[Dshield] SMTP DNS record question

Coxe, John B. JOHN.B.COXE at saic.com
Mon Jan 12 17:55:19 GMT 2004


Looks like they have 4 MX hosts, with one being preferential.  As long as
kraken.vdh is available and listening for SMTP, your MTA should go there by
design.  The others, mx0-mx2, generally wouldn't receive mail for the domain
unless kraken couldn't handle the capacity of connections.

A couple ideas.  If kraken was down, m0-mx2 might be configured differently
and perhaps not know they are supposed to collect mail for vdh.state.vt.us.
Further, it is not all that uncommon when something like that occurs for the
backup MTAs to not know how/where to deliver the mail properly once they
have collected it.  They are in a different address space altogether.
Another possibility is that the receiving MTA is refusing the mail because
the EHLO/HELO doesn't match the connecting host (your firewall) if you are
using a general service proxy.

The best thing would be to look at all the details in the delivery failure
notice you get to see the reporting MTA and anything else it has to say.
Also, as always, review your logs and turn up the logging level if you can
to pinpoint where the problem is.

-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On Behalf
Of Richard Roy
Sent: Monday, January 12, 2004 9:07 AM
To: General DShield Discussion List
Subject: RE: [Dshield] SMTP DNS record question

That isn't the customer.  Sorry, that is the place I did the querry
instead.
If that was unclear I am sorry.
The domain was vdh.state.vt.us 
Which returns:

Domain Type Class TTL Answer vdh.state.vt.us. MX IN 86400
mx1.state.vt.us. [Preference = 10] vdh.state.vt.us. MX IN 86400
mx2.state.vt.us. [Preference = 10] vdh.state.vt.us. MX IN 86400
kraken.vdh.state.vt.us. [Preference = 0] vdh.state.vt.us. MX IN 86400
mx0.state.vt.us. [Preference = 10] state.vt.us. NS IN 86400
ns2.state.vt.us. state.vt.us. NS IN 86400 ns1.state.vt.us.
kraken.vdh.state.vt.us. A IN 86400 159.105.134.230 mx0.state.vt.us. A IN
86400 159.105.23.194 mx1.state.vt.us. A IN 86400 159.105.23.130
mx2.state.vt.us. A IN 86400 170.222.64.130 ns1.state.vt.us. A IN 86400
159.105.23.130 ns2.state.vt.us. A IN 86400 170.222.64.130 


As I said, 3 separate MX records all with the same preference.  I
thought it was odd and might be part of the problem, I'll admit I could
be way off base, but I thought that multiple MX records had to have
different preferences.



-----Original Message-----
From: list-bounces at dshield.org [mailto:list-bounces at dshield.org] On
Behalf Of David Hart
Sent: Monday, January 12, 2004 9:58 AM
To: General DShield Discussion List
Subject: Re: [Dshield] SMTP DNS record question


On Mon, 2004-01-12 at 11:42, Richard Roy wrote:
> I am working to debug why I am having difficulties sending to a 
> customer email.  I have implemented a new firewall, and spam blocker, 
> and have yet to be able to point to either as the root of the problem.

> So for grins, I went to www.dnsstuff.com and did a querry on them.  
> They have 3 MX records, MX0, MX1, MX2 all with different hosts and IP 
> addresses.

I show just one MX (mail.dnsstuff.com) which, in turn, is handled by a
spam handler, declude.com which, in turn, uses imail, which in turn is
one terrible MTA which, in turn, is probably the problem ;-)
                               ---------
            Quality Management - A Commitment to Excellence

_______________________________________________
list mailing list
list at dshield.org
To change your subscription options (or unsubscribe), see:
http://www.dshield.org/mailman/listinfo/list




More information about the list mailing list