Dear Bevan Brown,
FWIW, I run solaris 9 with my own compiled in sendmail and never removed the
solaris packages. If an update patch from Sun ruined something it would just
mean I'd have to recompile sendmail on top of it. But this never happened, I
just did patch 9_Recommended (after a year of no patching, heh) and didn't need
to recompile sendmail. I just ensured that my own /usr/lib/sendmail and
/usr/lib/smrsh were manually in place, renaming the Sun stuff to sendmail_DIST
for obviousness. Make sure your manual sendmail permissions / ownership are
correct, on mine it appears they are root / smmsp for sendmail, -r-xr-sr-x
and bin/bin for smrsh, -r-xr-xr-x . I was careful when I manually put
my own binaries in /usr/lib to copy the permissions of the existing.
If that is not possible on your machine if it were me I'd reinstall the
Sun supported sendmail first, note everything, then put your own in without
removing anything but the sendmail and smrsh binaries. Thats worked for me
for over 2 years, and four sendmail upgrades.
I would have a look at your m4 / config file. It might also be your
sendmail config file is probably in need of a recompile. Since you also
mentioned recreating the /etc/mail dir by hand, confirm the permissions are
correct. Mine appears to be root/mail .
Good luck, but it doesn't appear to be spf related from what you describe.
+-------------------------
+ Dave Dennis
+ Seattle, WA
+ dmd@speakeasy.org
+
http://www.dmdennis.com +-------------------------
On Fri, 13 Aug 2004, Broun, Bevan wrote:
> Hi Koen, thanks for answering. Im pulling my hair out here.
>
> > Did you run dig & spfquery on the same box that is doing the checks??
>
> Yes.
>
> > And the obvious question: what has changed since the time it worked and
> > the time it didn't?
>
> This is a solaris 8 host. What I think is this: I compiled a new solaris
> (on a different box) and installed over the top of the solaris sendmail.
> Then we tested and everything was working. We decided to uninstall the
> solaris sendmail packages (there are two) so as not to get our own sendmain
> pkg overwritten by recommended patches. This removed files from /etc/mail
> (but I had that backed up) and the /etc/init.d/sendmail script (which I
> think is back to what I had).
>
> Then I reinstalled our sendmail pkg and replaced the /etc/mail directory.
> Im thinking that there is a permission problem perhaps.
>
> Currently Im adding write_log lines in sendmail-milter-spf-1.41.pl to see
> whats going on. It looks like sendmail is definitely using the milter but
> it's getting the "unknown" result, which would suggest sendmail is perhaps
> not passing the ip and email address to the milter.
>
> Do you know how to get more logging out of that milter (without editing
> code)
>
> Ive got to get this going tonight.
>
> Thanks
>
> BB
>
>
> >
> > Koen
> >
> > On Fri, Aug 13, 2004 at 04:44:04PM +1000, Broun, Bevan wrote:
> > > Im using the perl implementation
> > >
> > > spfquery gives the correct result:
> > >
> > > spfquery: domain of test@adi-limited.com does not designate 203.20.101.19
> > > as permitted sender
> > >
> > > thanks
> > >
> > > BB
> > >
> > > on Fri, Aug 13, 2004 at 03:40:17PM +1000, Broun, Bevan <brounb@adi-limited.com> wrote:
> > > > I had spf working in my test environment. It was working very nicely
> > > > rejecting forged mail. I cant figure out what's wrong now, Im getting
> > > >
> > > > Milter add: header: Received-SPF: unknown (hyperion.adi-limited.com:
> > > > error in processing during lookup of test@adi-limited.com)
> > > >
> > > > Note: that this is a test lab. Dont look up internet records for
> > > > adi-limited.com. In the lab Ive got from dig:
> > > >
> > > > ;; ANSWER SECTION:
> > > > adi-limited.com. 10800 IN TXT "v=spf1 a:hyperion.adi-limited.com -all"
> > > >
> > > > Im testing via telnet to port 25 - I am expecting to be getting rejected.
> > > >
> > > > help
> > > >
> > > > BB
> > > >
> > > > -------
> > > > Archives at http://archives.listbox.com/spf-help/current/
> > > > Donate! http://spf.pobox.com/donations.html
> > > > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > > > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> > >
> > > -------
> > > Archives at http://archives.listbox.com/spf-help/current/
> > > Donate! http://spf.pobox.com/donations.html
> > > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
> >
> > --
> > K.F.J. Martens, Sonologic, http://www.sonologic.nl/
> > Networking, embedded systems, unix expertise, artificial intelligence.
> > Public PGP key: http://www.metro.cx/pubkey-gmc.asc
> > Wondering about the funny attachment your mail program
> > can't read? Visit http://www.openpgp.org/
> >
> > -------
> > Archives at http://archives.listbox.com/spf-help/current/
> > Donate! http://spf.pobox.com/donations.html
> > To unsubscribe, change your address, or temporarily deactivate your subscription,
> > please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
> -------
> Archives at http://archives.listbox.com/spf-help/current/
> Donate! http://spf.pobox.com/donations.html
> To unsubscribe, change your address, or temporarily deactivate your subscription,
> please go to http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com
>
-------
Archives at
http://archives.listbox.com/spf-help/current/ Donate!
http://spf.pobox.com/donations.html To unsubscribe, change your address, or temporarily deactivate your subscription,
please go to
http://v2.listbox.com/member/?listname=spf-help@v2.listbox.com