[Search for users] [Overall Top Noters] [List of all Conferences] [Download this site]

Conference lassie::ucx

Title:	DEC TCP/IP Services for OpenVMS
Notice:	Note 2-SSB Kits, 3-FT Kits, 4-Patch Info, 7-QAR System
Moderator:	ucxaxp.ucx.lkg.dec.com::TIBBERT

Created:	Thu Nov 17 1994
Last Modified:	Fri Jun 06 1997
Last Successful Update:	Fri Jun 06 1997
Number of topics:	5568
Total number of notes:	21492

5156.0. "UCX not handling mail from Firewall?" by tennis.ivo.dec.com::KAM (AltaVista Software 714/261-4133 DTN 535.4133) Thu Jan 23 1997 19:07

T.R	Title	User	Personal Name	Date	Lines
5156.1		CGOOA::OWONG	SKIWI in Canada (VAO)	`Fri Jan 24 1997 01:14`	12
	Check the contents of ucx$smtp_recv_startup.log This contains activity info for inbound SMTP connections - you may need to set some of the debug logical names to get more detailed info. Does mail work from any other node inside the firewall to/from the UCX system? If it does then it's a setup issue on the firewall, not a problem with the UCX environment. Also it would help if the non-delivery mail notification could be provided. Owen.
5156.2		CFSCTC::SMITH	Tom Smith MRO1-3/D12 dtn 297-4751	`Fri Jan 24 1997 01:40`	68
	>Initial interval: 0 00:30:00.00 Address_max: 16 NOEIGHT_BIT >Retry interval: 0 01:00:00.00 Hop_count_max: 16 NORELAY >Maximum interval: 3 00:00:00.00 HEADERS > >Timeout Initial Mail Receipt Data Terminate > Send: 5 5 5 3 10 > Receive: 5 > >Alternate gateway: not defined >General gateway: not defined > >Substitute domain: not defined >Zone: not defined > "Not much of a mail hub, is it?" to paraphrase one of my favorite Monty Python skits. First, it's configured to _not_ relay messages ("NORELAY"), so the only mail it's likely to accept is for users who have accounts on that host. It _should_ be accepting that. If not, you've got problems other than those outlined below. In fact, it doesn't appear to have been configured at all. Those are all default settings. Second, there is no zone and no gateways defined, so it will attempt to deliver anything sent from or relayed through there directly. Probably not so good if there's a firewall. At the very least, you seem to need the following: set config smtp/gate=(alt=relay.domain) set config smtp/zone=domain set config smtp/options=relay in the above, "options=relay" enables UCX to accept mail that is to be simply relayed to another host. "domain" is the name of the domain within which they can make direct connections and within which they can therefore send mail directly to the recipient host. If they can directly connect to the entire Internet, or at least everybody else's firewall, the zone can be left unset. Otherwise it should probably be their top-level domain inside their firewall (or a sub-domain of that). "relay.domain" is the name of the mail relay that handles any outgoing mail to an address outside the "zone" - the firewall relay or another utility "concentrator" relay. For example, if you were setting this up within Digital, you would usually set "domain" to "dec.com" and "relay.domain" to either "relay.dec.com", one of the specific firewall relays (mail11.digital.com, etc.), or a "smarter" site concentrator relay. In addition to the above, you may also want to: set config smtp/options=TOP_HEADERS to put SMTP headers at the top of the message instead of the bottom set config smtp/options=EIGHT_BIT to allow eight-bit messages to pass (rather than stripping the high-order bit of each character set config smtp/gateway=(general=relay.domain) to set a relay that handles any outgoing non-SMTP mail (if they have any) From the sound of it, I suspect that you may run into other UCX/TCP/IP configuration problems with this customer. Good luck! -Tom
5156.3		tennis.ivo.dec.com::KAM	AltaVista Software 714/261-4133 DTN 535.4133	`Fri Jan 24 1997 18:30`	104
	I need to digest this but I wanted to provide this feedback: From the internet you have to send mail to [email protected] The VAX running UCX configured for both a DNS/Server and Mail Server is VAX2.lnk.harris.com. They can send Mail from VAX2.lnk.harris.com to me at Digital, no problems, through the Firewall. Incoming mail has a problem. With my LIMITED knowledge of DNS I assume there needs to be a MX record that translates MDSHARRIS.COM to LNK.HARRIS.COM? Also, I guess there needs to be additional parameters in UCX SHOW CONFIG SMTP changed. We'll try these. I've included the NSLOOKUP MX from the Firewall. Regards, PS re .2 How many boxes do you want this time? Does this NSLOOKUP MX lnk.harris.com look correct? Is this indicating an error? Regards, c:\etc>nslookup mx lnk.harris.com Error 0 Server: vax2.lnk.harris.com Address: 10.1.0.22 res_mkquery(0, mx.lnk.harris.com, 1, 1) ------------ SendRequest(), len 35 HEADER: opcode = QUERY, id = 2, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: mx.lnk.harris.com, type = A, class = IN ------------ ------------ Got answer (115 bytes): HEADER: opcode = QUERY, id = 2, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: mx.lnk.harris.com, type = A, class = IN AUTHORITY RECORDS: -> LNK.HARRIS.COM type = SOA, class = IN, dlen = 54 ttl = 43200 (12 hours) origin = vax2.lnk.harris.com mail addr = postmaster.vax2.lnk.harris.com serial = 2 refresh = 3600 (1 hour) retry = 300 (5 mins) expire = 172800 (2 days) minimum ttl = 43200 (12 hours) ------------ res_mkquery(0, mx.harris.com, 1, 1) ------------ SendRequest(), len 31 HEADER: opcode = QUERY, id = 3, rcode = NOERROR header flags: query, want recursion questions = 1, answers = 0, authority records = 0, additional = 0 QUESTIONS: mx.harris.com, type = A, class = IN ------------ ------------ Got answer (94 bytes): HEADER: opcode = QUERY, id = 3, rcode = NXDOMAIN header flags: response, auth. answer, want recursion, recursion avail. questions = 1, answers = 0, authority records = 1, additional = 0 QUESTIONS: mx.harris.com, type = A, class = IN AUTHORITY RECORDS: -> harris.com type = SOA, class = IN, dlen = 41 ttl = 3600 (1 hour) origin = suc1a.harris.com mail addr = postmaster.harris.com serial = 9701101 refresh = 3600 (1 hour) retry = 300 (5 mins) expire = 1800000 (20 days 20 hours) minimum ttl = 3600 (1 hour)
5156.4		tennis.ivo.dec.com::KAM	AltaVista Software 714/261-4133 DTN 535.4133	`Fri Jan 24 1997 19:32`	138
	Here's the rejection message I get. REgards, From: SMTP%"[email protected]" 24-JAN-1997 17:09:18.68 To: [email protected] CC: Subj: Undeliverable mail Message rejected as number of follows: Received: from a255b.mdsharris.com [207.91.55.2] (HELO localhost) by a255b.lnk.harris.com (AltaVista Mail V1.0/1.0 BL18 listener) id 0000_0047_32e9_4f1a_07e7; Fri, 24 Jan 1997 18:08:58 -0600 Date: Fri, 24 Jan 1997 16:20:24 -0800 Message-Id: <[email protected]> From: [email protected] (Wm Kam 714/261.4133 (DTN 535)) To: [email protected] Subject: test Message-Id: <[email protected]> Date: Fri, 24 Jan 1997 18:09:05 -0600 From: [email protected] To: [email protected] Subject: Undeliverable mail
5156.5		CFSCTC::SMITH	Tom Smith MRO1-3/D12 dtn 297-4751	`Fri Jan 24 1997 20:29`	52
	The MX records seem correct, assuming that a255b is your firewall host. There is a probably unrelated problem in the PTR record for 207.91.55.2. $ nslookup -query=mx mdsharris.com Server: localhost Address: 127.0.0.1 mdsharris.com preference = 10, mail exchanger = a255b.mdsharris.com mdsharris.com nameserver = dns.ltec.net mdsharris.com nameserver = dns2.ltec.net a255b.mdsharris.com inet address = 207.91.55.2 $ nslookup 207.91.55.2 Server: localhost Address: 127.0.0.1 Name: a255b.mdsharris.com.55.91.207.in-addr.arpa <- The PTR record Address: 207.91.55.2 is missing a dot at the end of the name The error messages in .4 show a mail loop suggesting that a255b.mdsharris.com is missing a host alias record for "mdsharris.com" in its mail server configuration. I don't know how to do that in AltaVista mail, but in a sendmail.cf it would be an entry "mdsharris.com" in the w class (Cw line). Since a255b.mdsharris.com is the MX for mdsharris.com, it must either: a) be configured to accept mail for [email protected] _and_, using a host alias as noted above, handle deliveries or user aliases for "[email protected]", or b) it must forward anything addressed to [email protected] through the firewall to another host. In this case _that_ host has to be configured to accept mail for [email protected] as well as for its own host name and that host should be added to the MX list for mdsharris.com. VAX2 is behind the firewall and has no bearing on this part of it. If your user aliases are all processed on a255b, the mail should be flowing once you add the mdsharris.com host alias to its mail server. If you take the second approach above (forwarding [email protected] through the firewall to VAX2 to sort out) you'll have some additional work to do on VAX2. I'm not sure how much of it you can do and how, but you'll probably have to dig into the SMTP configuration files. Someone else here will have to give you that information. And the answer to your question is none. :-) -Tom