Mailing List SIMS@mail.stalker.com Message #11826
From: NetHead <nethead@pecandeluxe.com>
Subject: Re: Mail error & its interpretation
Date: Mon, 23 Sep 2002 10:06:44 -0500
To: SIMS List <SIMS@mail.stalker.com>
X-Mailer: Claris Emailer 2.0v3, January 22, 1998
>From: Mark Hartman <mh-list@harthaven.com>
>Subject: Re: Mail error & its interpretation
>Date: Mon, 23 Sep 2002 06:53:49 -0700
>To: <SIMS@mail.stalker.com> (SIMS Discussions) At 8:14 AM -0500 9/23/02,
>NetHead wrote:
>
>>Now, my reading of a "554" is that somewhere, a server thinks I'm
>>relaying. Presumably my mail server, right? But why would my mail server
>>think I'm relaying? I've gone over my configuration. I have all ips on my
>>network listed in the client-hosts. I have "Relay for Clients Only"
>>checked, I have "Verify Return-Path" checked, I do not use an RBL, but DO
>>have my own internal blacklist.
>>
>>Is it possible this my isp is somehow detecting my e-mail as a "relay"
>>attempt and then blocking it?
>
>Well, I've just discovered something that could make a difference here.
>
>DIGging up your MX records gives:
>
>---
>;; QUESTIONS:
>;; pecandeluxe.com, type = MX, class = IN
>;; ANSWERS:
>pecandeluxe.com. 900 MX 10 bigbrother.pecandeluxe.com.
>pecandeluxe.com. 900 MX 20 mailhost.cnchost.com.
>;; ADDITIONAL RECORDS:
>bigbrother.pecandeluxe.com. 900 A 67.105.93.126
>mailhost.cnchost.com. 900 A 207.155.248.15
>mailhost.cnchost.com. 900 A 207.155.252.24
>mailhost.cnchost.com. 900 A 207.155.252.26
>mailhost.cnchost.com. 900 A 207.155.248.27
>---
>
>Yet the mail server that responds to "pecandeluxe.com" has an IP address
>(207.155.252.78) which does not match that list.

When you say, "the mailserver that responds to 'pecandeluxe.com' has an
IP address...", what query did you use to obtain this? I know if I do a
DIG on the A-record, I get that IP along with several others. If I had to
guess, I'd say these are load-balancers for our web-hosting. I suppose I
can ask them, if I know how you are obtaining that as our "mail server"

>
>I think that seeing that traceroute is going to be very helpful; it looks
>like something is messed up in your domain definition, and this may be why
>someone along the line thinks that your mail is coming from an unauthorized
>location.

Okay, you asked for it, here it is... the infamous, "TraceRoute":

Hop     IP Address           Host
  1     67.105.93.126        bigbrother.pecandeluxe.com
  2     67.105.93.113        pecandeluxe2.daf.concentric.net
  3     67.105.97.21         pdcc1.daf.concentric.net
  4     207.88.82.17         ge5-0-0.mar1.dallas-tx.us.xo.net
  5     65.106.4.141         p5-1-0-0.rar1.dallas-tx.us.xo.net
  6     64.220.0.149         ge1-0.edge1.dal-tx.us.xo.net
  7     64.3.0.130           *          
  8     4.24.8.197           p8-2.crtntx1-br2.bbnplanet.net
  9     4.24.10.113          p15-0.crtntx1-br1.bbnplanet.net
 10     4.24.10.214          p9-0.iplvin1-br2.bbnplanet.net
 11     4.24.10.181          p13-0.phlapa1-br1.bbnplanet.net
 12     195.16.175.250       p7-0.london2-cr3.bbnplanet.net
 13     212.133.109.22       *
 14     195.16.160.170       p7-0.londen3-cr4.bbnplanet.net
 15     195.16.175.213       p4-0-0.mnchen1-cr1.bbnplanet.net
 16     212.133.7.6          h0.legend.bbnplanet.net
 17     212.69.228.174       boxer.core.legend.net.uk

If you guys see something here, you've got two isp's beat! (not that that
would REALLY surprise me!)

I think you are onto something with the DNS stuff. I'm not sure what, but
perhaps if we pursue this line, something will turn up.


================================================
|     Doug Starkey                             |
|     Network Administrator                    |
|     Pecan Deluxe Candy Company               |
|     2570 Lone Star Drive                     |
|     Dallas, TX 75212-6308                    |
|     e-mail: nethead@pecandeluxe.com          |
|     voice: 214-631-3669 Ext. 108             |
|     fax: 214-631-5833                        |
================================================

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster