Re: sendmail problem

Subject: Re: sendmail problem
From: James F. Zuelow Jr. (jamesz@ideafamilies.org)
Date: Thu Mar 07 2002 - 09:19:43 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Greg Madden: "Re: Fw: Re: Friday Nites @ APU"
• Previous message: Justin Dieters: "Re: sendmail problem"
• In reply to: Justin Dieters: "Re: sendmail problem"
• Next in thread: Richard Mckinney: "Re: sendmail problem"
• Reply: James F. Zuelow Jr.: "Re: sendmail problem"
• Reply: James F. Zuelow Jr.: "Re: sendmail problem"

----- Original Message -----
From: "Justin Dieters" <enderak@yahoo.com>
To: "James F. Zuelow Jr." <jamesz@ideafamilies.org>
Cc: "Aklug" <aklug@aklug.org>
Sent: Thursday, March 07, 2002 9:02 AM
Subject: Re: sendmail problem

OK, I think it is still a DNS problem with the e-mail address you're
using on your workstation and Sendmail attempting to not relay spam.
IMHO it is much easier to just put in a firewall, NAT both boxes, and
tell Sendmail to accept mail from your local network (192.168.0.x or
whatever). Don't forget to port forward mail traffic to your server.

Or, you can figure out how to tell mail.enderakonline.com that it is OK
to relay from your workstation. I think I sent you a link about ESMPT
authentication last month. If you look at the mail headers of the mail
you send through yahoo.com you'll see that is what they're doing (you'll
see a line that starts "Received: from enderak (AUTH plain) at
118-..."). That would avoid the whole problem, as your workstation
would actually authenticate itself to Sendmail every time it connected.

Here's a quote:

xxxx
Inconsistent DNS data
QAA02454: <ESCAPEFOUR@AOL.COM>... Relaying denied
QAA02454: ruleset=check_rcpt, arg1=<ESCAPEFOUR@AOL.COM>,
 relay=some.domain [10.0.0.1] (may be forged),
    reject=550 <ESCAPEFOUR@AOL.COM>... Relaying denied
QAA02454: from=<Anonymous@aol.com>, size=0, class=0, pri=0, nrcpts=0,
 proto=SMTP, relay=some.domain [10.0.0.1] (may be forged)

Here the (may be forged) is the important part: it means that the DNS
data for the host is inconsistent, and hence the name is not used for
the relaying check but only the IP number. So this is the same situation
as before. If the host name would be used, it would be simple to
circumvent basic anti-relaying checks because the PTR records might be
under the control of an attacker, so he can chose any name he wants for
his IP address. That is, he can select a name for which you allow
relaying because that name is one that you control (your domain name).
However, the forward (A) lookup will fail or give at least a different
IP address, hence the name is marked as (may be forged)
xxxx

from this link:

http://www.sendmail.org/~ca/email/relayingdenied.html

Cheers,

James

• Next message: Greg Madden: "Re: Fw: Re: Friday Nites @ APU"
• Previous message: Justin Dieters: "Re: sendmail problem"
• In reply to: Justin Dieters: "Re: sendmail problem"
• Next in thread: Richard Mckinney: "Re: sendmail problem"
• Reply: James F. Zuelow Jr.: "Re: sendmail problem"
• Reply: James F. Zuelow Jr.: "Re: sendmail problem"

This archive was generated by hypermail 2a23 : Thu Mar 07 2002 - 09:27:06 AKST