I have come across a problem with ME sending email to local domains before doing an external lookup.
Basically if I add a domain called hotmail.com for example to my sever and someone sends email to anyone@hotmail.com from an account on my server the hotmail.com box on my server gets the email because ME searches local before external, which of course is not good.
I have read this kb article MailEnable to deliver to an external address over local delivery? but it describes multiple servers.
Can anyone provide any pointers or help with this?
Forcing ME to ignore locals and send externally
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
Nothing can be done about this in the short term- The only practical solution is to control the process where domains are provisioned (considerations being for mail server or in DNS).
ie: verify that the person registering the domain is entitled to do so. There is no other solution immediately obvious.
It may be possible in future to only allow domains to be created if a local IP address for the server has the nominated DNS records pre-existing.
This in effect is "passing the buck" since you will need to vet them before you provision them in DNS anyway (or you will end up with a similar issue).
This problem will no doubt be an issue with all mail servers.
ie: verify that the person registering the domain is entitled to do so. There is no other solution immediately obvious.
It may be possible in future to only allow domains to be created if a local IP address for the server has the nominated DNS records pre-existing.
This in effect is "passing the buck" since you will need to vet them before you provision them in DNS anyway (or you will end up with a similar issue).
This problem will no doubt be an issue with all mail servers.
Regards, Andrew
no its not. As I understand it you can set merak mail to always send externally even if it means mail goes out then comes back. The problem is ME checks local before using dns, why does it do this? why not remove the local domain check?
Not to impressed about this as it takes away the automatic functions out of clients signing up if you have to vet every one first.
Not to impressed about this as it takes away the automatic functions out of clients signing up if you have to vet every one first.
Webfeat
Webfeat Reserves the right to be profoundly wrong in any instance.
Webfeat Reserves the right to be profoundly wrong in any instance.
-
- Site Admin
- Posts: 4441
- Joined: Tue Jun 25, 2002 3:03 am
- Location: Melbourne, Victoria Australia
Err - mabe I meant most servers. my understanding is that the problem exists for sendmail, exchange, imail.
MailEnable has the same ability to force outbound delivery to use dns rather than local loopback but they would not stop this problem (its a registry setting under MailEnable SMTP section from memory.
The problem has to do with the way mailenable does its message routing through the MTA. The problem is that the domain is registered in the Address Map file. If the user sends the message from webmail, it will go from the posoffice connector through the mta and then (if the domain is registered) back to the postoffice that owns the domain. So the message never goes near the SMTP connector for outbound delivery. This is done for efficiency and enforces that all messages pass through the MTA etc for processing A/V etc.
If the domain signup process is totally automated, what stops users from provisioning hotmail into the managed DNS and then causing problems this way? As I see it, unvetted signup of domain names is a broader issue (its just moving the responsibility for routing aribiration to the DNS server).
That said, unfortunately it does not change the solution - I have raised it as an improvement in the development register - and perhaps something may be produced to overcome.
MailEnable has the same ability to force outbound delivery to use dns rather than local loopback but they would not stop this problem (its a registry setting under MailEnable SMTP section from memory.
The problem has to do with the way mailenable does its message routing through the MTA. The problem is that the domain is registered in the Address Map file. If the user sends the message from webmail, it will go from the posoffice connector through the mta and then (if the domain is registered) back to the postoffice that owns the domain. So the message never goes near the SMTP connector for outbound delivery. This is done for efficiency and enforces that all messages pass through the MTA etc for processing A/V etc.
If the domain signup process is totally automated, what stops users from provisioning hotmail into the managed DNS and then causing problems this way? As I see it, unvetted signup of domain names is a broader issue (its just moving the responsibility for routing aribiration to the DNS server).
That said, unfortunately it does not change the solution - I have raised it as an improvement in the development register - and perhaps something may be produced to overcome.
Regards, Andrew
I've been in contact with quite a few isp's, and i've never seen one that allows you to add any domain you want. I've always had to contact someone at the isp to initially set it up, then give me access.
One thing you could do is setup two different machines, one for the incoming mail, and another for just smtp outgoing mail with no postoffices (i would think it'd have to be behind 2 different public ips though since they both would be using port 25).
I'm not sure how this would work with webmail though. Since the webmail would be accessed on the machine with the incoming mail, if there was a postoffice called hotmail.com and someone used webmail to send an email to hotmail.com, that smtp server would route in internally. Isn't there a way to have mail enable use a different smtp server (instead of itself)? It could use the other server that's setup to just to outgoing smtp.
One thing you could do is setup two different machines, one for the incoming mail, and another for just smtp outgoing mail with no postoffices (i would think it'd have to be behind 2 different public ips though since they both would be using port 25).
I'm not sure how this would work with webmail though. Since the webmail would be accessed on the machine with the incoming mail, if there was a postoffice called hotmail.com and someone used webmail to send an email to hotmail.com, that smtp server would route in internally. Isn't there a way to have mail enable use a different smtp server (instead of itself)? It could use the other server that's setup to just to outgoing smtp.