Sendmail에서 받는쪽이 ID@[xxx.xxx.xxx.xx] 형태로 된경우를 받
RFC 1123에 정의된 형태로 To쪽이 정의되어도 Sendmail에서 정상적으로 받으려면 어떻게 해야 할까요?
다음은 maillog의 내용중 관련된 한 줄입니다.
Aug 15 21:57:53 ns sendmail[2769]: h7FCvq3U002769: ruleset=check_rcpt, arg1=<postmaster@[xxx.xxx.xxx.xx]>, relay=orbz@ares.penguinhosting.net [205.231.149.48], reject=550 5.7.1 <postmaster@[xxx.xxx.xxx.xx]>... Relaying denied. Proper authentication required.
(# xxx.xxx.xxx.xx 는 저희 메일서버 IP주소입니다.)
실제론 도메인명으로는 잘오는거 같은데 위처럼 버킷으로 아이피주소를 싸서 보내는건 거절해버리네요.. Sendmail초보라 모르는 부분이 너무많네요... 게다가 보내는쪽에서 RFC문서까지 들먹이니...
고수님들의 현명한 의견 부탁드립니다. ㅜ_ㅜ;;
<보내는 쪽에서 언급한 RFC내용>
Address Literals
RFC 1123, Section 2.1 (Host Names and Numbers):
"..a dotted-decimal number must be enclosed within "[ ]" brackets for SMTP mail (see Section 5.2.17)"
RFC 1123, Section 5.2.17 (Domain Literals):
A mailer MUST be able to accept and parse an Internet domain literal whose content ("dtext"; see RFC-822) is a dotted-decimal host address. An SMTP MUST accept and recognize a domain literal for any of its own IP addresses.
RFC 822, Section 3.4.6 (Bracketing Characters):
Square brackets ("[" and "]") are used to indicate the presence of a domain-literal, which the appropriate name-domain is to use directly, bypassing normal name-resolution mechanisms.
RFC 822, Section 6.2.3 (Domain Terms):
Domain-literals which refer to domains within the ARPA Internet specify 32-bit Internet addresses, in four 8-bit fields noted in decimal, as described in Request for Comments #820, "Assigned Numbers." For example: [10.0.3.19]
RFC 2821, Section 4.1.3 (Address Literals):
Sometimes a host is not known to the domain name system and communication (and, in particular, communication to report and repair the error) is blocked. To bypass this barrier a special literal form of the address is allowed as an alternative to a domain name. For IPv4 addresses, this form uses four small decimal integers separated by dots and enclosed by brackets such as [123.255.37.2], which indicates an (IPv4) Internet Address in sequence-of-octets form.
Admin Contact Addresses
RFC 2142, Section 4 (Network Operations Mailbox Names):
Operations addresses are intended to provide recourse for customers, providers and others who are experiencing difficulties with the organization's Internet service.
RFC 2821, Section 4.5.1 (Minimum Implementation):
Any system that includes an SMTP server supporting mail relaying or delivery MUST support the reserved mailbox "postmaster" as a case- insensitive local name. ...
SMTP systems are expected to make every reasonable effort to accept mail directed to Postmaster from any other system on the Internet.
메일서비스는...
메일서비스는 ip기반 서비스가 아니고 도메인 기반의 서비스입니다.
참고로 퀑커러에서 아이피로 테스트하면 설정해 놓은 사항이 지워지지 않는 버그가 있읍니다.
누군가가 아이피로 메일서버를 설정하지 않겠지? 하는 생각에 아마도 그런부분에 대한 버그는 전혀생각하지 않았나 봅니다. :lol:
무한한 상상력과 강한실행욕구는 엔지니어의 마지막 무기~
Re: 메일서비스는...
음... 근데 보내는쪽에선 이런방식으로밖에는 못보내는거 같던데요.
사실 사장님이 며칠 풀어달라고 해서 오픈릴레이 며칠했더니 메일서버가 완전히 스팸서버로 전락해가지고.. (맨날 아이피 검사하는 건지.. 금방알아가지고 스팸서버로 잘만 쓰더군요 ㅡㅡ;; 완전 걸레됐습니다.) 결국 dsbl.org 같은 블랙리스트 관리하는 곳에도 등록되서 이거 풀려고 이짓중입니다. 물론 현재는 오픈릴레이(Third Part Relay) 막은상태죠. ㅜㅜ
다른 두군데 블랙리스트 관리하는 곳에도 걸렸었는데 거기는 간단히 풀리던데 dsbl.org는 postmaster@[xxx.xxx.xxx.xx] (혹은 abuse@[xxx.xxx.xxx.xx])형태로 확인메일을 보내는거 같더라구요. 그리고 확인메일의 링크를 클릭해야 풀린다고..
빨리 고객들한테 메일을 발송해야 하는데.. 미치기 일보직전입니다. ㅜㅜ;;
Sendmail 고수님들께 다시한번 의견을 부탁드립니다.
널리 쓰이고 있는지는 모르겠지만 sendmail 은 id@[n.n.n.n
널리 쓰이고 있는지는 모르겠지만 sendmail 은 id@[n.n.n.n] 형태의 메일 주소를 받아들입니다. 설치된 sendmail 버전과 sendmail.mc 올려주시는 편이 좋겠네요.
War doesnt determine whos right, just whos left.
Sendmail설정상태입니다.
바쁘신데 시간내서 봐주셔서 너무 감사드립니다. ㅜ_ㅜ
우선 Sendmail 버젼 (한컴 리눅스 3.0입니다.) >>>>>>
#/usr/bin/sendmail -bt -d0
Version 8.12.5
Compiled with: DNSMAP HESIOD HES_GETMAILHOST LDAPMAP LOG MAP_REGEX
MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETINET6
NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS TCPWRAPPERS
USERDB USE_LDAP_INIT
============ SYSTEM IDENTITY (after readcf) ============
(short domain name) $w = 짧은도메인명
(canonical domain name) $j = 짧은도메인명.net
(subdomain name) $m = net
(node name) $k = ns
========================================================
ADDRESS TEST MODE (ruleset 3 NOT automatically invoked)
Enter <ruleset> <address>
>
sendmail.mc 전문 >>>>>>
divert(-1)
dnl This is the sendmail macro config file. If you make changes to this file,
dnl you need the sendmail-cf rpm installed and then have to generate a
dnl new /etc/sendmail.cf by running the following command:
dnl
dnl m4 /etc/mail/sendmail.mc > /etc/sendmail.cf
dnl
include(`/usr/share/sendmail-cf/m4/cf.m4')
VERSIONID(`linux setup for HancomLinux')dnl
OSTYPE(`linux')
define(`confDEF_USER_ID',``8:12'')dnl
undefine(`UUCP_RELAY')dnl
undefine(`BITNET_RELAY')dnl
define(`confAUTO_REBUILD')dnl
define(`confTO_CONNECT', `1m')dnl
define(`confTRY_NULL_MX_LIST',true)dnl
define(`confDONT_PROBE_INTERFACES',true)dnl
define(`PROCMAIL_MAILER_PATH',`/usr/bin/procmail')dnl
define(`ALIAS_FILE', `/etc/aliases')dnl
dnl define(`STATUS_FILE', `/etc/mail/statistics')dnl
define(`UUCP_MAILER_MAX', `2000000')dnl
define(`confUSERDB_SPEC', `/etc/mail/userdb.db')dnl
define(`confPRIVACY_FLAGS', `authwarnings,novrfy,noexpn,restrictqrun')dnl
define(`confAUTH_OPTIONS', `A')dnl
TRUST_AUTH_MECH(`DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
define(`confAUTH_MECHANISMS', `DIGEST-MD5 CRAM-MD5 LOGIN PLAIN')dnl
dnl define(`confTO_QUEUEWARN', `4h')dnl
dnl define(`confTO_QUEUERETURN', `5d')dnl
dnl define(`confQUEUE_LA', `12')dnl
dnl define(`confREFUSE_LA', `18')dnl
dnl FEATURE(delay_checks)dnl
FEATURE(`no_default_msa',`dnl')dnl
FEATURE(`smrsh',`/usr/sbin/smrsh')dnl
FEATURE(`mailertable',`hash -o /etc/mail/mailertable.db')dnl
FEATURE(`virtusertable',`hash -o /etc/mail/virtusertable.db')dnl
FEATURE(redirect)dnl
FEATURE(always_add_domain)dnl
FEATURE(use_cw_file)dnl
FEATURE(use_ct_file)dnl
FEATURE(local_procmail,`',`procmail -t -Y -a $h -d $u')dnl
FEATURE(`access_db',`hash -o /etc/mail/access.db')dnl
FEATURE(`blacklist_recipients')dnl
EXPOSED_USER(`root')dnl
dnl This changes sendmail to only listen on the loopback device 127.0.0.1
dnl and not on any other network devices. Comment this out if you want
dnl to accept email over the network.
DAEMON_OPTIONS(`Port=smtp,Addr=0.0.0.0, Name=MTA')
dnl NOTE: binding both IPv4 and IPv6 daemon to the same port requires
dnl a kernel patch
dnl DAEMON_OPTIONS(`port=smtp,Addr=::1, Name=MTA-v6, Family=inet6')
dnl We strongly recommend to comment this one out if you want to protect
dnl yourself from spam. However, the laptop and users on computers that do
dnl not have 24x7 DNS do need this.
FEATURE(`accept_unresolvable_domains')dnl
dnl FEATURE(`relay_based_on_MX')dnl
dnl
dnl WARNING!!! - Third Party Relay (CRITICAL SPAMMER ATTACK)
dnl Modified by doogle (doogle@shinbiro.com)
dnl
dnl FEATURE(promiscuous_relay)dnl
dnl /////////////////////////////////// END
MAILER(smtp)dnl
MAILER(procmail)dnl
Cwlocalhost.localdomain
설정파일은 한컴리눅스 깔린것에다가 아래부분에 Third Party Relay 설정인 FEATURE(promiscuous_relay) 정도입니다. 아.. 한컴홈페이지가서 수정된 sendmail.mc를 사용했던게 기억나는군요.. ㅡㅡ;;
dsbl.org에서 삭제요청시 결과
참고적으로 dsbl.org에서 remove script돌린결과는 다음과 같습니다.
DSBL: Send Removal Confirmation
Confirmation email refused. Please fix your server to accept removal request mail. DO NOT email us asking us to email to another address or to help you fix your server; we will not do either.
Your server seems to believe it needs to relay for local addresses. This does NOT mean that it is closed to relaying, just that it is broken and does not accept and deliver local mail, albeit with a confusing error message. Please fix it and test addresses from OUTSIDE before requesting removal.
Result:
Recipient Report:
xxx.xxx.xxx.xx does not like recipient.
Remote host said: 550 5.7.1 <postmaster@[xxx.xxx.xxx.xx]>... Relaying denied. Proper authentication required.
Message Report:
Giving up on xxx.xxx.xxx.xx.
sendmail.mc 에서의 문제는 아닌 것 같습니다. 올려주신 설정으로
sendmail.mc 에서의 문제는 아닌 것 같습니다. 올려주신 설정으로 제 서버에 적용한 결과입니다.
# sendmail -bt -d0 Version 8.12.6 Compiled with: DNSMAP LDAPMAP LOG MAP_REGEX MATCHGECOS MILTER MIME7TO8 MIME8TO7 NAMED_BIND NETINET NETUNIX NEWDB NIS PIPELINING SASL SCANF STARTTLS TCPWRAPPERS USERDB USE_LDAP_INIT ============ SYSTEM IDENTITY (after readcf) ============ (short domain name) $w = mydomain (canonical domain name) $j = mydomain.net (subdomain name) $m = net (node name) $k = mydomain.net ======================================================== ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > # sendmail -bt -d28.8 ADDRESS TEST MODE (ruleset 3 NOT automatically invoked) Enter <ruleset> <address> > check_rcpt postmaster@[n.n.n.n] check_rcpt input: postmaster @ [ n . n . n . n ] Basic_check_rcpt input: postmaster @ [ n . n . n . n ] Rcpt_ok input: postmaster @ [ n . n . n . n ] ParseRecipient input: postmaster @ [ n . n . n . n ] CanonAddr input: postmaster @ [ n . n . n . n ] canonify input: postmaster @ [ n . n . n . n ] Canonify2 input: postmaster < @ [ n . n . n . n ] > Canonify2 returns: postmaster < @ mydomain . net . > canonify returns: postmaster < @ mydomain . net . > Parse0 input: postmaster < @ mydomain . net . > Parse0 returns: postmaster < @ mydomain . net . > CanonAddr returns: postmaster < @ mydomain . net . > ParseRecipient returns: postmaster < @ mydomain . net > SearchList input: < + To > $| < F : postmaster @ mydomain . net > < U : postmaster @ > < D : mydomain . net > < > F input: < postmaster @ mydomain . net > < ? > < + To > < > F returns: < ? > < > SearchList input: < + To > $| < U : postmaster @ > < D : mydomain . net > < > U input: < postmaster @ > < ? > < + To > < > U returns: < ? > < > SearchList input: < + To > $| < D : mydomain . net > < > D input: < mydomain . net > < ? > < + To > < > D input: < net > < ? > < + To > < > D returns: < ? > < > D returns: < ? > < > SearchList returns: < ? > SearchList returns: < ? > SearchList returns: < ? > RelayTLS input: RelayTLS returns: NO Rcpt_ok returns: RELAY Basic_check_rcpt returns: RELAY check_rcpt returns: RELAY > # grep -v ^# /etc/mail/access localhost.localdomain RELAY localhost RELAY 127.0.0.1 RELAY # cat /etc/hosts 127.0.0.1 localhost.localdomain localhost n.n.n.n mydomain.net mydomain단순히 릴레이 문제는 아닐까 생각합니다만.. 저야 sendmail 에 관심있는 유저에 지나지 않으니 어떻게 더 도움을 드릴 수 있을지 모르겠네요.
War doesnt determine whos right, just whos left.
댓글 달기