how to configure sendmail for mail server host in virtual domain lan

Mark
Mark used Ask the Experts™
on
In the past I have configured a dedicated linux host to act as a mail server in a LAN configuration. Now, I need to do something similar (dedicate mail host), but I have several hosts in the lan each hosting several virtual domains. I want the mail server to route incoming mail to the appropriate host. I can easily configure Network Solutions to send the various domain's email to this one host. I'm sure this is a pretty typical configuration for ISP setups, but it's new to me. I need lots of help!

In the code snippet below is a sendmail.mc file (sans-comments) I've used as a templae in the past. Perhaps this is a good starting point.

What do I need to do to make this work on my mail server given the configuration I've spacified.
include(`../m4/cf.m4')
OSTYPE(`linux')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl')dnl
FEATURE(`dnsbl', `relays.ordb.org')dnl
FEATURE(`dnsbl', `dul.dnsbl.sorbs.net')dnl
FEATURE(`delay_checks',`friend',`n')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
MASQUERADE_AS(`novatec-inc.com')
FEATURE(`masquerade_envelope')
FEATURE(`masquerade_entire_domain')
dnl# FEATURE(`relay_entire_domain')dnl
EXPOSED_USER(`root')dnl
dnl# Also accept mail for localhost.localdomain:
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

Open in new window

Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Most Valuable Expert 2015

Commented:
Configure the mailertable:

mydomain.com         esmtp:other.smtp.server.com

makemap hash /etc/mail/mailertable < /etc/mail/mailertable

Author

Commented:
OK, I've set that up as:
virtual.com  esmtp:[host1.mydomain.com]

 Now for upstream ... At Network Solutions I can set up A records, MX records and CNAME records. So, if I have domain mydomain.com and mail.mydomain.com is on 200.200.200.1, and virtual.com is a virtual domain being hosted on host1.mydomain.com at IP 200.200.200.5, would I:

A: @mydomain.com -> 200.200.200.1
A: mail.mydomain.com -> 200.200.200.1
A: @virtual.com -> 200.200.200.1
MX: mydomain.com -> mail.mydomain.com
MX: virtual.com -> mail.mydomain.com

Do I need an A record for mail.mydomain.com or does the MX record take care of that?

Would I do anything with CNAME (host alias)?
Most Valuable Expert 2015

Commented:
You need an A record for the MX fully qualified domain name (which you have as listed above).

List the MX for both domains as mail.mydomain.com.

Don't use "@virtual.com" with the same A record as mydomain.com -- use its own IP address.

I am not a fan of "@domain" in DNS.

I list an A record for every MX host, an A record for the machine and CNAME records for hosts that have the same IP as the machine:

mydomain.com.                 IN         MX  10 mail.mydomain.com.

ns.mydomain.com.              IN         A          200.200.200.1
mail.mydomain.com.           IN         A          200.200.200.1

www                               IN        CNAME   ns.mydomain.com.
smtp                               IN        CNAME   ns.mydomain.com.

and

virtual.com.                      IN         MX  10 mail.mydomain.com.

ns.virtual.com.                  IN         A          200.200.200.5

www                               IN        CNAME   ns.virtual.com.
smtp                               IN        CNAME   ns.virtual.com.


You need to configure a DNS record for every host that needs to be reachable with a hostname.

mail.mydomain.com should have a PTR record in the inverse database that matches the address listed in the forward zone.
Success in ‘20 With a Profitable Pricing Strategy

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Author

Commented:
I've configured the DNS settings at Network Solutions as follows. See if I've grasped what you've said:

A records:
www.mydomain.com        200.200.200.2             # web server different than mail server
@.mydomain.com             [deleted per your advice]
mail.mydomain.com          200.200.200.1
allothers .mydomain.com  200.200.200.2

www.virtual.com               200.200.200.5
@.virtual.com                    [deleted per your advice]
mail.virtual.com                 200.200.200.1
allothers . virtual.com        200.200.200.5

MX records:
(for mydomain.com) 10 mail.mydomain.com
(for virtual.com)        10 mail.mydomain.com

I'm not really sure what to do with the CNAME records right now. So far, I have 3 hosts: mail.mydomain.com, host1.mydomain.com and host2.mydomain.com. host1 hosts virtual.com and host2 hosts mydomain.com. I have no additional virtual domains (yet).

Do I need the mail.virtual.com A record? Your example doesn't specify that.

Finally, since I only have 3 hosts at the moment, I have not configured DNS. Instead, I'm using /etc/resolv.conf and /etc/hosts. I was trying not to introduce too many variables at once into this exercise. I intended to configure DNS after getting the mail running. Bad idea?

Author

Commented:
I'm starting to get lost here. Now, ssh is not working. Here's my setup:

mail.myhost.com 200.200.200.1
host1.myhost.com 200.200.200.5
host2.myhost.com 200.200.200.2

before doing the above I had the Network Solutions routing www.virtual.com to 200.200.200.5 and (allothers).myhost.com also going to 200.200.200.5. So, I could: ssh myuser@myhost.com and it would end up on 200.200.200.5 i.e. host1.myhost.com.

After doing the setup in my previous post, (24904376) ssh is not working (but www is still working). I think I'm getting lost.
Most Valuable Expert 2015

Commented:
Presuming that the actual machine names are "host":

host.mydomain.com      -> A   ->    200.200.200.1
mail.mydomain.com      -> A   ->    200.200.200.1
mydomain.com            -> MX ->   mail.mydomain.com
www.mydomain.com     -> CNAME -> host.mydomain.com

host.virtual.com          -> A    ->    200.200.200.5
myvirtual.com            -> CNAME -> host.myvirtual.com
virtual.com                -> MX  ->  host.mydomain.com

The important point here is that you identify where the host application resides.

If ssh isn't working, verify that the hostname, that you were ssh'ing to, has not changed in DNS.

If you could give an example of real domain names, what users do with what machine (*), we could probably correct this immediately.

* send out email
  download email
  ftp files
  www pages
  ... etc

Author

Commented:
Those pretty much are the real names, but with genericized domains. I suppose it's not that critical a security issue though, so here are the real everthing:

Machines:

mail.fluxrunner.com    96.11.168.100
webhost1.fluxrunner.com 96.11.168.99
webhost2.fluxrunner.com 96.11.168.102

webhost1 will host virtual domain www.courtscan.com, plus others in the future.
webhost2 wil host  www.fluxrunner.com.

I want mail.fluxrunner.com to route mail for user@courtscan.com to webhost1 and mail for fluxrunner.com to webhost2.

That's pretty much what I need at the moment. If I can get those set up I think it should be easy enough to clone the idea for additional virtual domains and hosts.

I thought it could send courtscan.com ssh users to webhost1 via: "ssh user@courtscan.com", but if I can't do that and I have to do "ssh user@webhost1.fluxrunner.com", I can live with that.

I am all set on the www virtual hosting via apache/tomcat, I just need the mail routing correctly.

See if that covers what you asked. Meanwhile, I'll try out your A/MX/CNAME suggestions.
Most Valuable Expert 2015

Commented:
Actually, you can ssh to courtscan.com if there is an A record of 96.11.168.99 or a CNAME record of webhost1.fluxrunner.com in the DNS database for courtscan.com

   courtscan.com.           IN         CNAME        webhost1.fluxrunner.com.


mail.fluxrunner.com -> /etc/mail/mailertable

    courtscan.com         esmtp:webhost1.fluxrunner.com
    fluxrunner.com         esmtp:webhost2.fluxrunner.com

makemap hash mailertable < mailertable

webhost1.fluxrunner.com -> /etc/mail/local-host-names
    courtscan.com
    webhost1.fluxrunner.com

webhost2.fluxrunner.com -> /etc/mail/local-host-names
    fluxrunner.com
    webhost2.fluxrunner.com

And -> service sendmail restart
on all three machines

Author

Commented:
(more) ...

Sorry, but I keep getting confused on your recommendations:

> host.mydomain.com      -> A   ->    200.200.200.1
> mail.mydomain.com      -> A   ->    200.200.200.1
> mydomain.com            -> MX ->   mail.mydomain.com
> www.mydomain.com     -> CNAME -> host.mydomain.com

> host.virtual.com          -> A    ->    200.200.200.5
> myvirtual.com            -> CNAME -> host.myvirtual.com
> virtual.com                -> MX  ->  host.mydomain.com

host.mydomain.com and mail.mydomain.com are different machines, but maybe I confused you with the "fake" domains and IPs. Why is your the MX for mydomain.com going to mail.mydomain.com, but the MX for virtual.com is going to host.myvirtual.com? Shouldn't it be going to mail.mydomain.com as well (I have only one mailserver)? You have a CNAME for www.mydomain.com to host.mydomain.com, but there is no "www" prefixed on the CNAME for myvirtual. Finally, I don't really have a host.virtual.com, do I?

Perhaps we should just start clean with you using my REAL domains and IPs per my previous message.

Also, attached is an image of the Network Solutions CNAME form. I am having difficulty connection your CNAME configs with this form. What goes in "alias"? What goes in "Refers to hostname"?

CNAME.jpg

Author

Commented:
btw - I sent that last message before receiving your most recent message. It is not a commentary on 24935831, but rather on 24910217. I will digest 24935831 and try out suggestions.
Most Valuable Expert 2015

Commented:
The above example is accurate.  What I was referring to in the 'fake' example, was the use of an address record for courtscan.com.

You could have written it as:

courtscan.com.db
    courtscan.com.         IN        MX              10 mail.courtscan.com.
    mail                        IN        A                  96.11.168.99


Based upon actual information, I would suggest that you stick with:

courtscan.com.db
    courtscan.com.         IN        MX              10 mail.fluxrunner.com.

fluxrunn.com.db
    fluxrunner.com.        IN         MX              10 mail.fluxrunner.com.
    mail                       IN         A                 96.11.168.100
    webhost1               IN         A                 96.11.168.99
    webhost2               IN         A                 96.11.168.102

------------------------------------------------
What we have done:

* identified the address (A) records for each machine
* identified the host address (A) for the inbound mail server
* identified the mail exchange (MX) for courtscan.com and fluxrunner.com
* configured sendmail to forward incoming email on mail.fluxrunner.com to the appropriate servers
* added the hosts that are local to each server in the mail local host file

Does that help clear things up?

Author

Commented:
OK, Here's what I've got so far...

DNS: fluxrunner.com
A records:
www                        96.11.168.102
* (All Others)           96.11.168.102
mail.fluxrunner.com 96.11.168.100
webhost1.fluxrunner.com 96.11.168.99
webhost2.fluxrunner.com 96.11.168.102
MX:
mail.fluxrunner.com 10

DNS: courtscan.com
A records:
www                      96.11.168.99
* (All Others)          96.11.168.99
mail.courtscan.com 96.11.168.100
 MX:
mail.fluxrunner.com

I have no CNAME records.

sendmail for mail.fluxrunner.com and webhost1.fluxrunner.com is configured as shown in the snippet below. At the moment, nothing is configured in the access.db's

BUT ... so far mail is not working quite right

if I send something to an external email address (mfoley@novatec-inc.com) from a user account on mail.fluxrunner.com it goes straight to the dead.letter folder. The /var/log/maillog file says " <mfoley@novatec-inc.com>... Unrecognized host name novatec-inc.com.", yet I can ssh to novatec-inc.com, etc.

If I send something from webhost1.fluxrunner.com to an external email address it does deliver it, albeit with a From: address of user@webhost1.fluxrunner.com, not user@courtscan.com.

If I send something to user@courtscan.com from an external host it bounces with "550 5.1.2 <mfoley@courtscan.com>... Host unknown (Name server: courtscan.com: no data known)"

If I send something to user@webhost1.fluxrunner.com, it delivers OK.

So, I still need a bit of work on this!

mail.fluxrunner.com
 
sendmail.mc
-----------
OSTYPE(`linux')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl')dnl
FEATURE(`dnsbl', `relays.ordb.org')dnl
FEATURE(`dnsbl', `dul.dnsbl.sorbs.net')dnl
FEATURE(`delay_checks',`friend',`n')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
EXPOSED_USER(`root')dnl
 
/etc/mailertable
----------------
fluxrunner.com          esmtp:[webhost2.fluxrunner.com]
courtscan.com           esmtp:[webhost1.fluxrunner.com]
 
==================================================
webhost1 (courtscan.com's host)
 
sendmail.mc
-----------
OSTYPE(`linux')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`delay_checks',`friend',`n')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl
 
/etc/local-host-names
---------------------
courtscan.com
webhost1.fluxrunner.com

Open in new window

Most Valuable Expert 2015

Commented:
1) courtscan.com is not configured with an MX record
2) let's change "estmp" in mailertable to "smtp" (did you hash the mailertable?)
3) on mail.fluxrunner.com (dns locally may not be configured) ->
    dig novatec-inc.com a
    dig novatec-inc.com mx

you should have  installed dns caching servers on all machines unless you are using a remote dns resolver:

bind-libs-9.3.4-8.P1.fc6
bind-libbind-devel-9.3.4-8.P1.fc6
bind-chroot-9.3.4-8.P1.fc6
bind-utils-9.3.4-8.P1.fc6

and in /etc/resolv.conf:

nameserver <ip of local machine>

4) when sending mail from webhost1.fluxrunner.com, do you have the local email client configured for the domain name in the configuration file (pine, mutt, squirrelmail, etc)?

Let's start with these problems first.

Author

Commented:
> 1) courtscan.com is not configured with an MX record

Well, I think I do have courtscan.com configured with MX to mail.fluxrunner.com. In my message 24949664 I say I have an A record for mail.courtscan.com -> 96.11.168.100 (which is really mail.fluxrunner.com) and MX for courtscan.com -> to mail.fluxrunner.com.

> 2) let's change "estmp" in mailertable to "smtp" (did you hash the mailertable?)

I've changed esmtp to smtp and removed the brackets as well. My mc file specifies:
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
I created /etc/mail/mailertable.db using: make mailertable, but I have just now re-hased it using your makemap hash syntax, just in case.

> 3) on mail.fluxrunner.com (dns locally may not be configured) ->
>    dig novatec-inc.com a
>   dig novatec-inc.com mx

dig results shown below

> you should have  installed dns caching servers on all machines unless you are
> using a remote dns resolver:

I am using resolv.conf on my hosts and using network solutions as a remote dns resolver. If you think I need to set up DNS first on my hosts, I'll do that, but I was hoping to defer that task until later.

and in /etc/resolv.conf:

4) when sending mail from webhost1.fluxrunner.com, do you have the local email client configured for the domain name in the configuration file (pine, mutt, squirrelmail, etc)?

I'll check this and reply is a subsequent message


root@mail:/etc/mail# dig novatec-inc.com a
 
; <<>> DiG 9.3.1 <<>> novatec-inc.com a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4087
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;novatec-inc.com.               IN      A
 
;; ANSWER SECTION:
novatec-inc.com.        7200    IN      A       96.11.168.98
 
;; Query time: 40 msec
;; SERVER: 65.24.0.168#53(65.24.0.168)
;; WHEN: Tue Jul 28 07:15:25 2009
;; MSG SIZE  rcvd: 49
 
==============================================================
root@mail:/etc/mail# dig novatec-inc.com mx
 
; <<>> DiG 9.3.1 <<>> novatec-inc.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19531
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
;; QUESTION SECTION:
;novatec-inc.com.               IN      MX
 
;; ANSWER SECTION:
novatec-inc.com.        7200    IN      MX      10 inbound.novatec-inc.com.netsolmail.net.
 
;; Query time: 48 msec
;; SERVER: 65.24.0.168#53(65.24.0.168)
;; WHEN: Tue Jul 28 07:17:23 2009
;; MSG SIZE  rcvd: 87

Open in new window

Most Valuable Expert 2015

Commented:
$ dig courtscan.com MX +trace

; <<>> DiG 9.6.1b1 <<>> courtscan.com MX +trace
;; global options: +cmd
.                       361317  IN      NS      M.ROOT-SERVERS.NET.
.                       361317  IN      NS      I.ROOT-SERVERS.NET.
.                       361317  IN      NS      D.ROOT-SERVERS.NET.
.                       361317  IN      NS      J.ROOT-SERVERS.NET.
.                       361317  IN      NS      K.ROOT-SERVERS.NET.
.                       361317  IN      NS      H.ROOT-SERVERS.NET.
.                       361317  IN      NS      B.ROOT-SERVERS.NET.
.                       361317  IN      NS      A.ROOT-SERVERS.NET.
.                       361317  IN      NS      L.ROOT-SERVERS.NET.
.                       361317  IN      NS      G.ROOT-SERVERS.NET.
.                       361317  IN      NS      F.ROOT-SERVERS.NET.
.                       361317  IN      NS      C.ROOT-SERVERS.NET.
.                       361317  IN      NS      E.ROOT-SERVERS.NET.
;; Received 272 bytes from 192.168.1.11#53(192.168.1.11) in 0 ms

com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
;; Received 503 bytes from 192.36.148.17#53(I.ROOT-SERVERS.NET) in 56 ms

courtscan.com.          172800  IN      NS      ns39.worldnic.com.
courtscan.com.          172800  IN      NS      ns40.worldnic.com.
;; Received 110 bytes from 192.55.83.30#53(M.GTLD-SERVERS.NET) in 32 ms

courtscan.com.          7200    IN      SOA     NS39.WORLDNIC.COM. namehost.WORLDNIC.COM. 109072109 10800 3600 604800 3600
;; Received 93 bytes from 205.178.190.20#53(ns39.worldnic.com) in 59 ms


$ dig courtscan.com @ns39.worldnic.com MX

; <<>> DiG 9.6.1b1 <<>> courtscan.com @ns39.worldnic.com MX
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 9883
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;courtscan.com.                 IN      MX

;; AUTHORITY SECTION:
courtscan.com.          7200    IN      SOA     NS39.WORLDNIC.COM. namehost.WORLDNIC.COM. 109072109 10800 3600 604800 3600

;; Query time: 57 msec
;; SERVER: 205.178.190.20#53(205.178.190.20)
;; WHEN: Tue Jul 28 09:13:37 2009
;; MSG SIZE  rcvd: 93



---------------------------------------------------------------------------------

re: novatec -> I can see that today.  Yesterday there was no answer.

Author

Commented:
I believe I've made the mods you suggested. I'm not sure your dig output tells me anything I can figure out.

When I send an email from mfoley@novatec-inc.com to mfoley@courtscan.com I get the following error at novatec:

550 5.1.2 <mfoley@courtscan.com>... Host unknown (Name server: courtscan.com: no data known)

The /var/log/maillog on mail.fluxrunner.com appears to have nothing at all from this attempt. So, it seems that the message is not even getting to mail.fluxrunner.com.
Most Valuable Expert 2015

Commented:
From the machine that is originating the email:

dig courtscan.com +trace

Author

Commented:
results shown below. I'm not deciphering much from this. The IP 65.24.0.168 is one of the entries in mail.fluxrunner.com's /etc/resolv.conf. Does this help? Hmmm, I didn't think it would be this tough!
> dig courtscan.com +trace
 
; <<>> DiG 9.3.0 <<>> courtscan.com +trace
;; global options:  printcmd
.                       419668  IN      NS      M.ROOT-SERVERS.NET.
.                       419668  IN      NS      K.ROOT-SERVERS.NET.
.                       419668  IN      NS      G.ROOT-SERVERS.NET.
.                       419668  IN      NS      D.ROOT-SERVERS.NET.
.                       419668  IN      NS      J.ROOT-SERVERS.NET.
.                       419668  IN      NS      A.ROOT-SERVERS.NET.
.                       419668  IN      NS      E.ROOT-SERVERS.NET.
.                       419668  IN      NS      C.ROOT-SERVERS.NET.
.                       419668  IN      NS      I.ROOT-SERVERS.NET.
.                       419668  IN      NS      L.ROOT-SERVERS.NET.
.                       419668  IN      NS      B.ROOT-SERVERS.NET.
.                       419668  IN      NS      F.ROOT-SERVERS.NET.
.                       419668  IN      NS      H.ROOT-SERVERS.NET.
;; Received 228 bytes from 65.24.0.168#53(65.24.0.168) in 32 ms
 
com.                    172800  IN      NS      H.GTLD-SERVERS.NET.
com.                    172800  IN      NS      D.GTLD-SERVERS.NET.
com.                    172800  IN      NS      G.GTLD-SERVERS.NET.
com.                    172800  IN      NS      K.GTLD-SERVERS.NET.
com.                    172800  IN      NS      B.GTLD-SERVERS.NET.
com.                    172800  IN      NS      I.GTLD-SERVERS.NET.
com.                    172800  IN      NS      C.GTLD-SERVERS.NET.
com.                    172800  IN      NS      L.GTLD-SERVERS.NET.
com.                    172800  IN      NS      F.GTLD-SERVERS.NET.
com.                    172800  IN      NS      E.GTLD-SERVERS.NET.
com.                    172800  IN      NS      A.GTLD-SERVERS.NET.
com.                    172800  IN      NS      J.GTLD-SERVERS.NET.
com.                    172800  IN      NS      M.GTLD-SERVERS.NET.
;; Received 491 bytes from 202.12.27.33#53(M.ROOT-SERVERS.NET) in 115 ms
 
courtscan.com.          172800  IN      NS      ns39.worldnic.com.
courtscan.com.          172800  IN      NS      ns40.worldnic.com.
;; Received 110 bytes from 192.54.112.30#53(H.GTLD-SERVERS.NET) in 136 ms
 
courtscan.com.          7200    IN      SOA     NS39.WORLDNIC.COM. namehost.WORLDNIC.COM. 109072109 10800 3600 604800 3600
;; Received 93 bytes from 205.178.190.20#53(ns39.worldnic.com) in 44 ms

Open in new window

Most Valuable Expert 2015

Commented:
What this means is that under the courtscan.com DNS entries, there is no A record for the domain (and also no MX record).

Log back into NetSol's website, DNS management, choose courtscan.com and add the A, CNAME and MX records suggested.

Author

Commented:
I've posted a screen image of the network solutions configuration page for courtscan. I've added lines and ellipses in red to highlight what I think are the germain entries. I believe I do have A and MX records configured. If I have these wrong, please let me know.

I still don't have any CNAME records. I was not able to extrapolate from your DNS database format to the netsol form which I posted in message 24935860.

If what I am trying to do is not possible using netsol's DNS service, perhaps I should configure my own?
courtscan.jpg
Most Valuable Expert 2015

Commented:
Looks good to me.  What DNS servers are authoritative (listed) for courtscan.com?  I'd like to query them directly.

Author

Commented:
Through Network solutions courtscan.com's domain name servers are set to:
NS39.WORLDNIC.COM
NS40.WORLDNIC.COM

All the local fluxrunner.com hosts have the following entries in /etc/resolv.conf:
nameserver 65.24.0.168
nameserver 65.24.0.169
Most Valuable Expert 2015

Commented:
ns39 and ns40 don't know about it:

$ dig courtscan.com @ns39.worldnic.com mx

; <<>> DiG 9.6.1b1 <<>> courtscan.com @ns39.worldnic.com mx
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35755
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
                    ^^^^^^^^^^^^^^^^^^^^^^^^

Same response with ns40.  These servers are not aware that they are authoritative for this zone.  Please give NetSol a call.

Unless you are required to increment the serial number ??

Author

Commented:
I added an A record for @(none) as 96.11.168.100 (see image in comment 25009333). The 'dig' results are shown below. I think we've improved, but not quite there. When I send a message from novatec-inc.com to courtscan.com I get the following bounce on novatec-inc.com:

<mfoley@courtscan.com>
    (reason: 553 5.1.2 <mfoley@novatec-inc.com>... Unrecognized host name novatec-inc.com.)

   ----- Transcript of session follows -----
... while talking to courtscan.com.:
>>> MAIL From:<mfoley@novatec-inc.com> SIZE=764
<<< 553 5.1.2 <mfoley@novatec-inc.com>... Unrecognized host name novatec-inc.com.
501 5.6.0 Data format error

nothing is appearing in the /var/log/maillog for either mail.fluxrunner.com or webhost1.fluxrunner.com. In fact, there aren't even any bogus email attempts in the mail.fluxrunner.com log (but there are in webhost1.fluxrunner.com).

Are we getting closer? Do you think I should set the A record @(none) for fluxrunner.com?


 
> dig courtscan.com @ns39.worldnic.com mx
 
; <<>> DiG 9.3.0 <<>> courtscan.com @ns39.worldnic.com mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48073
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
 
;; QUESTION SECTION:
;courtscan.com.                 IN      MX
 
;; AUTHORITY SECTION:
courtscan.com.          7200    IN      SOA     NS39.WORLDNIC.COM. namehost.WORLDNIC.COM. 109080513 10800 3600 604800 3600
 
;; Query time: 64 msec
;; SERVER: 205.178.190.20#53(ns39.worldnic.com)
;; WHEN: Wed Aug  5 19:50:37 2009
;; MSG SIZE  rcvd: 93

Open in new window

Most Valuable Expert 2015

Commented:
1)  courtscan.com A record now appears.  you need to also add the MX record.  I don't use @ at all.  it swallows stuff up that it shouldn't.  if you set the A, CNAME, MX and NS records for the hosts as recommended, i think everything will work fine.

2) novatec-inc.com -- this is a problem with the originating machine not resolving novatec-inc.com.  from which machine is this mail being sent?

Author

Commented:
Wow, this is being much more difficult than I thought ...

1) All I did to make the courtscan.com A record appear with the 'dig' is that I added the @ record. So, not using it at all doesn't seem to work.

2) The originating machine *is* novatec-inc.com, so it can't be that machine that is not resolving. I send and receive hundreds of emails from that machine every day. I've also put the novatec-inc.com IP into mail.fluxrunner.com's /etc/hosts file to no effect.

I can try the CNAME thing, but I'm not sure of the configuration. What is the host name? What is the alias name? Is it:

Alias                            Host
-----------------------      --------------------------
mail.courtscan.com -> mail.fluxrunner.com

Since our changes on July 27th I have there is zero in the /var/log/maillog file on mail.fluxrunner.com. I've even rebooted in case the sendmail wasn't running.
Most Valuable Expert 2015

Commented:
I still don't see a configured MX server for courtscan.com

And this bothers me:

   "Unrecognized host name novatec-inc.com."

It's complaining about novatec-inc.com -- not courtscan.com.
Most Valuable Expert 2015

Commented:
It might be easier if we work on this off-line and post the fix when complete.

Author

Commented:
working offline would be fine. How do we do that? My email is already all over this question: mfoley@novatec-inc.com. Meanwhile, I'm going to try to get normal, non-virtual email working with fluxrunner.com. I've accomplished such setups in the past. Then maybe we can add the virtual domain.
Most Valuable Expert 2015
Commented:
And add in /etc/mail/access for mail.fluxrunner.com:

To:courtscan.com       RELAY

Once the MX record for this domain is visible via a dig, mail to this domain should work.

Author

Commented:
jesper - I'm posting my final results from our offline correspondence. This, plus your suggestion in 25060028 seem to have done the trick. Thanks

----------------------------------------------
I think I have things working now! Now all I have to do is get specified sers on webhost2.fluxrunner.com to masquerade as user@courtscan.com. I'll research that and make that a separate post if necessary.

So, here is the total configuration for virtual hosting. Perhaps you can
copy/paste this to a response on EE and I can give points:

fluxrunner.com
==============

DNS Settings at Network Solutions:

A records:
----------
www                      xx.xx.xx.102
@(none)                  xx.xx.xx.100       (I'll try removing this later)
*(other)                 xx.xx.xx.100       (likewise)
mail.fluxrunner.com      xx.xx.xx.100
webhost1.fluxrunner.com  xx.xx.xx.99
webhost2.fluxrunner.com  xx.xx.xx.102

MX records:
-----------
mail.fluxrunner.com


mail.fluxrunner.com config - xx.xx.xx.100
=========================================
Mail server for receipt and delivery of mail for fluxrunner.com and irtual domains hosted on fluxrunner.com hosts.  Other hosts send outgoing mail directly via smtp, not routed through mail.fluxrunner.com.

sendmail.mc (w/o comments)
-----------
include(`../m4/cf.m4')
VERSIONID(`$Id: fluxrunner.mc,v 1.0 2009/08/08 11:07:18 root Exp root $')dnl
OSTYPE(`linux')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confTO_IDENT', `0')dnl
define(`confBAD_RCPT_THROTTLE',`1')dnl
define(`confCONNECTION_RATE_THROTTLE',`3')dnl
define(`confDEAD_LETTER_DROP',`/dev/null')dnl
define(`confDOUBLE_BOUNCE_ADDRESS',`nobody')dnl
define(`confDF_BUFFER_SIZE',`16384')dnl
define(`confXF_BUFFER_SIZE',`16384')dnl
FEATURE(`use_cw_file')dnl
FEATURE(`use_ct_file')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(`access_db', `hash -T<TMPF> /etc/mail/access')dnl
FEATURE(`lookupdotdomain')dnl
FEATURE(`blacklist_recipients')dnl
FEATURE(`dnsbl')dnl
FEATURE(`dnsbl', `dul.dnsbl.sorbs.net')dnl
FEATURE(`delay_checks',`friend',`n')dnl
FEATURE(`local_procmail',`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`always_add_domain')dnl
FEATURE(`redirect')dnl
MASQUERADE_AS(`fluxrunner.com')
FEATURE(`masquerade_envelope')
FEATURE(`masquerade_entire_domain')
FEATURE(`relay_entire_domain')dnl
EXPOSED_USER(`root')dnl
LOCAL_DOMAIN(`localhost.localdomain')dnl
MAILER(local)dnl
MAILER(smtp)dnl
MAILER(procmail)dnl

/etc/mail/access
----------------
courtscan.com           RELAY

/etc/mail/mailertable
---------------------
fluxrunner.com          smtp:[xx.xx.xx.102]
courtscan.com           smtp:[xx.xx.xx.99]

/etc/mail/local-host-names
--------------------------
(empty)

----------------------------------------------------------

courtscan.com
==============

DNS Settings at Network Solutions:

A records:
----------
www                      xx.xx.xx.99
@(none)                  xx.xx.xx.100
*(other)                 xx.xx.xx.99
mail.courtscan.com       xx.xx.xx.100

MX record:
----------
mail.flxurunner.com

webhost1.fluxrunner.com config - xx.xx.xx.99
============================================
webhost1 hosts virtual domain courtscan.com for web and email users.

sendmail.mc
-----------
same as mail.fluxrunner.com except:
remove limiting maximum number of recipients confMAX_RCPTS_PER_MESSAGE
remove blacklisting
remove masquerading

/etc/mail/access
----------------
xx.xx.xx.100 RELAY

/etc/mail/mailertable
---------------------
(empty)

/etc/mail/local-host-names
--------------------------
courtscan.com
webhost1.fluxrunner.com


THAT'S IT! I've not included the configuration for webhost2 since it is
basically the same as webhost1 except no courtscan.com in
local-host-names.

Author

Commented:
Thanks for spending so much time and going the "extra mile" with me on this. Greatly appreciated.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial