Mailing List SIMS@mail.stalker.com Message #12468
From: Ernst Mulder <Ernst@GrafiSIS.nl>
Subject: Re: Router bug? Relaying user%domain@mydomain
Date: Wed, 05 Feb 2003 16:22:08 +0100
To: SIMS Discussions <SIMS@mail.stalker.com>
Hello,

Many thanks for all your comments.

Indeed I meant ORDB, not ORBS.

I put in the line

    <*@grafisis.nl> = *

because indeed the server's domain name is not grafisis.nl. I still do not
understand why this would rewrite "user%domain@grafisis.nl" to "user@domain"
and send it out again while the originating host is not in the "Client
Hosts' list.

Bill Cole <listbill@scconsult.com> writes:
> The machine listed in ORDB is 195.64.40.46, your secondary mail
> server, aka bougie. Your primary (pakking) IS NOT listed.

Both were listed, but I was able to clear the primary first. The primary
reason both of my servers were in the list was because I had added the
backup mail server to the "Client Hosts" list, I forgot to remove them after
moving to 1.8. After removing them I had ORDB perform new tests, and that's
when the other problems came to light.

Michael Croft <michael@whiterose.org> writes:
> Is this necessary?  As long as your server is identified in general
> settings as grafisis.nl, you shouldn't need this.  I think this will make
> user%domain@grafisis.nl = user%domain and make it considered valid.

In this case, maybe I did the wrong thing. But this server handles multiple
domains and according to the SIMS help pages
<http://www.stalker.com/SIMS/Router.html> I did the following:

    <*@2serve.nl> = 2serve-*

This is copied from one of the examples in the the help pages.

Now, when I perform a router test the following happens:

    Input:  marvin%marvin.ordb.org@2serve.nl
    Output: 2serve-marvin at SMTP(marvin.ordb.org) (safe)

And indeed when tested, a NON TRUSTED host's mail is sent back out,
rewritten however to "2serve-martin@marvin.ordb.org" so it can't be used to
relay spam, but still. It feels wrong to me.

Please teach me why this is correct behaviour. :-)

Michael Croft <michael@whiterose.org> writes:
> Also, what version of SIMS are you running?  To pass the relay testers you
> want a recent version of 1.8, like 1.8b9d14

1.8b9d14.

Technical Support <support@stalker.com> writes:
>> <*@grafisis.nl> = * ; For local delivery
>
> Note, that account-level routing records (like above) do have a side effect
> of 'blessing' the relay operation as safe. If the server name in SIMS
> General settings is not grafisis.nl (e.g. mail.grafisis.nl) then the router
> record
>
> grafisis.nl = mail.grafisis.nl

When I add the following line to the router:

    grafisis.nl = pakking.grafisis.nl ; The SIMS server name

it doesn't seem to make any difference. Mail is still routed to the domain
part directly after the % whether or not the sending host is in the "Client
Hosts" list.

So, if the account-level routing records have the side effect (is that a
wanted side effect?) of 'blessing' the relay operation as safe, then how do
I handle multiple domains?

Might quotes help, forcing local delivery? As in:

    <*@2serve.nl> = "2serve-*"

and

    <*@grafisis.nl> = "*"

Initial testing seems to suggest that it does.

    Input:  marvin%marvin.ordb.org@2serve.nl
    Output: LOCAL(2serve-marvin%marvin.ordb.org)

    Input:  marvin%marvin.ordb.org@grafisis.nl
    Output: LOCAL(marvin%marvin.ordb.org)

Bill Cole <listbill@scconsult.com> writes:
> As a solution, I suggest reconsidering whether you really have any
> use for that secondary mail exchanger. Being in the same /24 network,
> they are not going to see much difference in connectivity to the
> world at large, so unless there's some reason that pakking is
> routinely offline, you really don't gain much of anything from having
> bougie as a secondary and with SIMS, you end up having to decide
> between this small relay hole and the risk of TempBanning the
> secondary when you really need it.

They're not in the same /24 network, they are in different subnets, and even
in different parts of the country. I've fixed the relay-hole, it was (as you
suggested) a misconfiguration on my part, as said above. The past year
however I was glad to have a backup mail server. We had power outages,
cut-through lines, and even a paranoid provider that -to stop some kind of
virus- closed the standard SMTP ports of all of its clients (including our
/26 subnet) without warning them. Glad I had a backup in a different
subnet...

Ernst Mulder

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster