We had cable and AT&T for both phone and internet (DSL). The internet offered us faster speeds and we saved a bit with getting everything in a bundle. I mostly wanted the faster internet. We are planning on getting more active with our classes and faster internet makes that... well faster.
We have static ips IP address - Wikipedia for our servers and up till a month ago AT&T told us we could not have static ips with uVerse. One bright and sunny day a rep came to our door and said they just upgraded with more fibre and that static ips were available. woo hoo!!!
The install went well, mostly. It went well, until the installer was ready to go. She tested one last time and the signal was not good enough. She tried replacing the coax and ended up replacing the router. Setting that up was not smooth, but she stuck with it and did a great job.
So by the end of the day we had 200 glorious digital tv channels, a cool phone, fast internet and I had to configure the static ip addresses to the new ones. Then it went down hill...
The AT&T DSL router used something called a pinhole to route one of our static ip addresses to the correct machine. I configured the server to use a static ip with an internal ip address, connect the external ip with the internal and all is good. The new uVerse router has the machine you want to connect to the static ip use the actual address. I set the static ip on the server and made sure the router was set to know about that address and smiled. It did not work. I hammered and finally called AT&T support. The issue (problem?) was the router insists on the machine have the static ip to be in a range of addresses they pick AND that the machine use dhcp to get the address. I could not get the server to switch from using a static ip to a dynamic ip. Much time passed.
I called tech support. One tech suggested we do some debugging on another server,which worked as expected...
I eventually told support I would continue working on the issue and he hung up. I found everyone to be supportive and the info they gave me was useful, but I was gettin nowhere so I went to bed for a few hours and started working out what was wrong with a clear(er) head.
It turned out that that server did not have dhcp software and big surprise I could not get it to use dhcp. I installed dhcp software and I had a nice shiny uVerse provided static ip going to my server.
Email started to flow and we soon saw something was not right. Email would come in but not go out. I looked around and found this
AT&T Yahoo! Help - Why am I unable to send email via other university, company or mail hosting provider mail servers (Port 25 block)
which told me ...
"The SMTP Port 25 filter does not affect Members using Web mail to any mail provider, VPN connections to a private company or university mail server, dedicated (e.g. T1/T3 or Frame-Relay) or "static" IP addresses."
phew, I had "static" IP addresses so I started debugging.
at some point I got a message about using a non-verified e-mail address from AT&T.
AT&T Yahoo! Help - Web Mail - Why am I receiving an error when I send mail from Outlook, Outlook Express, Thunderbird, Mac Mail, etc.?
I was willing to try anything so I verified some addresses. That helped a bit, but things were still not right and even the verified email seemed slow. AND I could not verify the addresses for the mailing lists. AT&T seems to think most people just use Outlook. I could not think of a way to verify the mailing lists so I finally called support again. He did not help but talking with him got me to thinking and I decided to try authenticating with port 587, assuming their comment about the port 25 filter not affect my static ip addresses was not the whole story.
Note: I also had an issue with their limits documented with their saying
"Every primary and secondary AT&T Mail ID can verify up to 10 alternate email addresses each."
We paid for static ip addresses so we could have our own server without that limit.
anyhow, that support call did not give me any support but I did realize I could authenticate and told him I would give that a shot.
At some point in time port 25 was unblocked - I think. Their support people did not say a lot about what they were doing on their end to my account. I kept hammering and not sleeping and finally realized that one problem was with dns and nameservers. The dynamic ip addresses their router forced me to use kept resetting the nameservers to point to itself. Things worked a bit better when I finally started setting the server to use their nameservers, 68.94.156.1 and 68.94.157.1. I found those addresses by looking at the configuration of the router and did not find clear documentation that I was doing the right thing. But it worked ... somewhat better.
Things were still not right, so I went back to authenticating my server with their server. That was the final hurdle and things are now flowing and appear to be doing well.
Soooo
If you are running postfix and mailman on ubuntu and have static ip addresses with uVerse:
- use their nameservers - 68.94.156.1 and 68.94.157.1
- authenticate your server with theirs
right...
How I set up postfix to authenticate
List what you have in case you break something:
postconf relayhost smtp_sasl_auth_enable smtp_sasl_password_maps smtp_sasl_security_options
set up a password file:
sudo vi /etc/postfix/password
[smtp.att.yahoo.com]:submission attuverseusername:password
and hash it:
sudo postmap hash:/etc/postfix/password
make sure only root can read/write the password file
then set the relayhost and the smtp_sasl parameters:
sudo postconf -e "relayhost = [smtp.att.yahoo.com]:submission"
sudo postconf -e "smtp_sasl_auth_enable = yes"
sudo postconf -e "smtp_sasl_password_maps = hash:/etc/postfix/password"
sudo postconf -e "smtp_sasl_security_options ="
and then reload and smile smile smile:
sudo /etc/init.d/postfix reload
Postfix SASL Howto
postfix docs
Postfix relayhost - Freelock Knowledge Base
nice short article
I set relayhost to NOT check DNS and to use port 587. The password file is set up using the same info. I removed info from smtp_sasl_security_options and will look into adding what it was back but empty works.
We have a vps with godaddy and were planning on migrating our servers there. If uVerse+static ip works out, we will drop that and have the servers here. A vps is nice because it is fast and we do not go down when the next hurricane knocks power off (which seems to be about every few years - sigh) But, if this works, it costs less and I really like having the servers here. It's easier to play with them and try new configurations. We will see what makes sense for us.
Call the business office to get the static ips. They are $15 a month. More than I want to pay but less than some other options.
Let me know how things work for you.
Gary
No comments:
Post a Comment