Re: More on Masquerading

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Am So, den 15.08.2004 schrieb Harry Putnam um 2:59:

> One of these *mc files cures my bounce problem.  The one with the
> Masquerading stuff in it.

sendmail2.mc

> >From another thread I've learned that masquerading doesn't work as I
> thought it did but for years now I've been masquerading what ever
> machines I have at home as `newsguy.com'.  I thought I'd learned a way
> of using the `genericstable' to do something similar and not need to
> masquerade.

Is newsguy.com your domain? I ask because of the central and important
comment on masquerading from the cf/README:

"The masquerade name is not normally canonified, so it is important that
it be your One True Name, that is, fully qualified and not a CNAME.
However, if you use a CNAME, the receiving side may canonify it for you,
so don't think you can cheat CNAME mapping this way."
(http://www.sendmail.org/m4/masquerading_relaying.html)

> My assumption was that the `Smart_host' at the other end of my
> sendmails outgoing activity required a resolvable host as source IP to
> avoid bouncing.  I thought by setting some genericstable vars I could
> make it appear to be a resolvable host name.

It makes not much sense to offer a smart host which requires a
resolvable FQDN. How should people at home with DSL, modem or ISDN
connection mail throught their ISP's smart host? It is the task of the
ISP's smart host to jump into this gap and offer such linked users the
ability to use their own MTA without the risk that many if not most of
the recipient MTAs reject mail coming from them, just because they have
no resolvable FQDN.

Whether the contacting host announces himself with a resolvable FQDN at
HELO/EHLO depends from settings of the real hostname, the domain name
(if set in sendmail.mc) and from masquerading settings (if are defined).
Genericstable does only rewrite the sender envelope address.

> It is not an internet FQDN, just my own made up domain for my local
> lan.  Therefore will never be resovable by dns lookups.

Important is that your bogus (internal) FQDN is internally resolvable.
Using a 

> My attempt at using generics tables consisted of adding:
> (see sendmail2.mc below for the full settings)
> 
>   FEATURE(`genericstable')dnl
>   FEATURE(`generics_entire_domain')dnl
> 
> And to /etc/mail/genericstable:
>    reader               reader@xxxxxxxxxxx

--> GENERICS_DOMAIN(`local.net0')dnl

belongs to the set, else the genericstable feature would not know for
which domains to look for rewriting.

> Building the hash and restarting sendmail.

Maybe my misunderstanding at this point and just to clear out: if you
only change map files (the text files from which hashes/.db files are
generated) you do not need to restart Sendmail. That is one sense of
using these hash files. A Sendmail daemon restart is only necessary if
you change the central configuration files ending with .cf (sendmail.cf
and submit.cf) and after changes on pure text files like
local-host-names, generics-domains or trusted-users.

> With that in place I get these kind of errors:
> (wrapped for mail).  They happen too quickly to be coming from the
> smart_host so its my sendmail process rejecting it.
> 
> >From /var/log/messages
> 
> Aug 14 19:31:34 reader sendmail[12324]: i7F0VTsA012322:
> to=<reader@xxxxxxxx>, ctladdr=<reader@xxxxxxxxxxxxxxxxx> (500/500),
> delay=00:00:04, xdelay=00:00:04, mailer=relay, pri=120355,
> relay=smtp.newsguy.com. [129.250.170.69], dsn=5.6.0, stat=Data format
> error
> 
> Aug 14 19:33:05 reader sendmail[12353]: i7F0X40h012351:
> to=<hpreader@xxxxxxxxxxxxx>, ctladdr=<reader@xxxxxxxxxxxxxxxxx>
> (500/500), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=120369,
> relay=smtp.newsguy.com. [129.250.170.69], dsn=5.6.0, stat=Data format
> error

Please check what following prints out:

echo "$=M" | /usr/lib/sendmail -bt -d0

echo "$=G" | /usr/lib/sendmail -bt

> ===
> /etc/hosts
> 
> # Do not remove the following line, or various programs
> # that require network functionality will fail.
> 127.0.0.1   localhost.localdomain localhost
> # ===========================================================
> 192.168.0.4     reader.local.net0    reader   # fedcore3 t1
> [...] stripped list of non-pertinent HOSTs
> 
> 192.168.0.4 is the machine in question

The hosts file looks perfect.

> =====
> sendmail1.mc

[ ... ]

> FEATURE(`genericstable')dnl
> FEATURE(`generics_entire_domain')dnl
> GENERICS_DOMAIN(`local.net0')dnl

[ ... ]

> ===
> sendmail2.mc

[ ... ]

> FEATURE(`genericstable')dnl
> GENERICS_DOMAIN(`local.net0')dnl

[ ... ]

> LOCAL_DOMAIN(`localhost.localdomain')dnl
> MASQUERADE_AS(`newsguy.com')dnl
> FEATURE(masquerade_envelope)dnl

[ ... ]

There is missing:

MASQUERADE_DOMAIN(`localhost')dnl
MASQUERADE_DOMAIN(`localhost.localdomain')dnl
MASQUERADE_DOMAIN(`reader.local.net0')dnl

Both commands from above for class{M} and class{G} have to show proper
settings.

Alexander


-- 
Alexander Dalloz | Enger, Germany | GPG key 1024D/ED695653 1999-07-13
Fedora GNU/Linux Core 2 (Tettnang) kernel 2.6.7-1.494.2.2smp 
Serendipity 04:49:12 up 10 days, 22:16, load average: 0.22, 0.27, 0.39 

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux