[milters] Archive

Lists Index Date Thread Search

Article: 277
From: Sergey Goryachev
Date: 2004-12-10 02:44:42 -0500
Subject: milter-sender: 'has no acceptable MX server' for my domain

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------


Sorry for my bad English.


FreeBSD 4.10-ST,
Sendmail 8.13.1,
milter-sender-0.62 installed from ports.

milter-sender[4925]: milter-sender/0.62.837
milter-sender[4925]: LibSnert/1.40.622
milter-sender[4925]: Sendmail libmilter Protocol version 2
milter-sender[4925]: Built with Berkeley DB


My network topology is:

<INET>------------+
           A.B.C.D|
                [NAT]
                  |
+---<CORP_NET>----+ 10.0.0.0/8
|
|
|  10.XX.0.2
+---[MyBOX]
      |
      |
----<LAN>--------  192.168.0.0/24
    192.168.0.111


My external IP is A.B.C.D, but MyBOX is behind the NAT box
in the CORP_NET (10.0.0.0/8) and it have extIP=10.XX.0.2.
NAT box doing translation A.B.C.D<=>10.XX.0.2

DNS-server is running on MyBOX and maintain only PrivateNetA
and PrivateNetC addresses. My external RRs in DNS are maintained
by headoffice's administrator.

External MX-records:
~% host -t mx myoffice.company.com ns.spb.su
Using domain server:
Name: ns.spb.su
Addresses: 193.124.83.69

myoffice.company.com mail is handled (pri=11) by pechkin.company.com
myoffice.company.com mail is handled (pri=10) by gamma.myoffice.company.com
~%

MX-records on my box:
~% host -t mx myoffice.company.com
myoffice.company.com mail is handled (pri=5) by relay.myoffice.company.com
~% host -t a relay.myoffice.company.com
relay.myoffice.company.com is a nickname for gamma.myoffice.company.com
gamma.myoffice.company.com has address 192.168.0.111
~%


I have some clients who connect to my server through the Internet.
They have mail addresses in my domain, i.e.
bzntorg@myoffice.company.com ,
krupina@myoffice.company.com ,
gazkplktsvc@myoffice.company.com ,
...
, etc.

I see in my logs starnge records:
~% grep 'has no acceptable MX server' /var/log/maillog | head -3
Dec  9 08:56:26 gamma sm-mta[24328]: iB95uKvv024328: Milter:
from=<bzntorg@myoffice.company.com>, reject=554 5.4.4
'myoffice.company.com' has no acceptable MX server
Dec  9 08:56:39 gamma sm-mta[24331]: iB95uXe5024331: Milter:
from=<bzntorg@myoffice.company.com>, reject=554 5.4.4
'myoffice.company.com' has no acceptable MX server
Dec  9 09:02:08 gamma sm-mta[24442]: iB9620hN024442: Milter:
from=<td_ram@myoffice.company.com>, reject=554 5.4.4
'myoffice.company.com' has no acceptable MX server
~%

and mail from this clients was rejected.


~% grep 'has no acceptable MX server' /var/log/maillog | \
? grep myoffice.company.com | wc -l
      124
~%




Then I'm RTFS milter-sender.c and find the next piece of code:

/*
 * Return SMFIS_CONTINUE if the list of all MX servers for a domain
 * are valid (ie. not in RFC 3330). Otherwise return SMFIS_REJECT.
 */
static sfsistat
mxIsRejected(workspace data)
{
        int i;
        DnsRecord mx;
        unsigned long mx_ip;

        for (i = 0; i < VectorLength(data->mxlist); i++) {
                mx = VectorGet(data->mxlist, i);
                mx_ip = ntohl(mx->ip.s_addr);

                /* TEST: RFC 3330 consolidates the list of special IPv4
addresses
                 * that cannot be used for public internet. We block those
that
                 * cannot possibly be used for MX addresses on the public
internet.
                 */
                if ((mxRejectTestNet.value && (mx_ip & 0xffffff00) ==
0xc0000200)   /* 192.0.2.0/24    test network   */
                ||  (mxRejectLinkLocal.value && (mx_ip & 0xffff0000) ==
0xa9fe0000) /* 169.254.0.0/16  link local     */
                ||  (mxRejectPrivateC.value && (mx_ip & 0xffff0000) ==
0xc0a80000)  /* 192.168.0.0/16  private use    */
                ||  (mxRejectBenchmark.value && (mx_ip & 0xfffe0000) ==
0xc6120000) /* 198.18.0.0/15   RFC 2544       */
                ||  (mxRejectPrivateB.value && (mx_ip & 0xfff00000) ==
0xac100000)  /* 172.16.0.0/12   private use    */
                ||  (mxRejectThisNet.value && (mx_ip & 0xff000000) ==
0x00000000)   /* 0.0.0.0/8       "this" network */
                ||  (mxRejectLoopback.value && (mx_ip & 0xff000000) ==
0x7f000000)  /* 127.0.0.0/8     loopback       */
                ||  (mxRejectPrivateA.value && (mx_ip & 0xff000000) ==
0x0a000000)  /* 10.0.0.0/8      private use    */
                ||  (mxRejectMulticast.value && (mx_ip & 0xf0000000) ==
0xe0000000) /* 224.0.0.0/4     RFC 3171       */
                ) {
                        VectorRemove(data->mxlist, i--);
                        continue;
                }
...
...
...
...

        if (VectorLength(data->mxlist) <= 0)
                return setReply(data, 554, "5.4.4", "'%s' has no acceptable
MX server", data->work.mail->domain.string);

        return SMFIS_CONTINUE;
}



But *I set* MxRejectPrivateC=0 and MxRejectPrivateA=0!

~% grep ^Mx /etc/mail/milter-sender.cf
MxAcceptsAllAction=5
MxCallAhead=0
MxCallBackConnect=1
MxCallBackIpBlocked=0
MxCallBackMaxAttempts=3
MxRejectBenchmark=1
MxRejectLinkLocal=1
MxRejectLoopback=1
MxRejectMulticast=1
MxRejectPrivateA=0
^^^^^^^^^^^^^^^^^^
MxRejectPrivateB=1
MxRejectPrivateC=0
^^^^^^^^^^^^^^^^^^
MxRejectTestNet=1
MxRejectThisNet=1
~%

What's wrong? Maybe milter-sender don't read /etc/mail/milter-sender.cf?
Can I do smth with this 'strange' behaviour of milter-sender? Possible my
own box tuning needed?


PS: I hope, I have clearly explained? ;)

--
Cheers, Sergey


Lists Index Date Thread Search