| |
| |
| |
|
Page: 1 2
Comments:
<Squintz> thats the proper way correct?
<Zerberus> not needed
<Zerberus> the sendmail init script does that all itself
<Zerberus> /etc/init.d/sendmail restart is all whats needed
<Squintz> Okay, Still no route to host
<Zerberus> did you say that "telnet gsmtp183.google.com 25" did not work?
<Squintz> Trying 64.233.183.27...
<Squintz> telnet: connect to address 64.233.183.27: No route to host
<Zerberus> your problem is no sendmail problem
<Zerberus> fix your network setup
<Squintz> Its a godaddy vserver. What do i need to tell them?
<Squintz> Is there another telnet site i should try?
<Zerberus> you can test yourself whether it is an MTU/MSS issue
<Zerberus> telnet mail.dscd.de 25
<weenie> well... interesting - earlier I had you do the nslookup - which is fine - you are resolving the name - but you can't route to it.
<Squintz> the telnet did not work either
<Zerberus> broken network
<weenie> in order for the telnet to work it needs a route to the IP address
<HotaruT> maybe godaddy has a policy regarding to sending mail.. like.. "all outgoing mail must go through relay XYZ" .. (just guessing .. that the police my University has)
<Squintz> calling godaddy now
<weenie> did telnet localhost 25 work?
<Zerberus> weenie: telnet to port 25 of his mail server works from outside
<Squintz> Trying 127.0.0.1...
<Squintz> Connected to localhost.
<Squintz> Escape character is '^]'.
<Squintz> 220 mail.smarterior.com ESMTP Sendmail 8.12.11/8.12.11; Wed, 15 Feb 2006 16:37:57 -0700
<weenie> looks like that worked
<weenie> zerb:: oh ok.. sorry didn't see that was done
<Squintz> on hold with godaddy to see what they have to say
<Zerberus> enforcing to use their MTA as smart_host is possible
<weenie> anyone know why he might have that second def route?
<Squintz> i'll ask
<weenie> good luck :)
<Squintz> here we go
<weenie> my money is that they will tell you to reboot windows <G>
<Squintz> http://help.godaddy.com/article.php?article_id=150&topic_id=&&;
<Squintz> they have port 25 blocked and i have to use their relay :)
<Squintz> SOOoo
<Squintz> is that as simple as configurein the smart host?
<Zerberus> yes
<HotaruT> Zerberus: btw.. any idea what is happening to me with mime-parts with type message/rfc822 and encoding base64? (o:
<Zerberus> no, sorry
<Squintz> yes
<Squintz> yes yes yes
<Squintz> ohhh yes
<Squintz> :)
<Squintz> its working
<weenie> :)
<weenie> good deal
<Squintz> THank you guys a ton for baring with me
<weenie> good luck
<HotaruT> Zerberus: but, can you reproduce this issue? .. or did I somehting ... funny?
<weenie> ... i hope since they are forcing you through their proxy that they at least filter spam :)
<Squintz> it was sent to me as root@mail.smarterior.com so i have to figure out why thats happening
<Squintz> I guess i did send it from root
<Squintz> Who cares... atleast i can send mail from my site now
<Squintz> thank god
<Zerberus> root is not masqueraded, it is an exposed user
<Magni> who's up for talking to a newbie?
<Zerberus> if you ask specific questions
<Magni> I'll do my best.
<Magni> I have 2 (I believe realted) problems.
<Magni> I've agreed to act as an MX host for a friends domain.
<Magni> he has a static IP on a DSL connection, if his DSL goes down I'll quere the email for him, is there anyway top stop my sendmail from sending the status messgaes like: this message could not be sent for 4hours etc?
<Magni> that's qustion one, the second question is an extension of the first. any ideas? or shoudl I just not bother?
<Zerberus> i would not change the default timeout values
<Magni> okay well that's pretty simple.
<Magni> Doing this for my friend made me think I'd like to try and do the same for my domain. except I don't have a static IP. can I work SSL magic so that email queed for my remote box will only be delivered to my machine (not a machin on my old IP running an SMTP server), does that make sense, or should I clarify?
<Zerberus> i do not understand
<Magni> (by SSL magic I mean with appropriate certificates, not just encryption over the wire)
<Magni> ok
<Zerberus> for what do you think you need a secondary/backup MX?
<Zerberus> be aware that you have to protect it the same against spam like the primary
<Magni> Yeah I don't think that's a major problem.
<Magni> I have 2 machines pythia (hosted in a data center) and magni (in my office on a DSL connection).
<Magni> I'd like all email addressed to *@mydomain to end up on magni
<Magni> if magni is unavailble (DSL isn't so great in Canberra Australia) I want pythia to queue the mail.
<Magni> magni has a dynamic IP (and is using ddns)
<Zerberus> this is default behaviour, if pythia is relaying
<Zerberus> that is risky
<Magni> what I want to avoid is while magni is offline pythia delivering mail to another host on the lat known IP of magni
<Magni> I was hoping there was some config options I could set on pythia/magni to ensure that pythia only delivers mail to my machine.
<Zerberus> let pythia just queue and get the mail from there over an openvpn tunnel
<Zerberus> that would be safe
<Zerberus> simpler: use fetchmail
<Magni> but doens't fetchmail lose envelope data?
<Zerberus> you speak about multidrop? if yes, right, it is tricky
<Zerberus> openvpn might be the safest solution
<Magni> for example if an email is bcc'd to fred@mydomain, and it's queued in a generic mbox on pythia, how do I know where to deliver it when it reaches magni?
<Zerberus> bcc is a client function
<Zerberus> envelope recipient is fred@mydomain
<Magni> I'll need to mull that over.
<Magni> I though that once the MTA delivered it, there was no "evidence" that it'd been address to fred@mydomain for fetcmail to look at.
<Magni> I /could/ setup mirrored accounts on pythia and just do a fectmail into the matching accounts on magni which would certainly avoid what I'm thinking is a problem.
<Magni> Zerberus: Thanks you the advice. I'll wnader off and think it over
<Zerberus> ok - have fun
<Magni> I will :)
<mylo> How to set a secured MTA to MTA using sendmail ? is it by enabling TTLS ?
<mylo> and which certificate should i buy ? I only see a list of web servers in thawte or verisign
<Zerberus> STARTTLS is a standard way
<Zerberus> you do not need to buy certificates
<Zerberus> you either can be your own CA, or use CAcert.org i.e.
<mylo> By my understanding, buy/registering certificate to thawte or verisign allows the certificate to verified so users will not be prompted, correct ?
<mylo> note: by means of "user will not be prompted" it is if the certificate is applied to web server, and the users uses web browsers
<Zerberus> true, some CAs are already trusted within default browsers
<Zerberus> but you were speaking about "secured MTA to MTA"
<mylo> yes, sorry to confused you, because currently i only understand certificate within web context.
<mylo> so for a secured "MTA to MTA" connection, I should enable the STARTTLS ?
<Zerberus> yes
<Zerberus> for securing client auth too, if using plain or login
<mylo> what is the different between plain or login ?
<mylo> isn't it plain or md5(or something like it) ?
<Zerberus> you may read through www.sendmail.org/~ca/
<mylo> i'm currently reading sial.org/sendmail. i'll read it afterwards
<mylo> thanks Zerberus
<Zerberus> n8
<mylo> now that I have sign my own certificate, and enable STARTTLS in sendmail, how to test it ? I have 2 computer running sendmail, with local DNS MX record responsible for each own hostname. how to make sure that their transaction are secure ?
<HotaruT> sendmail -v user@otherhost ... you should see STARTTLS there..
<mylo> I saw it, but did the connection between the MTA really encrypted ?
<mylo> in the maillog file, STARTTLS=server, relay=localhost.localdomain [127.0.0.1], version=TLSv1/SSLv3, verify=NO, cipher=DHE-RSA-AES256-SHA, bits=256/256
<mylo> is it chipered ?
<mylo> what about the verify=no? is it because i'm selfsigned ?
<pasteling> "mylo" at 202.146.241.9 pasted "How to verify my MTA to MTA configuration has worked and transmission is encrypted" (74 lines, 4.3K) at http://sial.org/pbot/15889
<mylo> well i was about to paste the link :) nice bot
<xover> Time for next stupid question...
<xover> A (locally generated) message keeps getting bounced with "552 5.6.0 Headers too large (32768 max)".
<xover> All information I have on the exact contents of the message indicate it shouldn't exceede any conceivable limits (unless it's malformed somehow).
<xover> I've tried using the -X flag to capture the message, but I seem to only be seeing the bounce message here.
<xover> I'm guessing this is because the box is set up to use a MSA (which separation I don't really understand, but can guess roughly how and why) and it communicates over a different channel (that -X doesn't capture).
<xover> So the question then becomes; what magic debug flag do I need to use to be able to capture this particular message?
<xover> Or is there a FAQ somewhere laying out "If you get this bounce, you've done Stupid Thing #354; don't do that."? :-)
<xover> The kicker is that I seem to have introduced this problem during my recent fiddling with sendmail.mc and friends (genericstable); at least according to the customer who claims this didn't used to happen.
<cpace> i'm getting this error from sendmail
<cpace> 554 5.3.5 buildaddr: unknown mailer localhost
<cpace> right after RCPT TO
<cpace> any help would be greatly appreciated
<cpace> if anyone can help, please email cpace2@drury.edu, thanks
Return to
#sendmail
or
Go to some related
logs:
noteedit libpng error: Read Error
frucks
flizzoyd83
printk manpage
#perl
#debian
#bash
mythtv package kernel is not installed
#lisp
ubuntu modprobe.d loop
|
|
