[milters] Archive

Lists Index Date Thread Search

Article: 1607
From: Anthony Howe
Date: 2007-06-04 10:36:16 -0400
Subject: Re: [milters]

Removal...........: milters-request@milter.info?subject=remove
More information..: http://www.milter.info/#Support
--------------------------------------------------------

Christian 'CBE' Benner wrote:
> (DNS Lookup and Domain are OK !) marked with x   and domain.tld to hide
> it :-)

That doesn't help diagnose the problem, because there might be something 
there that is the cause. Also it prevents me from testing the host manually.

> Jun  4 12:07:10 gateway milter-sender[2646]: 00002 l54A3DbJ003291: check
> MX list, length=1

Not wise practice to have only one MX for a domain.

> Jun  4 12:07:10 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> review MX 10 mail.domain.tld. [2xx.1xx.xxx.xxx]
> Jun  4 12:07:10 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> trying MX 10 'mail.benner.biz.' [2xx.1xx.xxx.xxx] for xxx

Never mind. You missed one.

achowe@puff$ dig +short mx benner.biz
10 mail.benner.biz.
achowe@puff$ dig +short a mail.benner.biz.
212.184.206.195

Testing by telnet from my server at home:

220 gateway.apd-hp.de ESMTP Sendmail 8.12.11/8.12.11; Mon, 4 Jun 2007 
15:58:10 +0200
quit
221 2.0.0 gateway.apd-hp.de closing connection

Answers OK, though it reports an old version of sendmail. We're up to 
sendmail 8.14.1. Version 8.12.11 as I recall is about 2 or 3 years old. 
Security fixes were supplied during 8.13.7 or .8 (not cause of the 
problem but noteworthy concern).

> <mailto:xxx@domain.tld>  <mailto:xxx@domain.> @domain.tld
> Jun  4 12:07:10 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> opening SMTP connection to 2xx.1xx.xxx.xxx
> Jun  4 12:07:10 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> 2xx.1xx.xxx.xxx connection failed code=421 rc=2

Machine gateway.apd-hp.de I am guessing is the same "gateway" machine 
running milter-sender reported in this log output.

Why are you calling back to yourself? What OS and version of 
milter-sender? Your milter-sender.cf would be useful (less comments).

My guess, make sure to set -MxCallBackThisHost (default), as this 
depends on the interface that the call-back originates/binds from and 
might be blocked in some fashion. Do you have multiple interfaces or IP 
aliases on this machine? It is also not efficient to call yourself back.

> Jun  4 12:07:40 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> retrying server

Normal 30 second delay before retry a single MX.

> Jun  4 12:07:40 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> trying MX 10 'mail.domain.tld.' [2xx.1xx.xxx.xxx] for xxx
> <mailto:xxx@domain.tld>  <mailto:xxx@domain.> @domain.tld
> Jun  4 12:07:40 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> opening SMTP connection to 2xx.1xx.xxx.xxx

> Jun  4 12:07:40 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> 2xx.1xx.xxx.xxx connection failed code=421 rc=2
> Jun  4 12:07:40 gateway milter-sender[2646]: 00002 l54A3DbJ003291: reply
> 450 4.7.1 MX 10 'mail.domain.tld.' [2xx.1xx.xxx.xxx] for xxx
> <mailto:xxx@domain.tld>  <mailto:xxx@domain.> @domain.tld not answering
> Jun  4 12:07:40 gateway milter-sender[2646]: 00002 l54A3DbJ003291:
> closing SMTP connection
> Jun  4 12:07:40 gateway milter-sender[2646]: 00002 l54A3DbJ003291: exit
> mxCallBack() rc=4

The result appears correct, so I can only speculate that the milter is 
calling itself back using a different interface that might be IP 
filtered or maybe some firewall rule that tries to filter spoofed IP 
addresses by disallowing from 212.184.206.195 to 212.184.206.195.

Simple test, sitting on 212.184.206.195 do telnet 212.184.206.195 25 and 
see if you can connect to yourself; if you cannot connect, then you have 
a IP filter issue IMO.

verbose=info,trace,dialog tends to be more useful than 
verbose=info,dns,socket-fd  especially if the server reports a different 
welcome banner that might help interpret the reason.

-- 
Anthony C Howe          Skype: SirWumpus                    SnertSoft
+33 6 11 89 73 78         ICQ: 7116561      Sendmail Milter Solutions
http://www.snert.com/                 
     http://www.snertsoft.com/

Lists Index Date Thread Search