DNS loop, relay, postmaster account
Markus Waldorf
Now I no longer get an error when connecting to the server by its name vs.
its real ip address - good.
But, if I use http://newsgate2.rferl.org:8100/ and enter my username and
password I get:
"your network does not have access to this account"
I checked my account and web-access settings. I cannot see what's wrong. Can
you advice please?
Thanks a lot so far!
Best regards,
Markus Waldorf
> From: Technical Support <sup...@stalker.com>
> Reply-To: <CGat...@mail.stalker.com> (CommuniGate Pro Discussions)
> Date: Wed, 11 Sep 2002 18:45:38 +0400
> To: <CGat...@mail.stalker.com> (CommuniGate Pro Discussions)
> Subject: Re: DNS loop, relay, postmaster account
>
> Hello, on 11.09.2002 17:10, Markus Waldorf at wald...@rferl.org wrote:
>
>> Hello,
>>
>> We just purchased CGatePro, and I don't have much experience with the
>> product. I've been searching through the mailing list and other
>> documentation for some answers, but was not successful yet. The server
>> version 3.5.9 is running under MacOSX 10.1.5.
>>
>> Our company has one primary mail domain named RFERL.ORG. We have another
>> mail domain NEWSGATE.RFERL.ORG. The purpose of NewsGate is not to provide
>> mail for our users, but to forward messages addressed to it from external
>> sources to our internal mail servers. NewsGate consists of 2 computers. Both
>> computers have the same setup, just a different IP address and appropriate
>> MX records. The idea behind it is that if one server is too busy or
>> unavailable than the other one takes over. Since I have some problem with
>> EIMS (Eudora Internet Mail server), I decided to try CGatePro on one of the
>> servers. Newsgate2 is running CGatePro and the licensed domain name is
>> "newsgate.rferl.org".
>>
>>
>> Well, I have the following problems and questions please.
>>
>> DNS-LOOP:
>>
>> I'm not the DNS manager, and we don't use BIND, so I can't say if it is
>> configured correctly, but the entries are:
>>
>> rferl.org. MX 1 praguegate.rferl.org.
>> rferl.org. MX 1 marconi.rferl.org.
>> list MX 50 list.rferl.org.
>> newsgate MX 10 newsgate2.rferl.org.
>> newsgate MX 5 newsgate1.rferl.org.
>> prglnmail01 MX 20 prglnmail01.rferl.org.
>> prglnmail02 MX 20 prglnmail02.rferl.org.
>>
>> Newsgate1 A 192.168.91.17
>> Newsgate2 A 192.168.91.21
>>
>>
>> The problem is that when I send mail to Newsgate2 using @newsgate2.rferl.org
>> as the address I get the following DNS Loop error:
>>
>> 1 SMTP-00003(newsgate2.rferl.org) DNS Loop: 'newsgate2.rferl.org' has our IP
>> address [192.168.91.21]
>> 1 DEQUEUER [60002] SMTP(newsgate2.rferl.org)WALD...@newsgate2.rferl.org
>> failed
>>
>> If I use the ip number @192.168.91.21 is works fine though. Is that normal,
>> any ideas?
>
> CGPro 'does not know' that mail to newsgate2.rferl.org should be delivered
> locally. Solution: add newsgate2.rferl.org as an alias to some domain (my
> guess: the primary one - newsgate.rferl.org) configured in CGPro (WebAdmin
> -> Domains -> newsgate.rferl.org -> Aliases)
>
>> WEBMAIL ACCESS:
>>
>> I created an account for myself to see what webmail looks like. I cannot get
>> access and receive the following errors:
>>
>> http://192.168.91.21:8100/
>> I get the login screen, but when I enter my lusername and password I
>> receive:
>> "your network does not have access to this account"
>> The server is in our Firewall DMZ, but everything should be open within our
>> LAN.
>>
>> http://newsgate2.rferl.org:8100/
>> I get the following screen:
>> "you have tried to access the newsgate2.rferl.org domain. It does point to
>> this server, but we do not provide Web access to this domain"
>
> The same as above.
>
>
>> GROUPS:
>>
>> Beside the postmaster and a test account, I configured the server to just
>> have groups, which forward mail to our internal servers.
>>
>> I noticed that when using groups the server does not store the email in case
>> of a delivery failure and just sends a failure notification. I would rather
>> have it configured so that in case of a failure the message does not get
>> lost, so it either retries or I can manually resend the message. Can this
>> actually be done with groups or will I have to create accounts for that, but
>> then how can I automatically forward incoming messages to several other
>> mailservers?
>
> You can do that using account rules: a rule may have several Redirect To
> actions. But what kind of delivery failure do you talk about? With transient
> failures the server will retry...
>
>> RELAY:
>>
>> I would like to configure the server so that it only relays messages if they
>> are addressed to accounts and groups that exist on the server, otherwise it
>> should just discard the message. Incoming mail will be forwarded to other
>> servers in our LAN. How do I have to configure the server please?
>
> Domain settings: Mail to Unknown Names is Discarded.
>
>> POSTMASTER:
>>
>> Is it possible to secure the postmaster account, so that it cannot be used
>> to relay messages or otherwise abuse it. Can I rename the postmaster account
>> for instance?
>
> Sure you can. But admins of remote servers which have problems communicating
> to your server will expect that the postmaster account exist.
>
> --
> Best regards,
> Dmitry Akindinov
>
> =======================================================================
> When answering to letters sent to you by the tech.support staff, make
> sure the original message you have received is included into your reply.
>
>
> #############################################################
> This message is sent to you because you are subscribed to
> the mailing list <CGat...@mail.stalker.com>.
> To unsubscribe, E-mail to: <CGateP...@mail.stalker.com>
> To switch to the DIGEST mode, E-mail to <CGatePr...@mail.stalker.com>
> To switch to the INDEX mode, E-mail to <CGatePr...@mail.stalker.com>
> Send administrative queries to <CGatePro...@mail.stalker.com>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <CGat...@mail.stalker.com>.
To unsubscribe, E-mail to: <CGateP...@mail.stalker.com>
To switch to the DIGEST mode, E-mail to <CGatePr...@mail.stalker.com>
To switch to the INDEX mode, E-mail to <CGatePr...@mail.stalker.com>
Send administrative queries to <CGatePro...@mail.stalker.com>
Technical Support
> Ok, I put an alias of newsgate2.rferl.org -> newsgate.rferl.org
>
> Now I no longer get an error when connecting to the server by its name vs.
> its real ip address - good.
>
> But, if I use http://newsgate2.rferl.org:8100/ and enter my username and
> password I get:
>
> "your network does not have access to this account"
WebAdmin -> Domains -> domain.name -> Domain Settings -> Services -> Mobile
should be enabled
WebAdmin -> Domains -> domain.name -> your_account -> Services -> Mobile
should be enabled
WebAdmin -> Settings -> Protection -> Reject all Logins from Non-Client IP
Addresses -- if enabled, make sure the IP address of the workstation you
login from is listed in the Client Hosts table on the same page.
Markus Waldorf
be enough.
Thanks!
Markus Waldorf
I set the "Mail to Unknown Names is Discarded"
But checking the log files I noticed that the server has been used to relay
thousands of messages today, and there is quite a bunch in the mail queue.
Question: Is there anything I have to do in addition so that my
Server cannot be used to relay. I do have groups though which forward
incoming messages to other servers, internal and external. I guess this
should be fairly straight forward.
Can my postmaster account be used to relay.
How can I delete all those Spam messages from the queue?
What I've done now, and I'm not sure if this is correct:
- deleted all *.msg and .tmp files from the /var/Communigate/queue folder
(Mac OSX 10.1.5 btw). Restarted the server
In the Settings->protections I specified my own server IP as the client IP
address. in Settings->smtp I specified relay to any IP address if received
from Clients IP address. I left "mail to unknown names is discarded" as
previously suggested.
Any comments please?