Sendmail is not respecting my DNS MX record

Sendmail is not respecting my DNS MX record

am 12.10.2007 01:06:15 von leoh

First, let me introduce my test environment

Servers
-----------
==> server1: 192.168.18.3
Debian running bind. Authority for domain "dominio1".
Has a local user called leoh

==> server2: 192.168.18.4
Fedora also running bind. Authorit for domain "dominio2".


DNS OK - Proving that server2 can see who is the mailserver for
dominio1.com
----------------------------------------
server2# nslookup
> server 192.168.18.4
Default server: 192.168.18.4
Address: 192.168.18.4#53
> set type=mx
> dominio1.com
Server: 192.168.18.4
Address: 192.168.18.4#53

dominio1.com mail exchanger = 0 mailserver.dominio1.com.

server2# nslookup mailserver.dominio1.com
Server: 192.168.18.4
Address: 192.168.18.4#53

Name: mailserver.dominio1.com
Address: 192.168.18.3


Sending Mail from server2 to server1
----------------------------------------------------

server2# sendmail leoh@dominio1.com
test
..

Checking server2 maillog
------------------------------------

Oct 11 19:43:10 localhost sendmail[18273]: l9BNh3vc018273: from=root,
size=6, class=0, nrcpts=1,
msgid=<200710112343.l9BNh3vc018273@localhost.localdomain>,
relay=root@localhost

Oct 11 19:43:10 localhost sendmail[18274]: l9BNhAMQ018274:
from=, size=304, class=0, nrcpts=1,
msgid=<200710112343.l9BNh3vc018273@localhost.localdomain>,
proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]

Oct 11 19:43:10 localhost sendmail[18273]: l9BNh3vc018273:
to=leoh@dominio1.com, ctladdr=root (0/0), delay=00:00:07,
xdelay=00:00:00, mailer=relay, pri=30006, relay=[127.0.0.1]
[127.0.0.1], dsn=2.0.0, stat=Sent (l9BNhAMQ018274 Message accepted for
delivery)

Oct 11 19:43:13 localhost sendmail[18276]: l9BNhAMQ018274:
to=, ctladdr= (0/0),
delay=00:00:03, xdelay=00:00:03, mailer=esmtp, pri=120304,
relay=smtp.secureserver.net. [64.202.166.12], dsn=2.0.0, stat=Sent (ok
1192142586 qp 16757 by pre-smtp20-01.prod.mesa1.secureserver.net)


The Problem
--------------------
server2 is sending email to smtp.secureserver.net (which is
responsible for the dominio1.com in the "real world")


The Question
----------------------
Since my local DNS at server2 knows that server1 is responsible for
dominio1.com. Why is it sending email to the destination out of my
local network?

Re: Sendmail is not respecting my DNS MX record

am 12.10.2007 08:16:18 von per

In article <1192143975.948600.297580@z24g2000prh.googlegroups.com> leoh
writes:
>
>DNS OK - Proving that server2 can see who is the mailserver for
>dominio1.com
>----------------------------------------
>server2# nslookup
>> server 192.168.18.4
>Default server: 192.168.18.4
>Address: 192.168.18.4#53
>> set type=mx
>> dominio1.com
>Server: 192.168.18.4
>Address: 192.168.18.4#53
>
>dominio1.com mail exchanger = 0 mailserver.dominio1.com.

Well, you're only showing that the DNS server running on server2
believes that mailserver.dominio1.com is the MX. This may be totally
irrelevant for applications running on server2, since they will query
the name server(s) specified in /etc/resolv.conf - which nslookup would
have used by default if you had let it, which leads to the suspicion
that your data is bordering on intentionally misleading - or why did you
tell nslookup which server to use?

>Since my local DNS at server2 knows that server1 is responsible for
>dominio1.com. Why is it sending email to the destination out of my
>local network?

See above - sendmail, or rather the resolver functions of your OS, will
of course obey /etc/resolv.conf. Furthermore, even if your current
resolv.conf has the proper content, the resolver functions will cache it
(for the lifetime of the calling process). I.e. if you change the
contents of /etc/resolv.conf, it is necessary to restart long-running
daemons such as sendmail to have it take effect.

--Per Hedeland
per@hedeland.org

Re: Sendmail is not respecting my DNS MX record

am 15.10.2007 15:56:27 von leoh

My resolv.conf at server2 uses the local DNS.

-------------- resolv.conf at server2 ---------------
search dominio3.com dominio1.com dominio2.com localdomain
nameserver 192.168.18.4
---------end-------

I am still confused.
nslookup must resolv "dominio1.com" ?

---------begin------
server2# nslookup dominio1.com
Server: 192.168.18.4
Address: 192.168.18.4#53

*** Can't find dominio1.com: No answer
---------end-------

Ok sendmail, let me be more specific. I will send an email to
leoh@mailserver.dominio1.com. Do you know him? I guess so... se below.

---------begin------
server2#nslookup mailserver.dominio1.com
Server: 192.168.18.4
Address: 192.168.18.4#53

Name: mailserver.dominio1.com
Address: 192.168.18.3
---------end-------

But,

---------begin------
server2# sendmail leoh@mailserver.dominio1.com
teste 99
..
server2# tail -f /var/log/maillog
Oct 15 10:54:46 localhost sendmail[28893]: l9FEskoZ028891:
to=,
ctladdr= (0/0), delay=00:00:00,
xdelay=00:00:00, mailer=esmtp, pri=120318,
relay=mailserver.dominio1.com, dsn=5.1.2, stat=Host unknown (Name
server: mailserver.dominio1.com: host not found)
---------end-------

What the hell... :)

On Oct 12, 4:16 am, p...@hedeland.org (Per Hedeland) wrote:
> In article <1192143975.948600.297...@z24g2000prh.googlegroups.com>leoh
>
> writes:
>
> >DNS OK - Proving that server2 can see who is the mailserver for
> >dominio1.com
> >----------------------------------------
> >server2# nslookup
> >> server 192.168.18.4
> >Default server: 192.168.18.4
> >Address: 192.168.18.4#53
> >> set type=mx
> >> dominio1.com
> >Server: 192.168.18.4
> >Address: 192.168.18.4#53
>
> >dominio1.com mail exchanger = 0 mailserver.dominio1.com.
>
> Well, you're only showing that the DNS server running on server2
> believes that mailserver.dominio1.com is the MX. This may be totally
> irrelevant for applications running on server2, since they will query
> the name server(s) specified in /etc/resolv.conf - which nslookup would
> have used by default if you had let it, which leads to the suspicion
> that your data is bordering on intentionally misleading - or why did you
> tell nslookup which server to use?
>
> >Since my local DNS at server2 knows that server1 is responsible for
> >dominio1.com. Why is it sending email to the destination out of my
> >local network?
>
> See above - sendmail, or rather the resolver functions of your OS, will
> of course obey /etc/resolv.conf. Furthermore, even if your current
> resolv.conf has the proper content, the resolver functions will cache it
> (for the lifetime of the calling process). I.e. if you change the
> contents of /etc/resolv.conf, it is necessary to restart long-running
> daemons such as sendmail to have it take effect.
>
> --Per Hedeland
> p...@hedeland.org

Re: Sendmail is not respecting my DNS MX record

am 15.10.2007 19:27:54 von per

In article <1192456587.796459.180090@v29g2000prd.googlegroups.com> leoh
writes:

>My resolv.conf at server2 uses the local DNS.

Please don't top-post.

>I am still confused.
>nslookup must resolv "dominio1.com" ?
>
>---------begin------
>server2# nslookup dominio1.com
>Server: 192.168.18.4
>Address: 192.168.18.4#53
>
>*** Can't find dominio1.com: No answer
>---------end-------

Now you're asking for the A record, not MX. But nslookup is not a good
tool for debugging DNS problems anyway, use 'dig' instead.

>Oct 15 10:54:46 localhost sendmail[28893]: l9FEskoZ028891:
>to=,
>ctladdr= (0/0), delay=00:00:00,
>xdelay=00:00:00, mailer=esmtp, pri=120318,
>relay=mailserver.dominio1.com, dsn=5.1.2, stat=Host unknown (Name
>server: mailserver.dominio1.com: host not found)
>---------end-------
>
>What the hell... :)

Did you read this part of my earlier response:

>> See above - sendmail, or rather the resolver functions of your OS, will
>> of course obey /etc/resolv.conf. Furthermore, even if your current
>> resolv.conf has the proper content, the resolver functions will cache it
>> (for the lifetime of the calling process). I.e. if you change the
>> contents of /etc/resolv.conf, it is necessary to restart long-running
>> daemons such as sendmail to have it take effect.

? Your result is consistent with the daemon querying external name
servers.

--Per Hedeland
per@hedeland.org

Re: Sendmail is not respecting my DNS MX record

am 15.10.2007 21:42:59 von leoh

You must be right Per Hedeland, concerning the external resolver.

Now its working.

I did lots of changes and tried to rollback them to see what exactly
solved this problem. No success so far. Everything is like before and
it keeps on working smoothly.
Problably DNS is caching information about dominio1.com

Some of the changes I did.

1 - changed db.dominio1.com on /var/named fo server
before: MX 0 mailserver.dominio1.com
after: dominio1.com. MX 0 mailserver.dominio1.com

2 - Changed sendmail.cf to force it using my real domain

define(`confDOMAIN_NAME', `dominio1.com')dnl which creates the entry
Djdominio1.com in sendmail.cf
LOCAL_DOMAIN(`dominio1.com')dnl --> which creates C{w}dominio2.com in
sendmail.cf


As I said before, configs above were done and then undone. But it
keeps working.

ps:
=> nslookup dominio1.com still does not work
=> host dominio1.com returns: dominio1.com mail is handled by 0
mailserver.dominio1.com.


And thanks for the DIG suggestion.

server2#dig dominio1.com

; <<>> DiG 9.3.4-P1 <<>> dominio1.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5751
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
0

;; QUESTION SECTION:
;dominio1.com. IN A

;; AUTHORITY SECTION:
dominio1.com. 60 IN SOA ns.dominio1.com.
root.dominio1.com. 2007101506 60 60 60 86400

;; Query time: 7 msec
;; SERVER: 192.168.18.4#53(192.168.18.4)
;; WHEN: Mon Oct 15 16:42:10 2007
;; MSG SIZE rcvd: 74

Re: Sendmail is not respecting my DNS MX record

am 17.10.2007 08:39:32 von per

In article <1192477379.695713.162420@z24g2000prh.googlegroups.com> leoh
writes:
>You must be right Per Hedeland, concerning the external resolver.
>
>Now its working.
>
>I did lots of changes and tried to rollback them to see what exactly
>solved this problem. No success so far. Everything is like before and
>it keeps on working smoothly.

Well, if the changes involved restarting the daemon (as I've suggested
twice), and you hadn't done that before, my suggestion that it was using
an old version of resolv.conf would seem to fit.

>And thanks for the DIG suggestion.
>
>server2#dig dominio1.com
>
>; <<>> DiG 9.3.4-P1 <<>> dominio1.com
>;; global options: printcmd
>;; Got answer:
>;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5751
>;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL:
>0

So this is the "clear" version of the weird "no reply" message that
nslookup gave - the server said that the name is valid (NOERROR), but
there are no records (ANSWER: 0) of the requested type (A). It also
shows that the server gave an authoritative answer (aa), though to make
sure that the server itself is authoritative for the domain, you may
need to redo the query and see that the 'aa' is still in the reply. 'dig
mx dominio1.com' should give you the MX record.

--Per Hedeland
per@hedeland.org