nullmailer - Sending failed: Could not exec program

Gene Heskett gheskett at wdtv.com
Sun Jun 22 14:37:29 UTC 2014 

On Sunday 22 June 2014 06:55:59 Graham Watkins did opine
And Gene did reply:
> On 22/06/14 11:44, Chris Green wrote:
> > On Sat, Jun 21, 2014 at 05:38:13PM +0100, Graham Watkins wrote:
> >> On 21/06/14 16:47, Gene Heskett wrote:
> >>> On Saturday 21 June 2014 11:33:01 Graham Watkins did opine
> >>> And Gene did reply:
> >>> 
> >>> 
> >>> That is an outside address. Does your dns resolver know who
> >>> ntlworld.com is?
> >> 
> >> Haven't the foggiest. How would I check?
> > 
> > Say 'host ntlworld.com' and see if it finds it.
> 
> Hi Chris
> 
> host ntlworld.com brings up the following (which was not exactly what I
> was expecting):
> 
>   host ntlworld.com
> ntlworld.com has address 212.250.162.12

Security lesson time:

This is an "outside" address. Anyone in the world can find it, and exploit 
it if possible. And an unpatched windows machine will be rooted by someone 
in eastern Europe, or even stateside, often within 30 seconds of plugging 
in the CAT5 cable.  Linux machines are far better, but not invincible.

One thing I have done for over a decade now, is to run my local network, 
all of it, on local addresses that cannot pass thru a router.  There are 
at least 2 IPV4 address blocks that are filtered that way.  I use a local 
address for all my machines in the 192.168.xx.xx range, and program the 
router to Native Address Translate that address to the address the router 
gets from my ISP.  Running IPTables, its sorta one way but it remembers 
data requests from me to wherever, and NATs the response back to my 
address.  The router I use has enough flash memory that it can be re-
flashed to DD-WRT, one of several choices available for considerably 
enhanced security.

The end result is that only one person has come into this machine in 10 
years, and I gave him the usernames & passwords to do that.  The router 
gets banged on many thousands of times a day, but no one has gotten thru 
it except the above person.

Any router, particularly those supplied by your ISP, has back doors 
(plural, one for your ISP and one for NSA use too if you are in the US) 
until you put good software in it.  That is what I'd call Pro-Active 
security.  And its totally transparent to me.

> ntlworld.com mail is handled by 5 alt1.aspmx.l.google.com.
> ntlworld.com mail is handled by 5 alt2.aspmx.l.google.com.
> ntlworld.com mail is handled by 10 aspmx2.googlemail.com.
> ntlworld.com mail is handled by 10 aspmx3.googlemail.com.
> ntlworld.com mail is handled by 1 aspmx.l.google.com.
> 
> I don't know if this has anything to do with my changing the nullmailer
> remotes file to use gmail - perhaps you can tell me.

My point is that to send an email message to you the user on that machine, 
from that machine, is that the message never has to leave the machine.  
What you are doing is bouncing it off the google servers, which it should 
not have to do.

As I use /etc/host files for the local stuff, I have never configured my 
local dns lookup for a response to the host command, so I get this for 
that command:

gene at coyote:~$ host coyote.coyote.den
Host coyote.coyote.den not found: 3(NXDOMAIN)

> I have now got a result (see below).  Thanks for your input.
> 
> Cheers,
> 
> Graham


Cheers, Gene Heskett
-- 
"There are four boxes to be used in defense of liberty:
 soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Genes Web page <http://geneslinuxbox.net:6309/gene>
US V Castleman, SCOTUS, Mar 2014 is grounds for Impeaching SCOTUS

More information about the ubuntu-users mailing list