Dave Sill <de5@sws5.ornl.gov> writes:
> Scott Gifford <sgifford@suspectclass.com> wrote:
[...]
>>You really don't want the circumstances that make it work, though; if
>>qmail-remote is willing to deliver to itself, you can get mail loops
>>if somebody sends mail to a domain that is pointed to your IP address
>>but your mail server doesn't recognize as local.
>
> But qmail-send makes that determination, not qmail-remote.
Right, that's why it's a problem if they disagree. Let's say I add to
my domain:
mess-with-dave.suspectclass.com IN A 160.91.218.105
then send mail to "dos@mess-with-dave.suspectclass.com". qmail-send
doesn't recognize the domain as local, so it decides to send it to
qmail-remote. If qmail-remote decides decides that the domain is
local, it will bounce the message immediately, no big deal. But if
qmail-send doesn't recognize it as local, it will send it right back
to you via SMTP, creating a mail loop. It will be bounced eventually
(after 30 times), but you can imagine how much load a few thousand of
these messages can generate.
>>Something that can handle both local and remote mail, like
>>qmail-inject, is really what you want to use here. Is there a reason
>>you don't want to?
>
> No, not at all. Like I said, I'm using Russ Allbery's
> multilog-watch--for almost five years now. I don't know why Russ used
> qmail-remote. I also don't know why it worked fine on two systems for
> years and broke recently on both due to some change I haven't been
> able to track down. I've got a workaround so it's just a puzzle at
> this point.
Yeah, that is quite strange. Probably something changed in the
network or the DNS, but it's very hard to look backwards and see what
changed. If you have a system where it's still working, it would be
easier to figure out why it's working there than why it's not working
here.
-----Scott.
|