I'm running Coyote as a "router" on my home LAN with ADSL connection (DHCP assigned IP). I've got a dynamic DNS with JustLinux. Behind the firewall, I've got a server set up with Xitami webserver (reachable) and Xitami FTP (also reachable). Running Q-mail for e-mail and internal network mail works fine. However, no Internet e-mail can get through to the e-mail server. It times out. I suspect the "router" is the problem. IP masquerade rules are as follows on the router:

ipmasqadm autofw -A -r tcp 25 25 -h 192.168.0.103
ipmasqadm autofw -A -r tcp 80 80 -h 192.168.0.103
ipmasqadm autofw -A -r tcp 21 21 -h 192.168.0.103

Any help appreciated!

When you say internet mail cannot get through I am assuming you mean that mail from outside your LAN cannot get in. Is this correct? If so have you set up an MX record? What is the exact error message that you get?

-No MX - I'm not running my own DNS. The "domain" is vanderheyden.penguinpowered.com (through JustLinux) and my internal server is named slayer.vanderheyden.penguinpowered.com with vanderheyden.penguinpowered.com set up in locals and rcpthosts in /var/qmail/control (so qmail should receive mail for the domain). An http request to http://vanderheyden.penguinpowered.com takes you to the index.html page on this server, but mail addressed to, say, alan@vanderheyden.penguinpowered.com will not.
-I get a transient fatal error - server has not responded in 4 hours message from the smtp on the return path.
-Mail to alan@slayer.vanderheyden.penguinpowered.com goes through locally just fine with the IP attached to slayer in my hosts file.
-If my wife tries alan@slayer.vanderheyden.penguinpowered.com on her Win98 machine she gets an error for no record of the domain because she doesn't do local mail and there is no slayer recorded at JustLinux.
-Does this help any?

Date: Sun, 6 Aug 2000 16:38:47 GMT
To: <linuxguruwannabe@crosswinds.net>
From: Mail Delivery Subsystem <MAILER-DAEMON@mail1.crosswinds.net>
Subject: Warning: could not send message for past 4 hours

**********************************************
** THIS IS A WARNING MESSAGE ONLY **
** YOU DO NOT NEED TO RESEND YOUR MESSAGE **
**********************************************

The original message was received at Sun, 6 Aug 2000 12:29:21 GMT
from localhost [127.0.0.1]

----- The following addresses had transient non-fatal errors -----
<alan@vanderheyden.penguinpowered.com>

----- Transcript of session follows -----
<alan@vanderheyden.penguinpowered.com>... Deferred: Connection timed out with vanderheyden.penguinpowered.com.
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

Had to wait until I got another one back :-)

There is a reachable SMTP server at vanderheyden.penguinpowered.com. However without an MX record mail from outside will not know to use that server.
Also, I telneted into the mail server and tried to send a message from "alan@vanderheyden.penguinpowered.com" to "alan@vanderheyden.penguinpowered.com" and got a 553 sorry, that domain isn't in my list of allowed rcpthosts (#5.7.1) error. Unless your are doing anti-relay by ip this is a problem.

Two things bother me about your discovery.

#1 How were you able to telnet past my firewall and into the mail server? I'd say that is a security risk, right?

#2 The error message probably means I do not have Q-mail set up correctly (why are instructions for Linux software so damn confusing?) Beautiful code, just crappy instructions :-)

Anyway, how exactly did you telnet in (how did you log on?) and how exactly did you try to send e-mail (I'd like to duplicate your efforts) and how do I solve the MX problem? There has got to be a way around that, right? And how do I shore up my security (to keep you out? :-))

Never mind the first question :-) You telneted in on port 25 of course, which is also how you knew there was a reachable SMTP service! I got the same error code when I figured out how you tried to send the email;
rcpt <alan@vanderheyden.penguinpowered.com>

okey dokey

Still, how do I fix the MX problem? I am looking into the tcwrappers right now to make sure that is all set up correctly (which it obviously currently is not)!

You answered #1 before I could.

You need to setup an MX record and configure qmail to accept mail for the domain. Who does DNS for you?

I use GTE's DNS servers for outgoing resolution, but, of course, don't want to pay them for a static IP.

I guess JustLinux does the DNS for the subdomain (one of those free dynamic DNS deals), and I don't believe they do anything special about MX records for e-mail. I don't know a whole lot about DNS, so I'm at a loss to go from here. There has got to be some way around it though, as I'm sure other people have run servers from behind a masquerading firewall on a cable/DSL setup with dynamic IP!

BTW, thanks for all your help!

An MX record specifes a host that will either process or forward mail for a domain. For example: when you email jeremy@linuxquestions.org the MTA looks up the MX record for linuxquestions.org, then tries to deliver the mail to that server. Now, mail SHOULD be delivered to the domain name in the email address if no MX record is present. To be honest I am not sure how reliable that is as I have never had to try it.
It does not seem like qmail knows that it is supposed to accept mail for your domain. Is vanderheyden.penguinpowered.com in rcpthosts? Do you have a /etc/tcp.smtp file?

Hi Jeremy:

Some progress. I fixed the problem with the #5.7.1 error. That was a typo in rcpthosts (q instead of a g in penguin!), but also beefed up my tcp wrapper security as it turns out my tpcd is in /usr/sbin and not /usr/local/bin like the Q-mail FAQ suggested (I'm running Peanut on the server, based on Slackware). I can now send mail from alan@vanderheyden... to alan@vanderheyden... with no problem, so Q-mail is accepting mail for that domain. Still not accepting it from the internet, though :-(

Also, I am not using the tcp.smtp file (though it is set up correctly, I believe). I am calling qmaild from inetd so i am using the hosts.allow file. That is correct, yes?

So I've looked over the DNS How-To. I'm getting resigned to the fact that I might have to set up some kind of DNS. How would that work, exactly, since JustLinux runs the DNS for vanderheyden.penguinpowered.com? Do I set up some kind of zone file that handles everything under that? Then I could set up an MX record, right? That might also solve some of my other problems, like getting some of the windows boxen I have (wife and kids) to see my linux machines (so my wife could check her e-mail once we get this working :-))

Thanks for your patience!

I just tried to send you a test message and it appeared to go through (it was accepted for delivery). Did you get it?

Yes!?!? How very odd! Wonder what I did? I have set up DNS (I think). Wow!