Mailing List SIMS@mail.stalker.com Message #15398
From: Bill Cole <listbill@scconsult.com>
Subject: Re: DNS issues with sending server or what?
Date: Wed, 10 Jan 2007 23:19:32 -0500
To: SIMS Discussions <SIMS@mail.stalker.com>
At 12:59 PM -0800 1/10/07, Paul Didzerekis  imposed structure on a stream of electrons, yielding:
Can anyone here see what is causing the following problem and suggest a solution?

The problem is that someone tries to send email from tricityregionalchamber.com to one of our client domains tcajob.com and our server instantly bounces back the message to the sending server with an error that the user is unknown.  I think it is bouncing all messages they try to send to us at any of the domains we host.  The server at tcajob.com (Web*V) performs spam content and RBL filtering and such and is setup to forward messages for that domain on to another server (SIMS) that handles the POP accounts for that domain.  We don't have this problem with any other domains we host or emails coming from any other place.


There's a contradiction there. Is it all of your domains or just one?




I suspect that the sending server/domain may have a DNS issue or something and that is confusing our receiving server and causing it to bounce the message back to them.  Our server that is bouncing the messages does not show any kind of error in the log just that the message is received and then instantly returned.

That is very broken. A mail server that does not log what it does with every message should be dumped.


Here is the info I got back when I asked the sending people to forward me the bounced message with header (sent to my .mac account).

Thanks in advance,
Paul Didzerekis

Here is the header info
Bounced notification
And the original message is attached


The message looks wrong. Incomplete. Full Internet headers(not the Microsoftian reductions)  for the bounce itself would help, and it looks like something has removed and 'simplified' the actual SMTP response. That's a known Exchange behavior.

With that in mind, I will make a couple of notes:

-----Original Message-----
From: Mattson, Lori [mailto:Lori.Mattson@tricityregionalchamber.com]
Sent: Monday, January 08, 2007 3:26 PM
To: Stone, Renee K
Subject: FW: Returned mail: Message Undeliverable

Microsoft Mail Internet Headers Version 2.0
Received: from mail.tri-city.net ([63.95.200.12]) by
tricityregionalchamber.com with Microsoft SMTPSVC(6.0.3790.1830);
Mon, 8 Jan 2007 14:50:11 -0800
Date: Mon, 08 Jan 2007 22:50:10 GMT
From: Mail Delivery Subsystem
Subject: Returned mail: Message Undeliverable
To: <Lori.Mattson@tricityregionalchamber.com>
MIME-Version: 1.0
Content-Type: multipart/report; report-type=delivery-status;
boundary="Relay/45a2caa2-289a200-ca.bounce"
Return-Path: <>
Message-ID: <TCRCC01m80t26Cvnrcl00000eea@tricityregionalchamber.com>
X-OriginalArrivalTime: 08 Jan 2007 22:50:12.0045 (UTC)
FILETIME=[5AC6C7D0:01C73377]

--Relay/45a2caa2-289a200-ca.bounce
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 7bit

--Relay/45a2caa2-289a200-ca.bounce
Content-Type: message/rfc822
Content-Transfer-Encoding: 7bit

Received: from tricityregionalchamber.com
(64-13-28-32.kwk.clearwire-dns.net [64.13.28.32]) BY mail.tri-city.net
([63.95.200.12])
 WITH ESMTP (4D WebSTAR V Mail (5.4.0)); Mon, 08 Jan 2007 14:50:10 -0800

A machine at IP address 64.13.28.32 claimed in it's EHLO to be named "tricityregionalchamber.com" but in fact that name resolves to 65.61.117.202.

That is not supposed to be grounds for rejecting mail, but some people ignore the admonition against that practice in RFC2821, because such a verification can be useful: many spammers use fake HELO/EHLO names.

The resolvable name for 64.13.28.32 is one that looks very generic, as if the owner of the IP address doesn't care what its name is except to assure that he can resolve it in his head without DNS. That also "looks spammy" to many spam control systems.

Combine a fraudulent EHLO with a generic real name, and there are a lot of spam filters that won't even look any further.

However, this does indicate that mail.tri-city.net (the Web* server) accepted the message. Unfortunately, it looks like Web* is too stupid to create SMTP transaction ID's for Received headers and log tracking or Message-ID's for its bounces. It sure makes tracking hard...


X-MimeOLE: Produced By Microsoft Exchange V6.5
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: multipart/alternative;
boundary="----_=_NextPart_001_01C73377.56B9CB10"
Subject: test 100
Date: Mon, 8 Jan 2007 14:50:05 -0800
Message-ID: <BF2AF0B9A2A0574EBCFEC37A7F3104F40CA934@TCRCC01.tcrcc.local>
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
Thread-Topic: test 100
Thread-Index: Acczd1SIyFvR5YEZRjm2CQs1HSzijw==
From: "Mattson, Lori" <Lori.Mattson@tricityregionalchamber.com>
To: <hostmaster@3-rivers.com>,
<melanie@tcajob.com>

------_=_NextPart_001_01C73377.56B9CB10
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

------_=_NextPart_001_01C73377.56B9CB10
Content-Type: text/html;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable


------_=_NextPart_001_01C73377.56B9CB10--

--Relay/45a2caa2-289a200-ca.bounce--


I'm not sure I'm getting this right. This is looking like the bounce of a bounce???



-----Original Message-----
From: Mail Delivery Subsystem [mailto:Mail Delivery Subsystem]
Sent: Monday, January 08, 2007 2:50 PM
To: Mattson, Lori
Subject: Returned mail: Message Undeliverable

This message could not be delivered to the following recipients:

<melanie@tcajob.com>: Unable to reach destination or recipient is
invalid.



That looks like the Exchange bounce re-writing stupidity. Somewhere there once was a set of real headers for that, a domain for the sender, and a clear specification of what was said last in the SMTP conversation by what machine and to what machine. Without those, diagnosis is impossible. As long as the bounces are going back in to a default-configured Exchange, you won't get them.

Based on what you DO have, I'd suggest two possibilities:

1. The spam filtering in Web* is causing the problem. If it is an asynchronous filtering system that accepts mail, filters it, then bounces what it dislikes, that's a possibility.

2. SIMS might be rejecting this for some reason.


Diagnosis is made immensely more difficult by the interaction of two junkware mail servers: WebStar and Exchange. If you canfix one or both to provide more information, you have a far better shot of figuring this out.


--
Bill Cole                                  bill@scconsult.com

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster