MX Record routing:summary
Administrator
---The original problem...
>I have two systems defined as MX (mail exchanger) for the domain.
>If System1 is defined with a preferance of 10 (default MX)
>and System2 is defined with a preferance of 20,
>is it possible to...
>
>1) Take System1 off line (mail starts routing to System2
> where it is queued indefinitly).
>2) Bring System1 back online (mail starts routing to System1).
>3) Process the queue on System2 and have it forward all mail
> it received during the 'outage' to System1?
>
>Essentially this would be used for a dialin setup where...
>System1 <--dialin--> System2 <--fullconnection--> Internet
>email sendmail DNS Records
>destination
---The Extra Info (Thanks for the input!)...
>This is the default behavior of sendmail. If there's an MX record more
>preferable than the local machine, it will try to forward to it every
>time the queue is run.
>
>As for the DNS lookup, it does this for any address that the
>sendmail.cf doesn't specify special processing for. So server2
>should *not* have the destination address in its Cw list.
>--
>Barry Margolin, bar...@bbnplanet.com
This would appear to solve the problem for System2.
>The only things I can think to add is that this requires that System2
>not believe that the destination is local, and that the time you have
>to get System1 back up is equal to the period that the mailer on
>System2 will queue mail (unless you intervene manually).
>cri...@acmebw.com
I'm not sure what you mean by local. Both machines will have IPs on
the same Class C. ie: system1=199.199.199.1, system2=199.199.199.5
When System1 dials in it's login will spawn a queue run after PPPD
has negotiated. We'll be intervening manually. They'll be dialing in
2-3 times daily so the queue should never have time to bounce email.
>Look into using uucp/tcp for this; it's a much cleaner piece of
>engineering.
>Jay R. Ashworth j...@baylink.com
I'd love to but the office where System1 sits is using NT and
TCP/IP. ONLY. NO EXTRA SOFTWARE INSTALLED! This is their call
and that's the way they wanted it.
...blah...I hate clauudeges
---The conclusion...
It sounds like the only problem here is keeping the queue from pounding
a nonexistant machine and processing the queue upon dialin. Great!
Thanks for all the input,
shawn
Jay R. Ashworth
On Mon, Aug 18, 1997 at 06:18:24PM -0400, Administrator wrote:
[ quoting me ]
> >Look into using uucp/tcp for this; it's a much cleaner piece of
> >engineering.
>
> TCP/IP. ONLY. NO EXTRA SOFTWARE INSTALLED! This is their call
> and that's the way they wanted it.
> ...blah...I hate clauudeges
>
> ---The conclusion...
>
> It sounds like the only problem here is keeping the queue from pounding
> a nonexistant machine and processing the queue upon dialin. Great!
And you can't; that's the problem. Worse, there's no way to get
sendmail to run the queue for _only one site_, that I know of. If you
have more than one client, even only running the queue manually on
calls (and trusting your downlinks to make sure your outgoing mail gets
sent) will be problematic. If system2's job is solely to be a mail
relay for system1, mail-wise, then roar ahead.
Cheers,
-- jra
--
Jay R. Ashworth j...@baylink.com
Member of the Technical Staff Unsolicited Commercial Emailers Sued
The Suncoast Freenet "People propose, science studies, technology
Tampa Bay, Florida conforms." -- Dr. Don Norman +1 813 790 7592
Barry Margolin
In article <33F8CA30...@jumpport.com>,
Administrator <ad...@jumpport.com> wrote:
>>The only things I can think to add is that this requires that System2
>>not believe that the destination is local, and that the time you have
>>to get System1 back up is equal to the period that the mailer on
>>System2 will queue mail (unless you intervene manually).
>>cri...@acmebw.com
>
>I'm not sure what you mean by local. Both machines will have IPs on
>the same Class C. ie: system1=199.199.199.1, system2=199.199.199.5
>When System1 dials in it's login will spawn a queue run after PPPD
>has negotiated. We'll be intervening manually. They'll be dialing in
>2-3 times daily so the queue should never have time to bounce email.
In this context, "local" means "delivered to users on this machine". In
sendmail.cf, the Cw line specifies which domains the machine should treat
as aliases for itself, so mail for <user>@<localname> is delivered to the
local mailbox for <user> instead of being forwarded. If mail for
<user>@<hostname> is received and <hostname> isn't in the Cw line, the mail
will be forwarded to the MX host for <hostname>.
Sendmail doesn't care about IP addresses.
--
Barry Margolin, bar...@bbnplanet.com
BBN Corporation, Cambridge, MA
Support the anti-spam movement; see <http://www.cauce.org/>
Please don't send technical questions directly to me, post them to newsgroups.
Christopher Davis
JRA> == Jay R Ashworth <j...@scfn.thpl.lib.fl.us>
JRA> And you can't; that's the problem. Worse, there's no way to get
JRA> sendmail to run the queue for _only one site_, that I know of.
ETRN site or sendmail -qRsite will do the job (mostly; if there are
messages with recipients for both site and not-site then sendmail will
also try to deliver to the not-site recipients, but hey).
The command-line version has been in sendmail 8 for a while, and even ETRN
is a few versions old at this point.
--
Christopher Davis <c...@kei.com> <URL: http://www.kei.com/homepages/ckd/ >
Geographic locations in DNS! <URL: http://www.kei.com/homepages/ckd/dns-loc/ >
chuck
Jay R. Ashworth wrote:
>
> On Mon, Aug 18, 1997 at 06:18:24PM -0400, Administrator wrote:
> [ quoting me ]
> > >Look into using uucp/tcp for this; it's a much cleaner piece of
> > >engineering.
> >
> > I'd love to but the office where System1 sits is using NT and
> > TCP/IP. ONLY. NO EXTRA SOFTWARE INSTALLED! This is their call
> > and that's the way they wanted it.
> > ...blah...I hate clauudeges
UUCP can run on NT.
> > ---The conclusion...
> >
> > It sounds like the only problem here is keeping the queue from pounding
> > a nonexistant machine and processing the queue upon dialin. Great!
Who cares, let it try. If the machine is down (and just across the
LAN or on a dialup), it will fail. Done. It won't add traffic,
it will add a LITTLE processing to determine that the machine's down.
> And you can't; that's the problem. Worse, there's no way to get
> sendmail to run the queue for _only one site_, that I know of.
I use 'sendmail -...@dom.ain' to run out mail for that dom.ain.
From the client end, current sendmails support "ETRN" where, after
greeting, I say "ETRN @dom.ain" and sendmail will run the queue.
I use this all the time from my home machine.
fetchmail supports this (see search engines) as well.
> If you
> have more than one client, even only running the queue manually on
> calls (and trusting your downlinks to make sure your outgoing mail gets
> sent) will be problematic. If system2's job is solely to be a mail
> relay for system1, mail-wise, then roar ahead.
Or a backup for system1. Works, make sense, keep the domain out of
Class W on sendmail for system2 and it will back it up.
Cricket Liu
On Mon, 18 Aug 1997 18:18:24 -0400, Administrator <ad...@jumpport.com>
wrote:
>>The only things I can think to add is that this requires that System2
>>not believe that the destination is local, and that the time you have
>>to get System1 back up is equal to the period that the mailer on
>>System2 will queue mail (unless you intervene manually).
>>cri...@acmebw.com
>
>I'm not sure what you mean by local. Both machines will have IPs on
>the same Class C. ie: system1=199.199.199.1, system2=199.199.199.5
>When System1 dials in it's login will spawn a queue run after PPPD
>has negotiated. We'll be intervening manually. They'll be dialing in
>2-3 times daily so the queue should never have time to bounce email.
By "local," I meant "resolves the email destination to the local
mailer" and tries to drop the mail into people's mailboxes. You want
the mailer on System2 to simply queue the mail.
cricket
Acme Byte & Wire | http://www.acmebw.com/
cri...@acmebw.com | (303) 449-0484
Arnaud KOPP
Jay R. Ashworth <j...@scfn.thpl.lib.fl.us> wrote:
: On Mon, Aug 18, 1997 at 06:18:24PM -0400, Administrator wrote:
: [ quoting me ]
: > >Look into using uucp/tcp for this; it's a much cleaner piece of
: > >engineering.
: >
: > I'd love to but the office where System1 sits is using NT and
: > TCP/IP. ONLY. NO EXTRA SOFTWARE INSTALLED! This is their call
: > and that's the way they wanted it.
: > ...blah...I hate clauudeges
: > ---The conclusion...
: >
: > It sounds like the only problem here is keeping the queue from pounding
: > a nonexistant machine and processing the queue upon dialin. Great!
: And you can't; that's the problem. Worse, there's no way to get
: sendmail to run the queue for _only one site_, that I know of. If you
: have more than one client, even only running the queue manually on
: calls (and trusting your downlinks to make sure your outgoing mail gets
: sent) will be problematic. If system2's job is solely to be a mail
: relay for system1, mail-wise, then roar ahead.
You can have sendmail running the queue according to sender or
recipient address. It's with -qR or -qS option. For example, if you
want all mail for *foo.com* delivered you can run "sendmail
-qRfoo.com" and it will only process qfiles with foo.com for recipient.
Arnaud.
--
/| / Arnaud KOPP @ DotCOM - UnixWare2 - Irix - Linux - {Net,Free}BSD
/-|< Work: +33 1 46 67 51 00 Email : arn...@dotcom.fr.REMOVE
/ | \ Fax : +33 1 46 67 51 01 WWW : http://www.DotCom.fr
Jay R. Ashworth
On Tue, Aug 19, 1997 at 01:03:59PM -0400, Christopher Davis wrote:
> JRA> == Jay R Ashworth <j...@scfn.thpl.lib.fl.us>
> JRA> And you can't; that's the problem. Worse, there's no way to get
> JRA> sendmail to run the queue for _only one site_, that I know of.
>
> ETRN site or sendmail -qRsite will do the job (mostly; if there are
> messages with recipients for both site and not-site then sendmail will
> also try to deliver to the not-site recipients, but hey).
>
> The command-line version has been in sendmail 8 for a while, and even ETRN
> is a few versions old at this point.
Oh, it _does_ work now. Ok. Not administering 8.x anywhere yet, and
my Bat book is release 1. Missed that. Can you run the link over ssh?
Cause I gather IP spoofing and cleartext passwords are still a possible
problem.
Christopher Davis
JRA> == Jay R Ashworth <j...@scfn.thpl.lib.fl.us>
JRA> Can you run the link over ssh? Cause I gather IP spoofing and
JRA> cleartext passwords are still a possible problem.
It doesn't cause the queue run to feed back over the SMTP connection, it
causes the queue run to happen then (rather than the next time it normally
would depending on the -q parameter) and to be limited to messages
containing the substring given to ETRN in a recipient address.
That said, if the site is vulnerable to DNS cache pollution (ObBIND ;-)
then it would be possible to poison their cache and force them to deliver
the queued mail to evil.site instead of real.site, but all ETRN would do
in that case is make it easier to do so (i.e. fewer worries about the info
timing out before the next queue run).
The solution there is to upgrade to BIND 4.9.6 or 8.1.1.
Jon Lewis
On Wed, 20 Aug 1997, Jay R. Ashworth wrote:
> > ETRN site or sendmail -qRsite will do the job (mostly; if there are
> > messages with recipients for both site and not-site then sendmail will
> > also try to deliver to the not-site recipients, but hey).
>
> Oh, it _does_ work now. Ok. Not administering 8.x anywhere yet, and
> my Bat book is release 1. Missed that. Can you run the link over ssh?
> Cause I gather IP spoofing and cleartext passwords are still a possible
> problem.
Passwords? Huh? This is SMTP...or in this case ESMTP. There are no
usernames/passwords...and an interesting side note is that ANYONE can
telnet to port 25 and request "etrn anydomain". I wonder if there's a
DoS attack in the making...especially if done to a busy mail server with
much in the queue.
------------------------------------------------------------------
Jon Lewis <jle...@fdt.net> | Unsolicited commercial e-mail will
Network Administrator | be proof-read for $199/message.
Florida Digital Turnpike |
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____
Trevor Fiatal
>> > ETRN site or sendmail -qRsite will do the job (mostly; if there are
>> > messages with recipients for both site and not-site then sendmail will
>> > also try to deliver to the not-site recipients, but hey).
>
>Passwords? Huh? This is SMTP...or in this case ESMTP. There are no
>usernames/passwords...and an interesting side note is that ANYONE can
>telnet to port 25 and request "etrn anydomain". I wonder if there's a
>DoS attack in the making...especially if done to a busy mail server with
>much in the queue.
I consider it a potential attack point. ETRN is disabled on my
externally-exposed SMTP servers for this very reason. I figure if I
want the queue run, I'll log in as one of the trusted users and do it
with -qR, or trigger a full queue run with an SNMP set to my
extensible agent, and have the agent start the queue run.
-Trevor
/--------------------------------=-----------------------------------\
|Trevor Fiatal - tre...@home.net | |
|Internet Applications Architect | "Entropy sucks." |
|@Home Network, SF Bay Area, CA | |
\--------------------------------|-----------------------------------/
Jay R. Ashworth
On Thu, Aug 21, 1997 at 11:42:02PM -0400, Jon Lewis wrote:
> On Wed, 20 Aug 1997, Jay R. Ashworth wrote:
> > > ETRN site or sendmail -qRsite will do the job (mostly; if there are
> > > messages with recipients for both site and not-site then sendmail will
> > > also try to deliver to the not-site recipients, but hey).
> >
> > my Bat book is release 1. Missed that. Can you run the link over ssh?
> > Cause I gather IP spoofing and cleartext passwords are still a possible
> > problem.
>
> usernames/passwords...and an interesting side note is that ANYONE can
> telnet to port 25 and request "etrn anydomain". I wonder if there's a
> DoS attack in the making...especially if done to a busy mail server with
> much in the queue.
Doh.
Sorry: "DoH". :-)
Yeah; well, that's why I suggested uucp. Passwords and sequence
numbers are a damn sight tighter than _no security_ at all. I was
actually, I guess, wondering if you could run _uucp_ over ssh; I guess
I'll have to investigate... and write up a howto. :-)
Cheers,
-- jr 'send docs' a
Jay R. Ashworth
On Fri, Aug 22, 1997 at 10:13:09AM +0000, Trevor Fiatal wrote:
> >> > ETRN site or sendmail -qRsite will do the job (mostly; if there are
> >> > messages with recipients for both site and not-site then sendmail will
> >> > also try to deliver to the not-site recipients, but hey).
> >
> >usernames/passwords...and an interesting side note is that ANYONE can
> >telnet to port 25 and request "etrn anydomain". I wonder if there's a
> >DoS attack in the making...especially if done to a busy mail server with
> >much in the queue.
>
> externally-exposed SMTP servers for this very reason. I figure if I
> want the queue run, I'll log in as one of the trusted users and do it
> with -qR, or trigger a full queue run with an SNMP set to my
> extensible agent, and have the agent start the queue run.
Well, that's why I suggested uucp/tcp in the first place. :-}
Cheers,
-- jra