sendmail and DNS problem.

22/05/2007, 09h20

Hoping you guys can me,

we have just moved premises, and started using a new ISP for our
internet connection. Apart from altering our static IP addresses /
gateway / DNS servers, nothing has changed regarding our servers.

Yet when our mail server trys to accept a connection, we get an error
like this:
stat=Deferred: Connection refused by bed-11.uk.clara.net

After speaking to technical support, they assured me that everything
there end was setup correctly and that it must be our mailserver that
was not configured correct. After scouring the internet for the same
problem and running a few tests, I had come to the conclusion that it
was a DNS error.

So I setup a basic DNS on our Exchange server, and added our
mailservers external IP address as the MX record for our domain.
Pointed our mailservers first DNS server to our exchange server, and
hey presto we started receiving email. Back on the phone with
technical support explaining what I had done, and that it was working,
but they still refused to . Stating that because we ran our own
mailserver they cannot me.

It was only after this conversation that i then found our outgoing
mailserver was having the same problems. Every email we sent was being
refused too, with the error message:
stat=Deferred: Connection refused by bed-11.uk.clara.net

Again i pointed the DNS server for this machine to our intermal
exchange server, and it started working.

I have done a few tests regarding our internal DNS and Clara Nets DNS
with sendmail
(echo "check_rcpt david.greenhall@praybourne.co.uk" | sendmail -bt -
d8.20)
to see what errors were coming back and this is the results for the
DNS section:

Internal DNS server:
dns_getcanonname(praybourne.co.uk, trymx=1)
dns_getcanonname: trying praybourne.co.uk. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying praybourne.co.uk. (A)
NO: errno=0, h_errno=4
dns_getcanonname: trying praybourne.co.uk. (MX)
YES
dns_getcanonname: praybourne.co.uk

External DNS server:
dns_getcanonname(praybourne.co.uk, trymx=1)
dns_getcanonname: trying praybourne.co.uk. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying praybourne.co.uk. (A)
YES
dns_getcanonname: praybourne.co.uk

I have asked Clara Net to setup MX records and Reverse PTR records for
our mail server, of which they appear to be there, but I am really at
a loss to discover why we cannot send or receive email when using
external DNS servers.

Would really appreciate any pointers to get this working

Thanks
Dave.

22/05/2007, 12h40

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 22 May 2007, Dave wrote:

> Hoping you guys can me,
>
> we have just moved premises, and started using a new ISP for our
> internet connection. Apart from altering our static IP addresses /
> gateway / DNS servers, nothing has changed regarding our servers.
>
> Yet when our mail server trys to accept a connection, we get an error
> like this:
> stat=Deferred: Connection refused by bed-11.uk.clara.net

I get that from here as well, have you tried to anything else?
Are you trying to use this as smart host?

Try sending to ecartis@ausics.net its a list server, just put in hte
subject line lists or whatever and see if it responds

I can connect to your mail server, and appears forward and reverse DNS
match.

- --

Cheers
Res

Vote for your favourite Operating System: http://polls.ausics.net/v1.php
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGUtalsWhAmSIQh7MRAry+AKCW8AOgy4XIZliLCfkDt6 i2W+nkyACglCSA
bim9dbG0KQVJn40fs0knPrA=
=GqrF
-----END PGP SIGNATURE-----

22/05/2007, 13h05

On 22 May, 12:40, Res <res@ausics.net> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Tue, 22 May 2007, Dave wrote:
> > Hoping you guys can me,
>
> > we have just moved premises, and started using a new ISP for our
> > internet connection. Apart from altering our static IP addresses /
> > gateway / DNS servers, nothing has changed regarding our servers.
>
> > Yet when our mail server trys to accept a connection, we get an error
> > like this:
> > stat=Deferred: Connection refused by bed-11.uk.clara.net
>
> I get that from here as well, have you tried to anything else?
> Are you trying to use this as smart host?
>
> Try sending to ecartis@ausics.net its a list server, just put in hte
> subject line lists or whatever and see if it responds
>
> I can connect to your mail server, and appears forward and reverse DNS
> match.
>
> - --
>
> Cheers
> Res
>
> Vote for your favourite Operating System:http://polls.ausics.net/v1.php
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.6 (GNU/Linux)
>
> iD8DBQFGUtalsWhAmSIQh7MRAry+AKCW8AOgy4XIZliLCfkDt6 i2W+nkyACglCSA
> bim9dbG0KQVJn40fs0knPrA=
> =GqrF
> -----END PGP SIGNATURE-----

Hi Res, thanks for replying.

In answer to your questions, we have 3 mailservers:
Incoming mailserver(sendmail) ----> Exchange Server ----> outgoing
mailserver (sendmail)
Exchange server uses smart host which passes on to our outgoing
mailserver.

I have tried using other DNS servers dotted around the internet, but
with the same results.
I sent an email like you suggested, and straight away received a reply
showing the lists available.
Is it possible that something in sendmail needs changing, or am i
correct that this is a DNS issue???!!!

Thanks
Dave.

22/05/2007, 23h24

In article <1179822017.669135.53790@q75g2000hsh.googlegroups. com> Dave
<david.greenhall@praybourne.co.uk> writes:
>
>Yet when our mail server trys to accept a connection, we get an error
>like this:
>stat=Deferred: Connection refused by bed-11.uk.clara.net

Uh, what is your relation to that server, if any?

>I have done a few tests regarding our internal DNS and Clara Nets DNS
>with sendmail
>(echo "check_rcpt david.greenhall@praybourne.co.uk" | sendmail -bt -
>d8.20)
>to see what errors were coming back and this is the results for the
>DNS section:
>
>Internal DNS server:
>dns_getcanonname(praybourne.co.uk, trymx=1)
>dns_getcanonname: trying praybourne.co.uk. (AAAA)
> NO: errno=0, h_errno=4
>dns_getcanonname: trying praybourne.co.uk. (A)
> NO: errno=0, h_errno=4
>dns_getcanonname: trying praybourne.co.uk. (MX)
> YES
>dns_getcanonname: praybourne.co.uk
>
>
>External DNS server:
>dns_getcanonname(praybourne.co.uk, trymx=1)
>dns_getcanonname: trying praybourne.co.uk. (AAAA)
> NO: errno=0, h_errno=4
>dns_getcanonname: trying praybourne.co.uk. (A)
> YES
>dns_getcanonname: praybourne.co.uk

This isn't really useful, only reveals that the external server has an A
record for praybourne.co.uk while the internal one doesn't - for some
reason the actual DNS debug output is missing, but anyway check_rcpt
doesn't do any routing decisions, which is where the bed-11.uk.clara.net
turns up, presumably.

Is the david.greenhall@praybourne.co.uk address supposed to be routed
based on MX records for praybourne.co.uk, or via some hardwired
SMART_HOST or mailertable entry, or something else? In the Internet-
visible DNS, praybourne.co.uk has a primary MX record giving
mail.praybourne.co.uk, which has an A record giving 212.169.48.90 - no
bed-11.uk.clara.net anywhere...

What is the output in the respective cases of

sendmail -bv david.greenhall@praybourne.co.uk

and

(as root) date | sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk

? Note that the latter will actually (attempt to) send a message.

--Per Hedeland
per@hedeland.org

22/05/2007, 23h24

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tue, 22 May 2007, Dave wrote:

>>> stat=Deferred: Connection refused by bed-11.uk.clara.net

> In answer to your questions, we have 3 mailservers:
> Incoming mailserver(sendmail) ----> Exchange Server ----> outgoing
> mailserver (sendmail)

OK, so your incoming mail appears to work.

Your outbound to the list server connected using
pray.rxxxxx.prayxxx.co.uk, its IP is reverse resolved to it so its not an
issue.

> Exchange server uses smart host which passes on to our outgoing
> mailserver.

Yup, which must be working OK or your mail to the list server would not
have worked.

> I have tried using other DNS servers dotted around the Internet, but
> with the same results.
> I sent an email like you suggested, and straight away received a reply
> showing the lists available.
> Is it possible that something in sendmail needs changing, or am i
> correct that this is a DNS issue???!!!

I'm yet to fully understand the problem, you can send out and receive in,
which domains can you not email to or get email from, your own?

Your domains A record points to your bed-11.uk.clara.net machine, and by
its IP I can reasonably assume its not on your local network, but in a
hosting centre somewhere, with no MTA running on that box.

- --

Cheers
Res

Vote for your favourite Operating System: http://polls.ausics.net/v1.php
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFGU220sWhAmSIQh7MRAj8PAJsGV21FHGu33DWraKj+a1 PiZAt7gwCdEvyt
nSa0iyHVY49ll3xKwpruGek=
=rEXb
-----END PGP SIGNATURE-----

23/05/2007, 11h52

On 22 May, 23:24, p...@hedeland.org (Per Hedeland) wrote:
> In article <1179822017.669135.53...@q75g2000hsh.googlegroups. com> Dave
>
> <david.greenh...@praybourne.co.uk> writes:
>
> >Yet when our mail server trys to accept a connection, we get an error
> >like this:
> >stat=Deferred: Connection refused by bed-11.uk.clara.net
>
> Uh, what is your relation to that server, if any?
>
>
>
>
>
> >I have done a few tests regarding our internal DNS and Clara Nets DNS
> >with sendmail
> >(echo "check_rcpt david.greenh...@praybourne.co.uk" | sendmail -bt -
> >d8.20)
> >to see what errors were coming back and this is the results for the
> >DNS section:
>
> >Internal DNS server:
> >dns_getcanonname(praybourne.co.uk, trymx=1)
> >dns_getcanonname: trying praybourne.co.uk. (AAAA)
> > NO: errno=0, h_errno=4
> >dns_getcanonname: trying praybourne.co.uk. (A)
> > NO: errno=0, h_errno=4
> >dns_getcanonname: trying praybourne.co.uk. (MX)
> > YES
> >dns_getcanonname: praybourne.co.uk
>
> >External DNS server:
> >dns_getcanonname(praybourne.co.uk, trymx=1)
> >dns_getcanonname: trying praybourne.co.uk. (AAAA)
> > NO: errno=0, h_errno=4
> >dns_getcanonname: trying praybourne.co.uk. (A)
> > YES
> >dns_getcanonname: praybourne.co.uk
>
> This isn't really useful, only reveals that the external server has an A
> record for praybourne.co.uk while the internal one doesn't - for some
> reason the actual DNS debug output is missing, but anyway check_rcpt
> doesn't do any routing decisions, which is where the bed-11.uk.clara.net
> turns up, presumably.
>
> Is the david.greenh...@praybourne.co.uk address supposed to be routed
> based on MX records for praybourne.co.uk, or via some hardwired
> SMART_HOST or mailertable entry, or something else? In the Internet-
> visible DNS, praybourne.co.uk has a primary MX record giving
> mail.praybourne.co.uk, which has an A record giving 212.169.48.90 - no
> bed-11.uk.clara.net anywhere...
>
> What is the output in the respective cases of
>
> sendmail -bv david.greenh...@praybourne.co.uk
>
> and
>
> (as root) date | sendmail -Am -v -d8.8 david.greenh...@praybourne.co.uk
>
> ? Note that the latter will actually (attempt to) send a message.
>
> --Per Hedeland
> p...@hedeland.org- Hide quoted text -
>
> - Show quoted text -

Thanks for the Per,

bed-11.uk.clara.net seems to host our website, or at least the CNAME
for www.praybourne.co.uk points to this server. Yes we use mailertable
to point praybourne.co.uk to our exchange server [praybourne.local] we
also use procmail to filter spam and archive all incoming email. All
this has not been changed from when we was with our last ISP, and all
worked fine then.

I have done as you suggested, both with our internal DNS servers, and
then using our ISP's (not sure if it would make a difference)

Using internal DNS:
> sendmail -bv david.greenhall@praybourne.co.uk
david.greenhall@praybourne.co.uk... deliverable: mailer procmail,
host /etc/mail/procmailrc-praybourne.co.uk/procmailrc, user
david.greenhall@praybourne.co.uk.procmail
> date | sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk
dns_getcanonname(praybourne.co.uk, trymx=1)
dns_getcanonname: trying praybourne.co.uk. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying praybourne.co.uk. (A)
NO: errno=0, h_errno=4
dns_getcanonname: trying praybourne.co.uk. (MX)
YES
dns_getcanonname: praybourne.co.uk
david.greenhall@praybourne.co.uk... Connecting to /etc/mail/procmailrc-
praybourne.co.uk/procmailrc via procmail...
david.greenhall@praybourne.co.uk... Sent

This is the section from the log:
May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791:
from=root@praybourne.co.uk, size=585, class=0, nrcpts=1,
msgid=<200705231038.l4NAcGIi002690@mail.praybourne .co.uk>,
relay=root@localhost
May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791:
to=david.greenhall@praybourne.co.uk.procmail,
ctladdr=root@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1],
dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net.
May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690:
to=david.greenhall@praybourne.co.uk, ctladdr=root (0/0),
delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/
etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent

Now using external DNS:
> sendmail -bv david.greenhall@praybourne.co.uk
david.greenhall@praybourne.co.uk... deliverable: mailer procmail,
host /etc/mail/procmailrc-praybourne.co.uk/procmailrc, user
david.greenhall@praybourne.co.uk.procmail
> date | sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk
dns_getcanonname(praybourne.co.uk, trymx=1)
dns_getcanonname: trying praybourne.co.uk. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying praybourne.co.uk. (A)
YES
dns_getcanonname: praybourne.co.uk
david.greenhall@praybourne.co.uk... Connecting to /etc/mail/procmailrc-
praybourne.co.uk/procmailrc via procmail...
david.greenhall@praybourne.co.uk... Sent

This is the section from the log:
May 23 11:38:16 mail sendmail[2690]: l4NAcGIi002690: from=root,
size=29, class=0, nrcpts=1,
msgid=<200705231038.l4NAcGIi002690@mail.praybourne .co.uk>,
relay=root@localhost
May 23 11:38:17 mail spamd[427]: connection from localhost [127.0.0.1]
at port 49641
May 23 11:38:17 mail spamd[427]: processing message
<200705231038.l4NAcGIi002690@mail.praybourne.co.uk > for root:65534.
May 23 11:38:18 mail spamd[427]: clean message (-2.7/3.5) for root:
65534 in 0.7 seconds, 331 bytes.
May 23 11:38:18 mail spamd[427]: result: . -2 -
ALL_TRUSTED,BAYES_00,FM_NO_TO,MISSING_HEADERS,MISS ING_SUBJECT
scantime=0.7,size=331,mid=<200705231038.l4NAcGIi00 2690@mail.praybourne.co.uk>,bayes=0.00258198247775 82,autolearn=ham
May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791:
from=root@praybourne.co.uk, size=585, class=0, nrcpts=1,
msgid=<200705231038.l4NAcGIi002690@mail.praybourne .co.uk>,
relay=root@localhost
May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791:
to=david.greenhall@praybourne.co.uk.procmail,
ctladdr=root@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01,
mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1],
dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net.
May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690:
to=david.greenhall@praybourne.co.uk, ctladdr=root (0/0),
delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/
etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent

Dave.

23/05/2007, 23h09

In article <1179917561.881540.175400@q66g2000hsg.googlegroups .com> Dave
<david.greenhall@praybourne.co.uk> writes:
>
>bed-11.uk.clara.net seems to host our website, or at least the CNAME
>for www.praybourne.co.uk points to this server. Yes we use mailertable
>to point praybourne.co.uk to our exchange server [praybourne.local] we
>also use procmail to filter spam and archive all incoming email. All
>this has not been changed from when we was with our last ISP, and all
>worked fine then.

Well, praybourne.local will obviously not exist in the "real" DNS, so
[praybourne.local] relies on the DNS A lookup failing and sendmail
falling back to /etc/hosts (depending on OS configuration of service
switch files etc - it could also be that /etc/hosts is tried first, in
which case it "should work"). Does it work if you use [ip.add.re.ss]
instead?

>I have done as you suggested, both with our internal DNS servers, and
>then using our ISP's (not sure if it would make a difference)
>
>Using internal DNS:
>> sendmail -bv david.greenhall@praybourne.co.uk
>david.greenhall@praybourne.co.uk... deliverable: mailer procmail,
>host /etc/mail/procmailrc-praybourne.co.uk/procmailrc, user
>david.greenhall@praybourne.co.uk.procmail

Oh, so you're using that ugly old hack - you'd really be better off
looking into using a milter-based approach instead. Anyway this means
that the message passes through sendmail twice, before and after
procmail - and the debug output will only show the first, while it's the
second one that is interesting. If you redo the tests with
david.greenhall@praybourne.co.uk.procmail as address instead, we can see
what happens in the second round.

>This is the section from the log:
>May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791:
>from=root@praybourne.co.uk, size=585, class=0, nrcpts=1,
>msgid=<200705231038.l4NAcGIi002690@mail.praybourn e.co.uk>,
>relay=root@localhost
>May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791:
>to=david.greenhall@praybourne.co.uk.procmail,
>ctladdr=root@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01,
>mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1],
>dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net.
>May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690:
>to=david.greenhall@praybourne.co.uk, ctladdr=root (0/0),
>delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/
>etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent

>Now using external DNS:

>This is the section from the log:
>May 23 11:38:16 mail sendmail[2690]: l4NAcGIi002690: from=root,
>size=29, class=0, nrcpts=1,
>msgid=<200705231038.l4NAcGIi002690@mail.praybourn e.co.uk>,
>relay=root@localhost
>May 23 11:38:17 mail spamd[427]: connection from localhost [127.0.0.1]
>at port 49641
>May 23 11:38:17 mail spamd[427]: processing message
><200705231038.l4NAcGIi002690@mail.praybourne.co.u k> for root:65534.
>May 23 11:38:18 mail spamd[427]: clean message (-2.7/3.5) for root:
>65534 in 0.7 seconds, 331 bytes.
>May 23 11:38:18 mail spamd[427]: result: . -2 -
>ALL_TRUSTED,BAYES_00,FM_NO_TO,MISSING_HEADERS,MIS SING_SUBJECT
>scantime=0.7,size=331,mid=<200705231038.l4NAcGIi0 02690@mail.praybourne.co.uk>,bayes=0.0025819824777 582,autolearn=ham
>May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791:
>from=root@praybourne.co.uk, size=585, class=0, nrcpts=1,
>msgid=<200705231038.l4NAcGIi002690@mail.praybourn e.co.uk>,
>relay=root@localhost
>May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791:
>to=david.greenhall@praybourne.co.uk.procmail,
>ctladdr=root@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01,
>mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1],
>dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net.
>May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690:
>to=david.greenhall@praybourne.co.uk, ctladdr=root (0/0),
>delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/
>etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent

I'm afraid you posted the logs for the same attempt twice, only that the
initial part was missing from the first.

--Per Hedeland
per@hedeland.org

27/05/2007, 19h15

On May 24, 5:09 am, p...@hedeland.org (Per Hedeland) wrote:
> In article <1179917561.881540.175...@q66g2000hsg.googlegroups .com> Dave
>
> <david.greenh...@praybourne.co.uk> writes:
>
> >bed-11.uk.clara.net seems to host our website, or at least the CNAME
> >forwww.praybourne.co.ukpoints to this server. Yes we use mailertable
> >to point praybourne.co.uk to our exchange server [praybourne.local] we
> >also use procmail to filter spam and archive all incoming email. All
> >this has not been changed from when we was with our last ISP, and all
> >worked fine then.
>
> Well, praybourne.local will obviously not exist in the "real" DNS, so
> [praybourne.local] relies on the DNS A lookup failing and sendmail
> falling back to /etc/hosts (depending on OS configuration of service
> switch files etc - it could also be that /etc/hosts is tried first, in
> which case it "should work"). Does it work if you use [ip.add.re.ss]
> instead?
>
> >I have done as you suggested, both with our internal DNS servers, and
> >then using our ISP's (not sure if it would make a difference)
>
> >Using internal DNS:
> >> sendmail -bv david.greenh...@praybourne.co.uk
> >david.greenh...@praybourne.co.uk... deliverable: mailer procmail,
> >host /etc/mail/procmailrc-praybourne.co.uk/procmailrc, user
> >david.greenh...@praybourne.co.uk.procmail
>
> Oh, so you're using that ugly old hack - you'd really be better off
> looking into using a milter-based approach instead. Anyway this means
> that the message passes through sendmail twice, before and after
> procmail - and the debug output will only show the first, while it's the
> second one that is interesting. If you redo the tests with
> david.greenh...@praybourne.co.uk.procmail as address instead, we can see
> what happens in the second round.
>
>
>
>
>
> >This is the section from the log:
> >May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791:
> >from=r...@praybourne.co.uk, size=585, class=0, nrcpts=1,
> >msgid=<200705231038.l4NAcGIi002...@mail.praybourn e.co.uk>,
> >relay=root@localhost
> >May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791:
> >to=david.greenh...@praybourne.co.uk.procmail,
> >ctladdr=r...@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01,
> >mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1],
> >dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net.
> >May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690:
> >to=david.greenh...@praybourne.co.uk, ctladdr=root (0/0),
> >delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/
> >etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent
> >Now using external DNS:
> >This is the section from the log:
> >May 23 11:38:16 mail sendmail[2690]: l4NAcGIi002690: from=root,
> >size=29, class=0, nrcpts=1,
> >msgid=<200705231038.l4NAcGIi002...@mail.praybourn e.co.uk>,
> >relay=root@localhost
> >May 23 11:38:17 mail spamd[427]: connection from localhost [127.0.0.1]
> >at port 49641
> >May 23 11:38:17 mail spamd[427]: processing message
> ><200705231038.l4NAcGIi002...@mail.praybourne.co.u k> for root:65534.
> >May 23 11:38:18 mail spamd[427]: clean message (-2.7/3.5) for root:
> >65534 in 0.7 seconds, 331 bytes.
> >May 23 11:38:18 mail spamd[427]: result: . -2 -
> >ALL_TRUSTED,BAYES_00,FM_NO_TO,MISSING_HEADERS,MIS SING_SUBJECT
> >scantime=0.7,size=331,mid=<200705231038.l4NAcGIi0 02...@mail.praybourne.co.uk>,bayes=0.0025819824777 582,autolearn=ham
> >May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791:
> >from=r...@praybourne.co.uk, size=585, class=0, nrcpts=1,
> >msgid=<200705231038.l4NAcGIi002...@mail.praybourn e.co.uk>,
> >relay=root@localhost
> >May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791:
> >to=david.greenh...@praybourne.co.uk.procmail,
> >ctladdr=r...@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01,
> >mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1],
> >dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net.
> >May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690:
> >to=david.greenh...@praybourne.co.uk, ctladdr=root (0/0),
> >delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/
> >etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent
>
> I'm afraid you posted the logs for the same attempt twice, only that the
> initial part was missing from the first.
>
> --Per Hedeland
> p...@hedeland.org- Hide quoted text -
>
> - Show quoted text -

Hi Per, Sorry for posting the same logs twice, and sorry for taking so
long to get back (im stuck in jakarta for a few weeks and only just
had chance to access internet.)

Firstly, sendmail is set to deliver mail for praybourne.local to our
exchange server via [IP Address] and ignore MX records (using
mailertable). This has been set for around 3 years and has never
failed before we moved. Yes on this machine hosts is set before DNS,
the contents of hosts is:
127.0.0.1 localhost localhost.localdomain
212.169.48.90 mail.praybourne.co.uk mail
10.10.5.252 exchangeserver.praybourne.local

DNS is set as:
1. 10.10.5.252
2. 195.8.69.7
3. 195.8.69.12

testing david.greenhall@prayborune.co.uk.procmail: using internal DNS
> sendmail -bv david.greenhall@praybourne.co.uk.procmail
david.greenhall@praybourne.co.uk.procmail... deliverable: mailer
esmtp, host [10.10.5.252], user david.greenhall@praybourne.local

> date | sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk.procmail
dns_getcanonname(praybourne.local, trymx=1)
dns_getcanonname: trying praybourne.local. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying praybourne.local. (A)
YES
dns_getcanonname: praybourne.local
getmxrr([10.10.5.252], droplocalhost=1)
david.greenhall@praybourne.co.uk.procmail... Connecting to
[10.10.5.252] via esmtp...
220 exch-red.praybourne.local Microsoft ESMTP MAIL Service, Version:
5.0.2195.6713 ready at Sun, 27 May 2007 18:53:02 +0100
>>> EHLO mail.praybourne.co.uk
250-exch-red.praybourne.local Hello [10.10.5.250]
250-TURN
250-ATRN
250-SIZE
250-ETRN
250-PIPELINING
250-DSN
250-ENHANCEDSTATUSCODES
250-8bitmime
250-BINARYMIME
250-CHUNKING
250-VRFY
250-X-EXPS GSSAPI NTLM LOGIN
250-X-EXPS=LOGIN
250-AUTH GSSAPI NTLM LOGIN
250-AUTH=LOGIN
250-X-LINK2STATE
250-XEXCH50
250 OK
>>> MAIL From:<root@praybourne.co.uk> SIZE=29
250 2.1.0 root@praybourne.co.uk....Sender OK
>>> RCPT To:<david.greenhall@praybourne.local>
>>> DATA
250 2.1.5 david.greenhall@praybourne.local
354 Start mail input; end with <CRLF>.<CRLF>
>>> .
250 2.6.0 <200705271754.l4RHs4Xe001239@mail.praybourne.co.uk > Queued
mail for delivery
david.greenhall@praybourne.co.uk.procmail... Sent
( <200705271754.l4RHs4Xe001239@mail.praybourne.co.uk > Queued mail for
delivery)
Closing connection to [10.10.5.252]
>>> QUIT
221 2.0.0 exch-red.praybourne.local Service closing transmission
channel

testing david.greenhall@prayborune.co.uk.procmail: without internal
DNS
> sendmail -bv david.greenhall@praybourne.co.uk.procmail
david.greenhall@praybourne.co.uk.procmail... deliverable: mailer
esmtp, host bed-11.uk.clara.net., user
david.greenhall@bed-11.uk.clara.net

> date | sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk.procmail
dns_getcanonname(praybourne.local, trymx=1)
dns_getcanonname: trying praybourne.local. (AAAA)
NO: errno=0, h_errno=1
dns_getcanonname: trying praybourne.local.praybourne.co.uk (AAAA)
YES
dns_getcanonname: trying bed-11.uk.clara.net. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying bed-11.uk.clara.net. (A)
YES
dns_getcanonname: bed-11.uk.clara.net
getmxrr(bed-11.uk.clara.net., droplocalhost=1)
getmxrr: res_search(bed-11.uk.clara.net.) failed (errno=0, h_errno=4)
dns_getcanonname(bed-11.uk.clara.net., trymx=0)
dns_getcanonname: trying bed-11.uk.clara.net. (AAAA)
NO: errno=0, h_errno=4
dns_getcanonname: trying bed-11.uk.clara.net. (A)
YES
dns_getcanonname: bed-11.uk.clara.net
david.greenhall@praybourne.co.uk.procmail... Connecting to
bed-11.uk.clara.net. via esmtp...
david.greenhall@praybourne.co.uk.procmail... Deferred: Connection
refused by bed-11.uk.clara.net.

So looking at this, its searching DNS for praybourne.local, but what i
dont understand is why this worked a couple of weeks ago, but not now.
why is not using hosts first?!!

If in mailertable its specified not to look up MX records, why does it
still use DNS (im really confused)
Is it possible that between moving premises our sendmail configuration
has got messed up?

Dave.

27/05/2007, 20h18

In article <1180289755.690728.183350@o11g2000prd.googlegroups .com> Dave
<david.greenhall@praybourne.co.uk> writes:
>> date | sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk.procmail
>dns_getcanonname(praybourne.local, trymx=1)
>dns_getcanonname: trying praybourne.local. (AAAA)
> NO: errno=0, h_errno=1
>dns_getcanonname: trying praybourne.local.praybourne.co.uk (AAAA)
> YES

Ouch - your provider has set up a wildcard CNAME record:

$ dig aaaa '*.praybourne.co.uk' @ns0.clara.net
....
;; ANSWER SECTION:
*.praybourne.co.uk. 18000 IN CNAME bed-11.uk.clara.net.

Very evil thing to do, tell them to remove it. The result is that your
user@praybourne.local gets "canonicalized" to user@bed-11.uk.clara.net,
and the rest is, as they say, history...

>So looking at this, its searching DNS for praybourne.local, but what i
>dont understand is why this worked a couple of weeks ago, but not now.
>why is not using hosts first?!!

Well, it's a bit of a mess, due to the variety of "service switch"
implementations on different OSes. For host -> IP address lookup,
sendmail will effectively use the OS gethostbyname() function, which
uses the OS-specific service switch file. For canonicalization, this
doesn't work well, and so sendmail will do DNS, files, etc lookups
"directly". For the order of these, it understands the OS-specific files
on Solaris and Ultrix / OSF/1 / Digital Unix / whatever it's called now
if it still exists. For others it will use the ServiceSwitchFile defined
in the config (default /etc/mail/service.switch) if it exists, and if
not, it falls back to a hardwired order where "dns" comes before "files"
- which is generally the right thing to do, but not in your case.

To fix this - and you really should, even if your provider removes that
wildcard record, you shouldn't be looking up names like praybourne.local
in DNS - you can either create an /etc/mail/service.switch file that has
the right order (see doc/op/op.* for the contents), or declare that
names that end in .local are already canonical, and shouldn't be looked
up anywhere (for canonicalization), by putting this in your .mc file:

LOCAL_CONFIG
CP local

Or, better still I guess, don't use those .local addresses at all -
it's hard to make sure that they never "leak" out into the real 'net,
where they're obviously invalid.

>If in mailertable its specified not to look up MX records, why does it
>still use DNS (im really confused)

Canonicalization happens before that, sendmail tries to make sure that
e.g. abbreviated names like user@host without a .domain part are
properly turned into a "canonical" name before it actually tries to
determine how the message should be routed. This is generally necessary
to find the correct routing info (e.g. a mailertable entry) - only in
this case it breaks totally due to the CNAME record above.

>Is it possible that between moving premises our sendmail configuration
>has got messed up?

No, it's the CNAME record that messes up what was a fragile
configuration to start with.

--Per Hedeland
per@hedeland.org

28/05/2007, 03h19

On May 27, 3:18 pm, p...@hedeland.org (Per Hedeland) wrote:
> In article <1180289755.690728.183...@o11g2000prd.googlegroups .com> Dave
>
> <david.greenh...@praybourne.co.uk> writes:
> >> date | sendmail -Am -v -d8.8 david.greenh...@praybourne.co.uk.procmail
> >dns_getcanonname(praybourne.local, trymx=1)
> >dns_getcanonname: trying praybourne.local. (AAAA)
> > NO: errno=0, h_errno=1
> >dns_getcanonname: trying praybourne.local.praybourne.co.uk (AAAA)
> > YES

Perhaps you need to run and query your own DNS server and change your
search domain name, perhaps even host a real zone for the DNS names
you made up.

If you have ms exchange odds are fairly high you are already doing
this for your other systems.

22/05/2007, 09h20	#1
Dave Messages: n/a Hébergeur:	sendmail and DNS problem. Hoping you guys can me, we have just moved premises, and started using a new ISP for our internet connection. Apart from altering our static IP addresses / gateway / DNS servers, nothing has changed regarding our servers. Yet when our mail server trys to accept a connection, we get an error like this: stat=Deferred: Connection refused by bed-11.uk.clara.net After speaking to technical support, they assured me that everything there end was setup correctly and that it must be our mailserver that was not configured correct. After scouring the internet for the same problem and running a few tests, I had come to the conclusion that it was a DNS error. So I setup a basic DNS on our Exchange server, and added our mailservers external IP address as the MX record for our domain. Pointed our mailservers first DNS server to our exchange server, and hey presto we started receiving email. Back on the phone with technical support explaining what I had done, and that it was working, but they still refused to . Stating that because we ran our own mailserver they cannot me. It was only after this conversation that i then found our outgoing mailserver was having the same problems. Every email we sent was being refused too, with the error message: stat=Deferred: Connection refused by bed-11.uk.clara.net Again i pointed the DNS server for this machine to our intermal exchange server, and it started working. I have done a few tests regarding our internal DNS and Clara Nets DNS with sendmail (echo "check_rcpt david.greenhall@praybourne.co.uk" \| sendmail -bt - d8.20) to see what errors were coming back and this is the results for the DNS section: Internal DNS server: dns_getcanonname(praybourne.co.uk, trymx=1) dns_getcanonname: trying praybourne.co.uk. (AAAA) NO: errno=0, h_errno=4 dns_getcanonname: trying praybourne.co.uk. (A) NO: errno=0, h_errno=4 dns_getcanonname: trying praybourne.co.uk. (MX) YES dns_getcanonname: praybourne.co.uk External DNS server: dns_getcanonname(praybourne.co.uk, trymx=1) dns_getcanonname: trying praybourne.co.uk. (AAAA) NO: errno=0, h_errno=4 dns_getcanonname: trying praybourne.co.uk. (A) YES dns_getcanonname: praybourne.co.uk I have asked Clara Net to setup MX records and Reverse PTR records for our mail server, of which they appear to be there, but I am really at a loss to discover why we cannot send or receive email when using external DNS servers. Would really appreciate any pointers to get this working Thanks Dave.

22/05/2007, 12h40	#2
Res Messages: n/a Hébergeur:	Re: sendmail and DNS problem. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 May 2007, Dave wrote: > Hoping you guys can me, > > we have just moved premises, and started using a new ISP for our > internet connection. Apart from altering our static IP addresses / > gateway / DNS servers, nothing has changed regarding our servers. > > Yet when our mail server trys to accept a connection, we get an error > like this: > stat=Deferred: Connection refused by bed-11.uk.clara.net I get that from here as well, have you tried to anything else? Are you trying to use this as smart host? Try sending to ecartis@ausics.net its a list server, just put in hte subject line lists or whatever and see if it responds I can connect to your mail server, and appears forward and reverse DNS match. - -- Cheers Res Vote for your favourite Operating System: http://polls.ausics.net/v1.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGUtalsWhAmSIQh7MRAry+AKCW8AOgy4XIZliLCfkDt6 i2W+nkyACglCSA bim9dbG0KQVJn40fs0knPrA= =GqrF -----END PGP SIGNATURE-----

22/05/2007, 13h05	#3
Dave Messages: n/a Hébergeur:	Re: sendmail and DNS problem. On 22 May, 12:40, Res <res@ausics.net> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > On Tue, 22 May 2007, Dave wrote: > > Hoping you guys can me, > > > we have just moved premises, and started using a new ISP for our > > internet connection. Apart from altering our static IP addresses / > > gateway / DNS servers, nothing has changed regarding our servers. > > > Yet when our mail server trys to accept a connection, we get an error > > like this: > > stat=Deferred: Connection refused by bed-11.uk.clara.net > > I get that from here as well, have you tried to anything else? > Are you trying to use this as smart host? > > Try sending to ecartis@ausics.net its a list server, just put in hte > subject line lists or whatever and see if it responds > > I can connect to your mail server, and appears forward and reverse DNS > match. > > - -- > > Cheers > Res > > Vote for your favourite Operating System:http://polls.ausics.net/v1.php > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.4.6 (GNU/Linux) > > iD8DBQFGUtalsWhAmSIQh7MRAry+AKCW8AOgy4XIZliLCfkDt6 i2W+nkyACglCSA > bim9dbG0KQVJn40fs0knPrA= > =GqrF > -----END PGP SIGNATURE----- Hi Res, thanks for replying. In answer to your questions, we have 3 mailservers: Incoming mailserver(sendmail) ----> Exchange Server ----> outgoing mailserver (sendmail) Exchange server uses smart host which passes on to our outgoing mailserver. I have tried using other DNS servers dotted around the internet, but with the same results. I sent an email like you suggested, and straight away received a reply showing the lists available. Is it possible that something in sendmail needs changing, or am i correct that this is a DNS issue???!!! Thanks Dave.

22/05/2007, 23h24	#4
Per Hedeland Messages: n/a Hébergeur:	Re: sendmail and DNS problem. In article <1179822017.669135.53790@q75g2000hsh.googlegroups. com> Dave <david.greenhall@praybourne.co.uk> writes: > >Yet when our mail server trys to accept a connection, we get an error >like this: >stat=Deferred: Connection refused by bed-11.uk.clara.net Uh, what is your relation to that server, if any? >I have done a few tests regarding our internal DNS and Clara Nets DNS >with sendmail >(echo "check_rcpt david.greenhall@praybourne.co.uk" \| sendmail -bt - >d8.20) >to see what errors were coming back and this is the results for the >DNS section: > >Internal DNS server: >dns_getcanonname(praybourne.co.uk, trymx=1) >dns_getcanonname: trying praybourne.co.uk. (AAAA) > NO: errno=0, h_errno=4 >dns_getcanonname: trying praybourne.co.uk. (A) > NO: errno=0, h_errno=4 >dns_getcanonname: trying praybourne.co.uk. (MX) > YES >dns_getcanonname: praybourne.co.uk > > >External DNS server: >dns_getcanonname(praybourne.co.uk, trymx=1) >dns_getcanonname: trying praybourne.co.uk. (AAAA) > NO: errno=0, h_errno=4 >dns_getcanonname: trying praybourne.co.uk. (A) > YES >dns_getcanonname: praybourne.co.uk This isn't really useful, only reveals that the external server has an A record for praybourne.co.uk while the internal one doesn't - for some reason the actual DNS debug output is missing, but anyway check_rcpt doesn't do any routing decisions, which is where the bed-11.uk.clara.net turns up, presumably. Is the david.greenhall@praybourne.co.uk address supposed to be routed based on MX records for praybourne.co.uk, or via some hardwired SMART_HOST or mailertable entry, or something else? In the Internet- visible DNS, praybourne.co.uk has a primary MX record giving mail.praybourne.co.uk, which has an A record giving 212.169.48.90 - no bed-11.uk.clara.net anywhere... What is the output in the respective cases of sendmail -bv david.greenhall@praybourne.co.uk and (as root) date \| sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk ? Note that the latter will actually (attempt to) send a message. --Per Hedeland per@hedeland.org

22/05/2007, 23h24	#5
Res Messages: n/a Hébergeur:	Re: sendmail and DNS problem. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tue, 22 May 2007, Dave wrote: >>> stat=Deferred: Connection refused by bed-11.uk.clara.net > In answer to your questions, we have 3 mailservers: > Incoming mailserver(sendmail) ----> Exchange Server ----> outgoing > mailserver (sendmail) OK, so your incoming mail appears to work. Your outbound to the list server connected using pray.rxxxxx.prayxxx.co.uk, its IP is reverse resolved to it so its not an issue. > Exchange server uses smart host which passes on to our outgoing > mailserver. Yup, which must be working OK or your mail to the list server would not have worked. > I have tried using other DNS servers dotted around the Internet, but > with the same results. > I sent an email like you suggested, and straight away received a reply > showing the lists available. > Is it possible that something in sendmail needs changing, or am i > correct that this is a DNS issue???!!! I'm yet to fully understand the problem, you can send out and receive in, which domains can you not email to or get email from, your own? Your domains A record points to your bed-11.uk.clara.net machine, and by its IP I can reasonably assume its not on your local network, but in a hosting centre somewhere, with no MTA running on that box. - -- Cheers Res Vote for your favourite Operating System: http://polls.ausics.net/v1.php -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQFGU220sWhAmSIQh7MRAj8PAJsGV21FHGu33DWraKj+a1 PiZAt7gwCdEvyt nSa0iyHVY49ll3xKwpruGek= =rEXb -----END PGP SIGNATURE-----

23/05/2007, 11h52	#6
Dave Messages: n/a Hébergeur:	Re: sendmail and DNS problem. On 22 May, 23:24, p...@hedeland.org (Per Hedeland) wrote: > In article <1179822017.669135.53...@q75g2000hsh.googlegroups. com> Dave > > <david.greenh...@praybourne.co.uk> writes: > > >Yet when our mail server trys to accept a connection, we get an error > >like this: > >stat=Deferred: Connection refused by bed-11.uk.clara.net > > Uh, what is your relation to that server, if any? > > > > > > >I have done a few tests regarding our internal DNS and Clara Nets DNS > >with sendmail > >(echo "check_rcpt david.greenh...@praybourne.co.uk" \| sendmail -bt - > >d8.20) > >to see what errors were coming back and this is the results for the > >DNS section: > > >Internal DNS server: > >dns_getcanonname(praybourne.co.uk, trymx=1) > >dns_getcanonname: trying praybourne.co.uk. (AAAA) > > NO: errno=0, h_errno=4 > >dns_getcanonname: trying praybourne.co.uk. (A) > > NO: errno=0, h_errno=4 > >dns_getcanonname: trying praybourne.co.uk. (MX) > > YES > >dns_getcanonname: praybourne.co.uk > > >External DNS server: > >dns_getcanonname(praybourne.co.uk, trymx=1) > >dns_getcanonname: trying praybourne.co.uk. (AAAA) > > NO: errno=0, h_errno=4 > >dns_getcanonname: trying praybourne.co.uk. (A) > > YES > >dns_getcanonname: praybourne.co.uk > > This isn't really useful, only reveals that the external server has an A > record for praybourne.co.uk while the internal one doesn't - for some > reason the actual DNS debug output is missing, but anyway check_rcpt > doesn't do any routing decisions, which is where the bed-11.uk.clara.net > turns up, presumably. > > Is the david.greenh...@praybourne.co.uk address supposed to be routed > based on MX records for praybourne.co.uk, or via some hardwired > SMART_HOST or mailertable entry, or something else? In the Internet- > visible DNS, praybourne.co.uk has a primary MX record giving > mail.praybourne.co.uk, which has an A record giving 212.169.48.90 - no > bed-11.uk.clara.net anywhere... > > What is the output in the respective cases of > > sendmail -bv david.greenh...@praybourne.co.uk > > and > > (as root) date \| sendmail -Am -v -d8.8 david.greenh...@praybourne.co.uk > > ? Note that the latter will actually (attempt to) send a message. > > --Per Hedeland > p...@hedeland.org- Hide quoted text - > > - Show quoted text - Thanks for the Per, bed-11.uk.clara.net seems to host our website, or at least the CNAME for www.praybourne.co.uk points to this server. Yes we use mailertable to point praybourne.co.uk to our exchange server [praybourne.local] we also use procmail to filter spam and archive all incoming email. All this has not been changed from when we was with our last ISP, and all worked fine then. I have done as you suggested, both with our internal DNS servers, and then using our ISP's (not sure if it would make a difference) Using internal DNS: > sendmail -bv david.greenhall@praybourne.co.uk david.greenhall@praybourne.co.uk... deliverable: mailer procmail, host /etc/mail/procmailrc-praybourne.co.uk/procmailrc, user david.greenhall@praybourne.co.uk.procmail > date \| sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk dns_getcanonname(praybourne.co.uk, trymx=1) dns_getcanonname: trying praybourne.co.uk. (AAAA) NO: errno=0, h_errno=4 dns_getcanonname: trying praybourne.co.uk. (A) NO: errno=0, h_errno=4 dns_getcanonname: trying praybourne.co.uk. (MX) YES dns_getcanonname: praybourne.co.uk david.greenhall@praybourne.co.uk... Connecting to /etc/mail/procmailrc- praybourne.co.uk/procmailrc via procmail... david.greenhall@praybourne.co.uk... Sent This is the section from the log: May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791: from=root@praybourne.co.uk, size=585, class=0, nrcpts=1, msgid=<200705231038.l4NAcGIi002690@mail.praybourne .co.uk>, relay=root@localhost May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791: to=david.greenhall@praybourne.co.uk.procmail, ctladdr=root@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1], dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net. May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690: to=david.greenhall@praybourne.co.uk, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/ etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent Now using external DNS: > sendmail -bv david.greenhall@praybourne.co.uk david.greenhall@praybourne.co.uk... deliverable: mailer procmail, host /etc/mail/procmailrc-praybourne.co.uk/procmailrc, user david.greenhall@praybourne.co.uk.procmail > date \| sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk dns_getcanonname(praybourne.co.uk, trymx=1) dns_getcanonname: trying praybourne.co.uk. (AAAA) NO: errno=0, h_errno=4 dns_getcanonname: trying praybourne.co.uk. (A) YES dns_getcanonname: praybourne.co.uk david.greenhall@praybourne.co.uk... Connecting to /etc/mail/procmailrc- praybourne.co.uk/procmailrc via procmail... david.greenhall@praybourne.co.uk... Sent This is the section from the log: May 23 11:38:16 mail sendmail[2690]: l4NAcGIi002690: from=root, size=29, class=0, nrcpts=1, msgid=<200705231038.l4NAcGIi002690@mail.praybourne .co.uk>, relay=root@localhost May 23 11:38:17 mail spamd[427]: connection from localhost [127.0.0.1] at port 49641 May 23 11:38:17 mail spamd[427]: processing message <200705231038.l4NAcGIi002690@mail.praybourne.co.uk > for root:65534. May 23 11:38:18 mail spamd[427]: clean message (-2.7/3.5) for root: 65534 in 0.7 seconds, 331 bytes. May 23 11:38:18 mail spamd[427]: result: . -2 - ALL_TRUSTED,BAYES_00,FM_NO_TO,MISSING_HEADERS,MISS ING_SUBJECT scantime=0.7,size=331,mid=<200705231038.l4NAcGIi00 2690@mail.praybourne.co.uk>,bayes=0.00258198247775 82,autolearn=ham May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791: from=root@praybourne.co.uk, size=585, class=0, nrcpts=1, msgid=<200705231038.l4NAcGIi002690@mail.praybourne .co.uk>, relay=root@localhost May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791: to=david.greenhall@praybourne.co.uk.procmail, ctladdr=root@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01, mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1], dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net. May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690: to=david.greenhall@praybourne.co.uk, ctladdr=root (0/0), delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/ etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent Dave.

23/05/2007, 23h09	#7
Per Hedeland Messages: n/a Hébergeur:	Re: sendmail and DNS problem. In article <1179917561.881540.175400@q66g2000hsg.googlegroups .com> Dave <david.greenhall@praybourne.co.uk> writes: > >bed-11.uk.clara.net seems to host our website, or at least the CNAME >for www.praybourne.co.uk points to this server. Yes we use mailertable >to point praybourne.co.uk to our exchange server [praybourne.local] we >also use procmail to filter spam and archive all incoming email. All >this has not been changed from when we was with our last ISP, and all >worked fine then. Well, praybourne.local will obviously not exist in the "real" DNS, so [praybourne.local] relies on the DNS A lookup failing and sendmail falling back to /etc/hosts (depending on OS configuration of service switch files etc - it could also be that /etc/hosts is tried first, in which case it "should work"). Does it work if you use [ip.add.re.ss] instead? >I have done as you suggested, both with our internal DNS servers, and >then using our ISP's (not sure if it would make a difference) > >Using internal DNS: >> sendmail -bv david.greenhall@praybourne.co.uk >david.greenhall@praybourne.co.uk... deliverable: mailer procmail, >host /etc/mail/procmailrc-praybourne.co.uk/procmailrc, user >david.greenhall@praybourne.co.uk.procmail Oh, so you're using that ugly old hack - you'd really be better off looking into using a milter-based approach instead. Anyway this means that the message passes through sendmail twice, before and after procmail - and the debug output will only show the first, while it's the second one that is interesting. If you redo the tests with david.greenhall@praybourne.co.uk.procmail as address instead, we can see what happens in the second round. >This is the section from the log: >May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791: >from=root@praybourne.co.uk, size=585, class=0, nrcpts=1, >msgid=<200705231038.l4NAcGIi002690@mail.praybourn e.co.uk>, >relay=root@localhost >May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791: >to=david.greenhall@praybourne.co.uk.procmail, >ctladdr=root@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01, >mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1], >dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net. >May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690: >to=david.greenhall@praybourne.co.uk, ctladdr=root (0/0), >delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/ >etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent >Now using external DNS: >This is the section from the log: >May 23 11:38:16 mail sendmail[2690]: l4NAcGIi002690: from=root, >size=29, class=0, nrcpts=1, >msgid=<200705231038.l4NAcGIi002690@mail.praybourn e.co.uk>, >relay=root@localhost >May 23 11:38:17 mail spamd[427]: connection from localhost [127.0.0.1] >at port 49641 >May 23 11:38:17 mail spamd[427]: processing message ><200705231038.l4NAcGIi002690@mail.praybourne.co.u k> for root:65534. >May 23 11:38:18 mail spamd[427]: clean message (-2.7/3.5) for root: >65534 in 0.7 seconds, 331 bytes. >May 23 11:38:18 mail spamd[427]: result: . -2 - >ALL_TRUSTED,BAYES_00,FM_NO_TO,MISSING_HEADERS,MIS SING_SUBJECT >scantime=0.7,size=331,mid=<200705231038.l4NAcGIi0 02690@mail.praybourne.co.uk>,bayes=0.0025819824777 582,autolearn=ham >May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791: >from=root@praybourne.co.uk, size=585, class=0, nrcpts=1, >msgid=<200705231038.l4NAcGIi002690@mail.praybourn e.co.uk>, >relay=root@localhost >May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791: >to=david.greenhall@praybourne.co.uk.procmail, >ctladdr=root@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01, >mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1], >dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net. >May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690: >to=david.greenhall@praybourne.co.uk, ctladdr=root (0/0), >delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/ >etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent I'm afraid you posted the logs for the same attempt twice, only that the initial part was missing from the first. --Per Hedeland per@hedeland.org

27/05/2007, 19h15	#8
Dave Messages: n/a Hébergeur:	Re: sendmail and DNS problem. On May 24, 5:09 am, p...@hedeland.org (Per Hedeland) wrote: > In article <1179917561.881540.175...@q66g2000hsg.googlegroups .com> Dave > > <david.greenh...@praybourne.co.uk> writes: > > >bed-11.uk.clara.net seems to host our website, or at least the CNAME > >forwww.praybourne.co.ukpoints to this server. Yes we use mailertable > >to point praybourne.co.uk to our exchange server [praybourne.local] we > >also use procmail to filter spam and archive all incoming email. All > >this has not been changed from when we was with our last ISP, and all > >worked fine then. > > Well, praybourne.local will obviously not exist in the "real" DNS, so > [praybourne.local] relies on the DNS A lookup failing and sendmail > falling back to /etc/hosts (depending on OS configuration of service > switch files etc - it could also be that /etc/hosts is tried first, in > which case it "should work"). Does it work if you use [ip.add.re.ss] > instead? > > >I have done as you suggested, both with our internal DNS servers, and > >then using our ISP's (not sure if it would make a difference) > > >Using internal DNS: > >> sendmail -bv david.greenh...@praybourne.co.uk > >david.greenh...@praybourne.co.uk... deliverable: mailer procmail, > >host /etc/mail/procmailrc-praybourne.co.uk/procmailrc, user > >david.greenh...@praybourne.co.uk.procmail > > Oh, so you're using that ugly old hack - you'd really be better off > looking into using a milter-based approach instead. Anyway this means > that the message passes through sendmail twice, before and after > procmail - and the debug output will only show the first, while it's the > second one that is interesting. If you redo the tests with > david.greenh...@praybourne.co.uk.procmail as address instead, we can see > what happens in the second round. > > > > > > >This is the section from the log: > >May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791: > >from=r...@praybourne.co.uk, size=585, class=0, nrcpts=1, > >msgid=<200705231038.l4NAcGIi002...@mail.praybourn e.co.uk>, > >relay=root@localhost > >May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791: > >to=david.greenh...@praybourne.co.uk.procmail, > >ctladdr=r...@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01, > >mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1], > >dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net. > >May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690: > >to=david.greenh...@praybourne.co.uk, ctladdr=root (0/0), > >delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/ > >etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent > >Now using external DNS: > >This is the section from the log: > >May 23 11:38:16 mail sendmail[2690]: l4NAcGIi002690: from=root, > >size=29, class=0, nrcpts=1, > >msgid=<200705231038.l4NAcGIi002...@mail.praybourn e.co.uk>, > >relay=root@localhost > >May 23 11:38:17 mail spamd[427]: connection from localhost [127.0.0.1] > >at port 49641 > >May 23 11:38:17 mail spamd[427]: processing message > ><200705231038.l4NAcGIi002...@mail.praybourne.co.u k> for root:65534. > >May 23 11:38:18 mail spamd[427]: clean message (-2.7/3.5) for root: > >65534 in 0.7 seconds, 331 bytes. > >May 23 11:38:18 mail spamd[427]: result: . -2 - > >ALL_TRUSTED,BAYES_00,FM_NO_TO,MISSING_HEADERS,MIS SING_SUBJECT > >scantime=0.7,size=331,mid=<200705231038.l4NAcGIi0 02...@mail.praybourne.co.uk>,bayes=0.0025819824777 582,autolearn=ham > >May 23 11:38:18 mail sendmail[2791]: l4NAcIs9002791: > >from=r...@praybourne.co.uk, size=585, class=0, nrcpts=1, > >msgid=<200705231038.l4NAcGIi002...@mail.praybourn e.co.uk>, > >relay=root@localhost > >May 23 11:38:19 mail sendmail[2791]: l4NAcIs9002791: > >to=david.greenh...@praybourne.co.uk.procmail, > >ctladdr=r...@praybourne.co.uk (0/0), delay=00:00:01, xdelay=00:00:01, > >mailer=relay, pri=30585, relay=bed-11.uk.clara.net. [195.8.66.1], > >dsn=4.0.0, stat=Deferred: Connection refused by bed-11.uk.clara.net. > >May 23 11:38:19 mail sendmail[2690]: l4NAcGIi002690: > >to=david.greenh...@praybourne.co.uk, ctladdr=root (0/0), > >delay=00:00:03, xdelay=00:00:03, mailer=procmail, pri=30029, relay=/ > >etc/mail/procmail...e.co.uk/procmailrc, dsn=2.0.0, stat=Sent > > I'm afraid you posted the logs for the same attempt twice, only that the > initial part was missing from the first. > > --Per Hedeland > p...@hedeland.org- Hide quoted text - > > - Show quoted text - Hi Per, Sorry for posting the same logs twice, and sorry for taking so long to get back (im stuck in jakarta for a few weeks and only just had chance to access internet.) Firstly, sendmail is set to deliver mail for praybourne.local to our exchange server via [IP Address] and ignore MX records (using mailertable). This has been set for around 3 years and has never failed before we moved. Yes on this machine hosts is set before DNS, the contents of hosts is: 127.0.0.1 localhost localhost.localdomain 212.169.48.90 mail.praybourne.co.uk mail 10.10.5.252 exchangeserver.praybourne.local DNS is set as: 1. 10.10.5.252 2. 195.8.69.7 3. 195.8.69.12 testing david.greenhall@prayborune.co.uk.procmail: using internal DNS > sendmail -bv david.greenhall@praybourne.co.uk.procmail david.greenhall@praybourne.co.uk.procmail... deliverable: mailer esmtp, host [10.10.5.252], user david.greenhall@praybourne.local > date \| sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk.procmail dns_getcanonname(praybourne.local, trymx=1) dns_getcanonname: trying praybourne.local. (AAAA) NO: errno=0, h_errno=4 dns_getcanonname: trying praybourne.local. (A) YES dns_getcanonname: praybourne.local getmxrr([10.10.5.252], droplocalhost=1) david.greenhall@praybourne.co.uk.procmail... Connecting to [10.10.5.252] via esmtp... 220 exch-red.praybourne.local Microsoft ESMTP MAIL Service, Version: 5.0.2195.6713 ready at Sun, 27 May 2007 18:53:02 +0100 >>> EHLO mail.praybourne.co.uk 250-exch-red.praybourne.local Hello [10.10.5.250] 250-TURN 250-ATRN 250-SIZE 250-ETRN 250-PIPELINING 250-DSN 250-ENHANCEDSTATUSCODES 250-8bitmime 250-BINARYMIME 250-CHUNKING 250-VRFY 250-X-EXPS GSSAPI NTLM LOGIN 250-X-EXPS=LOGIN 250-AUTH GSSAPI NTLM LOGIN 250-AUTH=LOGIN 250-X-LINK2STATE 250-XEXCH50 250 OK >>> MAIL From:<root@praybourne.co.uk> SIZE=29 250 2.1.0 root@praybourne.co.uk....Sender OK >>> RCPT To:<david.greenhall@praybourne.local> >>> DATA 250 2.1.5 david.greenhall@praybourne.local 354 Start mail input; end with <CRLF>.<CRLF> >>> . 250 2.6.0 <200705271754.l4RHs4Xe001239@mail.praybourne.co.uk > Queued mail for delivery david.greenhall@praybourne.co.uk.procmail... Sent ( <200705271754.l4RHs4Xe001239@mail.praybourne.co.uk > Queued mail for delivery) Closing connection to [10.10.5.252] >>> QUIT 221 2.0.0 exch-red.praybourne.local Service closing transmission channel testing david.greenhall@prayborune.co.uk.procmail: without internal DNS > sendmail -bv david.greenhall@praybourne.co.uk.procmail david.greenhall@praybourne.co.uk.procmail... deliverable: mailer esmtp, host bed-11.uk.clara.net., user david.greenhall@bed-11.uk.clara.net > date \| sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk.procmail dns_getcanonname(praybourne.local, trymx=1) dns_getcanonname: trying praybourne.local. (AAAA) NO: errno=0, h_errno=1 dns_getcanonname: trying praybourne.local.praybourne.co.uk (AAAA) YES dns_getcanonname: trying bed-11.uk.clara.net. (AAAA) NO: errno=0, h_errno=4 dns_getcanonname: trying bed-11.uk.clara.net. (A) YES dns_getcanonname: bed-11.uk.clara.net getmxrr(bed-11.uk.clara.net., droplocalhost=1) getmxrr: res_search(bed-11.uk.clara.net.) failed (errno=0, h_errno=4) dns_getcanonname(bed-11.uk.clara.net., trymx=0) dns_getcanonname: trying bed-11.uk.clara.net. (AAAA) NO: errno=0, h_errno=4 dns_getcanonname: trying bed-11.uk.clara.net. (A) YES dns_getcanonname: bed-11.uk.clara.net david.greenhall@praybourne.co.uk.procmail... Connecting to bed-11.uk.clara.net. via esmtp... david.greenhall@praybourne.co.uk.procmail... Deferred: Connection refused by bed-11.uk.clara.net. So looking at this, its searching DNS for praybourne.local, but what i dont understand is why this worked a couple of weeks ago, but not now. why is not using hosts first?!! If in mailertable its specified not to look up MX records, why does it still use DNS (im really confused) Is it possible that between moving premises our sendmail configuration has got messed up? Dave.

27/05/2007, 20h18	#9
Per Hedeland Messages: n/a Hébergeur:	Re: sendmail and DNS problem. In article <1180289755.690728.183350@o11g2000prd.googlegroups .com> Dave <david.greenhall@praybourne.co.uk> writes: >> date \| sendmail -Am -v -d8.8 david.greenhall@praybourne.co.uk.procmail >dns_getcanonname(praybourne.local, trymx=1) >dns_getcanonname: trying praybourne.local. (AAAA) > NO: errno=0, h_errno=1 >dns_getcanonname: trying praybourne.local.praybourne.co.uk (AAAA) > YES Ouch - your provider has set up a wildcard CNAME record: $ dig aaaa '.praybourne.co.uk' @ns0.clara.net .... ;; ANSWER SECTION: .praybourne.co.uk. 18000 IN CNAME bed-11.uk.clara.net. Very evil thing to do, tell them to remove it. The result is that your user@praybourne.local gets "canonicalized" to user@bed-11.uk.clara.net, and the rest is, as they say, history... >So looking at this, its searching DNS for praybourne.local, but what i >dont understand is why this worked a couple of weeks ago, but not now. >why is not using hosts first?!! Well, it's a bit of a mess, due to the variety of "service switch" implementations on different OSes. For host -> IP address lookup, sendmail will effectively use the OS gethostbyname() function, which uses the OS-specific service switch file. For canonicalization, this doesn't work well, and so sendmail will do DNS, files, etc lookups "directly". For the order of these, it understands the OS-specific files on Solaris and Ultrix / OSF/1 / Digital Unix / whatever it's called now if it still exists. For others it will use the ServiceSwitchFile defined in the config (default /etc/mail/service.switch) if it exists, and if not, it falls back to a hardwired order where "dns" comes before "files" - which is generally the right thing to do, but not in your case. To fix this - and you really should, even if your provider removes that wildcard record, you shouldn't be looking up names like praybourne.local in DNS - you can either create an /etc/mail/service.switch file that has the right order (see doc/op/op.* for the contents), or declare that names that end in .local are already canonical, and shouldn't be looked up anywhere (for canonicalization), by putting this in your .mc file: LOCAL_CONFIG CP local Or, better still I guess, don't use those .local addresses at all - it's hard to make sure that they never "leak" out into the real 'net, where they're obviously invalid. >If in mailertable its specified not to look up MX records, why does it >still use DNS (im really confused) Canonicalization happens before that, sendmail tries to make sure that e.g. abbreviated names like user@host without a .domain part are properly turned into a "canonical" name before it actually tries to determine how the message should be routed. This is generally necessary to find the correct routing info (e.g. a mailertable entry) - only in this case it breaks totally due to the CNAME record above. >Is it possible that between moving premises our sendmail configuration >has got messed up? No, it's the CNAME record that messes up what was a fragile configuration to start with. --Per Hedeland per@hedeland.org

28/05/2007, 03h19	#10
jmaimon@ttec.com Messages: n/a Hébergeur:	Re: sendmail and DNS problem. On May 27, 3:18 pm, p...@hedeland.org (Per Hedeland) wrote: > In article <1180289755.690728.183...@o11g2000prd.googlegroups .com> Dave > > <david.greenh...@praybourne.co.uk> writes: > >> date \| sendmail -Am -v -d8.8 david.greenh...@praybourne.co.uk.procmail > >dns_getcanonname(praybourne.local, trymx=1) > >dns_getcanonname: trying praybourne.local. (AAAA) > > NO: errno=0, h_errno=1 > >dns_getcanonname: trying praybourne.local.praybourne.co.uk (AAAA) > > YES Perhaps you need to run and query your own DNS server and change your search domain name, perhaps even host a real zone for the DNS names you made up. If you have ms exchange odds are fairly high you are already doing this for your other systems.

Outils de la discussion
Afficher une version imprimable Envoyer un lien vers cette page par email