Re: sendmail error, "MX list for mydomain.com points back to server.mydomain.com"
Date: Thu, 18 May 2023 18:58:31 UTC
> What you were saying about your ISP having bogus entries is quite > possibly at least part of the problem. I can understand that, although when sending from an account on the machine where both named and sendmail are running, to the same account @dreamchaser.org, it should be using the local named, right? And if that named is the authoritative nameserver for the domain, then the needed dns request should stay local, right? > Sendmail uses real DNS and ignores /etc/hosts (because it needs to look > up MX records, there are no MX records in /etc/hosts). > If you *really* want to cheat that, you can run BIND on localhost and > put a zone for your own domain answering on localhost, and put > 127.0.0.1 in /etc/resolv.conf. Not sure I understand what you're saying. I am running BIND (9.18) on the localhost. As the primary for the domain, it answers for the domain for which sendmail is receiving. 127.0.0.1 is the only thing currently in resolv.conf > What is the hostname of your system? $ hostname ns.dreamchaser.org > Can you post your full freebsd.mc? I've omitted initial comment sections and those entirely dnl'ed out ============================ divert(-1) divert(0) VERSIONID(`$FreeBSD: releng/12.4/etc/sendmail/freebsd.mc 363465 2020-07-24 00:22:33Z gshapiro $') OSTYPE(freebsd6) DOMAIN(generic) FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access') FEATURE(blocklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to activate your chosen DNS based blacklist dnl FEATURE(dnsbl, `dnsbl.example.com') dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " $&{client_addr} " rejected"'') FEATURE(dnsbl, `zen.spamhaus.org') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') dnl Configuration for milter-greylist dnl See /usr/local/share/doc/milter-greylist/README dnl dnl 2023-05-18 the following are already activated in /usr/src/contrib/sendmail/cf/m4 macros dnl j,{if_addr},{cert_subject},i,{auth_authen} are already enabled by default dnl define(`confMILTER_MACROS_CONNECT', confMILTER_MACROS_CONNECT``, j, {if_addr}'') dnl define(`confMILTER_MACROS_ENVFROM', confMILTER_MACROS_ENVFROM``, i, {auth_authen}') dnl define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO``, {verify}'') define(`confMILTER_MACROS_ENVRCPT', confMILTER_MACROS_ENVRCPT``, {greylist}'') INPUT_MAIL_FILTER(`greylist', `S=local:/var/milter-greylist/milter-greylist.sock, F=T, T=R:30s') define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') MAILER(local) MAILER(smtp) ============================ I have the STARTTLS lines commented out at the moment because I'm not sure which letsencript .pems correspond to which items. I think the map is something like: /etc/mail/cert letsencrypt SERVER_CERT host.cert cert.pem SERVER_KEY host.key privkey.pem CLIENT_CERT host.cert cert.pem CLIENT_KEY host.key privkey.pem CACERT host.key no clue, is the one in /etc/certs usable? CACERT_PATH host.key no clue, is the one in /etc/certs usable? DH_PARAMETERS dh.param does not exist in either dir in any case, I'm still seeing, for all mail slated for delivery, something like this: ns sm-mta[17103]: ... Milter (greylist) add: header: X-Greylist: Sender passed SPF test, not delayed by milter-greyli st-4.6.4 (ns.dreamchaser.org [0.0.0.0]); Thu, 18 May 2023 12:29:28 -0600 (MDT) ns sm-mta[17103]: ... SYSERR(root): MX list for dreamchaser.org. points back to ns.dreamchaser.org ... ns sm-mta[17103]: ... mailer=esmtp, pri=32597, relay=dreamchaser.org., dsn=5.3.5, stat=Local configuration error ns sm-mta[17103]: ... Losing ./qf34IITSHg017130: savemail panic ns sm-mta[17103]: ... SYSERR(root): savemail: cannot save rejected email anywhere > Have you rebuilt your sendmail.cf recently? Yes, many times