On Wed, 7 Mar 2001, Gregory Neil Shapiro wrote:
> root> I am using the standard freebsd.mc created during a buildworld. I
> root> have started noticing that I am missing/rejecting a lot of emails
> root> from places like: yahoogroups.com.
>
> It would be helpful to show the actual log message so we can determine why
> it is being rejected. If it is something like:
>
> Mar 7 18:45:51 horsey sendmail[69643]: f282jdlg069643: ruleset=check_mail,
>arg1=<[EMAIL PROTECTED]>, [EMAIL PROTECTED] [10.0.1.1],
>reject=501 5.1.8 <[EMAIL PROTECTED]>... Domain of sender address
>[EMAIL PROTECTED] does not exist
Yes, that is it. I actually started noticing the problem in my email for
the daily (nightly) run. I went to look in the maillog, however, and that
is the essence of the error (I think the PID might have been different ;).
> Then at the time the mail came in, yahoogroups.com was not resolvable. You
> can check with:
>
> nslookup -q=AAAA yahoogroups.com.
> nslookup -q=A yahoogroups.com.
> nslookup -q=MX yahoogroups.com.
I did this and it does resolve for that one, but it doesn't for an ISP
that one of my clients is trying to receive an email from. I emailed the
owner of the ISP who promptly informed me that you should never setup an
IP for your domain name, just for things like the www.<hisname>.org ;).
However, the MX does (and has all along) resolved for his domain. I
thought sendmail would do the DNS lookup/RDNS double-check thing for the
MX machine instead of the origination machine, which was why I was so
confused.
> root> I have been looking in the sendmail config stuff, and I have not yet
> root> figured out what rule I would need to change, but I need it fixed
> root> soon, customers are complaining. I think what needs to be done is
> root> add a rule that says (if it is a TLD, go ahead and accept it). And,
> root> yes, I realize that means I will get a lot of emails from places
> root> like: akjasdkfhaskhdf.com, but a "whois" lookup would be WAY TOO
> root> SLOW.
>
> >From /usr/share/sendmail/cf/README:
>
> FEATURE(accept_unresolvable_domains)
> Normally, MAIL FROM: commands in the SMTP session will be
> refused if the host part of the argument to MAIL FROM:
> cannot be located in the host name service (e.g., an A or
> MX record in DNS). If you are inside a firewall that has
> only a limited view of the Internet host name space, this
> could cause problems. In this case you probably want to
> use this feature to accept all domains on input, even if
> they are unresolvable.
Saw this, and didn't like the sound of it one darn bit. I am on a AT&T
T1, which has been extremely reliable, and have never (that I know of) had
problems resolving names unless the other persons bind or connection to
the net is shakey.
> ...
> An ``access'' database can be created to accept or reject mail from
> selected domains. For example, you may choose to reject all mail
> originating from known spammers. To enable such a database, use
>
> FEATURE(`access_db')
> ...
> OK Accept mail even if other rules in the
> running ruleset would reject it, for example,
> if the domain name is unresolvable.
Okay, just call me stupid :). I use this feature already to allow relays
from/to my various domain names, reject email from spammers, etc. I can
even control it directly from webmin instead of looking at all those
strange rules in the .cf file.
thanks,
- brian
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-current" in the body of the message
