<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40"><head><meta http-equiv=Content-Type content="text/html; charset=us-ascii"><meta name=Generator content="Microsoft Word 14 (filtered medium)"><style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
mso-margin-top-alt:auto;
margin-right:0in;
mso-margin-bottom-alt:auto;
margin-left:0in;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]--></head><body lang=EN-US link=blue vlink=purple><div class=WordSection1><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'>As I said, we have a network of JNOS systems with a gateway for mail to others. The gateway uses Postfix. But it doesn’t make sense to send everything to a gateway, when JNOS can talk directly to JNOS with a single hop.<o:p></o:p></span></p><p class=MsoNormal><span style='font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D'><o:p> </o:p></span></p><div><div style='border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in'><p class=MsoNormal style='margin-left:.5in'><b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>From:</span></b><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'> nos-bbs-bounces@tapr.org [mailto:nos-bbs-bounces@tapr.org] <b>On Behalf Of </b>Wm Lewis<br><b>Sent:</b> Tuesday, December 06, 2011 2:47 PM<br><b>To:</b> nos-bbs@tapr.org<br><b>Subject:</b> Re: [nos-bbs] smtp gateway control<o:p></o:p></span></p></div></div><p class=MsoNormal style='margin-left:.5in'><o:p> </o:p></p><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>Bob:<br> <br>This is also the way I have my station setup.<br> <br>My Linux uses POSTFIX as the MTA and all mail "for" and "from" my JNOS first gets routed there. <br> <br>POSTFIX can do a great job of all my filtering needs, plus POSTFIX can be configured to work with many other filter sources, such as blacklists.<br> <br>Plus, outgoing mail from jnos gets dumped into POSTFIX, then POSTFIX sends it on using current RFC standards so places like HOTMAIL wont reject it based on non-complient RFC's.<br> <br>But..... I don't believe Michaels (LINUX) box even uses an MTA. I (think ??) Michaels jnos only uses jnos as the MTA and nothing else.<br> <br>I could be wrong about that setup, but Michael will have to clarify that.<br> <br>Bill<br>KG6BAJ <br><br> <o:p></o:p></span></p><div><p class=MsoNormal style='margin-left:.5in'><span style='font-size:10.0pt;font-family:"Tahoma","sans-serif"'>> Date: Tue, 6 Dec 2011 08:44:57 -0500<br>> From: <a href="mailto:bobtenty@gmail.com">bobtenty@gmail.com</a><br>> To: <a href="mailto:nos-bbs@tapr.org">nos-bbs@tapr.org</a><br>> Subject: Re: [nos-bbs] smtp gateway control<br>> <br>> Because the smtp server in jnos is not up to the standards anymore.<br>> jnos isn't always talking to another jnos (or tnos) over an amprnet connection.<br>> Some people receive all their mail in linux and process it there or whatever<br>> mail server they are using. <br>> <br>> The behaviour I'm after is the same behaviour if your define a (smart) smtp gateway (relay)<br>> in postfix or exim, etc.<br>> <br>> Bob VE3TOK<br>> <br>> <br>> <br>> On 06/12/2011 3:37 AM, Michael Fox - N6MEF wrote:<br>> > Why would you "always" want it to use the gateway when it's faster and more<br>> > efficient to send directly (when possible)? It puts an extra store and<br>> > forward hop in the path for every message and creates a single point of<br>> > failure.<br>> > <br>> > Regardless, if you still prefer that, then the syntax below would still<br>> > work. The default behavior if a gateway is configured and there are no<br>> > "smtp direct" commands configured should be so send everything to the<br>> > gateway.<br>> > <br>> > M<br>> > <br>> > -----Original Message-----<br>> > <br>> > <br>> > I also don't like the behaviour of jnos with the "smtp gateway x.x.x.x"<br>> > setting.<br>> > (I hate it)<br>> > It should always deliver to the smtp gateway without fuss and at the first<br>> > try.<br>> > <br>> > <br>> > <br>> > 73,<br>> > <br>> > Bob VE3TOK<br>> > <br>> > <br>> > <br>> > <br>> > <br>> > <br>> > On 06/12/2011 12:34 AM, Michael Fox - N6MEF wrote:<br>> >> We've configured an e-mail gateway to allow packet users to send to<br>> >> Internet email addresses. But JNOS has no way to control when the<br>> >> gateway is used. We really need a way to control when the smtp gateway<br>> >> is used (and not used).<br>> >><br>> >> Background:<br>> >><br>> >> JNOS can talk SMTP just fine with other JNOS systems. But it evidently<br>> >> does not adhere to the current protocol very well which makes it<br>> >> problematic when talking with non-JNOS SMTP mailers. For example, I<br>> >> get this message in the log ever time JNOS connects to a current SMTP<br>> > mailer:<br>> >><br>> >> Dec 5 20:58:31 cpk postfix/smtpd[10138]: improper command pipelining<br>> >> after HELO from w6xsc-4.ampr.org[44.4.50.4]<br>> >><br>> >> Another problem with the JNOS SMTP server is a complete lack of<br>> >> security mechanisms, such as checks, filters, etc. which are part of<br>> >> any typical internet mail gateway. This isn't a complaint, just a fact.<br>> >><br>> >> Scenario:<br>> >><br>> >> I'd like to allow JNOS to talk directly to any machine in my<br>> >> domain.txt, and any machine with either a 44.x address or an ampr.org<br>> > domain name.<br>> >> Anything else should go to the smtp gateway for handling.<br>> >><br>> >> Problem:<br>> >><br>> >> The "smtp gateway" command is described in the manual as:<br>> >><br>> >> Displays or sets the host to be used as a "smart" mail relay. Any mail<br>> >> sent to a host not in the domain.txt file or not found via a<br>> >> nameserver query, will instead be sent to the gateway for forwarding.<br>> >><br>> >> The problem with this is that JNOS does a DNS query for any mail<br>> >> destination that is not in domain.txt. We can turn off MX queries<br>> >> (with smtp usemx no) but JNOS still performs an A record query. When<br>> >> it receives the answer, it attempts to connect directly to the remote<br>> > host.<br>> >> With "smtp usemx yes" it will attempt to connect directly to the MX<br>> >> for the remote host. So there's no way to control when JNOS uses the<br>> >> smtp gateway. In fact, as long as DNS is configured, and you're<br>> >> sending to a proper internet email address, JNOS will NEVER use the<br>> >> gateway since it will always get an answer from the nameserver. That's<br>> > just not right.<br>> >><br>> >> Workaround:<br>> >><br>> >> I currently have iptables set to disallow SMTP connections on the<br>> >> JNOS-to-Linux tunnel that are from JNOS to anything other than the<br>> >> SMTP gateway. This means that JNOS will try over and over, but will be<br>> >> unsuccessful in contacting the remote host. It will then try to send<br>> >> to the gateway.<br>> >><br>> >> However, this workaround has a problem. Since it relies on a<br>> >> connection failure, it can end up being used unintentionally, such as<br>> >> when the remote system is another JNOS system. If that remote system<br>> >> is down temporarily, JNOS tries and fails to connect, so it ships it<br>> >> to the gateway. The gateway then tries to deliver it via the internet<br>> >> (out to the internet, back in via the UCSD gateway, etc.) which is not<br>> >> allowed on many JNOS systems.<br>> >><br>> >> Solution:<br>> >><br>> >> What we really need is a way to tell JNOS when and when not to use the<br>> >> "smtp gateway". I think the easiest approach would be to define when<br>> >> JNOS should attempt a direct connect and then let the SMTP gateway<br>> >> handle anything else. It seems that the best approach would be to<br>> >> allow either IP address or domain name nomenclature. Here's one example:<br>> >><br>> >> smtp direct local # host is in domain.txt<br>> >><br>> >> smtp direct address 44.0.0.0/8<br>> >><br>> >> smtp direct domain ampr.org<br>> >><br>> >> Instead of "direct", something like "nogateway" could be used.<br>> >><br>> >> This basically says, if the host is in domain.txt or it has an address<br>> >> of 44.x or it has a domain of ampr.org, then send it direct.<br>> >> Otherwise, use the gateway.<br>> >><br>> >> Is this doable?<br>> >><br>> >> Michael<br>> >><br>> >><br>> >><br>> >> _______________________________________________<br>> >> nos-bbs mailing list<br>> >> <a href="mailto:nos-bbs@tapr.org">nos-bbs@tapr.org</a><br>> >> <a href="https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs">https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs</a><br>> > <br>> > <br>> > _______________________________________________<br>> > nos-bbs mailing list<br>> > <a href="mailto:nos-bbs@tapr.org">nos-bbs@tapr.org</a><br>> > <a href="https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs">https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs</a><br>> > <br>> > <br>> > _______________________________________________<br>> > nos-bbs mailing list<br>> > <a href="mailto:nos-bbs@tapr.org">nos-bbs@tapr.org</a><br>> > <a href="https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs">https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs</a><br>> <br>> <br>> _______________________________________________<br>> nos-bbs mailing list<br>> <a href="mailto:nos-bbs@tapr.org">nos-bbs@tapr.org</a><br>> <a href="https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs">https://www.tapr.org/cgi-bin/mailman/listinfo/nos-bbs</a><o:p></o:p></span></p></div></div></div></body></html>