Dual-stack Sendmail on CentOS

February 21st, 2010 by joe262 No comments »

Recently, in order to qualify for a certification from Hurricane Electric, I had to ensure that I could receive mail using IPv6. Configuring Sendmail to use both IPv6 and IPv4 is not hard on CentOS, but there are some weird gotcha’s to watch out for.

To enable IPv6 for Sendmail, one must first edit their sendmail.mc file, changing the DAEMON_OPTIONS line as follows:

DAEMON_OPTIONS(`port=smtp, Name=MTA, Family=inet6')dnl

Then one must rebuild the configuration, and restart Sendmail, as usual.

make -C /etc/mail
service sendmail restart

By the way, this is contrary to the documentation for sendmail.mc. Apparently, on CentOS (and probably on RHEL too, perhaps) once the daemon is listening on IPv6, it will listen on all IPv4 addresses as well. If you specify both MTA-v6 and MTA-v4 as the docs suggest, both will try to listen on IPv4, causing one to fail to bind.

The big gotcha here is that now Sendmail will listen on all IPv4 addresses, not just the ones you want. It may also use addresses you don’t want for sending outbound mail. If, as was the case in my situation, the machine has addresses that you do not want to use at all for mail, this can pose a problem.

Particularly if your IP for email already has feedback loops set up with ISP’s, if your non-email IP was formerly used by spammers, and/or if your SPF records restrict which IPs may be used, the result can be that your mail gets mistaken for spam.

One interesting feature of netfilter and iptables is Source Network Address Translation, or SNAT. Unlike the MASQUERADE target frequently used with residential-style NATs, connection state does not have to be tracked, since inbound connections do not have to be modified.

For example, let’s assume that you have 2 IPv4 addresses on your machine, $IP1 and $IP2, and only $IP2 is supposed to send emails. You could then add the following to a firewall script, or whatever:

iptables -t nat -A POSTROUTING -s $IP1 -p tcp --dport 25 -j SNAT --to-source $IP2

Now, if Sendmail uses the wrong address to send, it will be transparently corrected by the firewall. Inbound connections to the correct IP will work anyway without modification. Hopefully you already blocked inbound connections on TCP 25 to the incorrect address, so no further iptables tinkering should be needed.

No comments »

Posted in Email, IPv6, Sendmail

Tags:

Authority issues

January 27th, 2010 by joe262 1 comment »

I have been told a few times that I have ‘authority issues.’ Of course, I beg to differ. In the interesting of clarification, I will share my views regarding authority.

When I hear the word ‘authority’ the first thought that comes to my mind is the DNS. There are basically two types of DNS servers out there. Resolvers ( or recursive nameservers ) and Authoritative Nameservers.

A resolver is, in my personal view, analogous to an ‘expert.’ It stores a large cache of data, and has the ability to go out and seek data that it doesn’t have on hand. Its area of expertise is very broad, it can answer virtually any query one sends it. It is not, however, an authority. One need only look at the output of nslookup to know this.

An authoritative nameserver, as its name implies, is an authority. Its scope of authority is narrow, but the validity of its answer is absolute. It need not ask anyone for answers. By answering a query, it defines the correct answer to that query. The resolver, or expert, relies on the authority to obtain its data in the first place.

This can be applied to organizational, social, and governmental concepts of authority as well. The lawyer may well be an expert on case law, but the judge’s ruling defines it. A psychologist may have a detailed dossier on a patients moods, but the patient himself or herself defines it.

The question may arise of from where authority is derived. How does the judge get the power to rule?

To understand this, I will again refer to the DNS as an analogy. An authoritative nameserver has authority delegated to it from the parent zone. The parent zone from its parent zone, and so on, all the way to the root.

Here is where the analogy really gets interesting. What makes ICANN’s root servers so authoritative? By the same token, who gives the government the right to govern? Social contract theory seems to indicate that the government’s authority is delegated to it, by those that rely on it. The same could be argued regarding the DNS root. Since resolvers start their queries by asking it for an authoritative answer, the public internet as a whole basically delegates authority to the DNS root.

Just as the root servers delegate to the gTLD servers, and to various ccTLD servers, and so on down the line, so do governments and organizations.

Because of this, I conclude that authority comes from delegation.

What about someone who has been granted authority, but fails to exercise it? In DNS terminology, this is called ‘Lame Delegation.’ I feel that in human situations, ‘lame’ is an apt term for such a thing as well.

Now that I have summed up my personal views regarding authority, I will offer a guess as to a possible reason why some incorrectly assume that I do not respect authority.

There are those who are not authoritative, but wish they were, or feel they should be. Just as I do not have one iota of respect for such shameful things as the DNS spoofing, I do not have any respect for those who assert authority that is not theirs to begin with.

If a judge issues a court ruling, thats cool, thats awesome, thats why we have judges. If some schmuck in a coffee shop decides it should be something else, the coffee schmuck’s opinion I fail to see as authoritative. If his ego is hurt by this, he may rationalize that those who don’t agree with him disrespect authority.

1 comment »

Posted in DNS, Society

Tags:

Bye bye 2009

December 31st, 2009 by joe262 No comments »

Hopefully 2010 won’t suck nearly as badly….

No comments »

Posted in Uncategorized

Tags:

On being welcome vs being forced to choose

November 25th, 2009 by joe262 No comments »

Being welcomed generally feels good. When one is given an ultimatum to choose between friends, or between sets of friends, some find that to be a rather unpleasant feeling. I personally see it as creepy and manipulative.

“I like you and want to associate with you.” is, to me, a very positive statement.

“I like you and want to associate with you, on the condition that you not like or associate with so and so.” is, to me, a very asinine statement.

The former is welcoming, the latter is not.

No comments »

Posted in Society

Tags:

I said what?

November 21st, 2009 by joe262 No comments »

It has been a weird week. To mark it as weird in a good or bad way would be jumping the gun however. There has been a sizable amount of both.

The most disturbing part of the week was when I drove a friend to the local Emergency Room. She was feeling physically ill, decided to go, and asked me for a lift, to avoid the expense of an ambulance or taxi ride.

According to a social worker who came to ask me some questions, I had allegedly told a doctor three things:
1. She was my wife.
2. She was behaving wildly psychotic and out of control.
3. I wanted her committed involuntarily to a psychiatric ward.

Problem is none of these things were true, nor did I tell anyone at the hospital any such thing. When medical professionals act on the never-said allegations of a non-existent family member to force someone into a locked facility, one might begin to suspect that the whole practice of psychiatric involuntary commitments is in fact a very dangerous thing.

At least in the former Soviet Union, they would coerce a real family member to make false allegations. Thankfully we live in a democracy where the dude giving someone a lift has the allegations automatically made on his behalf.

No comments »

Posted in Society

Tags:

New Axis II Disorder

November 4th, 2009 by joe262 No comments »

Lazy Ass Personality Disorder (LAPD)

A pervasive pattern of not getting around to things, letting somebody else do it, and/or just not feeling motivated as evidenced by three (3) or more of the following:

1. It is not my problem anyways.
2. I’m watching an important commercial right now, I will do it later.
3. Can’t so and so do it instead.
4. I’m too tired to help out. Lets go run a marathon instead.

The symptoms in question are not better accounted for by boredom, or a really good and interesting episode (or rerun.)

No comments »

Posted in Psychobabble

Tags:

Finally decided to migrate my WordPress blog…

October 23rd, 2009 by joe262 No comments »

Indecision strikes again..

I decided a while back to discontinue using my full name as a domain for my blog, and to use my irc nick instead. I have been running my own LAMP / DNS / MX server in my living room some time. I originally was going to set up a new site, with a blog and other features, on that server.

A combination of indecision and an inopportune hardware failure kept that from becoming what I wanted it to be. So instead, I ended up just copying the doc root, and exporting the SQL from the original site on my VPS account, and moving it to my domain on my home server.

Of course, running a server at home has both financial and educational advantages, as well as the disadvantage of no tech support in case something blows up while I am not home. As a do-it-yourself kind of guy, this is ideal.

No comments »

Posted in Uncategorized

Tags:

Follow up here

September 22nd, 2009 by joe262 No comments »

Please follow up at the following URL:

http://joe262.com

Thanks.

No comments »

Posted in Uncategorized

Tags:

Could it be? A ‘normal’ night’s sleep?

September 9th, 2009 by joe262 No comments »

I woke up, looked at my watch, and saw that it was 6:00. For a moment I thought to myself “oh well slept all day again.” I then remembered that I had gone to bed at a semi-reasonable hour. Then it dawned on me:

I woke up at 6 *AM* !!

Hopefully this is the break I need. I’ve had my days and nights inverted for way too long.

No comments »

Posted in Bipolar

Tags:

My thoughts regarding “gender sensitive” pronouns

September 1st, 2009 by joe262 No comments »

Person A said something to Person B. So what is the best way of saying such a thing using pronouns?

Here is how I think such things should be written in form letters, banner ads, traffic tickets, and the like:

^(S)?[hH]e said something to h(er|im)$

Such wording is oh so much less offensive than “They said something to them.” I highly doubt the average J(o|an)e will have any complaints as a result.

No comments »

Posted in Humor, Technical

Tags: