Sendmail help - dual homed NICs, w/IP forwarding

Sat May 14 11:07:59 UTC 2005

Hi Angelo,

Connection timed out with
localhost.localdomain.mydomainname.com<http://localhost.localdomain.mydomainname.com>.
it does mean sure this host can not be found by ur send mail.

1) Can u try with nslookup command and check localhost.localdomain.mydomain
name.com <http://name.com>. is able to relove or not.. this is only problem. 
Basically it should search mydomain.com <http://mydomain.com> only. if 
possbile can u paste here DNS forward zone and reverse file also.

2) if possible try to telnet from other network and check it telnet 
mydomain.com <http://mydomain.com> 25 and telnet
mydomain.com<http://mydomain.com>110 i hope u will get it..if not
check with u firewall rool.( checked u r
rule but tht is not issue. but at least 1 time u can check ) 

Cheers

On 5/14/05, angelo l <angelohl at hotmail.com> wrote:
> ===========THE CONFIGURATION======(problem at bottom)
> 
> *==Internet==*
> |
> |
> ______|____________________
> | Firewall |
> |21 open to 116.168.1.2 <http://116.168.1.2> |
> |22 open to 116.168.1.2 <http://116.168.1.2> |
> |25 open to 116.168.1.2 <http://116.168.1.2> |
> |80 open to 116.168.1.2 <http://116.168.1.2> |
> |110 open to 116.168.1.2 <http://116.168.1.2> |
> |113 open to 116.168.1.2 <http://116.168.1.2> |
> |__________________________|
> |
> ______|_______________________________
> | Server |
> |Eth0 (116.168.1.2 <http://116.168.1.2>) |
> | (iptables - ipv4 fowarding enabled)|
> |Eth1 (10.12.1.1 <http://10.12.1.1>) |
> |_____________________________________|
> 
> 1) I can ping th===========THE PROBLEM=============e address from eth0 to
> eth1 and vice versa with no problem, internet access from addresses on the
> eth1 subnet is no problem either.
> 2) On the server the only files I have edited are listed here (verbatim):
> 
> ***/etc/mail/sendmail.cw contains:
> mail
> 
> ***/etc/mail/sendmail.mc contains:
> divert(-1)dnl
> include(`/usr/share/sendmail-cf/m4/cf.m4')dnl
> VERSIONID(`setup for Red Hat Linux')dnl
> OSTYPE(`linux')dnl
> define(`confDEF_USER_ID',``8:12'')dnl
> define(`confTRUSTED_USER', `smmsp')dnl
> define(`confTO_CONNECT', `1m')dnl
> define(`confTRY_NULL_MX_LIST',true)dnl
> define(`confDONT_PROBE_INTERFACES',true)dnl
> define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
> define(`ALIAS_FILE', `/etc/aliases')dnl
> define(`UUCP_MAILER_MAX', `2000000')dnl
> define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
> define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
> define(`confAUTH_OPTIONS', `A')dnl
> define(`confDONT_BLAME_SENDMAIL',`groupreadablekeyfile')dnl
> define(`confTO_IDENT', `0')dnl
> FEATURE(`no_default_msa',`dnl')dnl
> FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
> FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
> FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
> FEATURE(redirect)dnl
> FEATURE(always_add_domain)dnl
> FEATURE(use_cw_file)dnl
> FEATURE(use_ct_file)dnl
> FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
> FEATURE(`access_db',`hash -T<TMPF> -o /etc/mail/access.db')dnl
> FEATURE(`blacklist_recipients')dnl
> EXPOSED_USER(`smmsp')dnl
> FEATURE(`relay_based_on_MX')dnl
> LOCAL_DOMAIN(`localhost.localdomain')dnl
> MASQUERADE_AS(`mydomainname.com')dnl
> dnl MASQUERADE_DOMAIN(localhost)dnl
> dnl MASQUERADE_DOMAIN(localhost.localdomain)dnl
> dnl MASQUERADE_DOMAIN(mydomainalias.com <http://mydomainalias.com>)dnl
> dnl MASQUERADE_DOMAIN(mydomain.lan)dnl
> MAILER(smtp)dnl
> MAILER(procmail)dnl
> 
> ***/etc/mail/access contains:
> localhost.localdomain RELAY
> localhost RELAY
> 127.0.0.1 <http://127.0.0.1> RELAY
> 116.168.1.2 <http://116.168.1.2> RELAY
> mydomainname.com <http://mydomainname.com> RELAY
> # mail.mydomainname.com <http://mail.mydomainname.com> RELAY
> cyberpromo.com <http://cyberpromo.com> REJECT
> spam at buyme.com 550 Spammers shan't see sunlight here
> 
> ***/etc/hosts
> 127.0.0.1 <http://127.0.0.1> localhost.localdomain localhost
> #116.168.1.2 mail.mydomainname.com <http://mail.mydomainname.com> mail
> 
> ***/etc/mail/local-host-names contains:
> localhost
> localhost.localdomain
> server1.mydomainname.com <http://server1.mydomainname.com>
> 
> ***/etc/named.conf contains:
> controls {
> inet 127===========THE PROBLEM=============.0.0.1 allow { localhost;
> } keys { rndckey; };
> };
> include "/etc/named.custom";
> include "/etc/rndc.key";
> 
> zone "0.0.127.in-addr.arpa" {
> type master;
> file "0.0.127.in-addr.arpa.zone";
> };
> zone "1.168.116.in-addr.arpa" {
> type master;
> file "1.168.116.in-addr.arpa.zone";
> };
> zone "localhost" {
> type master;
> file "localhost.zone";
> };
> zone "mydomainname.com <http://mydomainname.com>" {
> type master;
> file "mydomainname.com.zone";
> };
> 
> ***/etc/init.d/iptables contains:
> # (1) Policies (default)
> iptables -P INPUT DROP
> iptables -P OUTPUT DROP
> iptables -P FORWARD DROP
> 
> # (2) User-defined chain for ACCEPTED TCP packets
> iptables -N okay
> iptables -A okay -p TCP --syn -j ACCEPT
> iptables -A okay -p TCP -m state --state ESTABLISHED,RELATED -j ACCEPT
> iptables -A okay -p TCP -j DROP
> 
> # (3) INPUT chain rules
> ## Rules for incoming packets from LAN
> iptables -A INPUT -p ALL -i eth1 -s 10.12.1.0/8 <http://10.12.1.0/8> -j 
ACCEPT
> iptables -A INPUT -p ALL -i lo -s 127.0.0.1 <http://127.0.0.1> -j ACCEPT
> iptables -A INPUT -p ALL -i lo -s 10.12.1.0 <http://10.12.1.0> -j ACCEPT
> iptables -A INPUT -p ALL -i lo -s 116.168.1.2 <http://116.168.1.2> -j 
ACCEPT
> iptables -A INPUT -p ALL -i eth1 -d 10.12.1.255 <http://10.12.1.255> -j 
ACCEPT
> 
> ## Rules for incoming packets from the Internet
> # Packets for established connections
> iptables -A INPUT -p ALL -d 116.168.1.2 <http://116.168.1.2> -m state 
--state \
> ESTABLISHED,RELATED -j ACCEPT
> 
> # REJECT THESE JERKS from accessing anything (HACKERS):
> iptables -A INPUT -p tcp -s 66.232.147.175 <http://66.232.147.175> -j 
REJECT --reject-with tcp-reset
> iptables -A INPUT -p tcp -s 67.169.132.93 <http://67.169.132.93> -j REJECT 
--reject-with tcp-reset
> iptables -A INPUT -p tcp -s 202.9.128.100 <http://202.9.128.100> -j REJECT 
--reject-with tcp-reset
> iptables -A INPUT -p tcp -s 202.9.183.254 <http://202.9.183.254> -j REJECT 
--reject-with tcp-reset
> iptables -A INPUT -p tcp -s 202.153.41.139 <http://202.153.41.139> -j 
REJECT --reject-with tcp-reset
> iptables -A INPUT -p tcp -s 210.51.188.113 <http://210.51.188.113> -j 
REJECT --reject-with tcp-reset
> 
> # TCP rules
> iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 21 -j okay
> iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 22 -j okay
> iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 25 -j okay
> iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 80 -j okay
> iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 110 -j okay
> iptables -A INPUT -p TCP -i eth0 -s 0/0 --destination-port 113 -j okay
> 
> # UDP rules
> iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 53 -j ACCEPT
> iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 2074 -j ACCEPT
> iptables -A INPUT -p UDP -i eth0 -s 0/0 --destination-port 4000 -j ACCEPT
> 
> # ICMP rules
> iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 8 -j ACCEPT
> iptables -A INPUT -p ICMP -i eth0 -s 0/0 --icmp-type 11 -j ACCEPT
> 
> # (4) FORWARD ip rules
> # Accept packets I want to forward
> iptables -A FORWARD -i eth1 -j ACCEPT
> iptables -A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
> 
> # (5) OUTPUT ip rules
> # ONLY output packets with local addresses (NO spoofing)
> iptables -A OUTPUT -p ALL -s 127.0.0.1 <http://127.0.0.1> -j ACCEPT
> iptables -A OUTPUT -p ALL -s 10.12.1.1 <http://10.12.1.1> -j ACCEPT
> iptables -A OUTPUT -p ALL -s 116.168.1.2 <http://116.168.1.2> -j ACCEPT
> 
> # (6) POSTROUTING ip rules
> iptables -t nat -A POSTROUTING -o eth0 -j SNAT --to-source 116.168.1.2<http://116.168.1.2>
> # uncomment the bottom for DHCP if it works first
> # iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
> 
> ===========THE PROBLEM=============
> Mail is going out to the Internet, but no matter what account I use (i.e.,
> freebee sites or otherwise, mail isn't coming in. When I review the mail
> server logs, I see it trying to be delivered:
> 
> May 12 17:24:10 SERVER1 sendmail[3883]: j49NiYov005141:
> to=<root at localhost.localdomain.mydomainname.com>,
> ctladdr=<root at SERVER1.mydomainname.com> (0/0), delay=2+21:39:17,
> xdelay=00:00:00, mailer=esmtp, pri=5880651,
> relay=localhost.localdomain.mydomainname.com<http://localhost.localdomain.mydomainname.com>., 
dsn=4.0.0, stat=Deferred:
> Connection timed out with localhost.localdomain.mydomainname.com<http://localhost.localdomain.mydomainname.com>
.
> 
> What is going on???
> 
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request at redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
> 

-- 
Vipul Ramani
linux2000in at gmail.com
linux2000in at yahoo.com
~~~~~We Know HOW NetWorkS ~~~~~