How do you turn of DNS lookups in sendmail

22/01/2007, 11h49

I work for a local authority and we have a sendmail server routing mail between us and 3 partner authorities acress a leased line. In total there are 3 primary domains that need to be routed:

leicester.gov.uk
leics.gov.uk
nhs.uk

The last one of these nhs.uk has several sub-domains that we need to route.

I have turned off DNS on the Solaris server by editing the nsswitch.conf file to say:

hosts files

I have also renamed the named.conf file which prevents named from being started up at system startup. The result is a machine that does not do DNS lookups.

I am able to send mail from leicester.gov.uk (our domain), but I cannot receive mail from the other domains. I get the error:

" reject=553 5.1.8 <RMills@leics.gov.uk>... Domain of sender address RMills@leics.gov.uk does not exist"

What do I need to do to ensure that sendmail does not try to reolve the other two domains in DNS?
For example, should I put it in domians so that it treats is as a local domians?

22/01/2007, 12h05

John Chajecki wrote:

> I have also renamed the named.conf file which prevents named from being started up at system startup. The result is a machine that does not do DNS lookups.

This is a quite bad way to disable a service, you should use the proper tools
for turning off services instead of bad hacks.

List services: /usr/bin/svcs -a

example on how to turn of a service:
/usr/sbin/svcadm disable svc:/network/nfs/cbd:default

> " reject=553 5.1.8 <RMills@leics.gov.uk>... Domain of sender address RMills@leics.gov.uk does not exist"
>
> What do I need to do to ensure that sendmail does not try to reolve the other two domains in DNS?
> For example, should I put it in domians so that it treats is as a local domians?

In sendmail.mc add

FEATURE(`accept_unresolvable_domains')

--

//Aho

22/01/2007, 12h50

"John Chajecki" <jchaj@dsl.pipex.com> writes:

> I work for a local authority and we have a sendmail server routing
> mail between us and 3 partner authorities acress a leased line. In
> total there are 3 primary domains that need to be routed:
>
> leicester.gov.uk
> leics.gov.uk
> nhs.uk
>
> The last one of these nhs.uk has several sub-domains that we need to
> route.
>
> I have turned off DNS on the Solaris server by editing the
> nsswitch.conf file to say:
>
> hosts files
>
> I have also renamed the named.conf file which prevents named from
> being started up at system startup. The result is a machine that does
> not do DNS lookups.
>
> I am able to send mail from leicester.gov.uk (our domain), but I
> cannot receive mail from the other domains. I get the error:
>
> " reject=553 5.1.8 <RMills@leics.gov.uk>... Domain of sender address
> RMills@leics.gov.uk does not exist"
>
> What do I need to do to ensure that sendmail does not try to reolve
> the other two domains in DNS?

* add the domains to /etc/hosts
OR*
* use FEATURE(`accept_unresolvable_domains') and FEATURE(`nocanonify')

> For example, should I put it in domians so that it treats is as a
> local domians?

No

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html
http://anfi.homeunix.net/sendmail/

22/01/2007, 15h06

* use FEATURE(`accept_unresolvable_domains')

Thank you. That worked fine.

I was wondering what the FEATURE(`nocanonify') is for so I looked it up and found this:

"Don't pass addresses to $[ ... $] for canonification by default, i.e., host/domain names are considered canonical, except for unqualified names, which must not be used in this mode (violation of the standard). It can be changed by setting the DaemonPortOptions modifiers (M=). That is, FEATURE(`nocanonify') will be overridden by setting the 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, it can be emulated by setting the 'C' flag (DaemonPortOptions=Modifiers=C). This would generally only be used by sites that only act as mail gateways or which have user agents that do full canonification themselves. You may also want to use "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off the usual resolver options that do a similar thing.

An exception list for FEATURE(`nocanonify') can be specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, i.e., a list of domains which are nevertheless passed to $[ ... $] for canonification. This is useful to turn on canonification for local domains, e.g., use CANONIFY_DOMAIN(`my.domain my') to canonify addresses which end in "my.domain" or "my". Another way to require canonification in the local domain is CANONIFY_DOMAIN(`$=m'). "

Can someone please explain wht this means in plain language?
Thank you.

22/01/2007, 15h49

"John Chajecki" <jchaj@dsl.pipex.com> writes:

> * use FEATURE(`accept_unresolvable_domains')
>
> Thank you. That worked fine.
>
> I was wondering what the FEATURE(`nocanonify') is for so I looked it
> up and found this:
>
> "Don't pass addresses to $[ ... $] for canonification by default,
> i.e., host/domain names are considered canonical, except for
> unqualified names, which must not be used in this mode (violation of
> the standard). It can be changed by setting the DaemonPortOptions
> modifiers (M=). That is, FEATURE(`nocanonify') will be overridden by
> setting the 'c' flag. Conversely, if FEATURE(`nocanonify') is not
> used, it can be emulated by setting the 'C' flag
> (DaemonPortOptions=Modifiers=C). This would generally only be used by
> sites that only act as mail gateways or which have user agents that do
> full canonification themselves. You may also want to use
> "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off the usual
> resolver options that do a similar thing.
>
> An exception list for FEATURE(`nocanonify') can be specified with
> CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, i.e., a list of domains which
> are nevertheless passed to $[ ... $] for canonification. This is
> useful to turn on canonification for local domains, e.g., use
> CANONIFY_DOMAIN(`my.domain my') to canonify addresses which end in
> "my.domain" or "my". Another way to require canonification in the
> local domain is CANONIFY_DOMAIN(`$=m'). "
>
> Can someone please explain wht this means in plain language?
> Thank you.

Sendmail passes recipient(s) and sender(s) addresses from headers via
DNS lookups (e.g. to rewrite CNAMEs). FEATURE(`nocanonify') stops it.

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html
http://anfi.homeunix.net/sendmail/

22/01/2007, 11h49	#1
John Chajecki Messages: n/a Hébergeur:	How do you turn of DNS lookups in sendmail I work for a local authority and we have a sendmail server routing mail between us and 3 partner authorities acress a leased line. In total there are 3 primary domains that need to be routed: leicester.gov.uk leics.gov.uk nhs.uk The last one of these nhs.uk has several sub-domains that we need to route. I have turned off DNS on the Solaris server by editing the nsswitch.conf file to say: hosts files I have also renamed the named.conf file which prevents named from being started up at system startup. The result is a machine that does not do DNS lookups. I am able to send mail from leicester.gov.uk (our domain), but I cannot receive mail from the other domains. I get the error: " reject=553 5.1.8 <RMills@leics.gov.uk>... Domain of sender address RMills@leics.gov.uk does not exist" What do I need to do to ensure that sendmail does not try to reolve the other two domains in DNS? For example, should I put it in domians so that it treats is as a local domians?

22/01/2007, 12h05	#2
J.O. Aho Messages: n/a Hébergeur:	Re: How do you turn of DNS lookups in sendmail John Chajecki wrote: > I have also renamed the named.conf file which prevents named from being started up at system startup. The result is a machine that does not do DNS lookups. This is a quite bad way to disable a service, you should use the proper tools for turning off services instead of bad hacks. List services: /usr/bin/svcs -a example on how to turn of a service: /usr/sbin/svcadm disable svc:/network/nfs/cbd:default > " reject=553 5.1.8 <RMills@leics.gov.uk>... Domain of sender address RMills@leics.gov.uk does not exist" > > What do I need to do to ensure that sendmail does not try to reolve the other two domains in DNS? > For example, should I put it in domians so that it treats is as a local domians? In sendmail.mc add FEATURE(`accept_unresolvable_domains') -- //Aho

22/01/2007, 12h50	#3
Andrzej Adam Filip Messages: n/a Hébergeur:	Re: How do you turn of DNS lookups in sendmail "John Chajecki" <jchaj@dsl.pipex.com> writes: > I work for a local authority and we have a sendmail server routing > mail between us and 3 partner authorities acress a leased line. In > total there are 3 primary domains that need to be routed: > > leicester.gov.uk > leics.gov.uk > nhs.uk > > The last one of these nhs.uk has several sub-domains that we need to > route. > > I have turned off DNS on the Solaris server by editing the > nsswitch.conf file to say: > > hosts files > > I have also renamed the named.conf file which prevents named from > being started up at system startup. The result is a machine that does > not do DNS lookups. > > I am able to send mail from leicester.gov.uk (our domain), but I > cannot receive mail from the other domains. I get the error: > > " reject=553 5.1.8 <RMills@leics.gov.uk>... Domain of sender address > RMills@leics.gov.uk does not exist" > > What do I need to do to ensure that sendmail does not try to reolve > the other two domains in DNS? * add the domains to /etc/hosts OR* * use FEATURE(`accept_unresolvable_domains') and FEATURE(`nocanonify') > For example, should I put it in domians so that it treats is as a > local domians? No -- [pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html http://anfi.homeunix.net/sendmail/

22/01/2007, 15h06	#4
John Chajecki Messages: n/a Hébergeur:	Re: How do you turn of DNS lookups in sendmail * use FEATURE(`accept_unresolvable_domains') Thank you. That worked fine. I was wondering what the FEATURE(`nocanonify') is for so I looked it up and found this: "Don't pass addresses to $[ ... $] for canonification by default, i.e., host/domain names are considered canonical, except for unqualified names, which must not be used in this mode (violation of the standard). It can be changed by setting the DaemonPortOptions modifiers (M=). That is, FEATURE(`nocanonify') will be overridden by setting the 'c' flag. Conversely, if FEATURE(`nocanonify') is not used, it can be emulated by setting the 'C' flag (DaemonPortOptions=Modifiers=C). This would generally only be used by sites that only act as mail gateways or which have user agents that do full canonification themselves. You may also want to use "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off the usual resolver options that do a similar thing. An exception list for FEATURE(`nocanonify') can be specified with CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, i.e., a list of domains which are nevertheless passed to $[ ... $] for canonification. This is useful to turn on canonification for local domains, e.g., use CANONIFY_DOMAIN(`my.domain my') to canonify addresses which end in "my.domain" or "my". Another way to require canonification in the local domain is CANONIFY_DOMAIN(`$=m'). " Can someone please explain wht this means in plain language? Thank you.

22/01/2007, 15h49	#5
Andrzej Adam Filip Messages: n/a Hébergeur:	Re: How do you turn of DNS lookups in sendmail "John Chajecki" <jchaj@dsl.pipex.com> writes: > * use FEATURE(`accept_unresolvable_domains') > > Thank you. That worked fine. > > I was wondering what the FEATURE(`nocanonify') is for so I looked it > up and found this: > > "Don't pass addresses to $[ ... $] for canonification by default, > i.e., host/domain names are considered canonical, except for > unqualified names, which must not be used in this mode (violation of > the standard). It can be changed by setting the DaemonPortOptions > modifiers (M=). That is, FEATURE(`nocanonify') will be overridden by > setting the 'c' flag. Conversely, if FEATURE(`nocanonify') is not > used, it can be emulated by setting the 'C' flag > (DaemonPortOptions=Modifiers=C). This would generally only be used by > sites that only act as mail gateways or which have user agents that do > full canonification themselves. You may also want to use > "define(`confBIND_OPTS', `-DNSRCH -DEFNAMES')" to turn off the usual > resolver options that do a similar thing. > > An exception list for FEATURE(`nocanonify') can be specified with > CANONIFY_DOMAIN or CANONIFY_DOMAIN_FILE, i.e., a list of domains which > are nevertheless passed to $[ ... $] for canonification. This is > useful to turn on canonification for local domains, e.g., use > CANONIFY_DOMAIN(`my.domain my') to canonify addresses which end in > "my.domain" or "my". Another way to require canonification in the > local domain is CANONIFY_DOMAIN(`$=m'). " > > Can someone please explain wht this means in plain language? > Thank you. Sendmail passes recipient(s) and sender(s) addresses from headers via DNS lookups (e.g. to rewrite CNAMEs). FEATURE(`nocanonify') stops it. -- [pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html http://anfi.homeunix.net/sendmail/

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email