Mailing List Message #14447
From: Elliot Wilen <>
Subject: delay from "verify return path" causes timeout
Date: 04 May 2004 14:06:44 -0700
To: SIMS Discussions <>
X-Mailer: QuickMail Pro 3.1 (Mac)
For the past few months, a user at my company has reported difficulties receiving mail sent from a particular educational institution. After examining the problem and getting some help from someone on the technical staff there, I think I've found what's going on. But I wonder if anyone has any additional insights or suggestions.

The problem occurs when the person sending the mail has an email address where the domain portion lacks an MX record. The domain portion does have a valid A record, though. During the SMTP transaction, SIMS was taking approximately 58 seconds to reply to the MAIL FROM command. E.g.,

11:59:42 4 SMTP-300( Input Line: mail from:<>\r
12:00:40 4 SMTP-300( No relay exists for ''
12:00:40 4 SMTP-300( Looking for
12:00:40 4 SMTP-300( Sending 250 <> sender accepted\r\n

However, by the time SIMS had responded, the remote server had timed out the connection:

12:00:40 3 SMTP-300( Abort Received, reason=54
12:00:40 4 SMTP-300( Nothing read - stream broken
12:00:40 3 SMTP-300( Reading Failed. Error Code=-25010. Read:

At the remote end, the sender eventually gets a "warning: could not send message" notice with a transcript that reads:

451 4.4.1 reply: read error from
<>... Deferred: Connection timed out with

It seems there are three things that can be done to fix this problem.

1. Get to increase its timeouts if possible. (All outbound mail at passes through a centrally-managed cluster.) This should work since I have found mail from other sources coming through our server where the sender's address only has an A record, provided the remote server is patient.

1a. Get to create MX records for its various departmental mailservers. Would work, but may be asking too much.

2. Turn off "verify return path". This would let in a little more spam, unfortunately.

3. Reduce the amount of time it takes SIMS to perform the return path lookup.

After going into the TCP/IP control panel on the SIMS machine and removing all the DNS servers except itself (QuickDNS 3.5.3 runs on the same machine), I found that the return path verification was reduced to about 14 seconds when the path contained a valid A record but no MX record. Since there were originally 4 DNS servers in the TCP/IP control panel, it's likely that SIMS takes 14 seconds per server to do the verification (4 x 14 = 56 seconds).

This brings me to the following questions:

1) Any problems with my analysis?
2) Is's timeout on their outbound SMTP sessions unreasonably short?
3) How many other DNS servers should I include in the TCP/IP control panel, and which ones? I think I should have at least one besides QuickDNS, but maybe I shouldn't have the server refer to itself at all.

Thanks in advance for your help.

--Elliot Wilen

