Loading ...
Sorry, an error occurred while loading the content.
 

postfix on ubuntu, chrooted hosts file

Expand Messages
  • Martin Glynn
    Hi Everyone, I m a new postfix user; please forgive any etiquette mistakes. I recently setup a Postfix server on an Ubuntu Linux Server distribution.
    Message 1 of 9 , May 28, 2006
      Hi Everyone,

      I'm a new postfix user; please forgive any etiquette mistakes.

      I recently setup a Postfix server on an Ubuntu Linux Server distribution.
      Originally my server sat by itself on the internet. Recently we moved
      inside a larger network, behind a firewall, that I do not control and am not
      very familiar with.

      I have what I think is a simple problem. There are two mail hosts that are
      running inside this larger network. When my server ran by itself it
      accessed these two servers using public IP addresses. However now that it
      is inside the large network, I need my server to access those hosts using
      private IP addresses.

      I made two entries in the hosts file under /etc, confirmed that ping was now
      resolving these two hosts using their private addresses, then copied the
      hosts file from /etc into the /var/spool/postfix/etc chroot jail.

      I then did a postfix reload. The log indicates that Postfix is still trying
      to access these servers using their public IP addresses.

      Everything else about this server is just a standard install. Email to
      servers outside these two mail servers, such as gmail, works properly.

      Any idea what could be wrong? I've checked file permissions and they seem
      fine.

      Also, if there's a better way to solve this problem other than host file
      entries I'm open to any suggestions.

      I'm sorry I can't pass along copies of my config files, as I said this
      server is running on a larger network that I don't control and I'm not sure
      what I can and cannot share.

      Thanks very much for any help!

      Martin
    • Steven Louis
      ... Also, if there s a better way to solve this problem other than host file ... I m fairly new to Postfix myself and I d probably use transport. In main.cf:
      Message 2 of 9 , May 28, 2006
         
        Everything else about this server is just a standard install.  Email to
        servers outside these two mail servers, such as gmail, works properly.

        Any idea what could be wrong?  I've checked file permissions and they seem
        fine.
        Also, if there's a better way to solve this problem other than host file
        entries I'm open to any suggestions.

        I'm fairly new to Postfix myself and I'd probably use transport.

        In main.cf:
        transport_map = hash:/path/to/transport

        your transport file:
        <your.domain>            :[internal.ip.address]

        postmap /path/to/transport
        postfix reload

        For more information.. man 5 transport

        I'm sorry I can't pass along copies of my config files, as I said this
        server is running on a larger network that I don't control and I'm not sure
        what I can and cannot share.

        Thanks very much for any help!

        Martin


      • Martin Glynn
        Thanks Steven, for your suggestion to use transport to solve this problem. I still may need to use the hosts file. Does anyone have any idea why my entries in
        Message 3 of 9 , May 29, 2006
          Thanks Steven, for your suggestion to use transport to solve this problem.

          I still may need to use the hosts file. Does anyone have any idea why my
          entries in the hosts file wouldn't be used by postfix (see below for the
          original posting)?

          Thanks!

          Martin

          > -----Original Message-----
          > From: owner-postfix-users@... [mailto:owner-postfix-
          > users@...] On Behalf Of Martin Glynn
          > Sent: Sunday, May 28, 2006 11:51 PM
          > To: postfix-users@...
          > Subject: postfix on ubuntu, chrooted hosts file
          >
          > Hi Everyone,
          >
          > I'm a new postfix user; please forgive any etiquette mistakes.
          >
          > I recently setup a Postfix server on an Ubuntu Linux Server distribution.
          > Originally my server sat by itself on the internet. Recently we moved
          > inside a larger network, behind a firewall, that I do not control and am
          > not
          > very familiar with.
          >
          > I have what I think is a simple problem. There are two mail hosts that
          > are
          > running inside this larger network. When my server ran by itself it
          > accessed these two servers using public IP addresses. However now that it
          > is inside the large network, I need my server to access those hosts using
          > private IP addresses.
          >
          > I made two entries in the hosts file under /etc, confirmed that ping was
          > now
          > resolving these two hosts using their private addresses, then copied the
          > hosts file from /etc into the /var/spool/postfix/etc chroot jail.
          >
          > I then did a postfix reload. The log indicates that Postfix is still
          > trying
          > to access these servers using their public IP addresses.
          >
          > Everything else about this server is just a standard install. Email to
          > servers outside these two mail servers, such as gmail, works properly.
          >
          > Any idea what could be wrong? I've checked file permissions and they seem
          > fine.
          >
          > Also, if there's a better way to solve this problem other than host file
          > entries I'm open to any suggestions.
          >
          > I'm sorry I can't pass along copies of my config files, as I said this
          > server is running on a larger network that I don't control and I'm not
          > sure
          > what I can and cannot share.
          >
          > Thanks very much for any help!
          >
          > Martin
        • Victor Duchovni
          ... http://www.postfix.org/postconf.5.html#smtp_host_lookup In your case, you want: smtp_host_lookup = native, dns or smtp_host_lookup = native if the hosts
          Message 4 of 9 , May 29, 2006
            On Mon, May 29, 2006 at 11:20:50AM -0400, Martin Glynn wrote:

            > Thanks Steven, for your suggestion to use transport to solve this problem.
            >
            > I still may need to use the hosts file. Does anyone have any idea why my
            > entries in the hosts file wouldn't be used by postfix (see below for the
            > original posting)?
            >

            http://www.postfix.org/postconf.5.html#smtp_host_lookup

            In your case, you want:

            smtp_host_lookup = native, dns

            or

            smtp_host_lookup = native

            if the hosts nsswitch.conf already includes "dns", and temporary lookup
            problems are properly reported in h_errno.

            --
            Viktor.

            P.S. Morgan Stanley is looking for a New York City based, Senior Unix
            system/email administrator to architect and sustain the Unix email
            environment. If you are interested, please drop me a note.

            Disclaimer: off-list followups get on-list replies or get ignored.
            Please do not ignore the "Reply-To" header.

            To unsubscribe from the postfix-users list, visit
            http://www.postfix.org/lists.html or click the link below:
            <mailto:majordomo@...?body=unsubscribe%20postfix-users>

            If my response solves your problem, the best way to thank me is to not
            send an "it worked, thanks" follow-up. If you must respond, please put
            "It worked, thanks" in the "Subject" so I can delete these quickly.
          • Martin Glynn
            ... Thanks Victor, I put smtp_host_lookup = native, dns in the /etc/postfix/main.cf file and did sudo postfix reload but the problem still exists. Here s
            Message 5 of 9 , May 29, 2006
              > > I still may need to use the hosts file. Does anyone have any idea why
              > my
              > > entries in the hosts file wouldn't be used by postfix (see below for the
              > > original posting)?
              > >
              >
              > http://www.postfix.org/postconf.5.html#smtp_host_lookup
              >
              > In your case, you want:
              >
              > smtp_host_lookup = native, dns
              >
              > or
              >
              > smtp_host_lookup = native
              >
              > if the hosts nsswitch.conf already includes "dns", and temporary lookup
              > problems are properly reported in h_errno.
              >

              Thanks Victor, I put

              smtp_host_lookup = native, dns

              in the /etc/postfix/main.cf file and did 'sudo postfix reload' but the
              problem still exists. Here's what my nsswitch.conf file looks like:

              # /etc/nsswitch.conf
              #
              # Example configuration of GNU Name Service Switch functionality.
              # If you have the `glibc-doc' and `info' packages installed, try:
              # `info libc "Name Service Switch"' for information about this file.

              passwd: compat
              group: compat
              shadow: compat

              hosts: files dns
              networks: files

              protocols: db files
              services: db files
              ethers: db files
              rpc: db files

              netgroup: nis

              Here's what my resolv.conf file looks like:

              nameserver 12.127.16.67
              nameserver 12.127.17.71

              Thanks again for any help!

              Martin
            • Victor Duchovni
              ... http://www.postfix.org/postconf.5.html#smtp_host_lookup ... This feature is available in Postfix 2.1 and later. What version of Postfix are you using? ...
              Message 6 of 9 , May 29, 2006
                On Mon, May 29, 2006 at 02:14:16PM -0400, Martin Glynn wrote:

                > Thanks Victor, I put
                >
                > smtp_host_lookup = native, dns
                >
                > in the /etc/postfix/main.cf file and did 'sudo postfix reload' but the
                > problem still exists. Here's what my nsswitch.conf file looks like:

                http://www.postfix.org/postconf.5.html#smtp_host_lookup
                ...
                This feature is available in Postfix 2.1 and later.

                What version of Postfix are you using?

                > hosts: files dns

                Likely, just "native" is enough.

                Show some logs and transport table entries. Note, that without [] around
                the nexthop name, DNS is still used for MX lookups, smtp_host_lookup
                only controls the resolution of the MX hosts IP addresses.

                --
                Viktor.

                P.S. Morgan Stanley is looking for a New York City based, Senior Unix
                system/email administrator to architect and sustain the Unix email
                environment. If you are interested, please drop me a note.

                Disclaimer: off-list followups get on-list replies or get ignored.
                Please do not ignore the "Reply-To" header.

                To unsubscribe from the postfix-users list, visit
                http://www.postfix.org/lists.html or click the link below:
                <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                If my response solves your problem, the best way to thank me is to not
                send an "it worked, thanks" follow-up. If you must respond, please put
                "It worked, thanks" in the "Subject" so I can delete these quickly.
              • Martin Glynn
                ... Version: 2.2.4-1ubuntu2 ... You were right, native alone worked! I m still confused though. Why didn t native, dns work? Also, will hosts not listed in
                Message 7 of 9 , May 29, 2006
                  > > Thanks Victor, I put
                  > >
                  > > smtp_host_lookup = native, dns
                  > >
                  > > in the /etc/postfix/main.cf file and did 'sudo postfix reload' but the
                  > > problem still exists. Here's what my nsswitch.conf file looks like:
                  >
                  > http://www.postfix.org/postconf.5.html#smtp_host_lookup
                  > ...
                  > This feature is available in Postfix 2.1 and later.
                  >
                  > What version of Postfix are you using?

                  Version: 2.2.4-1ubuntu2

                  >
                  > > hosts: files dns
                  >
                  > Likely, just "native" is enough.
                  >

                  You were right, native alone worked!

                  I'm still confused though. Why didn't native, dns work?

                  Also, will hosts not listed in the hosts file still definitely be resolved
                  through dns? I don't have a good way to test this right now.

                  Thanks again for all your help!

                  Martin
                • Victor Duchovni
                  ... Because I forgot that the parameter specifies an *unordered* set of mechanisms. If DNS is enabled, it is always used first. Specify one of the following:
                  Message 8 of 9 , May 29, 2006
                    On Mon, May 29, 2006 at 03:32:06PM -0400, Martin Glynn wrote:

                    > > > hosts: files dns
                    > >
                    > > Likely, just "native" is enough.
                    > >
                    >
                    > You were right, native alone worked!
                    >
                    > I'm still confused though. Why didn't native, dns work?

                    Because I forgot that the parameter specifies an *unordered* set of
                    mechanisms. If DNS is enabled, it is always used first.

                    Specify one of the following:

                    dns
                    Hosts can be found in the DNS (preferred).
                    native
                    Use the native naming service only (nsswitch.conf, or equivalent
                    mechanism).
                    dns, native
                    Use the native service for hosts not found in the DNS.

                    > Also, will hosts not listed in the hosts file still definitely be resolved
                    > through dns? I don't have a good way to test this right now.

                    Yes, provided your nsswitch works as configured.

                    --
                    Viktor.

                    P.S. Morgan Stanley is looking for a New York City based, Senior Unix
                    system/email administrator to architect and sustain the Unix email
                    environment. If you are interested, please drop me a note.

                    Disclaimer: off-list followups get on-list replies or get ignored.
                    Please do not ignore the "Reply-To" header.

                    To unsubscribe from the postfix-users list, visit
                    http://www.postfix.org/lists.html or click the link below:
                    <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                    If my response solves your problem, the best way to thank me is to not
                    send an "it worked, thanks" follow-up. If you must respond, please put
                    "It worked, thanks" in the "Subject" so I can delete these quickly.
                  • Hans van Kranenburg
                    ... Try invoke-rc.d postfix restart The debian/ubuntu start-stop script /etc/init.d/postfix will copy some files into the chroot. When you only issue a postfix
                    Message 9 of 9 , May 30, 2006
                      Martin Glynn wrote:
                      >
                      > I made two entries in the hosts file under /etc, confirmed that ping
                      > was now resolving these two hosts using their private addresses, then
                      > copied the hosts file from /etc into the /var/spool/postfix/etc
                      > chroot jail.
                      >
                      > I then did a postfix reload. The log indicates that Postfix is still
                      > trying to access these servers using their public IP addresses.

                      Try
                      invoke-rc.d postfix restart

                      The debian/ubuntu start-stop script /etc/init.d/postfix will copy some
                      files into the chroot. When you only issue a postfix reload, that won't
                      happen.

                      Hans
                    Your message has been successfully submitted and would be delivered to recipients shortly.