[Raw Msg Headers][Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

SMTP policy problems



I am in the process of updating my mail server.  Rather than affect the
production
machine, I have been building a new machine from scratch (x86, OpenBSD
2.6 -- the
old machine is running OpenBSD 2.5).

The old machine is running zmailer-from-cvs, 31 Dec 99.  The new one is
zmailer-
from-cvs, 24 Mar 99.  Both the old and new machines sit on
192.168.50.0/24.

The problem is that, despite what I believe to be a correct policy
configuration,
the new zmailer will not accept inbound email:

	arisia# telnet arisia smtp
	Trying 192.168.50.3...
	Connected to arisia.gno.org.
	Escape character is '^]'.
	220 arisia.gno.org ESMTP (NO UCE)(NO UBE) our local time is now Sat, 25
Mar 2000 08:49:57 -0700
	helo arisia.gno.org
	250 arisia.gno.org Hello arisia.gno.org
	mail from:<gdr@arisia.gno.org>
	553 5.4.3 For MAIL FROM address <gdr@arisia.gno.org> the policy
analysis reports DNS error with your source domain.

The same behavior is seen from another machine (eddore) on the local
network.

I know that problems can arise when files are copied from one zmailer
version
to another, so the new machine was installed from scratch, then the
following 
config files edited:
	smtpserver.conf ('PARAM help' changed and 'some.user.domain' line
commented)
	db/aliases	(identical to old server)
	db/localnames		(see end of this email)
	db/smtppolicy.relay	(see end of this email)
	db/smtppolicy.src	(see end of this email)

One difference between the two machines is that the new one is not yet
listed
as an MX host in the DNS, but I don't think that should matter given the
smtppolicy.relay file.

At first I thought that this might just be a problem with the current
CVS version,
so I wiped the install and reverted to zmailer 2.99.52p1, but the
behavior was
still broken.

What puzzles me is that there seems to be no real differences in
configuration
between the old machine and the new one, yet the new one rejects email. 
I see
that the way the RBL is handled changed in that time period, but as far
as I
can tell, I've got it turned off (and it should be irrelevent, anyway).

Any assistance would be appreciated.

-- Devin
=========================================

Stripped of comments, the following is my smtp-policy.src file:

    .                   relaycustomer - relaytarget -
    [0.0.0.0]/0         relaycustomer - relaytarget -
    
    _RBL0           
    _RBL1           
    
    _private_address    message "We reject your network" rejectnet +
message "We don't accept email from this source address" rejectsource +
relaycustomer - relaytarget -
    [172.16.0.0]/12         = _private_address
    [192.168.0.0]/16        = _private_address
    [10.0.0.0]/8            = _private_address
    
    [192.168.50.0]/24   rejectnet - = _private_address
    
    _our_network        = _full_rights
    
    _full_rights        rejectnet - relaycustnet + relaytarget
+               = _RBL1
    _localnames rejectnet - relaycustnet - localdomain + relaytarget + =
_RBL1
    _relaytarget        relaytarget
+                                          = _RBL1
    
    _bulk_mail  message "Your domain is not liked source for email"
rejectsource + message "Your IP address is not liked source for email"
rejectnet + message "This is not accepted relay target" relaytarget -
    
The smtp-policy.relay file:

    [192.168.50.0]/24

localnames:

    arisia                              arisia.gno.org
    arisia.gno.org                      arisia.gno.org
    eddore                              arisia.gno.org
    eddore.gno.org                      arisia.gno.org
    localhost                           arisia.gno.org
    [other names snipped for brevity]

And /etc/mail.conf:

    orgdomain=gno.org
    hostname=arisia.$orgdomain
    mydomain=arisia.gno.org

The /etc/zmailer.conf file was unmodified from the install.
-- 
His troops only follow him out of a sense of curiosity.