Author: W B Hacker Date: To: exim users Subject: Re: [exim] Submission mode complications.
Magnus Holmgren wrote: > On Sunday 16 July 2006 19:09, W B Hacker took the opportunity to write:
>
>>Robert M. Zigweid wrote:
>>
>>>On Jul 16, 2006, at 12:24 AM, W B Hacker wrote:
>>>
>>>>Robert Zigweid wrote:
>>>>
>>>>>Jul 15 20:58:33 fc563134 exim[12339]: 2006-07-15 20:58:33 SMTP
>>>>>connection
>>>>
>>>>>from [67.168.2.24]:55664 I=[216.75.63.134]:587 (TCP/IP connection
>>>>
>>>>>count = 1)
>>>>>Jul 15 20:58:38 fc563134 exim[12358]: 2006-07-15 20:58:38 ident
>>>>>connection
>>>>>to 67.168.2.24 timed out
>>>>>Jul 15 20:58:38 fc563134 exim[12358]: 2006-07-15 20:58:38 remote host
>>>>>address is the local host: xilisha.zigweid.net (while verifying <
>>>>>rzigweid@???> from host ([192.168.1.100])
>>>>>[67.168.2.24
>>>>>]:55664)
>>>>
>>>>But "host 216.75.63.134" indicates that your hostname should
>>>>be "fc563134.aspadmin.net",
>>>>And a 'dig any fc563134.aspadmin.net' returns only a SOA record, no
>>>>A, PTR, or
>>>>MX records.
>
>
> But that's not what's causing the error. "remote host address is the local
> host" means that the dnslookup router was given a domain that, according to
> MX and A records, the local host should handle.
It would if it could 'see' such records - which exist.
It doesn't seem that they are visible. Not to the outside world *by* IP, nor
perhaps to his own server, or not at the top of the food chain anyway.
A look into what nameservers are in use (~/etc/resolve.conf) and in what order
would be a good idea.
> If the Exim installation this
> log excerpt comes from is supposed to handle mail for xilisha.zigweid.net
> then xilisha.zigweid.net should be added to local_domains (or whatever means
> is used to tell Exim which domains are local) (since xilisha.zigweid.net is
> the primary_hostname it can be abbreviated "@").
ACK.
>
>>>The other thing that I find very confusing, is this behavior is only
>>>apparently exhibited in submission mode from my MUA. If I try to
>>>send a message from the machine that exim is on, I do not see this
>>>behavior and the mail is successfully sent and received by the
>>>intended target.
>
>
> Possibly there is no sender verification performed for mail from localhost.
>
>
>>Only IF that target is not running strict rDNS / forward/reverse host
>>lookup rules.
>>
>>You may be more strict than the far-end, and logs would show rejection of
>>incoming conections, if you have any so far.
>
>
> I don't think most MTAs reject mail from hosts where the domain returned
> through reverse lookup doesn't resolve back to the original IP, but, like
> Exim, they may log a warning.
>
There is probably not (yet) enough traffic available to/from that server to
tell, though decent DNS records, and the use of a 'direct allocation' IP block
indicate the OP is trying to do things correctly.
Presently, the host returned by rDSN of his IP is "fc563134.aspadmin.net" which
does not itself resolve, though "aspadmin.net" does - but returns an unrelated IP.
A SWAG says he needs cleanup in two places: His own box's resolver chain, and
his upstream's DNS.
Until these basic items are addressed it isn't clear if the auth handling for
submission is best-practice or not.
