bbs.hsiao.net 交流論壇

A space to build your networks 一片讓您建立您人脈的天地
http://bbs.hsiao.net/

Sendmail & /etc/nsswitch.conf

http://bbs.hsiao.net/viewtopic.php?t=108

Page 1 of 1

Sendmail & /etc/nsswitch.conf

Posted: Fri Oct 31, 2008 4:25 pm
by cah
I was trying to configure the sendmail in a Non-Global Zone (NGZ) but it kept complaining about the Unknow Host.

The relay server for external recipients were wrong and therefore email messages did not get sent.

After troubleshooting for a long time, I realized that I did not have "dns" for hosts: in /etc/nsswitch.conf.
Sendmail tried to resolve (or find) the right relay server and failed, of course.

After adding "dns" for hosts: in /etc/nsswitch.conf, the new sendmail is able to send and receive email messages to and from external mail servers such as Yahoo and Gmail.

Code: Select all

hosts:      files dns
With one exception.
I am unable to send email from geminitwins.net to hsiao.net.
Mail log shows:

Code: Select all

Oct 31 16:25:12 geminitwins.net sendmail[11163]: [ID 801593 mail.info] m9VN2d1K011150: to=<cah@hsiao.net>, ctladdr=<cah@geminitwins.net> (1001/4), delay=00:22:33, xdelay=00:04:00, mailer=esmtp, pri=120343, relay=ms3.hsiao.net. [99.1.11.225], dsn=4.0.0, stat=Deferred: Connection timed out with ms3.hsiao.net.
This is consistent with name server setting.
I was unable to transfer hsiao.net zone to geminitwins.net by the public IP.
However, I was able to transfer the zone via private IP (1.0.0.xxx).

Code: Select all

zone "hsiao.net"{
        type slave;
        file "s/db.hsiao.net";
        masters { 1.0.0.238; };
};
Traceroute shows a similar result.
It reached hsiao.net's public IP at the first hop but it went out again to the neverland.

Adding 1.0.0.238 in /etc/hosts would make tracroute work in one hop.
However, sendmail still can not reach hsiao.net from geminitwins.net.

My guess is this is caused by the problem-prone 2wire gateway router.
It can not route properly and therefore causes numerous network routing problems.

Re: Sendmail & /etc/nsswitch.conf, /etc/resolv.conf & /etc/hosts

Posted: Tue Feb 10, 2009 7:49 pm
by cah
I was configuring badmintonequipments.com this morning.

Since cph_zone is a copy from geminitwins.net's testzone, "dns" is missing from /etc/nsswitch.conf file too.

I got:

Code: Select all

Feb 10 09:58:40 cph_zone sendmail[3970]: [ID 801593 mail.info] n1AHweDp003970: to=<chang_ping@yahoo.com>,<chang_an@yahoo.com>, ctladdr=<cah@badmintonequipments.com> (1001/4), delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=60374, relay=yahoo.com, dsn=5.1.2, stat=Host unknown (Name server: yahoo.com: host not found)
and I realized I didn't have "dns" in place and also /etc/resolv.conf was empty.

After adding "dns" to /etc/nsswitch.conf and creating /etc/resolv.conf, I still got many entries like following when legitimate internet users try to send email to me:

Code: Select all

Feb 10 09:59:35 cph_zone sendmail[3976]: [ID 801593 mail.notice] n1AHxZcY003976: ruleset=check_mail, arg1=<chang_an@yahoo.com>, relay=[206.190.38.78], reject=553 5.1.8 <chang_an@yahoo.com>... Domain of sender address chang_an@yahoo.com does not exist
Feb 10 11:14:33 cph_zone sendmail[5313]: [ID 801593 mail.notice] n1AJEX9d005313: ruleset=check_mail, arg1=<chang-an.hsiao@medtronic.com>, relay=mail96.messagelabs.com [216.82.254.19], reject=553 5.1.8 <chang-an.hsiao@medtronic.com>... Domain of sender address chang-an.hsiao@medtronic.com does not exist
I couldn't find clues from internet.
I then referred to geminitwins.net's configurations trying to find any differences between the two.
Then, I realized the loghost for cph_zone has "cph_zone" in front of badmintonequipments.com in /etc/hosts file.
I tried to remove "cph_zone" from /etc/hosts and restart cph_zone.
Guess what?
It worked!!!
I would never get it resolved from the syslog entry like above.
They are totally unrelated.
I am glad it finally works.
I am also puzzled by the way I made it work.
Without noting all the changes I made today, there's no way for me to memorize how I made it work.
This would be a very helpful reference.

Adding 1.0.0.238 in /etc/hosts would make tracroute work in one hop.
However, sendmail still can not reach hsiao.net from badmintonequipments.com or geminitwins.net.

On the contrary, geminitwins.net and badmintonequipments.com can exchange email just fine.

BTW, I was able to get named to sync among all 3 zones (hsiao.net, geminitwins.net & badmintonequipments.com). There are a master and 2 slave records on each name server.

DNS trick to get sendmail to send to hsiao.net from NGZs

Posted: Thu Feb 26, 2009 6:13 pm
by cah
The problem of sendmail reaching hsiao.net from NGZs is because the routing issue.
NGZs can not reach hsiao.net, for it is using a non-routable IP (even with a gateway router in front of it).

Since NGZs are residing on the same physical server, it causes the confusion between real and private IPs.

I know NGZs can reach the non-routable IP (1.0.0.xxx) but not the real IP.
The DNS of hsiao.net has the real IPs in them.
Both geminitwins.net and badmintonequipments.com have a slave hsiao.net DNS record from hsiao.net via the non-routable IP.

Today, I changed the setting.
Instead of having a slave name server from hsiao.net, I created a master name server of hsiao.net in both geminitwins.net and badmintonequipments.com. In the name server, I made the mail server's IP to be the non-routable IP (1.0.0.xxx) instead of the real IP that internet users reach.

By doing do, sendmail of geminitwins.net and badmintonequipments.com picks the non-routable IP (1.0.0.xxx) from their DNS and sends email to this non-routable IP.

And, it worked!!!

hsiao.net to geminitwins.net and badmintonequipments.com has always been working.
The problem was from geminitwins.net and badmintonequipments.com to hsiao.net due to the routing problem.
This part of problem was resolved.

However, for some unknown reasons, internet name servers picked up the non-routable IPs from either geminitwins.net or badmintonequipments.com's name server (or both) and some of the FQDNs became having the non-routable IPs and I could not reach some of my web sites (ex. bbs.hsiao.net).

Checking whois record, hsiao.net has 3 name servers (ns1.hsiao.net, ns3.hsiao.net & ns5.hsiao.net) and they all have the real hsiao.net's IP. There should be no reason that internet name servers picked up hsiao.net from either geminitwins.net or badmintonequipments.com.

This is yet another mystery I need to solve.....
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited