From nobody Fri May 19 02:44:21 2023 X-Original-To: questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QMrlz6B6zz4CKY6 for ; Fri, 19 May 2023 02:44:47 +0000 (UTC) (envelope-from freebsd@gushi.org) Received: from prime.gushi.org (prime.gushi.org [IPv6:2620:137:6000:10::142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "prime.gushi.org", Issuer "RapidSSL Global TLS RSA4096 SHA256 2022 CA1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QMrlz3d0nz3CH2 for ; Fri, 19 May 2023 02:44:47 +0000 (UTC) (envelope-from freebsd@gushi.org) Authentication-Results: mx1.freebsd.org; none Received: from smtpclient.apple ([149.20.66.196]) (authenticated bits=0) by prime.gushi.org (8.16.1/8.16.1) with ESMTPSA id 34J2iWDA098098 (version=TLSv1.2 cipher=ECDHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT); Thu, 18 May 2023 19:44:34 -0700 (PDT) (envelope-from freebsd@gushi.org) DKIM-Filter: OpenDKIM Filter v2.10.3 prime.gushi.org 34J2iWDA098098 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gushi.org; s=prime2014; t=1684464276; bh=HZHa8yx9n2A52UzFyM0DEkNddFKJQc9IgTMybtf0MkQ=; h=From:Subject:Date:In-Reply-To:Cc:To:References; z=From:=20"Dan=20Mahoney=20(Ports)"=20|Subject:= 20Re:=20sendmail=20error,=20"MX=20list=20for=20mydomain.com=20poin ts=20back=20to=0D=0A=20server.mydomain.com"|Date:=20Thu,=2018=20Ma y=202023=2022:44:21=20-0400|In-Reply-To:=20<2f8bca59462afe206043be a73241bbf2@blackfoot.net>|Cc:=20Dewayne=20,=0D=0A=20questions@freebsd.org|To:=20vagabond=20|References:=20<303e35e4d89e68dcd9863239dcda568e@b lackfoot.net>=0D=0A=20=0D=0A=20<30b97aa95162c163c1781ba1a0fa8e25@black foot.net>=0D=0A=20 =0D=0A=20=0D=0A=20 <15AF7ED7-BBD9-428D-939F-4AA5B349C578@gushi.org>=0D=0A=20<66db9ba3 bd66fcc56affdbf7a2621021@blackfoot.net>=0D=0A=20<2f8bca59462afe206 043bea73241bbf2@blackfoot.net>; b=BX3IpSRYkDNeqQtZjGjBgf32X2XePBnlc4q+dOpu2ERqnnZdCzCBiV/Y1S7tHMyrW iO7i+rK3BqkaGgFvP9chIdKVDSAN4ThN8UiOkRW+cd1/mXM0ZbveDAShufK9YcLFtv fvyQD8ZzLY3IT45kTLMkLwEp9u6NKxIOuv7f4zYjmaggul7h1OQCU8cCFm8nlVtcIm I8i0cWsR71KDdrbQq62F0S+6pPzLXe4m9YKVvea/v3gUkghxt5QFBn2xZFDN3z6GHm yIZYqPi3te2XPthzd7Kj1vyD/JroDHp0zzJXHsx5aoxRkL97OO9wYrw6+BZ1s9YW8L jS6myKB+cJnEg== X-Authentication-Warning: prime.gushi.org: Host [149.20.66.196] claimed to be smtpclient.apple From: "Dan Mahoney (Ports)" Message-Id: Content-Type: multipart/alternative; boundary="Apple-Mail=_E54FCDCF-8EDE-48F8-B2D3-C2611D36D3A2" List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.500.231\)) Subject: Re: sendmail error, "MX list for mydomain.com points back to server.mydomain.com" Date: Thu, 18 May 2023 22:44:21 -0400 In-Reply-To: <2f8bca59462afe206043bea73241bbf2@blackfoot.net> Cc: Dewayne , questions@freebsd.org To: vagabond References: <303e35e4d89e68dcd9863239dcda568e@blackfoot.net> <30b97aa95162c163c1781ba1a0fa8e25@blackfoot.net> <15AF7ED7-BBD9-428D-939F-4AA5B349C578@gushi.org> <66db9ba3bd66fcc56affdbf7a2621021@blackfoot.net> <2f8bca59462afe206043bea73241bbf2@blackfoot.net> X-Mailer: Apple Mail (2.3731.500.231) X-Greylist: Sender succeeded SMTP AUTH, not delayed by milter-greylist-4.6.4 (prime.gushi.org [149.20.68.142]); Fri, 19 May 2023 02:44:36 +0000 (UTC) X-Rspamd-Queue-Id: 4QMrlz3d0nz3CH2 X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:393507, ipnet:2620:137:6000::/44, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N --Apple-Mail=_E54FCDCF-8EDE-48F8-B2D3-C2611D36D3A2 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Do you see it? It=E2=80=99s subtle. =20 Your system is asking your own 127.0.0.1 DNS for the AAAA for = ns.dreamchaser.org (because sendmail attempts ipv6 before it attempts = ipv4) You forgot a trailing . in your NS records. Your DNS kicks back that = =E2=80=9Chey, I don=E2=80=99t know about ns.dreamchaser.org=E2=80=9D so = it gives you an SOA record. (answer =3D 0, authority =3D 1) is doing lookups for ns.dreamchaser.org.dreamchaser.org because of that. Post your zone file? Also, pro tip, If you say =E2=80=9CI=E2=80=99m running this query and = everything comes back as expected=E2=80=9D please do include the OUTPUT = of those queries. You don=E2=80=99t know what you=E2=80=99re looking = for. Here=E2=80=99s what I think it happening: (Have a reference here: = https://docstore.mik.ua/orelly/other/Sendmail_3rd/1565928393_sendmail3-chp= -9-sect-2.html) Your system is looking at its own rdns/fdns, and discovering that its = hostname is ns.dreamchaser.org.dreamchaser.org (probably because your = primary IP is not present in /etc/hosts). It attempts to deliver to = itself, and finds that mail SHOULD come to it (since your = misconfiguration says your MX is ns.dreamchaser.org.dreamchaser.org AND = that=E2=80=99s what you resolve to, but = ns.dreamchaser.org.dreamchaser.org isn=E2=80=99t in = /etc/mail/local-host-names. Recommendations: * Put your primary addresses in /etc/hosts =E2=80=94 there are numerous = documented cases of sendmail ignoring /etc/hosts but it *might* help = clue it in to your proper hostname at least. * Fix your forward and reverse DNS * (and in fact, stop faking it out. Fix it at your hosting provider. = if your hosting provider is taking this long, find another one) -Dan > On May 18, 2023, at 6:36 PM, vagabond wrote: >=20 > I turned a bunch of debug flags on and ran sendmail in the foreground, > and I see the following output: >=20 > sm_gethostbyname(ns.dreamchaser.org, 28)... > ;; res_nquerydomain(ns.dreamchaser.org, , 1, 28) > ;; res_query(ns.dreamchaser.org, 1, 28) > ;; res_nmkquery(QUERY, ns.dreamchaser.org, IN, AAAA) > ;; res_send() > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19039 > ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; ns.dreamchaser.org, type =3D AAAA, class =3D IN > ;; Querying server (# 1) address =3D 127.0.0.1 > ;; new DG socket > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19039 > ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: = 0 > ;; ns.dreamchaser.org, type =3D AAAA, class =3D IN > dreamchaser.org. 10M IN SOA ns.dreamchaser.org. = root.dreamchaser.org. ( > 2023051708 ; serial > 4H ; refresh > 1H ; retry > 1H ; expiry > 10M ) ; minimum >=20 > ;; rcode =3D (NOERROR), counts =3D an:0 ns:1 ar:0 > ;; res_nquerydomain(ns.dreamchaser.org, dreamchaser.org, 1, 28) > ;; res_query(ns.dreamchaser.org.dreamchaser.org, 1, 28) > ;; res_nmkquery(QUERY, ns.dreamchaser.org.dreamchaser.org, IN, AAAA) > ;; res_send() > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45481 > ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 > ;; ns.dreamchaser.org.dreamchaser.org, type =3D AAAA, class =3D = IN > ;; Querying server (# 1) address =3D 127.0.0.1 > ;; new DG socket > ;; got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 45481 >=20 > It's not clear to me what's going on; I don't see any of those = function > calls like res_nquerydomain in the code. > Can someone tell me what those are? >=20 > And does the above point a finger anywhere in particular? >=20 > hostname is "ns.dreamchaser.org", set in rc.conf >=20 > dig @127.0.0.1 ns.dreamchaser.org > dig ns.dreamchaser.org > nslookup dreamchaser.org > nslookup ns.dreamchaser.org >=20 > all successfully return the appropriate ip. >=20 > Thanks, >=20 > Gary --Apple-Mail=_E54FCDCF-8EDE-48F8-B2D3-C2611D36D3A2 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=utf-8 Do you see it? =  It=E2=80=99s subtle.  

Your system is = asking your own 127.0.0.1 DNS for the AAAA for ns.dreamchaser.org = (because sendmail attempts ipv6 before it attempts = ipv4)

You forgot a trailing . in your NS records. =  Your DNS kicks back that =E2=80=9Chey, I don=E2=80=99t know about = ns.dreamchaser.org=E2=80=9D so it gives you an SOA record. (answer =3D = 0, authority =3D 1)

is doing lookups for = ns.dreamchaser.org.dreamchaser.org because of = that.

Post your zone = file?

Also, pro tip, If you say =E2=80=9CI=E2=80=99= m running this query and everything comes back as expected=E2=80=9D = please do include the OUTPUT of those queries.  You don=E2=80=99t = know what you=E2=80=99re looking for.

Here=E2=80=99= s what I think it happening:  (Have a reference here: https://docstore.mik.ua/orelly/other/Sendmail_3rd/= 1565928393_sendmail3-chp-9-sect-2.html)

Your = system is looking at its own rdns/fdns, and discovering that its = hostname is ns.dreamchaser.org.dreamchaser.org (probably because your = primary IP is not present in /etc/hosts).  It attempts to deliver = to itself, and finds that mail SHOULD come to it (since your = misconfiguration says your MX is ns.dreamchaser.org.dreamchaser.org AND = that=E2=80=99s what you resolve to, but = ns.dreamchaser.org.dreamchaser.org isn=E2=80=99t in = /etc/mail/local-host-names.

Recommendations:

* Put your primary addresses in /etc/hosts =E2=80=94 = there are numerous documented cases of sendmail ignoring /etc/hosts but = it *might* help clue it in to your proper hostname at least.
* = Fix your forward and reverse DNS
* (and in fact, stop faking = it out.  Fix it at your hosting provider.  if your hosting = provider is taking this long, find another = one)

-Dan

On May 18, 2023, at 6:36 PM, vagabond = <vagabond@blackfoot.net> wrote:

I turned a bunch of debug = flags on and ran sendmail in the foreground,
and I see the following = output:

sm_gethostbyname(ns.dreamchaser.org, 28)...
;; = res_nquerydomain(ns.dreamchaser.org, <Nil>, 1, 28)
;; = res_query(ns.dreamchaser.org, 1, 28)
;; res_nmkquery(QUERY, = ns.dreamchaser.org, IN, AAAA)
;; res_send()
;; = ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19039
;; = flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; =      ns.dreamchaser.org, type =3D AAAA, class =3D= IN
;; Querying server (# 1) address =3D 127.0.0.1
;; new DG = socket
;; got answer:
;; ->>HEADER<<- opcode: QUERY, = status: NOERROR, id: 19039
;; flags: qr aa rd ra; QUERY: 1, ANSWER: = 0, AUTHORITY: 1, ADDITIONAL: 0
;; =      ns.dreamchaser.org, type =3D AAAA, class =3D= IN
dreamchaser.org.        10M IN = SOA      ns.dreamchaser.org. = root.dreamchaser.org. (
=             &n= bsp;           &nbs= p;            =   2023051708      ; serial
=             &n= bsp;           &nbs= p;            =   4H =             &n= bsp;; refresh
=             &n= bsp;           &nbs= p;            =   1H =             &n= bsp;; retry
=             &n= bsp;           &nbs= p;            =   1H =             &n= bsp;; expiry
=             &n= bsp;           &nbs= p;            =   10M ) =           ; = minimum

;; rcode =3D (NOERROR), counts =3D an:0 ns:1 ar:0
;; = res_nquerydomain(ns.dreamchaser.org, dreamchaser.org, 1, 28)
;; = res_query(ns.dreamchaser.org.dreamchaser.org, 1, 28)
;; = res_nmkquery(QUERY, ns.dreamchaser.org.dreamchaser.org, IN, AAAA)
;; = res_send()
;; ->>HEADER<<- opcode: QUERY, status: = NOERROR, id: 45481
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, = ADDITIONAL: 0
;; =      ns.dreamchaser.org.dreamchaser.org, type =3D= AAAA, class =3D IN
;; Querying server (# 1) address =3D = 127.0.0.1
;; new DG socket
;; got answer:
;; = ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: = 45481

It's not clear to me what's going on; I don't see any of = those function
calls like res_nquerydomain in the code.
Can = someone tell me what those are?

And does the above point a finger = anywhere in particular?

hostname is "ns.dreamchaser.org", set in = rc.conf

dig @127.0.0.1 ns.dreamchaser.org
dig = ns.dreamchaser.org
nslookup dreamchaser.org
nslookup = ns.dreamchaser.org

all successfully return the appropriate = ip.

Thanks,

Gary

= --Apple-Mail=_E54FCDCF-8EDE-48F8-B2D3-C2611D36D3A2--