Re: sendmail error, "MX list for mydomain.com points back to server.mydomain.com"

Reply: vagabond : "Re: sendmail error, "MX list for mydomain.com points back to server.mydomain.com""
In reply to: Dan Mahoney (Ports): "Re: sendmail error, "MX list for mydomain.com points back to server.mydomain.com""
Go to: [ bottom of page ] [ top of archives ] [ this month ]
From: vagabond <vagabond_at_blackfoot.net>
Date: Thu, 18 May 2023 18:58:31 UTC
> What you were saying about your ISP having bogus entries is quite 
> possibly at least part of the problem.

I can understand that, although when sending from an account on the 
machine
where both named and sendmail are running, to the same account 
@dreamchaser.org,
it should be using the local named, right?
And if that named is the authoritative nameserver for the domain,
then the needed dns request should stay local, right?

> Sendmail uses real DNS and ignores /etc/hosts (because it needs to look 
> up MX records, there are no MX records in /etc/hosts).
> If you *really* want to cheat that, you can run BIND on localhost and 
> put a zone for your own domain answering on localhost, and put 
> 127.0.0.1 in /etc/resolv.conf.

Not sure I understand what you're saying.
I am running BIND (9.18) on the localhost.
As the primary for the domain, it answers for the domain for which 
sendmail is receiving.
127.0.0.1 is the only thing currently in resolv.conf

> What is the hostname of your system?

$ hostname
ns.dreamchaser.org

> Can you post your full freebsd.mc?
I've omitted initial comment sections and those entirely dnl'ed out
============================
divert(-1)
divert(0)
VERSIONID(`$FreeBSD: releng/12.4/etc/sendmail/freebsd.mc 363465 
2020-07-24 00:22:33Z gshapiro $')
OSTYPE(freebsd6)
DOMAIN(generic)

FEATURE(access_db, `hash -o -T<TMPF> /etc/mail/access')
FEATURE(blocklist_recipients)
FEATURE(local_lmtp)
FEATURE(mailertable, `hash -o /etc/mail/mailertable')
FEATURE(virtusertable, `hash -o /etc/mail/virtusertable')

dnl Uncomment to activate your chosen DNS based blacklist
dnl FEATURE(dnsbl, `dnsbl.example.com')
dnl Alternatively, you can provide your own server and rejection 
message:
dnl FEATURE(dnsbl, `dnsbl.example.com', ``"550 Mail from " 
$&{client_addr} " rejected"'')
FEATURE(dnsbl, `zen.spamhaus.org')

dnl Uncomment the first line to change the location of the default
dnl /etc/mail/local-host-names and comment out the second line.
dnl define(`confCW_FILE', `-o /etc/mail/sendmail.cw')
define(`confCW_FILE', `-o /etc/mail/local-host-names')

dnl Enable for both IPv4 and IPv6 (optional)
DAEMON_OPTIONS(`Name=IPv4, Family=inet')
dnl DAEMON_OPTIONS(`Name=IPv6, Family=inet6, Modifiers=O')

dnl Configuration for milter-greylist
dnl See /usr/local/share/doc/milter-greylist/README
dnl
dnl 2023-05-18 the following are already activated in 
/usr/src/contrib/sendmail/cf/m4 macros
dnl j,{if_addr},{cert_subject},i,{auth_authen} are already enabled by 
default
dnl define(`confMILTER_MACROS_CONNECT', confMILTER_MACROS_CONNECT``, j, 
{if_addr}'')
dnl define(`confMILTER_MACROS_ENVFROM', confMILTER_MACROS_ENVFROM``, i, 
{auth_authen}')
dnl
define(`confMILTER_MACROS_HELO', confMILTER_MACROS_HELO``, {verify}'')
define(`confMILTER_MACROS_ENVRCPT', confMILTER_MACROS_ENVRCPT``, 
{greylist}'')
INPUT_MAIL_FILTER(`greylist', 
`S=local:/var/milter-greylist/milter-greylist.sock, F=T, T=R:30s')

define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confBIND_OPTS', `WorkAroundBrokenAAAA')
define(`confNO_RCPT_ACTION', `add-to-undisclosed')
define(`confPRIVACY_FLAGS', `authwarnings,noexpn,novrfy')
MAILER(local)
MAILER(smtp)
============================

I have the STARTTLS lines commented out at the moment because
I'm not sure which letsencript .pems correspond to which items.
I think the map is something like:
                 /etc/mail/cert   letsencrypt
   SERVER_CERT   host.cert        cert.pem
   SERVER_KEY    host.key         privkey.pem
   CLIENT_CERT   host.cert        cert.pem
   CLIENT_KEY    host.key         privkey.pem
   CACERT        host.key         no clue, is the one in /etc/certs 
usable?
   CACERT_PATH   host.key         no clue, is the one in /etc/certs 
usable?
   DH_PARAMETERS dh.param         does not exist in either dir

in any case, I'm still seeing, for all mail slated for delivery,
something like this:

ns sm-mta[17103]: ... Milter (greylist) add: header: X-Greylist: Sender 
passed SPF test, not delayed by milter-greyli
st-4.6.4 (ns.dreamchaser.org [0.0.0.0]); Thu, 18 May 2023 12:29:28 -0600 
(MDT)
ns sm-mta[17103]: ... SYSERR(root): MX list for dreamchaser.org. points 
back to ns.dreamchaser.org
...
ns sm-mta[17103]: ...  mailer=esmtp, pri=32597, relay=dreamchaser.org., 
dsn=5.3.5, stat=Local configuration error
ns sm-mta[17103]: ... Losing ./qf34IITSHg017130: savemail panic
ns sm-mta[17103]: ... SYSERR(root): savemail: cannot save rejected email 
anywhere

> Have you rebuilt your sendmail.cf recently?

Yes, many times