Post #89,005
3/18/03 2:26:58 AM
|
Debian + Exim woe:
Okay, I'm missing the tree because of the forest, here, but I can't seem to get exim working exactly right.
Actually, exim seems to be doing fine. I can telnet on port 25 to it from my local subnet, and send mail to local recipients. I'm running courier-pop3 in Maildirs, and I can pick up mail via pop3 on the local subnet from that same server. Connections from my company's email server at amor.org are acceptable, according to "exim -bh 63.200.221.34"
But they don't work (connections from outside my subnet); for example, mail from work. When I telnet on 25 from the outside, the connection "connects" (according to telnet), but I don't see any of the headers for the Exim conversation, and SMTP commands don't seem to have any effect (yes, I checked local echo)--just a blank telnet window.
The only thing between the two is my Netopia R9100 here at home, which hasn't been touched at all throughout the move from a working qmail on RH to exim on Debian (woody/testing). AFAICT, I'm not using iptables or netfilter. All other access, incoming and outgoing, works fine--my [link|http://www.aminus.net|web page] on the same box works fine. inetd.conf was running exim -bs style, but I commented that out.
What am I missing?
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
Post #89,438
3/19/03 12:27:29 PM
|
More info...
Well, it seems that to most of the world, my box is up and running and looks fine. But my Exchange 2000 server at work still won't talk to it..getting messages in the exim log to the effect of "SMTP command timeout"...meaning Exchange isn't getting a timely response, and so isn't sending any commands, even though the TCP connection is OK.
When I telnet:25 from work, I can pretty typically produce the following scenario (my typing is in bold):
ehlo amor.org
mail from: fumanchu@amor.org
rcpt to: fumanchu@aminus.net
data
subject: another test
from: fumanchu@amor.org
te220 mp5.aminus.net ESMTP Exim 3.36 #1 Wed, 19 Mar 2003 09:16:37 -0800
s250-mp5.aminus.net Hello amor.org [63.200.221.34]
250-SIZE
250-PIPELINING
250 HELP
250 <fumanchu@amor.org> is syntactically correct
250 <fumanchu@aminus.net> verified
354 Enter message, ending with "." on a line by itself
t78
.
250 OK id=18vhB7-0001Bc-00
quit
So...exim is waiting...the only thing I can guess at is that it is doing some sort of DNS lookup on my sending IP, but failing, even though exchange2.amor.org [63.200.221.34] is the lowest-cost MX for amor.org. I *believed* I had turned that off, but I must have missed something. I'll post my exim.conf if anyone wants to see it.
Anyway, the only reason I bring it up here instead of some exim mail list is that I'm not convinced the problem is with exim. My first thoughts were ipchains/netfilter (but my kernel's not set up for that), and then tcpd (i.e. hosts.allow/deny, but I'm not using inetd to start exim). So my question is, is there another layer somewhere that could be filtering this traffic on my box that I don't know about?
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
Post #89,784
3/20/03 1:13:14 PM
|
Interim answer
My Exchange server here at work is behind a PIX, and then a Nexland DSL router with firewalling capabilities. At first I thought the PIX "fixup smtp" might be damaging the conversation somehow, but of course I turned that off long ago (and it shouldn't affect outbound anyway).
Answer: The Nexland has a setting:
Allow IDENT Port []Enable []Disable Note: Makes port 113 seem closed, not stealth
Setting this to 'Enable' fixed the problem.
I still need to find out now how to get Exim to not care whether this is set or not, because I'm sure I'm not the only one who has had this set, and I'd rather not miss anyone else's valid mail.
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
Post #90,227
3/21/03 11:38:56 PM
|
Final answer
There's a setting for your exim.conf file to fix this for all hosts:
rfc1413_query_timeout = 0s
"0s" turns identd probing off completely. I know because I had to make a mad dash just now to get Papa John's email server to actually speak to me. :)
Mmmmm. Italian sausage....
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
Post #90,237
3/21/03 11:44:58 PM
|
Schweet...
You rock!
b4k4^2
| [link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT | | [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!] [link|http://pascal.rockford.com:8888/SSK@kQMsmc74S0Tw3KHQiRQmDem0gAIPAgM/edcurry/1//|ED'S GHOST SPEAKS!] | | [link|http://www.eweek.com/article2/0,3959,857673,00.asp|Writing on wall, Microsoft to develop apps for Linux by 2004] | Heimatland Geheime Staatspolizei reminds:
These [link|http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf|Civilian General Orders], please memorize them.
"Questions" will be asked at safety checkpoints. |
|
Post #89,445
3/19/03 12:40:31 PM
|
Related question on DNS
The IP of my mail server resolves to adsl-63-200-221-34.dsl.sndg02.pacbell.net on most reverse DNS lookups (PacBell DSL). How do I get that to resolve to exchange2.amor.org, which is what my hosting provider lists on their nameservers? Or do I need to run my own DNS server from this subnet to solve this?
;; ANSWER SECTION:
amorhq.net.\t\t259200\tIN\tA\t63.200.221.34
Sorry to be such a newbie pest. I'd just rather not become fluent in the depths of DNS to solve what seems to me like a quick fixer. Hoping one of you has that quick fix handy.
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
Post #89,454
3/19/03 1:05:25 PM
|
Put an entry in /etc/hosts
Put an entry in /etc/hosts in the machine that is doing the lookup. It check /etc/hosts first.
Sorta like we did for the Slow DNS goings on... here
b4k4^2
| [link|mailto:curley95@attbi.com|greg] - Grand-Master Artist in IT | | [link|http://www.iwethey.org/ed_curry/|REMEMBER ED CURRY!] [link|http://pascal.rockford.com:8888/SSK@kQMsmc74S0Tw3KHQiRQmDem0gAIPAgM/edcurry/1//|ED'S GHOST SPEAKS!] | | [link|http://www.eweek.com/article2/0,3959,857673,00.asp|Writing on wall, Microsoft to develop apps for Linux by 2004] | Heimatland Geheime Staatspolizei reminds:
These [link|http://www.whitehouse.gov/pcipb/cyberspace_strategy.pdf|Civilian General Orders], please memorize them.
"Questions" will be asked at safety checkpoints. |
|
Post #89,471
3/19/03 1:50:42 PM
|
Yes, that should work for this instance. Thanks.
Looking for a generic solution, still, however, since I know we're not the only "valid" mailer out there with similar configs. :(
Many fears are born of stupidity and ignorance -
Which you should be feeding with rumour and generalisation.
BOfH, 2002 "Episode" 10
|
