This Space for Rent

Fun Windows Discovery!

At work, the IT department has, because they were very very sinful in a previous life, chosen to be an all-Microsoft IT shop. This includes using Microsoft Exchange for mail delivery. Microsoft Exchange is, as you can expect, extremely feature ridden, and one of those features is, apparently, that it either comes configured not to do transaction logging or it allows you to turn logging off easily or it does logging in such a way that nobody can understand it.

I discovered this last week when a build system mysteriously stopped working. One of the features of this build system is that it includes proprietary code, so halfway through the build I have to mail off a request to the secret proprietary build machine to build me some code and mail it back. I do this via smtp mail, because it's pretty easy to pass control information through mail. Last week, the IT department finally turned off a legacy (microsoft-ese for "it works") mail relay, and mail started bouncing off the new relay.

A day of exasperating mail with the IT shop resulted, with me sending mail saying "your stupid relay isn't properly sending mail from our build machines to this other machine" and the IT shop sending mail saying "well, it works for me, so your build machine must be broken". (This is after the long runaround about mail transport agents, which only stopped when they realized that the sendmail I was talking about was actually sendmail, which is difficult, even for a Microsoft shop, to write off as a nonconformant implementation of sendmail.)

Eventually, after about a dozen mail exchanges, Cc:ed to an increasing number of other people, they actually bothered to do a nslookup on the host name of the build machine. It was in the 192.168 private network. "Oh, that's your problem. We don't relay mail coming from this private guaranteed not to be routed on the network and blocked at our firewall routers, because it's not safe. Get a public IP address and then our internal mail server will route it."

Leaving aside the insanity of not routing mail from guaranteed private and firewalled networks, why did it take a NSlookup to realize that the mail wasn't being routed? One would think you'd just have to look at the mail relay logs, but this is microsoft we're talking about, and ease of use is for sissies. It would take all of the sport out of being a systems administrator if you simply grepped a textfile for "MAIL FROM: me@[192.168.0.1]" or "RCPT TO: build-command-alias@secret-build-machine" and could come back with your "oh, but we don't relay mail from these known private and blocked by our firewall routers networks because of our security policy" without first wasting 3-4 hours arguing with an increasingly agitated luser who's actually a BOFH in his own right.

At least it would take all the sport out of it if you were being paid by the hour. Which may be the point behind switching to Microsoft software in the first place.