Date: Sun, 28 Apr 2002 17:52:40 -0700 From: Terry Lambert <tlambert2@mindspring.com> To: groggy11@mail.com Cc: freebsd-chat@freebsd.org Subject: Re: bad isp - dns Message-ID: <3CCC9958.C1D60BBD@mindspring.com> References: <200204282328.g3SNSih60070@groggy.anc.acsalaska.net>
next in thread | previous in thread | raw e-mail | index | archive | help
groggy11@mail.com wrote:
> > > Use nat so that the outside world only sees one IP that has proper forward
> > > and reverse mapping.
>
> i do use "user ppp" -nat.
> i don't understand fully.
> i would guess that the freebsd
> mailserver checks the mail headers,
> or the smtp server trying to send,
> and i don't see how nat affects this?
example.com
,-------.
| other |
| host |
`-------'
IP #2
|
,-------.
| NAT |
| host |
`-------'
IP #1
|
---+----------------------+---- Internet
|
,-------.
| mail |
| host |
`-------'
mail.example.com. A IP #2
gateway.example.com. A IP #1
IP #2.in-addr.arpa. some.bogus.reverse.delegation
IP #1.in-addr.arpa. gateway.example.com.
He's saying that the NAT machine has a valid reverse address
record (one that matches the forward name). Because IP #2 is
NAT'ed to IP #1, and you set the Cw on "other host" to be
"gateway.example.com", then the:
gethostbyaddr(getpeername()) :== gethostbyname()
Which passes the crosscheck, and lets you send mail. It assumes
that the forward and reverse addresses will match. The current
failure of your email server is that the forward and reverse do
not match.
His suggestion *assumes* that the NAT machine's IP address has a
valid reverse mapping configured.
Setting the ISP mail server as your "SMART_HOST()" in your
sendmail configuration would also guarantee that all email is
relayed through the outbound mail server for your ISP. This
assumes that your ISP, though too stupid to be able to set
your DNS records properly, is smart enough to set their own
DNS records properly (i.e. they are pervesely and selectively
stupid, rather than simply generally stupid and/or incompetent
and/or lazy).
Another possibility is to have your forward address match your
reverse address... e.g. whatever the ISP has as the reverse,
make sure that there is a forward record that matches it. This
is unlikely to work, since the most common problem is that your
ISP simply failed to set up reverse records at all, rather than
failing to set up correct reverse records for static delegations.
If that's not the case, though, then you need to look up the
reverse record, and find the canonical host name there, and then
find whoever owns the DNS server for the reverse name (probably
the ISP), and make sure they have a matching forward record for
it.
If your ISP is too stupid to do that, and too stupid to set up
their own forward and reverse records correctly, well, then there
is always the approach I already suggested: pay some third party
to provide SMTP AUTH based relay services for your mail server,
and implement SMTP AUTH to the relay server from your internal
mail server.
-- Terry
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3CCC9958.C1D60BBD>