TCP?

Rick Stevens ricks at nerd.com
Thu Oct 16 19:03:03 UTC 2008 

Karl Pearson wrote:
> On Thu, October 16, 2008 12:05 pm, Rick Stevens wrote:
>> Karl Pearson wrote:
>>> On Thu, October 16, 2008 11:31 am, Rick Stevens wrote:
>>>> I should have mentioned that you'll need to "service sshd restart" after
>>>> making the change to sshd_config.  You'll need to restart sendmail as
>>>> well if you change its config.
>>>>
>>>> And if you're asking "why doesn't it fail when I specify 'localhost'?"
>>>> remember that localhost is in your /etc/hosts file.  When you "ssh
>>>> localhost" or "telnet localhost 25", the host AND CLIENT IPs are
>>>> 127.0.0.1 which corresponds to "localhost" in /etc/hosts.
>>>>
>>>> I try to give full explanations when I post and I missed it that time.
>>>> Sorry!
>>> I had already tried DNS settings. I edited nsswitch.conf and changed it to
>>> files first, then dns, with this line:
>>> hosts:      files dns [NOTFOUND=return] files
>>>
>>> and made sure the IPs are in /etc/hosts, which they already were. One email
>>> went out with alpine from another PC, but nothing more and it took just
>>> about
>>> long enough to time out. Watching it in ps ax showed
>>>
>>> startup with 172.20.20.100
>>> then
>>> cmd read: 172.20.20.100
>>>
>>> but all the other ones show the startup line only, then when it times out on
>>> the client, it changes from the IP to the entry in the hosts file. It's like
>>> something is preventing things from moving. I'm wondering if I have a bad
>>> cable or switch.
>>>
>>> I am going to try sshd_config right now and see if that works. Remember,
>>> this
>>> is the box that got duplicate libs which I had to manually delete. There are
>>> a
>>> few duplicates again. It may not be related....
>>>
>>> Okay, changing UseDNS no didn't help at all. Still taking a couple minutes
>>> to
>>> connect via ssh.
>> Ok, then check your default routes, "netstat -rn" and verify that the
>> one with "UG" is indeed your default gateway.
> 
> It checks out okay.

Okey doke.  Just checking.  With updates and such (and that goddamn
POS called "NetworkManager"), anything's possible.

> I'm not sure how, but it works fine. Let me 'splain...
> 
> In checking for things in /etc/mail/sendmail.mc and /etc/mail/submit.mc I
> found that one can just type
> 
> make (or make -C /etc/mail)
> 
> in /etc/mail and submit.mc will be transferred to submit.cf as if m4 had been
> run. Same with sendmail.mc

Actually, sendmail.cf is the output of m4 after processing sendmail.mc
(and others).

> I've also seen that using make restart works on some distros, and so tried it,
> and that works, too.

Most of them to a "cd /etc/mail;make" before they actually start
sendmail (either in a "restart" or a "start" scenario).

> In any case, that's not the apparent solution, which IS DNS related, but not
> in the way you or I thought. I changed the line in sendmail.mc:
> 
> FEATURE(`accept_unresolvable_domains')dnl
> 
> to
> 
> dnl FEATURE(`accept_unresolvable_domains')dnl
> 
> and things started working again as they had several days ago. Now then,
> please understand that nothing had been changed on the server at all. Nothing.
> That's why I still think there may be a hardware issue somewhere. The feature
> above has been enabled since the system was installed 7 weeks ago.

Yes, anything that's to be put into the sendmail.cf must begin with
"dnl".  Things without "dnl" are directives to m4 itself.

BTW, m4 is a right pain in the arse...why sendmail.org decided to 
standardize on it is beyond my comprehension.

As far as DNS issues are concerned...well, there's much to check.
Verify that /etc/resolv.conf has the actual DNS servers in it and verify
you can ping them from the host in question.  In some cases, your router
does DNS for you via a proxy.

Next, verify that you have TCP and UDP port 53 open so DNS queries can
be handled, both in the iptables config and in your external firewall
(amazing how many of them block DNS).  You can use "related,established"
in your iptables rules if you are concerned about security.
----------------------------------------------------------------------
- Rick Stevens, Systems Engineer                      ricks at nerd.com -
- AIM/Skype: therps2        ICQ: 22643734            Yahoo: origrps2 -
-                                                                    -
-        Polygon: A dead parrot (With apologies to John Cleese)      -
----------------------------------------------------------------------

More information about the Redhat-install-list mailing list