Is it possible to have a preferred SMTP server for a specific domain? For
example, suppose I would like to send a message to joe.user@example.com. I
know that the server at 192.168.1.10 accepts mail for example.com. If that
server is up and working, then it will be the most efficient first
hop. If it is down, then the results that are obtained by global DNS would
be correct.

Right now, my local server is not listed among the results obtained here:

$ dig example.com MX

example.com. 3600 IN MX 10 smtp1.example.com.
example.com. 3600 IN MX 20 smtp2.example.com.
example.com. 3600 IN MX 30 smtp3.example.com.
example.com. 3600 IN MX 40 smtp4.example.com.

These are valid servers form my subnet, just not optimal. Email will be
delivered to joe.user using any of these addresses, but will require
using a slow network link. It would be better if 192.168.1.10 were tried
first, but only for example.com.

Other information: I control DNS for subnet.example.com, but not "all" of
example.com.

I would like to have a local rule in effect that basically uses a
localized rule:

$ dig example.com MX

example.com. 3600 IN MX 5 192.168.1.10. <- local override
example.com. 3600 IN MX 10 smtp1.example.com. <- global
example.com. 3600 IN MX 20 smtp2.example.com.
example.com. 3600 IN MX 30 smtp3.example.com.
example.com. 3600 IN MX 40 smtp4.example.com.

Is this type of configuration better handled via Sendmail, DNS, or a
combination of both?

Thanks in advance.

--
Douglas Mayne

Douglas Mayne wrote:

> I would like to have a local rule in effect that basically uses a
> localized rule:
>
> $ dig example.com MX
>
> example.com. 3600 IN MX 5 192.168.1.10. <- local override
> example.com. 3600 IN MX 10 smtp1.example.com. <- global
> example.com. 3600 IN MX 20 smtp2.example.com.
> example.com. 3600 IN MX 30 smtp3.example.com.
> example.com. 3600 IN MX 40 smtp4.example.com.
>
> Is this type of configuration better handled via Sendmail, DNS, or a
> combination of both?

Faced with a similar problem, I would turn to Sendmail's mailertable
feature (leave your DNS config listing only smtp*.example.com MXes),
and put in something similar to the following (not tested):

example.com esmtp:[192.168.1.10]:example.com

If that doesn't produce the expected result, I would hard-code the
order, as follows:

example.com esmtp:[192.168.1.10]:[smtp1.example.com]:[smtp2.example.com]:[smtp3.example.com]:[smtp4.example.com]

I hope that helps ...

--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca

Network and Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------

On Tue, 7 Oct 2008 20:02:14 +0000 (UTC), Sylvain Robitaille <syl@alcor.concordia.ca> wrote:

>Douglas Mayne wrote:
>
>> I would like to have a local rule in effect that basically uses a
>> localized rule:
....
>I hope that helps ...

Which reminds me:

Does this log event series from sendmail indicate my setup is safe?

Oct 7 21:19:32 deltree sm-mta[6776]: m97AJUPT006776: 220-132-164-157.HINET-IP.hinet.net [220.132.164.157] did not issue MAIL/EXPN/VRFY/ETRN during connection to MTA
Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: ruleset=check_rcpt, arg1=<sanjinn001@yahoo.com.tw>, relay=220-132-164-157.HINET-IP.hinet.net [220.132.164.157], reject=550 5.7.1 <sanjinn001@yahoo.com.tw>... Relaying denied
Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: lost input channel from 220-132-164-157.HINET-IP.hinet.net [220.132.164.157] to MTA after data
Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: from=<wadglo@123-2-77-8.static.dsl.dodo.com.au>, size=0, class=0, nrcpts=0, proto=ESMTP, daemon=MTA, relay=220-132-164-157.HINET-IP.hinet.net [220.132.164.157]
^^^^^^^^^^^^^^--> same ref means
last three log records describe the one event? 'Cos then I'm okay with
the relaying denied response.

Thanks,
Grant.
--
http://bugsplatter.id.au/

Grant wrote:

> Does this log event series from sendmail indicate my setup is safe?

If "safe" is defined as "not relaying mail from 220.129.0.0/12 (in fact,
probably even only 220.132.0.0/16) that are destined to recipients in
yahoo.com.tw", then yes. However, your log extract does not provide
enough information to deduce any more than that about your Sendmail
configuration.

> ...
> Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: ...
> Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: ...
> Oct 7 21:19:34 deltree sm-mta[6793]: m97AJWvO006793: ...
> ^^^^^^^^^^^^^^--> same ref means
> last three log records describe the one event?

Yes: the same queue-id in the log lines means these lines refer to the
same SMTP transaction.

--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca

Network and Systems analyst / (ex)Postmaster Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------

On Wed, 8 Oct 2008 04:37:56 +0000 (UTC), Sylvain Robitaille <syl@alcor.concordia.ca> wrote:

>Grant wrote:
>
>> Does this log event series from sendmail indicate my setup is safe?
>
>If "safe" is defined as "not relaying mail from 220.129.0.0/12 (in fact,
>probably even only 220.132.0.0/16) that are destined to recipients in
>yahoo.com.tw", then yes. However, your log extract does not provide
>enough information to deduce any more than that about your Sendmail
>configuration.

Thanks, was wondering about the group of three looking like one event.

Apologies for thread-hijack :)

Google handles mail to my domain name while dodo is ISP delivery, rest
is localnet. Localnet also called mire.mine.nu inside but resolves to
public address outside (is wildcard name from dyndns). I have full
control over the bugsplatter.id.au name's A, CNAME and MX records if it
matters. Also other names at dyndns with gather.mine.nu set as their
MX, but I'm not sure where to hook that in, so it's in the too hard
basket for now.

These don't really matter, except it would be handy to know how it's
done. One use is so I can put up a web form with mail option, at the
moment the button prompt says "Be astonished if the button works" :)


Basically I don't really need incoming to sendmail but opened the port
because both googlemail and dodo send back a response when I send mail
from the slackware boxes.

What I want to do is be able to send scripted email from slack box (git
patchsets & stuff -- when I learn how to drive git without breaking the
repository :)

If the current is basically safe from relaying, then I can play with it
and perhaps discover the right settings...

Configuration is simple?

# cat access
google.com OK
mail-hub.dodo.com.au OK
localhost RELAY
127.0.0.1 RELAY
192.168.1 RELAY
192.168.2 RELAY

# cat virtusertable
@bugsplatter.id.au grant
@mire.mine.nu grant

domaintable, mailertable & trusted-users are empty

aliases is default plus a couple entries

and then I have some .mc changes:

root@deltree:/usr/share/sendmail/cf/cf# diff -u sendmail-slackware.mc.bkp sendmail-slackware.mc
--- sendmail-slackware.mc.bkp 2006-10-01 10:34:03.000000000 +1000
+++ sendmail-slackware.mc 2008-09-29 11:43:56.000000000 +1000
@@ -14,13 +14,16 @@
OSTYPE(`linux')dnl
dnl# These settings help protect against people verifying email addresses
dnl# at your site in order to send you email that you probably don't want:
-define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
+define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun,goaway')d nl
dnl# Uncomment the line below to send outgoing mail through an external server:
-dnl define(`SMART_HOST',`mailserver.example.com')
+define(`SMART_HOST',`smtp.dodo.com.au')
dnl# No timeout for ident:
define(`confTO_IDENT', `0')dnl
dnl# Enable the line below to use smrsh to restrict what sendmail can run:
dnl FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
+MASQUERADE_AS(`bugsplatter.id.au')dnl
+MASQUERADE_DOMAIN(`bugsplatter.mine.nu')dnl
+FEATURE(`masquerade_envelope')dnl
dnl# See the README in /usr/share/sendmail/cf for a ton of information on
dnl# how these options work:
FEATURE(`use_cw_file')dnl

Any pointers would help, the various example leave me a bit confused, but
less so than the last time I tried this couple or three years ago.

Thanks,
Grant.
--
http://bugsplatter.id.au/

Grant wrote:

> ... other names at dyndns with gather.mine.nu set as their MX, but I'm
> not sure where to hook that in, so it's in the too hard basket for
> now.

See cf/README for local-host-names and virtusertable.

> Any pointers would help, the various example leave me a bit confused,
> but less so than the last time I tried this couple or three years ago.

It's hard to give pointers; I'm not sure I understand properly what
you're trying to do, but if I got it, your virtusertable will work, and
now all you need is to tell Sendmail to accept mail for the external
domain as "local". Does that help?

--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca

Network and Systems analyst / (ex)Postmaster Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------

On Wed, 8 Oct 2008 14:48:02 +0000 (UTC), Sylvain Robitaille <syl@alcor.concordia.ca> wrote:

>Grant wrote:
>
>> ... other names at dyndns with gather.mine.nu set as their MX, but I'm
>> not sure where to hook that in, so it's in the too hard basket for
>> now.
>
>See cf/README for local-host-names and virtusertable.

Okay.
>
>> Any pointers would help, the various example leave me a bit confused,
>> but less so than the last time I tried this couple or three years ago.
>
>It's hard to give pointers; I'm not sure I understand properly what
>you're trying to do, but if I got it, your virtusertable will work, and
>now all you need is to tell Sendmail to accept mail for the external
>domain as "local". Does that help?

Sort of, it will become more clear in time. Main thing was not to have
some menace in the setup waiting to surprise me :)

Thanks,
Grant.
--
http://bugsplatter.id.au/

On Tue, 07 Oct 2008 20:02:14 +0000, Sylvain Robitaille wrote:

> Douglas Mayne wrote:
>
>> I would like to have a local rule in effect that basically uses a
>> localized rule:
>>
>> $ dig example.com MX
>>
>> example.com. 3600 IN MX 5 192.168.1.10. <- local override
>> example.com. 3600 IN MX 10 smtp1.example.com. <- global
>> example.com. 3600 IN MX 20 smtp2.example.com.
>> example.com. 3600 IN MX 30 smtp3.example.com.
>> example.com. 3600 IN MX 40 smtp4.example.com.
>>
>> Is this type of configuration better handled via Sendmail, DNS, or a
>> combination of both?
>
> Faced with a similar problem, I would turn to Sendmail's mailertable
> feature (leave your DNS config listing only smtp*.example.com MXes),
> and put in something similar to the following (not tested):
>
> example.com esmtp:[192.168.1.10]:example.com
>
> If that doesn't produce the expected result, I would hard-code the
> order, as follows:
>
> example.com esmtp:[192.168.1.10]:[smtp1.example.com]:[smtp2.example.com]:[smtp3.example.com]:[smtp4.example.com]
>
> I hope that helps ...
>
Thanks for the info. I haven't played around much with sendmail. I tested
the first variant of mailertable (above), and it does work at the machine
which has been modified; that machine redirects mail to the best target.
I also tried another test using sendmail's virtusertable. The problem with
that is the email address hits the good first hop, but its address is
re-written to be joe.user@subnet.example.com. That address does not exist;
it should be joe.user@example.com. And with either mailertable or
virtuserstable, I will need to modify all machines on the network.

I am also still thinking about a DNS hack of some sort because that could
fix all machines at once. It also has the potential to break them all,
too ;) One idea I had was to hijack the highest priority MX record, but
I am not quite sure how I'd implement that.

As a followup question, what type of DNS zone could be used to
insert/overwrite a host within example.com. I did some simple tests with
DNS, but haven't hit on the solution, yet. Also while thinking this over
it looks like a DNS hack may fix the mail problem, but potentially break
other things. For example, I would like DNS to work as intended (dynamic
updates, etc.), and without maintaining a local static hosts file. Any
hope of that, or should I call that a "dead end" route?

Thanks!

--
Douglas Mayne

Douglas Mayne wrote:

> ... with either mailertable or virtuserstable, I will need to modify
> all machines on the network.

Have all machines setup as a "dumb client", submitting messages to the
same (pair of) centralized smart-host(s), and have the smart-host(s)
configured with the mailertable example I suggested. You shouldn't need
an smtp daemon on all your client systems.

> I am also still thinking about a DNS hack of some sort because that
> could fix all machines at once.

Views, maybe? Are you authoritative for example.com?

> ... what type of DNS zone could be used to insert/overwrite a host
> within example.com.

I don't think you can (or should) do that if you're not authoritative
for example.com. If you *are* authoritative, you should be able to
manage it with different views for your local network than from the rest
of the world.

> ... I would like DNS to work as intended (dynamic updates, etc.), and
> without maintaining a local static hosts file. Any hope of that, or
> should I call that a "dead end" route?

Why are you putting anything other than the local system's entry in
your hosts file in the first place? Let DNS manage the hostname to IP
address map for you. That's what it's for.

--
----------------------------------------------------------------------
Sylvain Robitaille syl@alcor.concordia.ca

Network and Systems analyst Concordia University
Instructional & Information Technology Montreal, Quebec, Canada
----------------------------------------------------------------------