RFC 1123 allows a MTA to have a limit on the number of addresses it
attempts in trying to deliver a message. Does Sendmail use a limit?
If so, what is that limit and is there anyway to change it? I don't
see any configuration for dealing with remote multihomed hosts


I have an example of a remote mail domain that has two MX's. One MX
has 6 IP addresses, none of which are accessible to our outgoing
sendmail host. The other MX has 8 addresses, six of which are
inaccessible but two are accessible. It may be that the site doesn't
understand what they've done to themselves, but that's another issue.

I suspect the reason the IP addresses are inaccessible (we get ICMP
Communication Administratively Prohibited messages from their routers
when we try to send packets to the failing IP addresses) is that the
host is in another country and is probably closely tied to their main
offices in another continent.

When our outgoing mail system (ESMTP Sendmail 8.11.7p2+Sun/8.10.1 on
Solaris 5.8) has a message to this site, it reports "Connection
refused by <mx>". The MX mentioned is the one that has two addresses
that actually work.

From our outgoing mail system, if I telnet to port 25 on one of the
IP addresses of that MX, the connection works and I can initiate
sending a message.

So, I surmise that something is limiting the number of IP addresses
tried when delivering mail to this host. There might be as many as 12
addresses tried before a working address is found.


Having a limit on the number of MX IP addresses tried seems
appropriate in today's world of bad guys that might want to disrupt
your mail delivery. But is there someway to adjust this? Is this a
sendmail issue or perhaps an OS issue? If we can't adjust this, does
anyone have a suggestion of a workaround? (I haven't yet tried the
hack of adding a working IP address for the MX host in our /etc/hosts
file.)

In comp.mail.sendmail Mabry Tyson <mtyson@sonic.net.scratchthisout>:
> RFC 1123 allows a MTA to have a limit on the number of addresses it
> attempts in trying to deliver a message. Does Sendmail use a limit?
> If so, what is that limit and is there anyway to change it? I don't
> see any configuration for dealing with remote multihomed hosts


> I have an example of a remote mail domain that has two MX's. One MX
> has 6 IP addresses, none of which are accessible to our outgoing
> sendmail host. The other MX has 8 addresses, six of which are
> inaccessible but two are accessible. It may be that the site doesn't
> understand what they've done to themselves, but that's another issue.
[..]

Seems fine to me, if sendmail tries subsequently all MX records
available, if it can't reach the highest priority MX system and
so on. Might be just an attempt to obfuscate ratware or whatever
reason.

If this is a real problem for you, you could just route through
mailertable to the working MX, if they don't change. Presuming
those are just a few domains, this should be the easiest.

--
Michael Heiming (X-PGP-Sig > GPG-Key ID: EDD27B94)
mail: echo zvpunry@urvzvat.qr | perl -pe 'y/a-z/n-za-m/'
#bofh excuse 140: LBNC (luser brain not connected)

Mabry Tyson <mtyson@sonic.net.scratchthisout> writes:

> RFC 1123 allows a MTA to have a limit on the number of addresses it
> attempts in trying to deliver a message. Does Sendmail use a limit?
> If so, what is that limit and is there anyway to change it? I don't
> see any configuration for dealing with remote multihomed hosts
>
>
> I have an example of a remote mail domain that has two MX's. One MX
> has 6 IP addresses, none of which are accessible to our outgoing
> sendmail host. The other MX has 8 addresses, six of which are
> inaccessible but two are accessible. It may be that the site doesn't
> understand what they've done to themselves, but that's another issue.
>
> I suspect the reason the IP addresses are inaccessible (we get ICMP
> Communication Administratively Prohibited messages from their routers
> when we try to send packets to the failing IP addresses) is that the
> host is in another country and is probably closely tied to their main
> offices in another continent.
>
> When our outgoing mail system (ESMTP Sendmail 8.11.7p2+Sun/8.10.1 on
> Solaris 5.8) has a message to this site, it reports "Connection
> refused by <mx>". The MX mentioned is the one that has two addresses
> that actually work.
>
> From our outgoing mail system, if I telnet to port 25 on one of the IP
> addresses of that MX, the connection works and I can initiate sending
> a message.
>
> So, I surmise that something is limiting the number of IP addresses
> tried when delivering mail to this host. There might be as many as 12
> addresses tried before a working address is found.
>
>
> Having a limit on the number of MX IP addresses tried seems
> appropriate in today's world of bad guys that might want to disrupt
> your mail delivery. But is there someway to adjust this? Is this a
> sendmail issue or perhaps an OS issue? If we can't adjust this, does
> anyone have a suggestion of a workaround? (I haven't yet tried the
> hack of adding a working IP address for the MX host in our /etc/hosts
> file.)

You may create such limit "indirectly" by mixing Timeout.aconnect and
Timeout.connect. BTW your "problem" may be eased by using
Timeout.iconnect and host status information (information about
success/failure of previous connections attempts).

http://www.sendmail.org/m4/tweaking_...onfTO_ACONNECT

--
[pl>en: Andrew] Andrzej Adam Filip : anfi@priv.onet.pl : anfi@xl.wp.pl
Before You Ask: http://anfi.homeunix.net/sendmail/B4UAsk-Sendmail.html
http://anfi.homeunix.net/sendmail/ [orkut,linkedin,xing]