com. > >>64-79 NS b.ns.my-cust.com. > >>$GENERATE 64-79 $ CNAME $.64-79 > > I don't think so. The $GENERATE line should translate to: > 64 CNAME 64.64-79 > 65 CNAME 65.64-79 > ... You're quite right; I didn't parse that properly. The hypen in the $GENERATE is the range indicator, the ``$'' is the owner name. > In any case. I discovered that I still had a record for 79... D'oh! That'd do it :) Regards, james EMAIL DISCLAIMER The information in this message and any attachment is confidential and may be legally privileged. It is intended for the above named recipient(s) only and should not be disclosed, copied nor distributed. If this message is received in error, the sender should be notified and the message and any attachments deleted. Email transmission cannot be guaranteed to be secure or error free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of email transmission. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Sep 6 5:26:35 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mailsrv.otenet.gr (mailsrv.otenet.gr [195.170.0.5]) by hub.freebsd.org (Postfix) with ESMTP id 6CF5237B406 for ; Thu, 6 Sep 2001 05:26:30 -0700 (PDT) Received: from hades.hell.gr (patr530-b061.otenet.gr [195.167.121.189]) by mailsrv.otenet.gr (8.11.5/8.11.5) with ESMTP id f86CQJ413745; Thu, 6 Sep 2001 15:26:19 +0300 (EEST) Received: (from charon@localhost) by hades.hell.gr (8.11.6/8.11.6) id f863Wip04952; Thu, 6 Sep 2001 06:32:44 +0300 (EEST) (envelope-from charon@labs.gr) Date: Thu, 6 Sep 2001 06:32:43 +0300 From: Giorgos Keramidas To: Igor Podlesny Cc: freebsd-isp@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? Message-ID: <20010906063243.A4803@hades.hell.gr> References: <16615694707.20010905210719@morning.ru> <15254.22980.843972.348805@horsey.gshapiro.net> <8264494448.20010906104039@morning.ru> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <8264494448.20010906104039@morning.ru>; from poige@morning.ru on Thu, Sep 06, 2001 at 10:40:39AM +0800 X-PGP-Fingerprint: 3A 75 52 EB F1 58 56 0D - C5 B8 21 B6 1B 5E 4A C2 X-URL: http://students.ceid.upatras.gr/~keramida/index.html Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org [ Removed -hackers from the Cc list. Do we really need to crosspost? ] On Thu, Sep 06, 2001 at 10:40:39AM +0800, Igor Podlesny wrote: > > > +----------+ > > | FEATURES | > > +----------+ > > .... > > Available features are: > > .... > > relay_hosts_only > > By default, names that are listed as RELAY in the access > > db and class {R} are domain names, not host names. > > For example, if you specify ``foo.com'', then mail to or > > from foo.com, abc.foo.com, or a.very.deep.domain.foo.com > > will all be accepted for relaying. This feature changes > > the behaviour to lookup individual host names only. > > Yes, I saw this info here: > http://www.sendmail.org/m4/features.html#relay_mail_from but most > valuable part of my question was about the purpose or the idea > behind this, cause it's not too clear to me why allowing relaying > for domain FOO.BAR should allow relaying for SUB.FOO.BAR? I > mentioned RFCs because I had a hope to find out the answer from it > but still haven't yet... Because it's nice to be able to relay the entire domain.com by adding a single line, instead of having to maintain a huge list of pc1.domain.com, pc2.domain.com, pc3.domain.com ... pcX.domain.com hostnames. Having a configurable option to switch between domain-relaying and host-relaying is also very thoughtful of the Sendmail developers. Isn't Unix just lovely when such wealth of options is given? :-) -giorgos To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Sep 6 5:50:21 2001 Delivered-To: freebsd-isp@freebsd.org Received: from third-rail.net (mail1.third-rail.net [63.175.99.23]) by hub.freebsd.org (Postfix) with SMTP id 7C8BB37B403 for ; Thu, 6 Sep 2001 05:47:36 -0700 (PDT) To: From: Subject:Mail Cluster Question Message-Id: <20010906124736.7C8BB37B403@hub.freebsd.org> Date: Thu, 6 Sep 2001 05:47:36 -0700 (PDT) Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi everyone, I've currently built an e-mail cluster with three machines running qmail (and FreeBSD, obviously). Each machine is running pop and smtp, and they are all "balanced" using round robin DNS. One of the machines is exporting it's /usr/home directory, and the other two are mounting this directory on their /usr/home, so that no matter which machine you hit you get your mail (not enough $$ for a NetApp Filer...). Each of these machines has two disks mirrored running vinum (for a separate thread, yes you can have two disks mirrored running vinum and boot off either...), but I'm paranoid - what happens in a catastrophic situation where the machine exporting /usr/home goes away? Has anyone done anything similar? I'm thinking of just using a simple rsync script locally on each machine, and then un-mounting / re-exporting / re-mounting file systems, but this seems - well, complicated. Any thoughts / ideas / criticisms welcome. Thanks! Brian -- brian.jackson@third-rail.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Sep 6 12:58:17 2001 Delivered-To: freebsd-isp@freebsd.org Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id 8189B37B406; Thu, 6 Sep 2001 12:58:10 -0700 (PDT) Received: from mindspring.com (dialup-209.244.104.168.Dial1.SanJose1.Level3.net [209.244.104.168]) by falcon.mail.pas.earthlink.net (8.11.5/8.9.3) with ESMTP id f86Jw4L12715; Thu, 6 Sep 2001 12:58:05 -0700 (PDT) Message-ID: <3B97D579.921CBCE9@mindspring.com> Date: Thu, 06 Sep 2001 12:58:49 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Igor Podlesny Cc: Gregory Neil Shapiro , freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? References: <16615694707.20010905210719@morning.ru> <15254.22980.843972.348805@horsey.gshapiro.net> <8264494448.20010906104039@morning.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Igor Podlesny wrote: > Yes, I saw this info here: > http://www.sendmail.org/m4/features.html#relay_mail_from but most > valuable part of my question was about the purpose or the idea behind > this, cause it's not too clear to me why allowing relaying for domain > FOO.BAR should allow relaying for SUB.FOO.BAR? I mentioned RFCs > because I had a hope to find out the answer from it but still haven't > yet... Whose account name at your customer's site are you going to intentionally render unintelligble, and force them to change their business cards and stationary? Alternately, why wouldn't they just say "screw you", and set their masquerade features to make all the machines lie and say they were sending from the domain? What are you trying to accomplish by prohibiting some machines legitimately in a delegated subdomain (for which account and other authority has been vested in someone other than the main site administrator, such as a departmental administrator) from sending legitimate email? Why do you want them to have to jump through hoops in order to be able to send email which they will ultimately jump through the hoops -- and send through your relay anyway? What possible legitimate purpose is serves by letting send email, but prohibiting from sending mail? I suspect that you are more concerned with having only a single MAIL_HUB relaying email through you, rather than actually prohibiting people from using delegated subdomains. If so, then your problem is because you are trying to use the wrong tool to accomplish your task: do not use domain naming to try to control relaying, or people will simply spoof their source addresses, and relay an incredible amount of SPAM through your mail relays, since they will leak like a sieve. Also note: even if you prohibit outbound, you _can't_ do the same for inbound, without prohibiting delegation of subdomains. This would be like me insisting that you not use the email address , because at the top level, I will only allow relaying for , since "morning.ru" is a delegation from "ru". In other words, if you are trying to solve a problem, tell us the problem, don't ask us how to implement your proposed answer to a secret problem you won't share with us. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Sep 6 13:17:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from falcon.mail.pas.earthlink.net (falcon.mail.pas.earthlink.net [207.217.120.74]) by hub.freebsd.org (Postfix) with ESMTP id 645B137B409; Thu, 6 Sep 2001 13:17:24 -0700 (PDT) Received: from mindspring.com (dialup-209.244.104.168.Dial1.SanJose1.Level3.net [209.244.104.168]) by falcon.mail.pas.earthlink.net (8.11.5/8.9.3) with ESMTP id f86KHIL14441; Thu, 6 Sep 2001 13:17:18 -0700 (PDT) Message-ID: <3B97D9FA.BFE4AC15@mindspring.com> Date: Thu, 06 Sep 2001 13:18:02 -0700 From: Terry Lambert Reply-To: tlambert2@mindspring.com X-Mailer: Mozilla 4.7 [en]C-CCK-MCD {Sony} (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Igor Podlesny Cc: Gregory Neil Shapiro , freebsd-isp@FreeBSD.ORG, hackers@FreeBSD.ORG Subject: Re: auto relaying for subdomains -- why? References: <16615694707.20010905210719@morning.ru> <15254.22980.843972.348805@horsey.gshapiro.net> <8264494448.20010906104039@morning.ru> <15254.62636.867613.151378@horsey.gshapiro.net> <7575649117.20010906134634@morning.ru> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Igor Podlesny wrote: > Now it's all clear :) and I understand that it was just a way > SENDMAIL's is configured. Another question could be why not to use > syntax .foo.bar instead of foo.bar but I'm quite ready to call it a > rhetorical one ;-)) (regexps are also there ;-) The virtusertable file syntax is such that: foo.bar means "relay for foo.bar, but not *.foo.bar", and: .foo.bar means "relay for *.foo.bar, but not foo.bar", and: foo.bar .foo.bar means "relay for both foo.bar and *.foo.bar". The value of depends on what you want to do with the email, and it is usually a tuple consisting of a mailer and a disposition suffix for that mailer, e.g.: foo.bar local:bob .foo.bar smtp:tom@isp.com means "send all mail with an address in foo.bar to the POP3 mailbox on the local machine for the local user ``bob'', and send all mail for any delegates subdomains of foo.bar to the user ``tom'' with a mail account at another ISP named ``isp.com''". If you need to get this complicated, I suggest you read the sendmail FAQ, or buy a copy of the O'Reilly Sendmail book. > P.P.S. I'm not quite sure should I start new thread or can remain > within it with another question which is: What MTA software supports > highly configurable relaying... One of the needed features is a > support for using alternative mail routers (relays) in case when this > MTA can't send a message by itself because of networks problem. Sendmail... this is handled by the SMART_HOST feature of sendmail. > For example situation could be: MTA is on a network A which is temporarily > cut off from it's uplink so it can't transfer mail by itself, but it > has a connection (permanent or dial-up) to another mailer. Mail routing is via DNS. If you are on the other side of a dialup, you should mark the mailer expensive, set HoldExpensive to "True", and then explicitly do the queue run in your link-up script, or, if you prefer, at intervals. Generally, what you want to do is a bad idea, since the best way to handle this if you have an unreliable permanent connection, is to simply use your other connection to contact the same list of MX's that it would have contacted anyway. > Are there such MTAs which can be said "if you can't send it > by yourself (would be cool if additional parameters > were some_time_period and failure_reason) then use that MTA > (ip-addr) or that (another-ip)?". By IP address is a bad idea, though it could be done. > I suspect in common case such "system" could easily lead to > loops and have other drawbacks but in such simple > configuration it seems all should work fine... Not really. But it will take you some amount of time to configure this correctly, and to get your back end infrastructure in place. I did this work for IBM Web Connections, and it took us 3 months to do the back end stuff, and 8 months to do all the client side stuff, so that it was all turn key. Basically, you are asking for a huge technology transfer, which generally runs most ISPs several hundreds of thousands of dollars to acquire. With the questions you are asking, you will probably need to buy or license it from someone. -- Terry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Sep 6 16:26:42 2001 Delivered-To: freebsd-isp@freebsd.org Received: from inet03.citec.qld.gov.au (inet03.citec.qld.gov.au [203.5.10.10]) by hub.freebsd.org (Postfix) with ESMTP id A024237B401 for ; Thu, 6 Sep 2001 16:26:37 -0700 (PDT) Received: by inet03.citec.qld.gov.au; id JAA19670; Fri, 7 Sep 2001 09:26:34 +1000 (EST) Received: from citecub.citec.qld.gov.au( 131.242.4.98) by inet03.citec.qld.gov.au via smap (V2.0) id xma019555; Fri, 7 Sep 01 09:26:26 +1000 Received: from guru.citec.qld.gov.au by citecub.citec.qld.gov.au (SMI-8.6/SMI-SVR4) id JAA08297; Fri, 7 Sep 2001 09:26:26 +1000 Received: from localhost (sgcccdc@localhost) by guru.citec.qld.gov.au (8.9.3/8.9.3) with ESMTP id JAA75353; Fri, 7 Sep 2001 09:26:24 +1000 (EST) (envelope-from sgcccdc@citec.qld.gov.au) X-Authentication-Warning: guru.citec.qld.gov.au: sgcccdc owned process doing -bs Date: Fri, 7 Sep 2001 09:26:23 +1000 (EST) From: Colin Campbell To: Cc: Subject: Re: Mail Cluster Question In-Reply-To: <20010906124736.7C8BB37B403@hub.freebsd.org> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, On Thu, 6 Sep 2001 brian.jackson@third-rail.net wrote: > Hi everyone, > > I've currently built an e-mail cluster with three machines running > qmail (and FreeBSD, obviously). Each machine is running pop and smtp, > and they are all "balanced" using round robin DNS. > > One of the machines is exporting it's /usr/home directory, and the > other two are mounting this directory on their /usr/home, so that no > matter which machine you hit you get your mail (not enough $$ for a > NetApp Filer...). > > Each of these machines has two disks mirrored running vinum (for a > separate thread, yes you can have two disks mirrored running vinum and > boot off either...), but I'm paranoid - what happens in a catastrophic > situation where the machine exporting /usr/home goes away? Has anyone > done anything similar? > > I'm thinking of just using a simple rsync script locally on each > machine, and then un-mounting / re-exporting / re-mounting file > systems, but this seems - well, complicated. The only way to guarantee a clean failover is to use dual-ported disks or a SAN. Everything else (eg a NAS) leaves you with a single point of failure until someone allows mirroring of nfs-mounted disks or provides a network block device (Linux terminology) that also works under vinum for example. Thiking about this very problem the other day got me wondering whether vinum would work on a vnode which was a remote file (I know vn won't do that yet, but it would certainly make these HA systems easier). Colin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Thu Sep 6 21:30:28 2001 Delivered-To: freebsd-isp@freebsd.org Received: from psknet.com (voyager.psknet.com [63.171.251.15]) by hub.freebsd.org (Postfix) with SMTP id 66ECB37B419 for ; Thu, 6 Sep 2001 21:30:13 -0700 (PDT) Received: (qmail 78687 invoked by uid 85); 7 Sep 2001 04:30:12 -0000 Received: from troy@psknet.com by voyager.psknet.com with qmail-scanner-0.95 (uvscan: v4.1.20/v4143. . Clean. Processed in 0.252324 secs); 07 Sep 2001 04:30:12 -0000 Received: from abyss.dashit.net (HELO abyss) (gunk@63.171.251.250) by voyager.psknet.com with SMTP; 7 Sep 2001 04:30:12 -0000 From: "Troy Settle" To: "Bob Martin" Cc: Subject: RE: Non passwd logins Date: Fri, 7 Sep 2001 00:30:12 -0400 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-15" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Importance: Normal In-Reply-To: Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Bob, I'm using Qmail+Vpopmail+Courier-IMAP for email, and NcFTPd for FTP. I'm using private (non-system) password files for everything. Vpopmail and Courier-IMAP can also auth off a MySQL database, and it's trivial to write an authentication routine for NcFTPd to auth off of MySQL as well. There's patches availiable for Cistron Radiusd to authenticate off vpopmail passwd files (again, these are non-system). There are also patches (ICRADIUS) for running against a MySQL database. FreeRadius will also have SQL capabilities. HTH, -- Troy Settle Pulaski Networks 540.994.4254 - 866.477.5638 http://www.psknet.com ** -----Original Message----- ** From: owner-freebsd-isp@FreeBSD.ORG ** [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Sven Huster ** Sent: Wednesday, September 05, 2001 6:43 PM ** To: Bob Martin ** Cc: isp@freebsd.org ** Subject: RE: Non passwd logins ** ** ** > -----Original Message----- ** > From: owner-freebsd-isp@FreeBSD.ORG ** > [mailto:owner-freebsd-isp@FreeBSD.ORG]On Behalf Of Bob Martin ** > Sent: 06 September, 2001 00:16 ** > Cc: isp@freebsd.org ** > Subject: Non passwd logins ** > ** > ** > Any body know of a way I can completely bypass the system ** > password file ** > for user logins? Pam radius and pam mysql both need the ** > password file to ** > get the gid and home directory. The users will need ftp, pop3 and imap ** > access. ** > ** ** hi Bob, ** ** at least courier imap (and included pop3) can auth users ** against a mysql database. I am just eval this stuff. ** plus postfix can use mysql, too, to get e.g. valid local ** users. ** ** isn't there also a auth module for proftpd? ** ** all this maybe also works with ldap, but haven't checked. ** ** then you use one/multiple uid for all user? ** ** regards ** ** Sven Huster ** Senior Systems Engineer ** ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org ** with "unsubscribe freebsd-isp" in the body of the message ** ** To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Sep 8 8:16:54 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pit.lv (www.pit.lv [159.148.96.253]) by hub.freebsd.org (Postfix) with ESMTP id B791537B40D for ; Sat, 8 Sep 2001 08:16:48 -0700 (PDT) Received: from ysdh45 ([159.148.83.140]) by pit.lv (8.11.6/8.11.2) with SMTP id f88FLLl26020 for ; Sat, 8 Sep 2001 18:21:21 +0300 Message-ID: <004601c13879$bf950fe0$0200a8c0@lv> From: =?windows-1257?Q?Mat=EEss_Elsbergs?= To: Subject: Some problems with DNS server.. Date: Sat, 8 Sep 2001 18:20:08 +0300 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0043_01C13892.E3CC9220" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org This is a multi-part message in MIME format. ------=_NextPart_000_0043_01C13892.E3CC9220 Content-Type: text/plain; charset="windows-1257" Content-Transfer-Encoding: quoted-printable Hello there, I have a following problem:=20 # nslookup -q=3Da www.somehost.net ournameserver.somehost.net *** Can't find server name for address 62.85.45.34: Non-existent = host/domain *** Default servers are not available The same with: # nslookup -q=3Dptr 34.45.85.62.in-addr.arpa. ournameserver.somehost.net *** Can't find server name for address 62.85.45.34: Non-existent = host/domain *** Default servers are not available That's it. IN A lookups works, at least I can ping host by name, = exchange mail, and do other things.. But how to install these mysterious Default servers? :-) Excuse me for a non-FreeBSD only question.. Matiss Elsbergs matiss@bkc.lv ------=_NextPart_000_0043_01C13892.E3CC9220 Content-Type: text/html; charset="windows-1257" Content-Transfer-Encoding: quoted-printable
Hello there,
 
I have a following problem: =
 
# nslookup -q=3Da www.somehost.net=20 ournameserver.somehost.net
*** Can't find server name for address=20 62.85.45.34: Non-existent host/domain
*** Default servers are not=20 available
The same with:
 
# nslookup -q=3Dptr = 34.45.85.62.in-addr.arpa.=20 ournameserver.somehost.net
*** Can't find server name for address=20 62.85.45.34: Non-existent host/domain
*** Default servers are not=20 available
That's it. IN A lookups works, at least = I can ping=20 host by name, exchange mail, and do other things..
 
But how to install these mysterious = Default=20 servers? :-)
 
Excuse me for a non-FreeBSD only=20 question..
 
Matiss Elsbergs
matiss@bkc.lv
 
------=_NextPart_000_0043_01C13892.E3CC9220-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Sep 8 8:27:33 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id 8CD4D37B403 for ; Sat, 8 Sep 2001 08:27:28 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id 77ED516B13 for ; Sat, 8 Sep 2001 17:27:26 +0200 (CEST) Received: from IBM-HIRXKN66F0W.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id AB5098560058; Sat, 08 Sep 2001 17:37:52 +0200 Message-Id: <5.1.0.14.0.20010908101920.02fe7740@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 08 Sep 2001 10:27:08 -0500 To: freebsd-isp@freebsd.org From: Len Conrad Subject: Re: Some problems with DNS server.. In-Reply-To: <004601c13879$bf950fe0$0200a8c0@lv> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org ># nslookup -q=a www.somehost.net >ournameserver.somehost.net If you want help with a public domain and NS, tell us what they are. >*** Can't find server name for address 62.85.45.34: Non-existent host/domain >*** Default servers are not available >The same with: > ># nslookup -q=ptr 34.45.85.62.in-addr.arpa. ournameserver.somehost.net >*** Can't find server name for address 62.85.45.34: Non-existent host/domain # dig -x 62.85.45.34 @ns3.delfi.lv ; <<>> DiG 8.2 <<>> -x @ns3.delfi.lv ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; 34.45.85.62.in-addr.arpa, type = ANY, class = IN ;; AUTHORITY SECTION: 45.85.62.in-addr.arpa. 1D IN SOA ns3.delfi.lv. hostmaster.delfi.lv. ( 2001090700 ; serial 8H ; refresh 1H ; retry 2W ; expiry 1D ) ; minimum ;; Total query time: 200 msec ;; FROM: montwood.netwood.net to SERVER: ns3.delfi.lv 195.2.96.249 ;; WHEN: Sat Sep 8 08:22:47 2001 ;; MSG SIZE sent: 42 rcvd: 101 the auth NS for that ip is ns3.delfi.lv, is that you? >*** Default servers are not available >That's it. IN A lookups works, at least I can ping host by name, exchange >mail, and do other things.. > >But how to install these mysterious Default servers? :-) first, stop using nslookup. Use dig. > Excuse me for a non-FreeBSD only question.. it“s an ISP question, ok. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Sep 8 9: 1: 0 2001 Delivered-To: freebsd-isp@freebsd.org Received: from pit.lv (www.pit.lv [159.148.96.253]) by hub.freebsd.org (Postfix) with ESMTP id D14C037B405 for ; Sat, 8 Sep 2001 09:00:55 -0700 (PDT) Received: from ysdh45 ([159.148.83.140]) by pit.lv (8.11.6/8.11.2) with SMTP id f88G5Kl28062; Sat, 8 Sep 2001 19:05:20 +0300 Message-ID: <007101c1387f$dff71ac0$0200a8c0@lv> From: =?windows-1257?Q?Mat=EEss_Elsbergs?= To: "Len Conrad" Cc: References: <5.1.0.14.0.20010908101920.02fe7740@mail.Go2France.com> Subject: Re: Some problems with DNS server.. Date: Sat, 8 Sep 2001 19:03:59 +0300 MIME-Version: 1.0 Content-Type: text/plain; charset="windows-1257" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4133.2400 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4133.2400 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Ok, thanks for the fast reply. nslookup -q=a www.astranet.lv ns1.astranet.lv *** Can't find server name for address 62.85.45.34: Non-existent host/domain *** Default servers are not available nslookup -q=ptr 34.45.85.62.in-addr.arpa. ns1.astranet.lv *** Can't find server name for address 62.85.45.34: Non-existent host/domain *** Default servers are not available You see, the main problem is, that our nameserver doesn't responds properly, as far as i'm concerned. Ok, I'm not the authority for 45.85.62 zone yet with my ns1.astranet.lv. ns3.delfi.lv is supposed to be a secondary for that zone, as soon as i finish my configuration. But I am the authority for astranet.lv domain, so this must be ok, but it isn't. knight# dig astranet.lv @ns1.astranet.lv ; <<>> DiG 8.3 <<>> -x @ns1.astranet.lv ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 6 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUERY SECTION: ;; lv.astranet.www.in-addr.arpa, type = ANY, class = IN ;; AUTHORITY SECTION: in-addr.arpa. 3H IN SOA A.ROOT-SERVERS.NET. bind.ARIN.NET. ( 2001090804 ; serial 30M ; refresh 15M ; retry 1w1d ; expiry 3H ) ; minimum ;; Total query time: 180 msec ;; FROM: knight.astranet.lv to SERVER: ns1.astranet.lv 62.85.45.34 ;; WHEN: Sat Sep 8 19:50:49 2001 ;; MSG SIZE sent: 46 rcvd: 110 Anyway, dig DOES a greater output where everythings allright.. I still can't get it. So, maybe there is a problem with /etc/resolv.conf? or with /etc/namedb/named.conf? /etc/namedb/named.root? /etc/namedb/zone file? With best regards, Mathias matiss@bkc.lv To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Sep 8 9: 9:19 2001 Delivered-To: freebsd-isp@freebsd.org Received: from peitho.fxp.org (peitho.fxp.org [209.26.95.40]) by hub.freebsd.org (Postfix) with ESMTP id AB75C37B40C for ; Sat, 8 Sep 2001 09:09:10 -0700 (PDT) Received: by peitho.fxp.org (Postfix, from userid 1501) id 2B85D1361D; Sat, 8 Sep 2001 12:09:05 -0400 (EDT) Date: Sat, 8 Sep 2001 12:09:05 -0400 From: Chris Faulhaber To: Mat?ss Elsbergs Cc: Len Conrad , freebsd-isp@freebsd.org Subject: Re: Some problems with DNS server.. Message-ID: <20010908120904.A53795@peitho.fxp.org> References: <5.1.0.14.0.20010908101920.02fe7740@mail.Go2France.com> <007101c1387f$dff71ac0$0200a8c0@lv> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="Q68bSM7Ycu6FN28Q" Content-Disposition: inline In-Reply-To: <007101c1387f$dff71ac0$0200a8c0@lv> User-Agent: Mutt/1.3.20i Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --Q68bSM7Ycu6FN28Q Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sat, Sep 08, 2001 at 07:03:59PM +0300, Mat?ss Elsbergs wrote: > Ok, thanks for the fast reply. >=20 > nslookup -q=3Da www.astranet.lv ns1.astranet.lv > *** Can't find server name for address 62.85.45.34: Non-existent host/dom= ain > *** Default servers are not available > nslookup -q=3Dptr 34.45.85.62.in-addr.arpa. ns1.astranet.lv > *** Can't find server name for address 62.85.45.34: Non-existent host/dom= ain > *** Default servers are not available >=20 > You see, the main problem is, that our nameserver doesn't responds proper= ly, > as far as i'm concerned. >=20 AFAIK, nameservers are required to have forward *and* reverse DNS set up properly... jedgar@sushi:~$ host ns1.astranet.lv ns1.astranet.lv has address 62.85.45.34 jedgar@sushi:~$ host 62.85.45.34 Host not found. jedgar@sushi:~$=20 =2E..which explains why nslookup refuses to use your nameserver. --=20 Chris D. Faulhaber - jedgar@fxp.org - jedgar@FreeBSD.org -------------------------------------------------------- FreeBSD: The Power To Serve - http://www.FreeBSD.org --Q68bSM7Ycu6FN28Q Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.6 (FreeBSD) Comment: FreeBSD: The Power To Serve iEYEARECAAYFAjuaQqAACgkQObaG4P6BelCAwgCaAvUiaE0im+7taPBUm1FwAro+ AJUAoJdwbu0V1DcfZyo+tjnJRK4Ae3HS =PR4g -----END PGP SIGNATURE----- --Q68bSM7Ycu6FN28Q-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message From owner-freebsd-isp Sat Sep 8 9:13:31 2001 Delivered-To: freebsd-isp@freebsd.org Received: from mgw1.MEIway.com (mgw1.meiway.com [212.73.210.75]) by hub.freebsd.org (Postfix) with ESMTP id B46A337B401 for ; Sat, 8 Sep 2001 09:13:23 -0700 (PDT) Received: from mail.Go2France.com (ms1.meiway.com [212.73.210.73]) by mgw1.MEIway.com (Postfix Relay Hub) with ESMTP id E1DA116B1C for ; Sat, 8 Sep 2001 18:13:21 +0200 (CEST) Received: from IBM-HIRXKN66F0W.Go2France.com [66.64.14.18] by mail.Go2France.com with ESMTP (SMTPD32-6.06) id A60E9D8C0058; Sat, 08 Sep 2001 18:23:42 +0200 Message-Id: <5.1.0.14.0.20010908110243.0285ab68@mail.Go2France.com> X-Sender: LConrad@Go2France.com@mail.Go2France.com X-Mailer: QUALCOMM Windows Eudora Version 5.1 Date: Sat, 08 Sep 2001 11:13:04 -0500 To: From: Len Conrad Subject: Re: Some problems with DNS server.. In-Reply-To: <007101c1387f$dff71ac0$0200a8c0@lv> References: <5.1.0.14.0.20010908101920.02fe7740@mail.Go2France.com> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1"; format=flowed Content-Transfer-Encoding: 8bit Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >nslookup -q=a www.astranet.lv ns1.astranet.lv >*** Can't find server name for address 62.85.45.34: Non-existent host/domain >*** Default servers are not available > nslookup -q=ptr 34.45.85.62.in-addr.arpa. ns1.astranet.lv >*** Can't find server name for address 62.85.45.34: Non-existent host/domain >*** Default servers are not available I said: use dig, not nslookup >You see, the main problem is, that our nameserver doesn't responds properly, >as far as i'm concerned. use dig, your concerns, if any remain with dig, will be better founded >Ok, I'm not the authority for 45.85.62 zone yet with my ns1.astranet.lv. >ns3.delfi.lv is supposed to be a secondary for that zone, as soon as i >finish my configuration. But I am the authority for astranet.lv domain, so >this must be ok, but it isn't. nslookup stupidly requires the queried NS to have PTR record. forward and reverse authority are totally independent. ; <<>> DiG 8.3 <<>> astranet.lv any ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3 ;; QUERY SECTION: ;; astranet.lv, type = ANY, class = IN ;; ANSWER SECTION: astranet.lv. 30M IN NS ns1.astranet.lv. astranet.lv. 30M IN NS ns2.astranet.lv. astranet.lv. 1d23h21m48s IN SOA ns1.astranet.lv. hostmaster.astranet.lv.astranet.lv. ( 2001090800 ; serial 1D ; refresh 2H ; retry 5w6d16h ; expiry 2D ) ; minimum (note: the last field in SOA is now negative TTL, no longer zone default TTL) astranet.lv. 2d23h21m48s IN MX 9 mail.astranet.lv. ;; AUTHORITY SECTION: astranet.lv. 30M IN NS ns1.astranet.lv. astranet.lv. 30M IN NS ns2.astranet.lv. ;; ADDITIONAL SECTION: ns1.astranet.lv. 30M IN A 62.85.45.34 ns2.astranet.lv. 30M IN A 62.85.45.35 mail.astranet.lv. 2d23h2m58s IN A 62.85.45.36 ;; Total query time: 197 msec ;; FROM: Lists.Opt-In4Email.com to SERVER: default -- 209.25.194.212 ;; WHEN: Sat Sep 8 12:04:02 2001 ;; MSG SIZE sent: 29 rcvd: 221 Since your NS has not been delegated reverse zone authority from delfi and there is no PTR for your ip“s, nslookup fails. >Anyway, dig DOES a greater output where everythings allright.. >I still can't get it. So, maybe there is a problem with /etc/resolv.conf? nope > or >with /etc/namedb/named.conf? nope, but have you turned on logging to see what errors you have and what queries bind is seeing? > /etc/namedb/named.root? nope > /etc/namedb/zone file? stay with dig. Here“s a zone analysis Errors ---------------------------------------------------------------------- o Non-authoritative data received from the server "ns2.astranet.lv." The server "ns2.astranet.lv." is listed as being authoritative for the domain, but it does not contain authoritative data for it. o Only one of your name servers has autoritative data for the zone. The server "ns1.astranet.lv." is the only server that has authoritaive data for the zone. If this server becomes unavailable, your domain will become inacessible. o The hostmaster address "hostmaster.astranet.lv@astranet.lv" does not exist. None of the mail servers for "astranet.lv." recognized the hostmaster address "hostmaster.astranet.lv@astranet.lv" Warnings ---------------------------------------------------------------------- o The name server "ns1.astranet.lv." does not permit zone transfers The name server "ns1.astranet.lv." has been configured to reject unauthorized zone transfers and the application will not be able to use data from this server while analyzing the zone. o Zone transfer from authoritative servers not possible It was not possible to perform a zone transfer from any of the authoritative name servers for the zone. This will limit the range of tests performed for the zone. o The TTL field in the SOA record contains an unusually high value The value 259200 of the TTL field in the SOA record is unusually high. The value for this field should be within the range 3600 - 172800. o The TTL value 259200, in the A record "ns2.astranet.lv." is rather high The TTL value 259200, used in the A record "ns2.astranet.lv.", is unusually high. The TTL value should be within the range 3600 - 172800. o The TTL value 259200, in the A record "ns1.astranet.lv." is rather high The TTL value 259200, used in the A record "ns1.astranet.lv.", is unusually high. The TTL value should be within the range 3600 - 172800. o The TTL value 259200, in the A record "mail.astranet.lv." is rather high The TTL value 259200, used in the A record "mail.astranet.lv.", is unusually high. The TTL value should be within the range 3600 - 172800. o The TTL value 259200, in the NS record "astranet.lv." is rather high The TTL value 259200, used in the NS record "astranet.lv.", is unusually high. The TTL value should be within the range 3600 - 172800. o The TTL value 259200, in the MX record "astranet.lv." is rather high The TTL value 259200, used in the MX record "astranet.lv.", is unusually high. The TTL value should be within the range 3600 - 172800. o There is only one MX record in the zone The zone contains only one MX record. This will cause mail delivery problems if the primary mail server becomes unavailable. For safety purposes, there should be two or more mail servers for every zone, the extra mail servers being used as backup (secondary) servers for the primary server. Len http://MenAndMice.com/DNS-training http://BIND8NT.MEIway.com : ISC BIND 8.2.4 for NT4 & W2K http://IMGate.MEIway.com : Build free, hi-perf, anti-abuse mail gateways To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message