Question about sendmail...

David-Paul Niner dpniner at dpniner.net
Fri Oct 28 03:52:29 UTC 2005


Philip Prindeville wrote:

> Craig White wrote:
>
>> On Thu, 2005-10-27 at 20:26 -0600, Philip Prindeville wrote:
>>  
>>
>>> I'm running FC3 (updated) on a handful of machines.
>>>
>>> I have a single IP address, with a NATing router set to that
>>> address.  I have a domain, and an MX which points through
>>> the router at my mail server (or rather, the router is configured
>>> to port-forward 25, 143, etc to the mail server).
>>>
>>> I also have several mail clients on my 192.168.1.x network.
>>>
>>> The issues are the following:
>>>
>>> * the clients have a smart host (DS) defined as the mail relay,
>>>   but they canonical its name and then look it up in the DNS,
>>>   trying to contact it on the external IP address (and not its
>>>   internal 192.168.1.x address in the /etc/hosts file).  My
>>>   /etc/nsswitch.conf file is unmodified.
>>>
>>> * the clients then try to relay the email with a sender's envelope
>>>   address as user at host.my-domain, which the relay rejects
>>>   because "host.my-domain" doesn't resolve in the DNS.
>>>
>>> * I should probably have define(`LOCAL_RELAY', `:$S') to
>>>   handle forwarding everything to the mail server.
>>>
>>> I used to know all of this stuff once upon a time...
>>>
>>> Am I missing anything?
>>>   
>>
>> ----
>> I've never used 'LOCAL_RELAY' so I can't help you there. I typically run
>> my own DNS servers inside the LAN so that the name resolution is
>> completely under my control - where mail.mydomain_name.com would resolve
>> to an internal mail server which handles end delivery (or smart host
>> delivery).
>>
>> If you don't want to run your own DNS, it's just simpler to use smart
>> host pointing directly to the ip address of your mail server directly
>> instead of a name which loops the connection outside of the trusted LAN.
>>  
>>
>
> Gah!   I thought about that, but I was hoping there was a less
> heinous fix.
>
> -Philip
>
>> Craig
>>
>>
>>  
>>
> Actually, if you run bind you can implement views on your DNS boxen, 
> which allow you to serve up different zone (A,MX,etc.) records to 
> different networks/hosts.   It's a breeze to configure and essentially 
> eliminates the issue you're (and about a million other net admins) are 
> running into.

    Check out:
   
    http://sysadmin.oreilly.com/news/views_0501.html

    for more info.

    David-Paul Niner


-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the fedora-list mailing list