Somewhat OT email addresses
Graeme Nichols
gnichols at tpg.com.au
Fri Feb 17 02:23:05 UTC 2006
Rick Stevens wrote:
> On Thu, 2006-02-16 at 12:19 -0500, Jeff Kinz wrote:
>
>>On Thu, Feb 16, 2006 at 01:29:32PM +1100, Graeme Nichols wrote:
>>
>>>Hello Folks,
>>>
>>>I know this is somewhat OT but I was wondering if it is possible to send
>>>an email with an address in the following format; username@[IP address]
>>>
>>>I have been fiddling around because a person with whom I was writing to
>>>has suddenly become unknown, possibly because of DNS failure, I'm not
>>>sure, and the mail is returned undeliverable as the domain is unknown.
>>>They are having the same problem sending mail to me.
>>>
>>>I did a ping on my ISP's SMTP mail server and while there was a 100%
>>>failure rate on the packets, most probably due to some firewall setting,
>>>I was given the IP address, in this case, 203.12.160.34
>>>
>>>I sent a test email to name at 203.12.160.34 but it bounced with the
>>>following error;
>>
>>
>>
>>Graeme, I see one issue here that you would need to fix, assuming you
>>are trying to send am email to someone other than yourself.
>>
>>You need to enter the IP address of their domain (or their domain's SMTP
>>server), not the IP of your ISP's SMTP server.
>
>
> Graeme, Jeff's right. You can't send mail to YOUR SMTP server and
> expect it to go out.
Hi Rick, yes, I can understand that now.
>
> If sending mail to "yourfriend at theirdomain.tld" doesn't work, you're
> probably having an issue with DNS. A quick test is if you can surf the
> web on your machine. If not, then you definitely have a DNS issue.
> This can be caused by several factors: you haven't configured the DNS
> on your machine properly (this is the "/etc/resolv.conf" file), or you
> have DNS blocked by a firewall somewhere (either via iptables on your
> machine or by the firewall on your router or modem...possibly both).
>
> Your /etc/resolv.conf file should contain AT A MINIMUM, one line:
>
> nameserver ip-address-of-your-ISP's-DNS-server
>
> For example:
>
> nameserver 64.7.192.162
>
> Ideally, you'd have two or three lines, one for each of your ISP's DNS
> servers:
>
> nameserver 64.7.192.162
> nameserver 64.7.192.163
My /etc/resolv.conf only had their primary DNS so I added the second
line containing their secondary DNS.
>
> If you don't know your ISP's DNS server addresses, ask them for them.
> If you still can't get them, use the lines above. They're for our
> DNS servers and I don't mind if you use them. Being the wonderful human
> being I am, I won't even charge you for their use! :-)
Ohhh... thank you Rick. Your blood is worth bottling you know. :-)
>
> Next, you have to check your firewall settings. On your local machine,
> use "iptables -L -n". You MUST permit TCP and UDP connections to port
> 53 on your machine for DNS to work. Appropriate lines to add to your
> /etc/sysconfig/iptables file are:
>
> -A INPUT -p tcp -m tcp --dport 53 -j ACCEPT
> -A INPUT -p tcp -m tcp --sport 53 -j ACCEPT
> -A INPUT -p udp -m udp --dport 53 -j ACCEPT
> -A INPUT -p udp -m udp --sport 53 -j ACCEPT
My /etc/sysconfig/iptables file contains the following:-
[graeme at barney ~]$ sudo /sbin/iptables -L -n
Chain FORWARD (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain INPUT (policy ACCEPT)
target prot opt source destination
RH-Firewall-1-INPUT all -- 0.0.0.0/0 0.0.0.0/0
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain RH-Firewall-1-INPUT (2 references)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT icmp -- 0.0.0.0/0 0.0.0.0/0 icmp type 255
ACCEPT esp -- 0.0.0.0/0 0.0.0.0/0
ACCEPT ah -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state NEW
tcp dpt:22
REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with
icmp-host-prohibited
You have new mail in /var/spool/mail/graeme
[graeme at barney ~]$
While I haven't expressly allowed your above it appears that I have
covered it in the ALL or am I having myself on? I used the graphical
interface and selected the highest security when I set up my firewall.
So far I don't seem to have had a problem but that may be good luck
rather than good management.
Would you suggest that I add your suggestion directly into the file as
you have written them? IPtables is a black art to me :-)
>
> Also check the firewall on your router or cable/DSL modem and verify
> they allow incoming and outgoing TCP and UDP messages using port 53.
Again, my router has the following set:-
Telnet Telnet traffic is blocked from the WAN to the LAN
FTP FTP traffic is blocked from the WAN to the LAN
TFTP TFTP traffic is blocked from the WAN to the LAN
Web Web traffic is blocked from the WAN to the LAN
SNMP SNMP traffic is blocked from the WAN
Ping Ping traffic is blocked from the WAN
That is all I can set up in my router, a Billion ADSL Router Switch
5100. I guess that everything that is not blocked above is allowed.
Thanks for the help Rick. Its much appreciated. And thanks to Jeff,
Brett and Martin as well for their assistance, all of which is appreciated.
--
----------------------------------------------------------------------
Kind regards,
Graeme.
----------------------------------------------------------------------
A neighbor came to Nasrudin, asking to borrow his donkey. "It is out on
loan," the teacher replied. At that moment, the donkey brayed loudly inside
the stable. "But I can hear it bray, over there." "Whom do you believe,"
asked Nasrudin, "me or a donkey?"
More information about the Redhat-install-list
mailing list