PHWinfo - Afficher un message - Limit on number of MX IP addresses (multihomed MX hosts)

27/01/2007, 12h41

Mabry Tyson <mtyson@sonic.net.scratchthisout> writes:

> RFC 1123 allows a MTA to have a limit on the number of addresses it
> attempts in trying to deliver a message. Does Sendmail use a limit?
> If so, what is that limit and is there anyway to change it? I don't
> see any configuration for dealing with remote multihomed hosts
>
>
> I have an example of a remote mail domain that has two MX's. One MX
> has 6 IP addresses, none of which are accessible to our outgoing
> sendmail host. The other MX has 8 addresses, six of which are
> inaccessible but two are accessible. It may be that the site doesn't
> understand what they've done to themselves, but that's another issue.
>
> I suspect the reason the IP addresses are inaccessible (we get ICMP
> Communication Administratively Prohibited messages from their routers
> when we try to send packets to the failing IP addresses) is that the
> host is in another country and is probably closely tied to their main
> offices in another continent.
>
> When our outgoing mail system (ESMTP Sendmail 8.11.7p2+Sun/8.10.1 on
> Solaris 5.8) has a message to this site, it reports "Connection
> refused by <mx>". The MX mentioned is the one that has two addresses
> that actually work.
>
> From our outgoing mail system, if I telnet to port 25 on one of the IP
> addresses of that MX, the connection works and I can initiate sending
> a message.
>
> So, I surmise that something is limiting the number of IP addresses
> tried when delivering mail to this host. There might be as many as 12
> addresses tried before a working address is found.
>
>
> Having a limit on the number of MX IP addresses tried seems
> appropriate in today's world of bad guys that might want to disrupt
> your mail delivery. But is there someway to adjust this? Is this a
> sendmail issue or perhaps an OS issue? If we can't adjust this, does
> anyone have a suggestion of a workaround? (I haven't yet tried the
> hack of adding a working IP address for the MX host in our /etc/hosts
> file.)

You may create such limit "indirectly" by mixing Timeout.aconnect and
Timeout.connect. BTW your "problem" may be eased by using
Timeout.iconnect and host status information (information about
success/failure of previous connections attempts).

http://www.sendmail.org/m4/tweaking_...onfTO_ACONNECT

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html
http://anfi.homeunix.net/sendmail/ [orkut,linkedin,xing]

27/01/2007, 12h41	#3
Andrzej Adam Filip Messages: n/a Hébergeur:	Re: Limit on number of MX IP addresses (multihomed MX hosts) Mabry Tyson <mtyson@sonic.net.scratchthisout> writes: > RFC 1123 allows a MTA to have a limit on the number of addresses it > attempts in trying to deliver a message. Does Sendmail use a limit? > If so, what is that limit and is there anyway to change it? I don't > see any configuration for dealing with remote multihomed hosts > > > I have an example of a remote mail domain that has two MX's. One MX > has 6 IP addresses, none of which are accessible to our outgoing > sendmail host. The other MX has 8 addresses, six of which are > inaccessible but two are accessible. It may be that the site doesn't > understand what they've done to themselves, but that's another issue. > > I suspect the reason the IP addresses are inaccessible (we get ICMP > Communication Administratively Prohibited messages from their routers > when we try to send packets to the failing IP addresses) is that the > host is in another country and is probably closely tied to their main > offices in another continent. > > When our outgoing mail system (ESMTP Sendmail 8.11.7p2+Sun/8.10.1 on > Solaris 5.8) has a message to this site, it reports "Connection > refused by <mx>". The MX mentioned is the one that has two addresses > that actually work. > > From our outgoing mail system, if I telnet to port 25 on one of the IP > addresses of that MX, the connection works and I can initiate sending > a message. > > So, I surmise that something is limiting the number of IP addresses > tried when delivering mail to this host. There might be as many as 12 > addresses tried before a working address is found. > > > Having a limit on the number of MX IP addresses tried seems > appropriate in today's world of bad guys that might want to disrupt > your mail delivery. But is there someway to adjust this? Is this a > sendmail issue or perhaps an OS issue? If we can't adjust this, does > anyone have a suggestion of a workaround? (I haven't yet tried the > hack of adding a working IP address for the MX host in our /etc/hosts > file.) You may create such limit "indirectly" by mixing Timeout.aconnect and Timeout.connect. BTW your "problem" may be eased by using Timeout.iconnect and host status information (information about success/failure of previous connections attempts). http://www.sendmail.org/m4/tweaking_...onfTO_ACONNECT -- [pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html http://anfi.homeunix.net/sendmail/ [orkut,linkedin,xing]