Solved

What domain, how to mail?

Posted on 1998-06-25
13
284 Views
Last Modified: 2010-03-18
I'm not sure how to setup the following config:
Linux should connect to ISP, fixed IP. ISP (demon) knows the machine as <something>.demon.nl
I also want run a local domain (like home.net), with a couple of other machines. Those machines should use the Linux pc as a gateway to internet (masqerading), and query the DNS on the linux PC only. They will be configured using DHCP. I have gotten Linux to dial-up the ISP, have got the DNS to work so that all requests are handled were I want them, but...

currently the hostname is <something> and the domain is demon.nl. I'd really like to change that to <myLinux>.home.net, and add home.net to the local DNS. I would assume that <something>.demon.nl must still be used for the ISDN connection to ISP, and use the local names for eth0 and other IP's (192.168.7) I want to use.

Will this work, without causing trouble for ISP? Also, is there something in the DNS I should look into, currently the DNS handles 127.0.0.0, and forwards everything else through ISP DNS (using forwarding).

Next step would be to get the Linux PC to act as mail relay, but I receive e-mail using SMTP, so I must be known as <something>.demon.nl when connecting to ISP. All mail sent to <somebody>@<something>.demon.nl is delivered to me, so I want to be able to decide on a per <somebody> basis if the mail should go local on the Linux PC, held until another machine in my domain connects and uses SMTP to retrieve any mail waiting for it, or rejected (bounced). All local (to my machine) mail should be processed straight away. Mail intended for a machine in my doamin should be held until it connects. All mail that should go outside, should be sent to mailer of ISP, once or twice a day. Mail shouldn't build the connection itself, which might be a problem. Current config is setup so that any reference to an IP outside of 192.168.7.xxx or 127.0.0.1 will start a connection to ISP, which is dropped after 30secs.

Not looking for a cook book answer, just the most relevant points. I can config the DNS, modify route tables and the like. I know nothing about sendmail, but have quite a lot of docs, it is knowing where to look for the right options, and how to combine that is causing the probs.
0
Comment
Question by:cmw
13 Comments
 
LVL 1

Expert Comment

by:Sieger
ID: 1584622
you cannot change your domain and expect it to go public..

Mail:  Local mails will always work.  If you try to mail outside or vice versa while the connection is down, it will stay at the mail server until the connection is up again.
I am not sure if that's what you are asking....


0
 
LVL 1

Author Comment

by:cmw
ID: 1584623
I don't want the domain to go public, I want Demon to know me as <something>.demon.nl, and all local machines (i.e. 192.168.7.xxx) to know each other by name (my local DNS would resolve those). The local machines would be masqeraded when going outside. A machine kan have more than one IP, but only belong to one domain???? Also, isn't domain/name something for DNS lookups? But as far as I know, Demon requires the <something>.demon.nl for email delivery. So I want a private domain for the local traffic, and pretend that all the machines are <something>.demon.nl when connecting to internet.

With regard to mail thing, based on the setup I want to achieve, what are the sendmail options to look into?
0
 
LVL 1

Expert Comment

by:henckens
ID: 1584624
You can ask your ISP to give your account a fixed IP address, that will give you the option getting your own domain, with your own sendmail receiving all mail directly.
0
 
LVL 1

Author Comment

by:cmw
ID: 1584625
With Demon I get a fixed IP, together with the <something>.demon.nl. So that part is covered. What I want to know is how to combine that with a private local setup, and using masqerading, sendmail, a local DNS to run things smoothly.

I'm confused by the domain / IP relation. If one machine (i.e. the Linux PC) has two IP's (195.xxx.xxx.xxx -Demon & 192.168.7.1 -local gateway), to which domain should it belong? Or is that a matter of choice?

Somewhere I read that with Demon you could run a local domain (and choose any name you want), and still connect to Demon without causing problems. I've racked my brains, but couldn't find that info again, so I'm still looking. All the FAQ's etc mention some stuff, but don't get close enough for me. All the Demon specific stuff uses the Linux side standalone, mine should also gateway for a local net.
0
 
LVL 1

Expert Comment

by:agolan
ID: 1584626
First a warning, Demon is probably not dialing to you when there is an incomming connection, I.E. when someone want to send mail to you directly, such that unless you will stay connected for several hours each days, you won't get email, more about it later, but be aware that it something you should be aware of it before starting the whole stuff.

Ok, there is no forced relationship between the domain and the IP, even in the so-called back resolving (in-addr.arpa) resolving.

The task list to achieve your goal is:
1) register a new domain. This will include:
 a) prepare 2 well connected hosts (that is hosts that are 100%
  of the time on the Internet, NO isdn stuff) as DNS's for the      new domain.
  (It is a service most probably offered by Demon)
2) Let's assume that your new domain is "mydomain.co.uk"
   Let's assume that the host name for your linux 195.x.x.x IP
    is meAt.demon.co.uk.
   Let's assume that the two DNS machines that will handle
   your external domain are:
      ns0.demon.co.uk and ns1.demon.co.uk
   Let's assume that Demon's customer mail-relay is:
    relay-1.mail.demon.net (it's probably the case, check it)
3) Setup the dns info for mydomain.co.uk to look like this:
    (replace where apropriate.. keep ending dots "." where they are)
---------------------------------------------------------------
$ORIGIN co.uk.
domain      IN      SOA      mydomain.co.uk myusername.mydomain.co.uk.
      (  98062600 28800 7200 604800 86400 )
      IN      NS      ns0.demon.co.uk.
      IN      NS      ns1.demon.co.uk.
      IN      MX  20  mailin.mydomain.co.uk.
      IN      MX  30      meAt.demon.co.uk.
      IN      MX  50  relay-1.mail.demon.net.

$origin mydomain.co.uk.
mailin      IN      A      195.xxx.xxx.xxx
linux      IN      A      192.168.7.1
pc1      IN      A      192.168.7.2
etc.... (etc.... is not part of the file.)
----------------------------------------------------------
so far for the file, what does it says:

I) the last time this domain info was changed was on
 98062600 - that is 1998 June 26 - revision 0
 (you should INCREMENT this record each time you modify,
 the best way is by changing the date, and if it's the same day
 increment the revision number)
II) When trying to send mail to xxx@mydomain.co.uk. do:
a) try to send directly to mailin.mydomain.co.uk.
 (it is the preffered because it has the lower MX value)
b) if (a) fails try to send to meAt.demon.co.uk. he will know how to send it over. (it's not really necessary since it's the same IP address, you can (should) remove this setting, it is more for your understanding).
c) if (a) and (b) fails, send to relay-1.mail.demon.net., he
 will know how to send it to me.

So actually if someone can't reach you directly, mail will be stored (for something like 4 days ... no guaranty) on  and if by chance you are connected when
relay-1.mail.demon.net., is running the queue, the message will
be transmitted to mailin.mydomain.co.uk.

Some ISP's do have mechanisms to dequeue mails from MX when you connect, some don't, ask Demon if they provide such a service, if so they'll much likely give you another hostname to replace
"IN      MX  50  relay-1.mail.demon.net." with.

4) Be sure that your linux will knows that he belong to domain
mydomain.co.uk. and that he is "mailin" (or whatever you'd like
but make it the same everywhere).
To check use the "hostname" command, it should reply
with "mailin.mydomain.co.uk".

5) You can add more domains like this, that will end up in
local mailboxes on "mailin.mydomain.co.uk", or other
pseudo hosts by adding names your Linux should accept mails
for in the file "/etc/sendmail.cw"
If you don't have such file, look into sendmail.cf
for the line beginning with: "Fw"
By default it should be:
"Fw/etc/sendmail.cw"

The file itself could look much like this:
--------------------------------------------------------
# sendmail.cw - include all aliases for your machine here.
mydomain.co.uk
mailin.mydomain.co.uk
myotherdomain.co.uk
mail.myotherdomain.co.uk
---------------------------------------------------------
It is useless to add here "receptors" that are not
defined by the dns system, the role of this file is to let
sendmail know that THIS machine running sendmail is the last
mail stop for addresses@names in the list , that he should
check that a local recipient exists (i.e. a linux local account)
and if it doesn't the mail should be rejected.

Have fun.

0
 
LVL 1

Expert Comment

by:agolan
ID: 1584627
I am sorry, I missed the .nl, and assumed that it was Demon in UK, no offense intended, the procedure is the same,
except that their mail relay is probably:
relay-2.mail.nl.demon.net
and their DNS's are probably:
ns0.demon.nl and ns2.demon.net

but you should check those with them anyway.
Good luck
0
Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

 
LVL 1

Author Comment

by:cmw
ID: 1584628
AgoLan,

I'm impressed by your answer, but either I've asked the question incorrectly, or you might have misread. The Local domain should really be hidden from the internet. As far as the outside world knows, there's only me.demon.nl (with IP 195.xxx.xxx.xxx), and the only mail-id reachable from the outside is <anything-goes>@me.demon.nl. This is exactly as it is now, not using Linux. Demon already stores e-mail, so when I connect and start SMTP (now I'm using Agent/W95), I get all mail.

When receiving mail from outside, I want to route the mail to one of the machines in the local net, using only the <anything-goes> part, as the rest will allways be me.demon.nl. Of course, when somebody on one of the local machines sends mail to somebody on the other machine, that should go straight through, not touching demon at all. It would be nice if I could address local mail be sending it to <somebody>@local.hidden.net (or similiar). If I want to experiment with FTP/HTTP etc.. AND use a local machine (not the one that knows demon), it should be reachable through the same dummy domain. Again, demon should not be involved here.

I'm guessing that if I want people from the outside to reach HTTP/FTP services I run on locally, I must then run them on the machine that also has the demon IP (and keep the connection going myself).

Say I add a W95 box to the local net. I would want to configure TCP/IP to use DHCP, and be done. The Linux PC should hand out a valid 192.168.7.x number, and provide internet access. If I desire, adding info to the sendmail setup should then also let that W95 box to send/receive e-mail using a particular <anything-goes>.me.demon.nl.

That would keep the internet connection stuff all in one place (Linux), allow me to devide the <anything-goes>@me.demon.nl into more usefull parts, AND allow me to bounce mail addressed to things like stupid@me.demon.nl. In the current setup that would be received, I have no 'good' way of blocking that. Unless I pay $$$$ for something running on W95. W95 just isn't stable enough to handle a task like that, and I depend quite a lot on e-mail (for at least two of those <anything-goes>).

I hope this clarifies the question, and I apologise if I'm not getting the point across.
0
 
LVL 1

Accepted Solution

by:
agolan earned 100 total points
ID: 1584629
you can do exactly the same, just without the domain setup etc...
and have an "alias" in /etc/aliases that will forward the mail
to the internal name of the machine.
or, you could use some POP3 client to retreive email from the Linux, this would be the easyest way, because unknown recipients
would be rejected automatically. They are ways to play with
sendmails configuration to accept *any* mail and then do some
post filtering with "procmail", but it's not for a 100 points
answer, much likely a 250 points just for this issue.

"It would be nice if I could address local mail be sending it to
       <somebody>@local.hidden.net (or similiar)"
Same answer as in original mail, except that you run the DNS
locally on your linux, be sure that it's not an existing domain,
like use some four letter rightmost part for your domain, I.E.
xxx@local.hidden.here.
(Actually hidden.net is existing on the Internet, the owner
contact is: May, Patrick pjm@SPE.COM ;))) )


"it should be reachable through the same dummy domain",
this is ok as long as you mean INTERNALLY reachable.


The DHCP stuff is though because there is no good DHCP+DNS tying
solution (yet).

if You want people from the outside to reach HTTP/FTP services You run on locally, You'll have to either run them on the Linux,
or make some kind of forwarding on the linux. If it's only
for test purposes you could use a feature of "ssh"
like: ssh -L 80001:192.168.3.4:80 localhost
would forward all connections made from the outside (and inside)
on port 80001 to port 80 on
I.E. http://me.demon.uk:80001/index.html



would get the page assuming that linux() can
see the page: http://192.168.7.2/index.html

So the bottom line is:
- Setup a linux ( I highly suggest Redhat http://www.redhat.com)
- Setup a DNS on this linux (as described above, but replace
mydomain.co.uk with hidden.here
if you want all the prepared files for the linux dns setup, add 100 points.
- add linux.hidden.here to the /etc/sendmail.cw file such
 that you'll be able to receive mail in the hidden domain
 on the linux. (By default I suggest that the linux will use
 for itself the "me.demon.nl" name, it would ease other things
 in the future.
- if you want the other boxes to send mail out, set their mail
gateway as "linux.hidden.here", and be sure the return address
is set to xxx@me.demon.nl .
- if you want the linux to replace the address on each outgoing
mail to something@me.demon.nl automaticaly add 50 points.

0
 
LVL 1

Author Comment

by:cmw
ID: 1584630
Agolan,

This does help, one last remark! Am I correct in assuming:
1. Linux PC gets host <me> domain: demon.nl
2. Add the local.hidden.here domain to local DNS

This part still confuses me somewhat, Demon finds the Linux through me.demon.nl, the local net (using local DNS), can find it through: mealso.local.hidden.here.

How do the hostname (domain) settings in Linux interact with the rest? It seems to me that most of the TCP/IP setup is done through other settings, and that the hostname stuff is just a global setting used by one or two packages. I've added 50 points for you (I'm sorry, I don't have much more at the moment), hoping you could clarify that interaction.


0
 
LVL 1

Author Comment

by:cmw
ID: 1584631
Agolan,

Oops, I've messed up, forgot the extras, I'll post a another question for 50, you answer it, you get 50 points and A rating.
0
 
LVL 1

Expert Comment

by:agolan
ID: 1584632
The domain name system is just a way to ease-it up on humans, such that instead of remembering ip numbers, they could name hosts. It's much like a telphone book, You can have multiple numbers for a person and multiple subscribers under the same number.
If you have two telephone numbers in your office, one is an external line in the demon.nl area code, and one is a private exchange in your company, nothing prevents you to use the same
type of telephone book (or database) for both of them.
And if your office happend to be the mail delivery department, insiders would dial the private exchange number, while outsiders will dial you demon.nl telephone company number.

Mainly for security and identification purposes, it is better
to let your Linux identify itself as member of the well know international telephone system called Internet (by default),
I.E. when he sends mail out, after contacting the recipient host,
the linux system will send a message "HELO my.name.my.domain"
if the recipient is checking that the HELO message is valid,
then if it was me.hidden.here, the recipient will not accept
the message, however if the recipient get HELO me.demon.nl,
and check if this one is known to the international IP book ;-)
he will find it, he will find that the IP address trying to send him the mail is actualy me.demon.nl, and he will accept the mail.

And BTW, the local net can also find me.demon.nl, if you set the machines default gateway to the linux ethernet... it'll work.
The linux will get the packet as if he have to forward it, and actualy will forward to itself.

Perhpas another hint, the DNS distibuted with latest versions of linux has security holes, it is probably worth to download the latest *distributed* version from www.bind.org, but keep it in mind for later, you have already alot to do on your bunch.

Don't worry too much about the points, I just tried to exprime
that deserving *ready* stuff is alot of work, doing tricks with sendmails can take hours to polish and finish, and since you can achieve about the same with setting the aliases file like this:
robert:            rob@his95.hidden.here
Joan:            misc@macintosh.hidden.here
(whithout the need to open for robert or Joan a local account on linux)
and I see no good reason why you need the extra of modifying
sendmail rules, I tried to push you into forgeting about it.
Only a few ISP's or major coorporations actualy do it.
(and also some wizards & hackers on their own machine..ok)

Get started, run into troubles, and let me know, I'll help you.
I think I understand now (maybe too late) that you are not too
experienced with the Linux (or unix) system.

If your linux is up and running, create the zone files for your
hidden domain, and if you wabt mail them to noc@golan.net, I'll review them so you'll be sure that they are ok.
0
 
LVL 1

Author Comment

by:cmw
ID: 1584633
Agolan,

Well, no, I'm not an experienced Linux user (or unix for that matter). But I'm usually quite reasonable in getting things going. The local box does dial out to demon when the traffic has to go that way, the local DNS runs as I expect it to (I'm keeping a very close eye on the ISDN activity, if I get it wrong the telephone bill will go through the roof). Also I had no trouble getting the Xserver running, sound etc..etc. It is just that most docs are either very practical (not offering the conceptual part), or very conceptual, so then I miss out on the practical part. So when I wanted to IP's I found out that nobody really explained the HOSTNAME vars in relation to the gateway function. I would assume that a gateway is machine that belongs to the local network, and knows how to get out. But as out was Demon (and expects certain things), I started wondering, and as your answer indicates, it is better to leave the gateway with demon names (at least those two that I have to setup when starting). And if the DNS is ok, I know the other machines will be able to find my linux under any name I want them to.

So basic functionality is nearly complete, and once the masqerading stuff runs the way I want it (seems straightforward enough), I'll be ready to move all mailing activity to Linux. Sendmail doesn't look easy, but I've bought the book, and am in no rush.

Anyway, it started out by wanting to keep certain e-mail out, as I explained, W95 is not good enough and my past 6 months with W98 suggest that that is not much better. Once the decision was taken to use Linux, I then discovered that Linux will also run Novell and MS/IBM alike network traffic, neat. I tried Slackware, RadHat and Suse, and stuck to the latter. Slackware seemed no so coherent, RadHat does to much in X for me, Suse has great ISDN integration, and most tools work well without X.

Up to now I've been very impressed with almost everything Linux offers, except program editors. Of course it is a matter of taste, but I'm used to brief (for 10 years or so), and find adjusting to the Linux ones a bit of trouble. (I know of Crisp, but that costs money, I'll probably get round to writing one myself, or just use W95 for editing).

Anyway, thank you very much for all the information. If I get stuck, I'll know who to ask.

0
 
LVL 1

Expert Comment

by:agolan
ID: 1584634
"So basic functionality is nearly complete, and once the masqerading stuff runs the way I want it (seems straightforward enough), I'll be
       ready to move all mailing activity to Linux. Sendmail doesn't look easy, but I've bought the book, and am in no rush. "

Very Cool !!
I have read the first and then the second version several times,
when you actually implement something out of it, you feel as if you hold one of the most garded secrets of the world, it makes you feel so good !! On the other hand, many who have bought this book can't find the time to cope with it, and it's just sitting on their shelf while they say that sendmail (or the book) is bad,
so don't give up too easily (and don't expect it to be easy).

I think there was a shareware Crisplite ... editor.

I understand why you want to use your favorite editor,
I am lucky to have my favorite one (vi) on all the platforms I use, Linux, WinXX, Macintosh, Atari ST and finnally my Psion handheld. I know it's not the best, but it's the one I got used to, one funny thing  is that lately I found that there is a color visual implementation of vi, called e3 from http://www.softwarebuero.de (part of their development platform)
and I was very happy to see My C code in colors in a VI environment, the bad side of it is that I stoped to program an I am playing with colors ;-)

Ok, 'nougth,
Good luck !
 
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

I have seen several blogs and forum entries elsewhere state that because NTFS volumes do not support linux ownership or permissions, they cannot be used for anonymous ftp upload through the vsftpd program.   IT can be done and here's how to get i…
Note: for this to work properly you need to use a Cross-Over network cable. 1. Connect both servers S1 and S2 on the second network slots respectively. Note that you can use the 1st slots but usually these would be occupied by the Service Provide…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now