Re: tlug: Quest for e-mail

["Stephen J. Turnbull" <turnbull@example.com>]

>>>>> "Dave" == Dave Gutteridge <dave@example.com> writes:

    Dave> The nameserver, if i have this right, is in the office on
    Dave> another machine.  I think it's some kind FreeBSD system
    Dave> handling it. When i set up my web pages, I had to get the
    Dave> sys admin to give me permission to access that other machine
    Dave> to alter some config files so that my machine and it's .com
    Dave> addresses would be located... well, you guys know better
    Dave> than i do what i was doing.

Oh my goodness ... you were directly messing with the nameservers?
Yikes.  I'd worry about that if I were you ... it's easy to make a
mistake.

    >> Here's what ns.rainbow.co.jp has to say about the matter:

    Dave> Gah! Sometimes it creeps me out how UNIX people just go and
    Dave> get information from anyone else's machine like that!

But you can do it from any Windows or Mac box too, if you just get the
software.  For windows, I'm sure all the tools you'd ever want are
available at www.simtel.org.  The difference is that Unix people are
used to thinking in these terms, that's all, and the tools are
standard on Unix boxes.

And it's called a nameSERVER for a reason.  It's information that's
being _published_, just like a web page or the phone book.  It's just
not readable by or useful to ordinary humans.

Try not to feel creepy about it.  Instead learn which information you
want to publish, and which you want to keep private, and how to
configure your system to do that for you.

    Dave> Okay, most of what you said, i have to admit went way over
    Dave> my head. But

Expected---but nobody is assuming you're a dummy; you might just see
something in what I wrote that you could use.

    Dave> this last part i could grasp. So i created an account in my
    Dave> name, called (cleverly) "test" and then sent a test e-mail
    Dave> from my work address to "test@example.com". Then i telnetted

Some people prefer to write it telnet'ed.

    Dave> (is that a word?) into my machine, logged into the dave
    Dave> account, used pine to check the mail for that account, and,
    Dave> there it was.

<whistle> <cheer> <ticker-tape parade>

<notForDave'sEyes>
I think we've hooked one, guys!
</notForDave'sEyes>

    Dave> My A and MX records? And how do i get the paranoid machines
    Dave> to talk to me?

I think you're basically OK, as I wrote before.  The fact that you
successfully got mail through is very strong evidence for that.

You can't get truly paranoid machines to talk to you.  Access is
supposed to be granted, not taken.  That's why we talk about "security
holes."  However, the typical moderately paranoid machine does the
following:

<ring,ring>
DavesBox> Yo!  this is dave's mail server.  Whaddya want?
(checks out caller-ID, sees 130.158.99.4)
(looks up 130.158.99.4 in reverse directory -> turnbull.sk.tsukuba.ac.jp
StevesBox> HELO turnbull.sk.tsukuba.ac.jp
(Hmm, we've got a match, OK, let's talk)
DavesBox> 250 Welcome, turnbull.sk.tsukuba.ac.jp

and then the mail-passing transaction occurs.  A very paranoid machine 
would close the connection right there if there was no match.  A
hardly paranoid machine would put a Received header of the form

Received: from faked.name.org (turnbull.sk.tsukuba.ac.jp
          [130.158.99.4]; may be faked) by mail.d-rave.com via SMTP...
                          ^^^^^^^^^^^^

So you need to make sure that the IP (numerical) address -> domain
name -> IP address succeeds.  The CNAME record says which of the names 
will be returned by a PTR (numerical address) search.  The A record
says what IP address will be returned by a name search.

At present, when your machine calls out, here's what probably happens:

<ring,ring>
StevesBox> Yo!  this is steve's mail server.  Whaddya want?
(checks out caller-ID, sees 202.238.0.248)
(looks up 202.238.0.248 in reverse directory
          -> 202.238.0.248 does not exist (Authoritative answer))
DavesBox> HELO mail.d-rave.com
(Betcha this is one of them spammers again.  Insert a warning header.)
StevesBox> 250 Welcome, mail.d-rave.com

My box isn't particularly paranoid.  But a paranoid box might refuse
to talk at this point.

    Dave> If i'm not breaking with reality again, this is because
    Dave> there is no POP server set on the machine. This is something
    Dave> i have to install, right?

It's probably installed; it's not a very big program, so it's probably 
installed with a bunch of other common net utilities.  However, you
probably need to enable and possibly configure it.

Try `grep pop /etc/inetd.conf'.  If you get output from that command,
I bet it starts with a "#".  Remove the "#" from the beginning of that
line in /etc/inetd.conf, become root with `su', type `killall -HUP
inetd' and you should be in business.

-- 
University of Tsukuba                Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Institute of Policy and Planning Sciences       Tel/fax: +81 (298) 53-5091
__________________________________________________________________________
__________________________________________________________________________
What are those two straight lines for?  "Free software rules."
----------------------------------------------------------------
Next Nomikai: 20 November, 19:30   Tengu TokyoEkiMae 03-3275-3691
Next Technical Meeting: 12 December, 12:30 HSBC Securities Office
----------------------------------------------------------------
more info: http://tlug.linux.or.jp Sponsors: PHT, HSBC Securities