[milters] Archive

Lists Index Date Thread Search

Article: 1374
From: Jeff Gamberutti
Date: 2006-12-15 12:04:09 -0500
Subject: milter-sender issues on a multi-homed sendmail gateway

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

I have a FC4 box with eth0 pointing to the internet and eth1 pointing to our
internal LAN.  Iptables is setup to block all inbound traffic except for
SMTP.  I'm running a caching DNS server as well.
 
Everything works perfectly from a networking standpoint as long as
milter-sender is not enabled in the sendmail.cf file.  However, once
enabled, callbacks timeout.  I've noticed through running tcpdump, that
milter-sender is attempting to callback the senders mx server using my
internal IP address on eth0 (the internet interface) which obviously won't
work since it's a fictitious address.  If I set the interface-ip= and/or
interface-name= parameters to my internet interface (eth0), call backs work
perfectly.  However, call ahead's to my internal mail hub fail for the same
reason as before, where tcpdump now shows a call to my internal mail server
using the LAN interface however with a source address equal to my wan ip,
which again it won't find.
 
I've tried disabling the firewall altogether (makes me nervous), pointing
/etc/resolv.conf to a real DNS server, swapping the interfaces, as well as
trying various different combinations of settings between PublicIp=,
PublicName=, interface-ip= and interface-name=, mailertable entries (with
and without []'s), MxCallAheadDb= with various entries (with and without
[]'s), MxCallAheadHost= (set and not set) all with the same results one way
or another.  I have confLOG_LEVEL turned all the way up as well as
verbose=all in milter-sender.cf.  The DNS queries are all resolving
properly, it's the SMTP queries which are having the issues.
 
In a nutshell, everything is working perfectly from a networking standpoint
except that milter-sender is only using one IP address (inside or outside)
only when attempting to call back or call ahead.  Depending on which IP it
uses, one side works while the other side doesn't.
 
Where did I go wrong??  I've looked through the list and haven't seen
anything regarding this so pardon me if this has been brought up before.
 
Regards to all,
 
Jeff


Lists Index Date Thread Search