[nos-bbs] smtp gateway control
Michael Fox - N6MEF
n6mef at mefox.org
Tue Dec 6 11:19:54 EST 2011
Agreed, when sending mail to non-JNOS.
So, configuring "smtp gateway x.x.x.x" should cause JNOS to send everything
to the gateway. (As long as there is a way to define exceptions).
But for JNOS to JNOS, it's better to send direct.
Consider an over-the-air network of JNOS systems which includes a gateway
for Internet connections. It would be highly inefficient to force each
system to send a message over the air to a gateway so it can be sent back
over the air again to another local system. It also puts that single point
of failure in the chain where one need not and should not exist. Better to
let the local guys talk directly. Faster, more efficient use of the radio,
and no single point of failure.
The first command I proposed, "smtp direct local" (or something like that),
would be to cause JNOS to send direct to any hosts configured in the local
But maybe you have hosts in domain.txt that shouldn't be contacted directly
for mail by JNOS. Or you may want to allow blocks of addresses or domains,
such as 44.x or ampr.net, so you should be able to specify by address or
domain name. That was the second two commands: "smtp direct address
x.x.x.x/y" and "smtp direct domain foo.bar". Both should accept more than
I'm not particular about the actual command name or syntax, but I think the
best approach is to define exceptions where JNOS should talk direct and let
everything else go to the gateway. If no exceptions defined, then
everything goes to the gateway. But if there is no way to define exceptions
(which is currently the case), then sending everything to the gateway
creates its own set of problems which, depending on the scenario, may be
worse than the problem we currently have.
From: nos-bbs-bounces at tapr.org [mailto:nos-bbs-bounces at tapr.org] On Behalf
Of Bob Tenty
Sent: Tuesday, December 06, 2011 5:45 AM
To: TAPR xNOS Mailing List
Subject: Re: [nos-bbs] smtp gateway control
Because the smtp server in jnos is not up to the standards anymore.
jnos isn't always talking to another jnos (or tnos) over an amprnet
Some people receive all their mail in linux and process it there or whatever
mail server they are using.
The behaviour I'm after is the same behaviour if your define a (smart) smtp
gateway (relay) in postfix or exim, etc.
On 06/12/2011 3:37 AM, Michael Fox - N6MEF wrote:
> Why would you "always" want it to use the gateway when it's faster and
> more efficient to send directly (when possible)? It puts an extra
> store and forward hop in the path for every message and creates a
> single point of failure.
> Regardless, if you still prefer that, then the syntax below would
> still work. The default behavior if a gateway is configured and there
> are no "smtp direct" commands configured should be so send everything
> to the gateway.
> -----Original Message-----
> I also don't like the behaviour of jnos with the "smtp gateway x.x.x.x"
> (I hate it)
> It should always deliver to the smtp gateway without fuss and at the
> first try.
> Bob VE3TOK
> On 06/12/2011 12:34 AM, Michael Fox - N6MEF wrote:
>> We've configured an e-mail gateway to allow packet users to send to
>> Internet email addresses. But JNOS has no way to control when the
>> gateway is used. We really need a way to control when the smtp
>> gateway is used (and not used).
>> JNOS can talk SMTP just fine with other JNOS systems. But it
>> evidently does not adhere to the current protocol very well which
>> makes it problematic when talking with non-JNOS SMTP mailers. For
>> example, I get this message in the log ever time JNOS connects to a
>> current SMTP
>> Dec 5 20:58:31 cpk postfix/smtpd: improper command pipelining
>> after HELO from w6xsc-4.ampr.org[126.96.36.199]
>> Another problem with the JNOS SMTP server is a complete lack of
>> security mechanisms, such as checks, filters, etc. which are part of
>> any typical internet mail gateway. This isn't a complaint, just a fact.
>> I'd like to allow JNOS to talk directly to any machine in my
>> domain.txt, and any machine with either a 44.x address or an ampr.org
> domain name.
>> Anything else should go to the smtp gateway for handling.
>> The "smtp gateway" command is described in the manual as:
>> Displays or sets the host to be used as a "smart" mail relay. Any
>> mail sent to a host not in the domain.txt file or not found via a
>> nameserver query, will instead be sent to the gateway for forwarding.
>> The problem with this is that JNOS does a DNS query for any mail
>> destination that is not in domain.txt. We can turn off MX queries
>> (with smtp usemx no) but JNOS still performs an A record query. When
>> it receives the answer, it attempts to connect directly to the remote
>> With "smtp usemx yes" it will attempt to connect directly to the MX
>> for the remote host. So there's no way to control when JNOS uses the
>> smtp gateway. In fact, as long as DNS is configured, and you're
>> sending to a proper internet email address, JNOS will NEVER use the
>> gateway since it will always get an answer from the nameserver.
> just not right.
>> I currently have iptables set to disallow SMTP connections on the
>> JNOS-to-Linux tunnel that are from JNOS to anything other than the
>> SMTP gateway. This means that JNOS will try over and over, but will
>> be unsuccessful in contacting the remote host. It will then try to
>> send to the gateway.
>> However, this workaround has a problem. Since it relies on a
>> connection failure, it can end up being used unintentionally, such as
>> when the remote system is another JNOS system. If that remote system
>> is down temporarily, JNOS tries and fails to connect, so it ships it
>> to the gateway. The gateway then tries to deliver it via the internet
>> (out to the internet, back in via the UCSD gateway, etc.) which is
>> not allowed on many JNOS systems.
>> What we really need is a way to tell JNOS when and when not to use
>> the "smtp gateway". I think the easiest approach would be to define
>> when JNOS should attempt a direct connect and then let the SMTP
>> gateway handle anything else. It seems that the best approach would
>> be to allow either IP address or domain name nomenclature. Here's one
>> smtp direct local # host is in domain.txt
>> smtp direct address 188.8.131.52/8
>> smtp direct domain ampr.org
>> Instead of "direct", something like "nogateway" could be used.
>> This basically says, if the host is in domain.txt or it has an
>> address of 44.x or it has a domain of ampr.org, then send it direct.
>> Otherwise, use the gateway.
>> Is this doable?
>> nos-bbs mailing list
>> nos-bbs at tapr.org
> nos-bbs mailing list
> nos-bbs at tapr.org
> nos-bbs mailing list
> nos-bbs at tapr.org
nos-bbs mailing list
nos-bbs at tapr.org
More information about the nos-bbs