From nobody Thu May 18 18:58:31 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QMfQ801lZz4Bv3M for ; Thu, 18 May 2023 18:58:40 +0000 (UTC) (envelope-from vagabond@blackfoot.net) Received: from mx2.blackfoot.net (mx2.blackfoot.net [216.14.232.11]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-SHA384 (256/256 bits)) (Client CN "mx2.blackfoot.net", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QMfQ74kF8z3k91 for ; Thu, 18 May 2023 18:58:39 +0000 (UTC) (envelope-from vagabond@blackfoot.net) Authentication-Results: mx1.freebsd.org; none Received: from bmfe4.blackfoot.net ([66.109.128.164]) by mx2.blackfoot.net ({0885e9ce-1b01-11e7-852e-37eff1d936ea}) via TCP (outbound) with ESMTP id 20230518185832101_0000; Thu, 18 May 2023 12:58:32 -0600 X-RC-FROM: Received: from webmail.blackfoot.net (unknown [192.168.100.133]) by bmfe4.blackfoot.net (Postfix) with ESMTP id D0C8E60D39; Thu, 18 May 2023 12:58:30 -0600 (MDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 Date: Thu, 18 May 2023 11:58:31 -0700 From: vagabond To: "Dan Mahoney (Ports)" Cc: Dewayne , questions@freebsd.org Subject: Re: sendmail error, "MX list for mydomain.com points back to server.mydomain.com" In-Reply-To: <15AF7ED7-BBD9-428D-939F-4AA5B349C578@gushi.org> References: <303e35e4d89e68dcd9863239dcda568e@blackfoot.net> <30b97aa95162c163c1781ba1a0fa8e25@blackfoot.net> <15AF7ED7-BBD9-428D-939F-4AA5B349C578@gushi.org> User-Agent: Roundcube Webmail/1.4.11 Message-ID: <66db9ba3bd66fcc56affdbf7a2621021@blackfoot.net> X-Sender: vagabond@blackfoot.net Content-Type: text/plain; charset=US-ASCII; format=flowed Content-Transfer-Encoding: 7bit X-MAG-OUTBOUND: blackfoot.redcondor.net@66.109.128.164/32 DKIM-Signature: a=rsa-sha256; b=C0THNLRif6h8RF96oY/HM2mlxd4FqeqrX5NiB2MERVLYsBMroodvqK+jDX7M5TOy2eVF5cqhlH/sjUFThDV4o+em+WYnIO+x1jtfEXmuZ/2nVzBGl38LFoP2Ictr1Ux5JRAj7pjgSt4tWawKO4Heq6aaedQ/tdKCc0XigbKLeX1GoDM9tEJyq+eMzxWuULMsmgXmzU453iJSwLpX3+wt9srI0fZVrMLFsmPEeQrHNhI2TKPYdin/Rw0e7wgP6RkgC5BelUZkmwtgoFJpE9z/zCTVAIhGB1O5HYDccybwnN+j0trP6MysxdN9b6BPiwsEVMoeQDNAgYYWhDWx5y89uA==; s=ew; c=relaxed/relaxed; d=blackfoot.net; v=1; bh=tmB5cLB613TueVlcTfrlz8y0RR+Jo+MjoQPxM0zHV/w=; h=from:to:message-id; X-Rspamd-Queue-Id: 4QMfQ74kF8z3k91 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:21947, ipnet:216.14.224.0/19, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N > What you were saying about your ISP having bogus entries is quite > possibly at least part of the problem. I can understand that, although when sending from an account on the machine where both named and sendmail are running, to the same account @dreamchaser.org, it should be using the local named, right? And if that named is the authoritative nameserver for the domain, then the needed dns request should stay local, right? > Sendmail uses real DNS and ignores /etc/hosts (because it needs to look > up MX records, there are no MX records in /etc/hosts). > If you *really* want to cheat that, you can run BIND on localhost and > put a zone for your own domain answering on localhost, and put > 127.0.0.1 in /etc/resolv.conf. Not sure I understand what you're saying. I am running BIND (9.18) on the localhost. As the primary for the domain, it answers for the domain for which sendmail is receiving. 127.0.0.1 is the only thing currently in resolv.conf > What is the hostname of your system? $ hostname ns.dreamchaser.org > Can you post your full freebsd.mc? I've omitted initial comment sections and those entirely dnl'ed out ============================ divert(-1) divert(0) VERSIONID(`$FreeBSD: releng/12.4/etc/sendmail/freebsd.mc 363465 2020-07-24 00:22:33Z gshapiro $') OSTYPE(freebsd6) DOMAIN(generic) FEATURE(access_db, `hash -o -T /etc/mail/access') FEATURE(blocklist_recipients) FEATURE(local_lmtp) FEATURE(mailertable, `hash -o /etc/mail/mailertable') FEATURE(virtusertable, `hash -o /etc/mail/virtusertable') dnl Uncomment to activate your chosen DNS based blacklist dnl FEATURE(dnsbl, `dnsbl.example.com') dnl Alternatively, you can provide your own server and rejection message: dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " $&{client_addr} " rejected"'') FEATURE(dnsbl, `zen.spamhaus.org') dnl Uncomment the first line to change the location of the default dnl /etc/mail/local-host-names and comment out the second line. dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw') define(`confCW_FILE', `-o /etc/mail/local-host-names') dnl Enable for both IPv4 and IPv6 (optional) DAEMON_OPTIONS(`Name=IPv4, Family=inet') dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O') dnl Configuration for milter-greylist dnl See /usr/local/share/doc/milter-greylist/README dnl dnl 2023-05-18 the following are already activated in /usr/src/contrib/sendmail/cf/m4 macros dnl j,{if_addr},{cert_subject},i,{auth_authen} are already enabled by default dnl define(`confMILTER_MACROS_CONNECT', confMILTER_MACROS_CONNECT``, j, {if_addr}'') dnl define(`confMILTER_MACROS_ENVFROM', confMILTER_MACROS_ENVFROM``, i, {auth_authen}') dnl define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO``, {verify}'') define(`confMILTER_MACROS_ENVRCPT', confMILTER_MACROS_ENVRCPT``, {greylist}'') INPUT_MAIL_FILTER(`greylist', `S=local:/var/milter-greylist/milter-greylist.sock, F=T, T=R:30s') define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confBIND_OPTS', `WorkAroundBrokenAAAA') define(`confNO_RCPT_ACTION', `add-to-undisclosed') define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy') MAILER(local) MAILER(smtp) ============================ I have the STARTTLS lines commented out at the moment because I'm not sure which letsencript .pems correspond to which items. I think the map is something like: /etc/mail/cert letsencrypt SERVER_CERT host.cert cert.pem SERVER_KEY host.key privkey.pem CLIENT_CERT host.cert cert.pem CLIENT_KEY host.key privkey.pem CACERT host.key no clue, is the one in /etc/certs usable? CACERT_PATH host.key no clue, is the one in /etc/certs usable? DH_PARAMETERS dh.param does not exist in either dir in any case, I'm still seeing, for all mail slated for delivery, something like this: ns sm-mta[17103]: ... Milter (greylist) add: header: X-Greylist: Sender passed SPF test, not delayed by milter-greyli st-4.6.4 (ns.dreamchaser.org [0.0.0.0]); Thu, 18 May 2023 12:29:28 -0600 (MDT) ns sm-mta[17103]: ... SYSERR(root): MX list for dreamchaser.org. points back to ns.dreamchaser.org ... ns sm-mta[17103]: ... mailer=esmtp, pri=32597, relay=dreamchaser.org., dsn=5.3.5, stat=Local configuration error ns sm-mta[17103]: ... Losing ./qf34IITSHg017130: savemail panic ns sm-mta[17103]: ... SYSERR(root): savemail: cannot save rejected email anywhere > Have you rebuilt your sendmail.cf recently? Yes, many times