On Tuesday, June 5 at 12:57 PM, quoth Dave Sill:
You really don't want the circumstances that make it work, though;
if qmail-remote is willing to deliver to itself, you can get mail
loops if somebody sends mail to a domain that is pointed to your IP
address but your mail server doesn't recognize as local.
But qmail-send makes that determination, not qmail-remote.
Right. For example:
1. I send you a message to doesnotexist@sws5.ornl.gov
2. The return address is foo@fooldave.memoryhole.net
3. Now, let's just say fooldave.memoryhole.net resolves to
160.91.218.105 (and has no MX record).
Since doesnotexist@sws5.ornl.gov is at your domain, qmail-smtpd will
accept it into your queue. The recipient doesn't exist, so qmail-send
will queue a bounce message to foo@fooldave.memoryhole.net. Since
fooldave.memoryhole.net is certainly *not* in your control/locals,
qmail-send determines that the address is remote. It feeds that to
qmail-remote, which then (assuming it didn't check) contacts YOUR
server to send the bounce. Now, let's just say you've added a line
like this to your /etc/tcp.smtp file:
160.91.216-219.:allow,RELAYCLIENT=""
So your qmail-smtpd is going to accept *anything* from within your
network, which means it's going to accept whatever your qmail-remote
feeds to it (since it's sending from an IP within your network). Which
means that the bounce message is going to go right back into your
queue, and is going to be fed to qmail-remote again (because
foo@fooldave.memoryhole.net still isn't in control/locals), and round
and round it goes.
I don't know why Russ used qmail-remote.
According to his web-page:
The e-mail is sent using qmail-remote directly, which requires
qmail to be installed on the system but which allows mail to be
sent even if the local mail system is down.
It really only helps if the local qmail-send isn't *running*; there
are plenty of circumstances where using qmail-remote directly doesn't
*help* (e.g. if smtproutes is borked). So... that may not be the best
reasoning in the world, but it certainly is *simple*.
Since that's his reasoning, it's fairly obvious that he only intends
you to be delivering to non-local addresses (delivering to a local
address doesn't work if the local mail system is down, unless you use
qmail-local directly, which would require him to reimplement support
for virtualdomains, users/assign, and all the other things that
qmail-local doesn't do itself (and presumes that the local configs are
set up correctly)).
I also don't know why it worked fine on two systems for years and
broke recently on both due to some change I haven't been able to
track down. I've got a workaround so it's just a puzzle at this
point.
Indeed; though as he said, any circumstance where using qmail-remote
to deliver to a local address *works* is technically broken, which may
make it hard to track down (i.e. "how did my machine used to be
misbehaving without my knowledge?").
~Kyle
--
Despite my 30 years of research into the feminine soul, I have not yet
been able to answer the great question that has never been answered:
What does a woman want?
-- Sigmund Freud
pgpAPmoA9KQ6i.pgp
Description: PGP signature
|