The Wiert Corner – irregular stream of stuff

Jeroen W. Pluimers on .NET, C#, Delphi, databases, and personal interests

  • My badges

  • Twitter Updates

  • My Flickr Stream

  • Pages

  • All categories

  • Enter your email address to subscribe to this blog and receive notifications of new posts by email.

    Join 2,113 other followers

Archive for the ‘Communications Development’ Category

Some postfix notes

Posted by jpluimers on 2020/10/15

Postfix has documentation on primary MX and secondary MX, but not on tertiary MX.

If the primary MX is down, you have a series of secondary MX and tertiary MX that configured the same way, MX DNS priority for primary, the series of secondary MX and tertiary MX have increasing numbers, and the primary MX goes down, then senders can get “too many hops” as secondary and tertiary MX are looping.

I had a hard time finding a good and easy solution as these queries do not return many meaningful results:

Here are some links that helped getting this solved:

  • [WayBack] Postfix Frequently Asked Questions: What does “Error: too many hops” mean?

    Short answer: this message means that mail is probably looping. If you see this after you turned on Postfix content filtering, then you have made a mistake that causes mail to be filtered repeatedly. This is cured by appropriate use of content_filter=header_checks=, and body_checks=.

    Long answer: the message has too many Received: message headers. A received header is added whenever Postfix (or any MTA) receives a message. A large number of Received: message headers is an indication that mail is looping around.

    Side comment: email uses the opposite of the technique that is used to avoid IP forwarding loops. With IP, the sender sets a TTL (time to live) field in the IP header. The field is decremented by each router. When the TTL reaches zero the packet is discarded and an ICMP error message is returned to the sender.

  • [WayBack] Error: too many hops (in reply to end of DATA command) · Issue #713 · mail-in-a-box/mailinabox · GitHub

    In case you or anyone else was/is wondering about the mydestination = localhost thing, the reason it has to be set to just localhost is because MIAB uses Postfix’s “virtual domain hosting” (http://www.postfix.org/VIRTUAL_README.html) support. Per the documentation for mydestination at http://www.postfix.org/postconf.5.html#mydestination:

    Do not specify the names of virtual domains – those domains are specified elsewhere. See VIRTUAL_README for more information.

    (in the context of MIAB every domain is a virtual domain).

In my case a series of these:

Received: from mwgp.xs4all.nl (mwgp.xs4all.nl [80.101.239.92])
    by fiber24315337242.heldenvannu.net (Postfix) with ESMTP id 26395200FE
    for <jeroen@pluimers.com>; Fri, 29 Jun 2018 11:01:02 +0200 (CEST)
Received: from fiber24315337242.heldenvannu.net (unknown [37.153.243.246])
    by mwgp.xs4all.nl (Postfix) with ESMTP id 077A5E937
    for <jeroen@pluimers.com>; Fri, 29 Jun 2018 11:01:02 +0200 (CEST)

Specifying the transport will likely help me solve this problem:

This all came down to editing /etc/postfix/transport adding lines for each relayed domain like this one:

example.org    smtp:[mx-a-record.example.org]

Lines like it direct to use the smtp transport and use a specific host (normally, the relay transport is being used).

After this:

# postmap /etc/postfix/transport
# rcpostfix reload

I choose not to configure [WayBack] Postfix Configuration Parameters: relay_recipient_maps, but might if I had an automated way of replicating lists of valid (and invalid) users.

Another option was confirmed at [WayBack] Software-update: Postfix 3.4.0 / 3.3.3 / 3.2.8 / 3.1.11 / 3.0.15 – Computer – Downloads – Tweakers by [WayBack] menocchio. Thanks!

Dat is volgens mij eenvoudig op te lossen met relay_transport of transport_maps. Zie ook: Postfix transport table format.

Daarmee dwing je de secondary servers de mail altijd af te willen leveren bij de primary server (en dus niet bij een andere secondary). En als de primary niet online is, dan wacht ie netjes tot dat wel het geval is :-)

Bijvoorbeeld:
relay_transport = smtp:[primarymx.domain.tld]

Likely relevant: [WayBack] The Book of Postfix

Maybe relevant in the future:

Found on my hunt for the above:

Try not to make typo’s: [WayBack] postfix appears not finding MX records or host names from DNS

Interesting thought, but not sure how smart SPAM bots are now: [Archive.is] Spam relaying through secondary MX… – Google Groups

To archive this:

  1. Rename from
  2. To
  3. Then save in Archive.is

–jeroen

Posted in Communications Development, Development, DevOps, DNS, Infrastructure, Internet, Internet protocol suite, Power User, SMTP | Leave a Comment »

Happy birthday UDP!

Posted by jpluimers on 2020/08/20

Today it’s the 40th birthday of UDP. Or more precise: 40 years after [WayBackRFC 768 – User Datagram Protocol got submitted.

It is still used a lot today, so be sure to read more background on [WayBackUser Datagram Protocol – Wikipedia.

And of course on a birthday, it is nice to have few good jokes. So here we go:

[WayBack“I would tell you a joke about UDP, but you probably wouldn’t get it.” | Hacker News

[WayBack] I would tell you a joke about UDP, but you probably wouldn’t get it. So here’s a TCP joke | reddit.

[Archive.is]:

  • UDP packet bar walks into
  • The best thing about UDP jokes is that I don’t care if you get it. #sysadmin #networking #IT

You can generate more yourself: udpjoke.py

–jeroen

Read the rest of this entry »

Posted in Communications Development, Development, History, Internet protocol suite, UDP | Leave a Comment »

Remote access to the Embarcadero License Center via SSH tunnel – twm’s blog

Posted by jpluimers on 2020/08/10

Thomas basically did all the research on the forwarding needed for ELC (formerly Belise/Elise), then showed the PuTTY equivalent to ssh user@remote -L5567:192.168.1.200:5567:

[WayBackRemote access to the Embarcadero License Center via SSH tunnel – twm’s blog

Via: [WayBack] Once you have set up an Embarcadero License Center (ELC) for your company (with network named user or concurrent licenses) you will need network access … – Thomas Mueller (dummzeuch) – Google+

Related: [WayBack] Introducing the Embarcadero License Center – ELC

–jeroen

 

Posted in *nix, Communications Development, Delphi, Development, Internet protocol suite, Licensing, Power User, Software Development, SSH, ssh/sshd | Leave a Comment »

ssh_config section order is important: the first setting obtained from a Host/Match section applies

Posted by jpluimers on 2020/06/12

Often, configuration files work like this:

  • global settings are at the top
  • detailed settings are further on, overwriting global settings

Not for ssh_config though, so I was right writing I should read more on it in Good read for starting to intermediate ssh users is “SSH Essentials: Working with SSH Servers, Clients, and Keys | DigitalOcean” and pointers to more advanced reading material.

So here is how ssh_config does it as per man page at [WayBack] ssh_config(5) – OpenBSD manual pages and [WayBack] ssh_config — OpenSSH SSH client configuration files at Linux.org:

     For each parameter, the first obtained value will be used.  The configuration files contain sections separated
     by “Host” specifications, and that section is only applied for hosts that match one of the patterns given in the
     specification.  The matched host name is the one given on the command line.

     Since the first obtained value for each parameter is used, more host-specific declarations should be given near
     the beginning of the file, and general defaults at the end.

This means a section Host * needs to come at the end.

I got that wrong and it took me the better half of a morning to figure out the cause of a connection problem ending in this:

debug1: Authentications that can continue: publickey,password
debug3: start over, passed a different list publickey,password
debug3: preferred publickey
debug3: authmethod_lookup publickey
debug3: remaining preferred:
debug1: No more authentication methods to try.

Somehow, the identity file was never used to try public key authentication at all because of the ssh_config order in ~/.ssh/config.

I’m not the only one confused, as during the search for the cause with “remaining preferred” “No more authentication methods to try.”:

Maybe now I should step up from manually editing the ssh_config file and use [WayBack] GitHub – moul/advanced-ssh-config: make your ssh client smarter to generate it for me.

–jeroen

Posted in *nix, *nix-tools, Communications Development, Development, Internet protocol suite, Power User, SSH, ssh/sshd, TCP | Leave a Comment »

Authssh from Windows

Posted by jpluimers on 2020/05/22

Running autossh from Windows is still on my list, so here are a few links:

–jeroen

Posted in Communications Development, Development, Internet protocol suite, Power User, SSH, TCP, Windows | Leave a Comment »

 
%d bloggers like this: