Mailing List SIMS@mail.stalker.com Message #12249
From: Bill Cole <listbill@scconsult.com>
Subject: Re: Problems Sending and Receiving
Date: Thu, 19 Dec 2002 21:11:11 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 2:54 PM -0800 12/19/02, Roger Corbin  imposed structure on a stream of electrons, yielding:
We have one client that we seem to have problems sending and receiving mail from. they are at a domain called meetings-site.com I had a glance at the logs and we seem to get messages like the ones below. The person at  meetings-site.com says that they don't have problems exchanging email with anyone else.  Our
domain is rare-indigo.com  Do these log entries mean anything to anyone ?

Thanks,

Roger Corbin


09:58:13 3 SMTP-717(meetings-site.com) Failed to connect to [216.100.98.23:25]. reason=60
09:58:14 3 SMTP-717(meetings-site.com) No relay address is accessable. Error Code=-25010


09:54:13 3 SMTP-717(meetings-site.com) Failed to connect to [216.100.99.23:25]. reason=61
09:54:14 3 SMTP-717(meetings-site.com) Abort Received, reason=54
09:54:14 3 SMTP-717(meetings-site.com) Reading Failed. Error Code=-25010. Read:
09:54:14 3 SMTP-717(meetings-site.com) No prompt at [216.100.99.27:25]


Those are out of order, but basically it looks like for some reason SIMS first tried 216.100.99.23 then 216.100.99.27 and when neither worked, it gave up. It looks like the first didn't answer and the second answered the connection but never gave a proper SMTP banner. To figure out the timing, you'd need more log entries (probably level 4 or 5 SMTP entries)

I can confirm that both are a bit slow, but both do eventually give a banner on connection. Now. Whether they did earlier, I cannot say, of course. I do see that the DNS for meeting-site.com has a serial number in the SOA record which implies that it was changed 14 times yesterday, which can't be good for mail connectivity. The current records do not point at the 216.100.99.* machines as MX's but at other SBC machines running different MTA's (!)

So here's Theory #1: Their DNS was in massive flux yesterday. Some5times it was pointing at machines that had serious problems. SIMS gave up on trying to deliver to those machines. If you try again today, it may well work.

Now for other issues that may contribute....

toaster# host rare-indigo.com
rare-indigo.com mail is handled (pri=10) by mail.rare-indigo.com
toaster#  host  mail.rare-indigo.com
mail.rare-indigo.com has address 208.181.54.131
toaster# host 208.181.54.131
Host not found.

OOPS!

Your mail server is sitting on an IP address with no reverse DNS. More specifically, it is on an address that has a little  reverse DNS, but that reverse DNS is delegated into your domain (There's a CNAME at Telus pointing at c208.181.54.131.rareindigo.com) and you have no record to complete the delegation. Maybe Telus never told you about this or maybe you just don't have a mechanism for doing classless rDNS delegation, but in the end, someone trying to get a name for 208.181.54.131 won't.

A bit more digging indicates that you seem to have some sort of record, but it is pretty messed up. You'd best talk to Telus about how they are delegating that rDNS to you, and read RFC2317 (ftp://ftp.rfc-editor.org/in-notes/rfc2317.txt) to see what you need to do. What Telus is doing is strange for RFC2317 implementation, but not necessarily wrong. If you want to fit their existing practice, you can just add a record like this:

 c208.181.54.131.rareindigo.com.  IN PTR  mail.rareindigo.com.

The reason for all this is Theory #2: The various SBC servers doing mail exchange for meeting-site.com are trying a rather unreliable but increasingly common trick to validate your identity. They are doing a reverse lookup on your IP address. How they might use that could vary, from just requiring any name  or requiring a name that resolves, to requiring a name that resolves back to the same IP and which you then use as your introduction. Instead, you have broken reverse DNS which is broken in a strange way, and that may be confusing the other end.

(BTW, I suspect this was your problem last month with robertmondavi.com as well...)

--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster