You are viewing a plain text version of this content. The canonical link for it is here.
Posted to server-user@james.apache.org by "Duane Hitz, Jr." <de...@qwest.net> on 2007/02/24 20:48:22 UTC

Reverse DNS Issue

Looking for some advice here.

We have James running on a server behind a firewall whose (the firewall's) IP address is x.x.x.36.  SMTP is port-forwarded at the firewall on x.x.x.37.  Our MX records point to ws01.ourdomain.com - which resolves to x.x.x.37.  We have a PTR record for reverse DNS on .37 that reverse resolves to ws01.ourdomain.com.  Looks good so far...

However, all outbound e-mail appears to come from .36 - the firewall - and it has no PTR record (nor do I especially want it to).  Any mail server using reverse-DNS lookups (such as Comcast) will fail our e-mails because .36 doesn't reverse-resolve to anything - and probably shouldn't resolve to our ws01...

Not sure how to handle this... 

Is there any way to get James to send using the .37 IP address (which is only bound through NAT to port 25 and 80) which would reverse-resolve to the correct domain name?

... or, is this a frewall issue or just a general NAT issue?

I see some commentary in the config.xml which states:

      <!-- If autodetectIP is not FALSE, James will also allow add the IP address for each servername. -->
      <!-- The automatic IP detection is to support RFC 2821, Sec 4.1.3, address literals. -->

... but can I find no examples of how exactly to specify an IP address mapping.

I have tested back-and-forth using another James server running locally - and have run out of options.  The only thing I can think of is to do a reverse-DNS mapping to the .36 firewall address - and maybe that's just the right answer.

It makes some sense that a NAT'd server would be using it's gateway or a proxy IP address for outbound... can't really think of a way around this.

Has anyone else encountered this?  Ours would seem to be a reasonably common configuration. Any help would be appreciated.

Thanks,
Duane


P.S. As a note, the same server is also bound through the firewall on ports 80 and 443 to a second IP .38 - for a the .net domain name.  We intend to push the .net onto a separate physical server shortly.

RE: Reverse DNS Issue

Posted by "Noel J. Bergman" <no...@devtech.com>.
> Firewall is a dedicated appliance.  James resides on a server bound to two
> 192.168.x.x addresses (on separate physical interfaces).  Each of those
> private addresses is port-forwarded on the firewall to two public IPs:
> x.x.x.37 (25 & 80) and x.x.x.38 (80 and 443).  The firewall appliance IP
is
> x.x.x.36.

Ah, then this has nothing to do with JAMES, and everything to do how you are
configuring your networking.

> When I attempt to bind to the .37 in RemoteDelivery I get an error:
> "java.net.BindException: Cannot assign requested address: JVM_Bind"

Expected, under the circumstances.

	--- Noel



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

Re: Reverse DNS Issue

Posted by "Duane Hitz, Jr." <de...@qwest.net>.
Thanks for the quick response!

Firewall is a dedicated appliance.  James resides on a server bound to two 
192.168.x.x addresses (on separate physical interfaces).  Each of those 
private addresses is port-forwarded on the firewall to two public IPs: 
x.x.x.37 (25 & 80) and x.x.x.38 (80 and 443).  The firewall appliance IP is 
x.x.x.36.

When I attempt to bind to the .37 in RemoteDelivery I get an error: 
"java.net.BindException: Cannot assign requested address: JVM_Bind"... which 
probably makes some sense, since the machine is on a private network.

Thanks,
Duane

----- Original Message ----- 
From: "Noel J. Bergman" <no...@devtech.com>
To: "James Users List" <se...@james.apache.org>
Sent: Saturday, February 24, 2007 12:56 PM
Subject: RE: Reverse DNS Issue


> Your mail is ambiguous.  Are the JAMES server and firewall system 
> separate,
> or a mult-homed server?
>
> If JAMES is running on a multi-homed server and you need to control which 
> IP
> is used by RemoteDelivery, there is a <bind> entry for that in config.xml.
>
> --- Noel
>
>
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
> For additional commands, e-mail: server-user-help@james.apache.org
>
>
> 



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org

RE: Reverse DNS Issue

Posted by "Noel J. Bergman" <no...@devtech.com>.
Your mail is ambiguous.  Are the JAMES server and firewall system separate,
or a mult-homed server?

If JAMES is running on a multi-homed server and you need to control which IP
is used by RemoteDelivery, there is a <bind> entry for that in config.xml.

	--- Noel



---------------------------------------------------------------------
To unsubscribe, e-mail: server-user-unsubscribe@james.apache.org
For additional commands, e-mail: server-user-help@james.apache.org