I recently installed the smtp-auth patch into qmail. Everything works great on that end. The problem I'm having is, some mail just sits in the queue and goes no where. I have a bellsouth.net email address, and when I send myself test messages, I get them all day long. But when people at the office decide they need to send a very urgent message to someone in Orlando, the email sits in the queue and goes no where. I get "Connected_to_205.152.59.32_but_connection_died." from bellsouth.net email addresses (that server is live as I can telnet to port 25, but occassionally I got a completely dead server i.e. I could not ping nor telnet), "Connected_to_64.12.138.57_but_connection_died._Possible_duplicate!_", from aol.com addresses (I just telnet'ed and I got "AOL may no longer accept connections from IP address which have no reverse-DNS (PTR record) assigned." so that may be the issue there. Other things like, if I ping netzero.net or netzero.com, I occassionally get a reply back from our IP address! I've resorted back to using bellsouth for outgoing mail until I can get these issues sorted out, but I'm kind of at a loss . . .
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Unbelievable DNS issues
- Thread starter slylos
- Start date
Hrm, ok. You didn't say if your bellsouth account is DSL, cable modem, T1 or what... could make a difference. Is it static or dynamic IP assignment? I have lots of ideas but you need to specify.
D.E.R. Management - IT Project Management Consulting
D.E.R. Management - IT Project Management Consulting
- Thread starter
- #3
DSL, cable, T1, Wireless?
D.E.R. Management - IT Project Management Consulting
D.E.R. Management - IT Project Management Consulting
- Thread starter
- #5
OK, static DNS through a baby bell will have the following issues:
1) You do not have reverse DNS capability unless you request it and they grant it. As a result, you will be in strict violation of an RFC that requires this for SMTP outbound servers. NORMALLY email recipients didn't worry about this, but lately this enforcement of this has been on the upswing.
2) You MAY have outbound port 25 blocked by the ISP itself (Bellsouth). They normally block their DSL clients to prevent spam abuse outbound from their network. You can normally request to be allowed out through a rule change.
3) You MAY ALSO been blocked by the recipients because you are within a known DSL IP block range. This can be a quagmire that's impossible to climb out of since so much spam and other abuse comes from zombie machines within DSL and cable provider IP ranges.
On #3 you can check your IP using the tools at:
D.E.R. Management - IT Project Management Consulting
1) You do not have reverse DNS capability unless you request it and they grant it. As a result, you will be in strict violation of an RFC that requires this for SMTP outbound servers. NORMALLY email recipients didn't worry about this, but lately this enforcement of this has been on the upswing.
2) You MAY have outbound port 25 blocked by the ISP itself (Bellsouth). They normally block their DSL clients to prevent spam abuse outbound from their network. You can normally request to be allowed out through a rule change.
3) You MAY ALSO been blocked by the recipients because you are within a known DSL IP block range. This can be a quagmire that's impossible to climb out of since so much spam and other abuse comes from zombie machines within DSL and cable provider IP ranges.
On #3 you can check your IP using the tools at:
D.E.R. Management - IT Project Management Consulting
- Thread starter
- #7
You use the /var/qmail/control/smtproutes to send all your outgoing mail to their SMTP server.
This presumes that they don't require any authentication and are willing to relay for your IP. Of course, they might have the "smarts" build in to their server to accept for users From: your domain, but that can be spoofed by someone else and would be rather silly to implement if they are of good ethics.
D.E.R. Management - IT Project Management Consulting
This presumes that they don't require any authentication and are willing to relay for your IP. Of course, they might have the "smarts" build in to their server to accept for users From: your domain, but that can be spoofed by someone else and would be rather silly to implement if they are of good ethics.
D.E.R. Management - IT Project Management Consulting
- Thread starter
- #9
You don't. They are right. Your IP can relay mail through their server. You are responsible for sending outgoing email using the IP they've authorized.
You SHOULD be able to ask them to authorize your IP to use Port 25 outbound on your own, that's the alternative. Otherwise you're stuck using their services.
D.E.R. Management - IT Project Management Consulting
You SHOULD be able to ask them to authorize your IP to use Port 25 outbound on your own, that's the alternative. Otherwise you're stuck using their services.
D.E.R. Management - IT Project Management Consulting
- Thread starter
- #11
According to them, they don't filter port 25 for business DSL accounts. I believe that is true, as I can send myself test messages all day long to a bellsouth, netzero, and yahoo email address. But for some reason, other netzero, bellsouth, and aol addresses fail!
Should I be concerned with domain spoofing, configuring qmail to send all mail through their SMTP servers? I'm doing it this way, so I do not have to transfer our domains (again) from Network Solutions to Bellsouth. Network Solutions is giving me the shaft, because they don't suport PTR or SPF records.
Should I be concerned with domain spoofing, configuring qmail to send all mail through their SMTP servers? I'm doing it this way, so I do not have to transfer our domains (again) from Network Solutions to Bellsouth. Network Solutions is giving me the shaft, because they don't suport PTR or SPF records.
What do your logs say when you have failed message delivery to some else on a domain you've been able to send to?
try me for instance
This is a valid email: test444@dermanagement.com
I'm curious what happens when you try to send to me... read your logs and snip and errors to a post here....
D.E.R. Management - IT Project Management Consulting
try me for instance
This is a valid email: test444@dermanagement.com
I'm curious what happens when you try to send to me... read your logs and snip and errors to a post here....
D.E.R. Management - IT Project Management Consulting
- Thread starter
- #13
The main errors I received were "Temporary_CNAME_Lookup" and "Could_Not_Establish_An_SMTP_Connection", "Connected_to_205.152.159.17_But_Connection_Died", those were the majority of errors. I configured qmail to hand all outgoing (remote) mail to bellsouth smtp servers, yesterday we had trouble with "connection_died" errors, but all mail eventually went through. Today, everything is so far so good. bellsouth is trying to determine why we are getting these connection errors. It not only happend to qmail, but if I set the SMTP Server in Eudora to bellsouth's smtp server, I'd get a similar "connection died" error message, anytime I tried to send mail *anywhere*. So its obviously not something specific to qmail. There is some connectivity issue somewhere.
You may want to spot check your local network to make sure that
1) External/Internal DNS resolvers are working
2) You don't have any duplicated IP addresses on your local segment
3) You don't have multiple paths defined (using a hosts file, routing tables, etc) that would given a "random" flavor or network behavior on outbound connects.
4) Bad NIC on your end.
You could also try something like using a dialup connection for your mail server to pickup/send through Bellsouth on an interval to see if there's a network issue or a config issue... That might create more confusion than it's worth, but it's something to consider if you are having trouble trusting your qmail config's behavior over a complicated relay.
D.E.R. Management - IT Project Management Consulting
1) External/Internal DNS resolvers are working
2) You don't have any duplicated IP addresses on your local segment
3) You don't have multiple paths defined (using a hosts file, routing tables, etc) that would given a "random" flavor or network behavior on outbound connects.
4) Bad NIC on your end.
You could also try something like using a dialup connection for your mail server to pickup/send through Bellsouth on an interval to see if there's a network issue or a config issue... That might create more confusion than it's worth, but it's something to consider if you are having trouble trusting your qmail config's behavior over a complicated relay.
D.E.R. Management - IT Project Management Consulting
- Thread starter
- #15
Yea I thought about a bad NIC as well, but its strange that the same problem affected more than a few computers when they tried to connect to bellsouth smtp servers directly. I will however check for dupe IP's, and my hosts file as well. Thanks for the tips thedaver!
- Status