Re: tlug: Quest for e-mail

["Stephen J. Turnbull" <turnbull@example.com>]

>>>>> "Jonathan" == Jonathan Byrne <- 3Web <jq@example.com>> writes:

    Jonathan> On Tue, 10 Nov 1998, Dave Gutteridge wrote:
    >> Jim gave me a pointer or two, so i tried what he said:

    >>> running on your machine.  (Read the NAG.)

    Jonathan> This easily-overlooked last sentence is a very important
    Jonathan> one.  If you don't have the NAG (Linux Network
    Jonathan> Administrator's Guide), get it now.  The NAG will be one
    Jonathan> of your best friends and most often used reference
    Jonathan> works.

Hmm.  Somehow I seem to have neglected that one.  Oh well.  :-)

>>>>> "Dave" == Dave Gutteridge <dave@example.com> writes:

    Dave> Okay, the deal is that I have two web sites on this Linux
    Dave> machine all set up and ready to go. One of them is
    Dave> [...]. The other site is [...].

OK, I gather that you have a single box with multiple domain
registrations?  It only has one Internet connection, right?

    Dave> concerns. Now, what I'm trying to accomplish is have it so
    Dave> that I can use the ".com" addresses as an e-mail
    Dave> address. So, for example, i could have "me@example.com". This
    Dave> is where i thought the mail server came in.

OK, you are on the same wavelength with that.  From the point of view
of the Internet it is much like an FTP server or HTTP (web) server; it
speaks a different language and allows different operations, but the
underlying communications scheme is the same.

Where your statement and reality part company is that the mail server
cannot control the name(s) that the Internet uses for your box.  This
is done by a nameserver which could be on your box, but only with the
cooperation of your ISP.  Much more likely, the relevant nameserver is 
controlled by your ISP.
 
    Dave> I thought mail would come to this machine, be stored there,
    Dave> and then give it to me when i asked for it from, say, my PC
    Dave> at home.

No reason why it cannot.  However, there are several different kinds
of addresses in the Internet naming system (technically, record types
in the DNS database).  An "A" record gives a domain as an "alias" for
a particular (numerical) internet address.  It turns out that using
"A" records for mail service was not sufficiently flexible, because
the machine might be down and the mail does not go through.  So there
are also "MX" records which allow several different machines to accept 
mail for the same address.  These are tried in order of priority.

Here's what ns.rainbow.co.jp has to say about the matter:

  bash-2.01$ host -t any d-rave.com
  d-rave.com              NS      WWW2.RAINBOW.CO.JP
  d-rave.com              NS      NS.RAINBOW.CO.JP
  d-rave.com              NS      ns1.RAINBOW.CO.JP
  d-rave.com              SOA     www.d-rave.com postmaster.d-rave.com (
                          98081201        ;serial (version)
                          10800   ;refresh period (3 hours)
                          1800    ;retry interval (30 minutes)
                          4320000 ;expire time (7 weeks, 1 day)
                          86400   ;default ttl (1 day)
                          )
  d-rave.com              MX      10 mail.d-rave.com
   !!! d-rave.com MX host mail.d-rave.com is not canonical

OK, this could be a problem, although I doubt it.

  bash-2.01$ host -t any mail.d-rave.com
  mail.d-rave.com         CNAME   www.d-rave.com
  www.d-rave.com          A       202.238.0.248

What this says is that mail.d-rave.com is not an alias for the
numerical address, but rather for the domain name www.d-rave.com.
This can be a problem when other mailers do a reverse lookup on your
IP address; they may decide that you're spoofing them and issue a
warning or even refuse to connect.

  bash-2.01$ host -t any 202.238.0.248
  202.238.0.248 does not exist (Authoritative answer)

Oops.

  bash-2.01$ host -l d-rave.com  www.d-rave.com
  d-rave.com AXFR record currently not present at www.d-rave.com

Bad.  The "start of authority" host doesn't know what's in its own
domain.  Worse.  Zone transfers (the whole AXFR record, -l option to
host) shouldn't be permitted, they give too much info in one go to
crackers.  It looks like your name server (on www.d-rave.com) is
configured to give that info if it were to be available.  I'm not a
BIND guru, you'll have to ask somebody else if this is a real problem.

  bash-2.01$ host -t any d-rave.com  www.d-rave.com
  d-rave.com              A       202.238.0.248
  d-rave.com              NS      ns1.rainbow.co.jp
   !!! d-rave.com NS host ns1.rainbow.co.jp is not canonical

www.d-rave.com is definitely running a name server.  However, note
that although it is listed as SOA (see above), there is no way for
anyone to use it without asking directly because it doesn't have an NS
record at your ISP.

  bash-2.01$ host -l d-rave.com  ns1.RAINBOW.CO.JP
  d-rave.com AXFR record query refused by ns1.RAINBOW.CO.JP

Good.

I don't see any reason why mail to an existing account or alias
@example.com should fail.  Despite the inconsistencies in the rainbow
DNS flagged above.

There are two (easy) ways to create an address at a mail server.  One
is to create a user account.  The other is to put an alias in
/etc/aliases.  (You may need to run a program to convert that into a
form that sendmail can use.)

To read mail using telnet, use pine or mailx.  At least one will be
installed on a standard Red Hat system, probably both.

    Dave> I typed in telnet localhost 25 at my prompt (for those of
    Dave> you just tuning in, these days i interface with my Red Hat
    Dave> 5.1 machine by telnet), and here's the response i got:

    Dave> Trying 127.0.0.1...
    Dave> Connected to localhost.
    Dave> Escape character is '^]'.
    Dave> 220 linuxserver.rainbow.co.jp DSMTP ESMTP Server v2.2i

BTW: bash-2.01$ host -t any linuxserver.rainbow.co.jp
linuxserver.rainbow.co.jp does not exist (Authoritative answer)

Trying to send mail from this machine may occasionally get you
nowhere, if the other host is paranoid.

    Dave> Is there a reference on the web which will give me a bit of
    Dave> a "how to" on mail servers?

bash-2.01$ ls /usr/doc/HOWTO   # just the interesting ones
META-FAQ.gz                    # about finding information you need
Access-HOWTO.gz                # possibly firewall-related, more
                               # likely file permissions
Mail-HOWTO.gz		       # short n sweet
PPP-HOWTO.gz		       # if you want to dial up your box
DNS-HOWTO.gz                   # may have some useful information
                               # about MX records etc
Security-HOWTO.gz              # you asked about firewalls
Firewall-HOWTO.gz
HOWTO-INDEX.gz                 # more meta information
INDEX.gz
INDEX.html.gz
Virtual-Services-HOWTO.gz      # probably about how to use multiple
			       # names for one box
WWW-HOWTO.gz
index.html		       # point lynx or netscape at this
mini/			       # directory with more HOWTOs in it

    Dave> Is my understanding of mail servers still off base? I'm
    Dave> wondering if i should be asking different questions.

No, I think you're probably fine.  Your main issues are going to be
with the ISP though, making sure all your A and MX records are
straight.

    Dave> help NOOP
    Dave> 214-NOOP
    Dave> 214-No operation. Does nothing at all.
    Dave> 214 OK   

    Dave> Why would there be a command that does nothing at all?

Not quite nothing; it resets the remote host's timer so that the
connection doesn't get cut for being idle to long.  You also get a
reply, so you can use it find out if the connection is still open:

  bash-2.01$ telnet localhost 25
  Trying 127.0.0.1...
Connected to localhost.
  Escape character is '^]'.
  220-tanko.sk.tsukuba.ac.jp Smail-3.2.0.101 (#2 1998-Jul-16) ready at Tue, 10 Nov 1998 17:24:53 +0900 (JST)
  220 ESMTP supported
  NOOP
  250 Okay
  QUIT
  221 tanko.sk.tsukuba.ac.jp closing connection
  Connection closed by foreign host.

Most protocols provide a NOOP, explicitly for these reasons.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
__________________________________________________________________________
__________________________________________________________________________
What are those two straight lines for?  "Free software rules."
----------------------------------------------------------------
Next Nomikai: 20 November, 19:30   Tengu TokyoEkiMae 03-3275-3691
Next Technical Meeting: 12 December, 12:30 HSBC Securities Office
----------------------------------------------------------------
more info: http://tlug.linux.or.jp Sponsors: PHT, HSBC Securities