Re: flushing mail: obstacles

Matti Aarnio (matti.aarnio@sonera.fi)
Thu, 22 Apr 1999 11:16:43 +0300 (EEST)


Alexy Khrabrov <khrabrov@unagi.cis.upenn.edu> wonders:
> I installed fetchmail and it's terrific.

Yes, I agree -- or perhaps my interpretation of
word "terrific" does not match yours ?

We have seen several times at these lists cases
where people use fetchmail, and then screw up
the email processing by sending out all fetched
email per visible RFC-822 headers -- "To:", "Cc:" ..

Every time we postmasters see them, we kill such
loop-generating recipients from our lists without
sending any warning to the culprit...

I presume with that program it is way too easy to
shoot yourself to your head... It sounds like it
has an OPTIONAL parameter telling to which local
user to send the email, and if none are given, then
it runs system sendmail with '-t' option, which
picks recipient addresses from "To:" and "Cc:"
headers :-( It jolly well should have MANDATORY
parameter for the recipient so that people can't
so easily screw up..

> Now the only thing left is to send mail away.
...
> ----- Transcript of session follows -----
> ... while talking to unagi.cis.upenn.edu.:
> >>> MAIL From:<root@yaw.suffix.com> SIZE=115
> <<< 451 <root@yaw.suffix.com>... Domain must resolve khrabrov@unagi.cis.upenn.edu... Deferred: 451
> <root@yaw.suffix.com>... Domain must resolve
> Warning: message still undelivered after 4 hours
> Will keep trying until message is 5 days old
>
> (I'm trying to send it to myself at unagi.cis.upenn.edu.)
...
> Why does sendmail try to resolve yaw.suffix.com?
> I own suffix.com, but don't have a static IP for
> yaw, my local box, which I connect via ATT ppp.
> Since yaw.suffix.com It doesn't exist anyways, the
> return mail must come to braver@pobox.com -- but
> when I say

Rejection of non-DNS-registered domains is result from
countermeasures against Spammers who used faked source
addresses. Now such addresses are rarer and rarer...

I do find it surprising that UNAGI didn't reply to you
'551' (permanent error), as the DNS lookup results definite
NXDOMAIN report for "yaw.suffix.com". I consider that
deficiency of the DNS analysis/report routines at UNAGI's
mailer..

> sendmail -fbraver@pobox.com -q
>
> to flush the queue with that "from" fake, I get
> this:

I recall that flushes ONLY those messages where
the source address is already set to braver@pobox.com,
it does not change pre-existing source addresses.

> The original message was received at Wed, 21 Apr
> 1999 02:50:48 -0400
> from root@localhost
>
> ----- The following addresses had transient
> non-fatal errors -----
> khrabrov@unagi.cis.upenn.edu
>
> ----- Transcript of session follows -----
> 451
> khrabrov@unagi.cis.upenn.edu...
> unagi.cis.upenn.edu: Name server timeout
> Warning: message still undelivered after 4 hours
> Will keep trying until message is 5 days old

That is because of your system setup has problems
in the DNS resolving ( /etc/nsswitch.conf: hosts entry,
and /etc/resolv.conf, possibly also in your local
named setup, although that last one you don't
really need..)

Another likely problem location is that you should
make a pact with somebody to accept email for outbound
relaying from you. Then essentially you just need
to direct non-local email to that relay, and that
you can do with STATIC ip addresses listed at /etc/hosts!
(Presuming you have suitable /etc/nsswitch.conf setup..)

Just remember that address in visible "From:" header
does not necessarily have any relation with what the
transport level uses. Your relay rejections are coming
from the transport level addresses -- usually.

> Now I read Linux Mail-HOWTO and it bluntly says
> sendmail is obsolete and insecure, qmail
> (www.qmail.org) is the king of the hill.

Sigh, what a piece of single-minded crap..
(No, I don't defend sendmail, in fact I don't
like either of them..)

> /etc/hosts has a line
> 192.168.0.1 yaw yaw.suffix.com
>
> As I said,
> /etc/named.boot has a line
> forwarders 204.127.129.1 204.127.160.1

You don't need named, unless your resolv.conf
points to your local host -- which it doesn't.

Check your /etc/nsswitch.conf; it should have line:
hosts: files dns

> where the IPs belong to ATT nameservers.
>
> /etc/resolv.conf assigns domain att.net to search from:
> domain att.net
> nameserver 204.127.129.1
> nameserver 204.127.160.1
>
> So how the DEC you make mail leave the building?!

Easily, routinely, regularly, but with different tools than
99% of you... (And with fixed connection.)

> --
> Cheers,
> Alexy Khrabrov -- www.suffix.com -- Segmentation f%^(&

/Matti Aarnio <matti.aarnio@sonera.fi>
-
To unsubscribe from this list: send the line "unsubscribe linux-net" in
the body of a message to majordomo@vger.rutgers.edu