Results 1 to 11 of 11
  1. #1

    Exclamation Weird E-mail Issues

    Well, where to start. This may or may not be the right place for this, if not, I'm sorry in advance.

    I'm having an issue with receiving e-mails from a variety of sites and I'm having one hell of a time figuring out why. The error they all seem to have in common is something of this fashion:

    Code:
       ----- The following addresses had permanent fatal errors ----- <tcrass(A-T)pleiadesdesign.com>
    
       ----- Transcript of session follows -----
    451 <tcrass(A-T)pleiadesdesign.com>... pleiadesdesign.com: Name server timeout Message could not be delivered for 2 hours Message will be deleted from queue
    
    Final-Recipient: RFC822; tcrass(A-T)pleiadesdesign.com
    Action: failed
    Status: 4.4.7
    Last-Attempt-Date: Thu, 17 Apr 2008 19:22:12 -0400 (EDT)
    
    Received: from covenfreyja(A-T)aim.com
        by imo-d06.mx.aol.com (mail_out_v38_r9.3.) id u.c7f.12acd8a0 (57881)
         for <tcrass(A-T)pleiadesdesign.com>; Thu, 17 Apr 2008 17:19:15 -0400 (EDT)
    Return-Path: <covenfreyja(A-T)aim.com>
    Received: from webmail-ne07 (webmail-ne07.sim.aol.com [207.200.67.7]) by air-ia04.mail.aol.com (v121.4) with ESMTP id MAILINIA43-e2194807bed212c; Thu, 17 Apr 2008 17:19:15 -0400
    To: tcrass(A-T)pleiadesdesign.com
    Subject: Test
    Date: Thu, 17 Apr 2008 17:19:14 -0400
    X-MB-Message-Source: WebUI
    X-AOL-IP: 12.40.32.169
    X-MB-Message-Type: User
    MIME-Version: 1.0
    From: covenfreyja(A-T)aim.com
    Content-Type: multipart/alternative;
     boundary="--------MB_8CA6EE7D2A4FE58_B68_5BCF_webmail-ne07.sysops.aol.com"
    X-Mailer: AIM WebMail 36012-STANDARD
    Received: from 12.40.32.169 by webmail-ne07.sysops.aol.com (207.200.67.7) with HTTP (WebMailUI); Thu, 17 Apr 2008 17:19:14 -0400
    Message-Id: <[email protected]>
    X-Spam-Flag: NO

    Now, what I've done so far, yes, it "looks" like it's a DNS issue, yet... I've verified my DNS with every tool known to man save dnsstuff since they cost more than I care to pay for it. I've gone through my DNS zones with a fine tooth comb and made sure they're okay, I've made sure I'm not on any RBL lists that I'm aware of and MOST mail appears to be getting through.

    What it appears to be on a more grand scale is that somehow, for some reason, traffic being passed toward my DNS server is never making it there. It's essentially getting blocked or hung up somewhere in the middle of la-la land on the net, but I wanted to post and see if a) anyone could check things from there end and see if they get the same issues b) has a helpful hand or maybe has had this issue before and knows what it is and how to resolve it.

    Any help and insight that anyone would be willing to provide is much appreciated. Thanks!

  2. #2
    Join Date
    Oct 2004
    Location
    Kerala, India
    Posts
    4,750
    Try setting the reverse dns of your mail server IP to mail.pleiadesdesign.com ie your server hostname. I see it is set to something else.
    David | www.cliffsupport.com
    Affordable Server Management Solutions sales AT cliffsupport DOT com
    CliffWebManager | Access WHM from iPhone and Android

  3. #3
    It looks like dns resolver setting in the mail server does not work properly.
    PremiumReseller.com Hyper-V SSD VPS USA London Singapore
    Reseller Hosting Cpanel PURE SSD CloudLinux Softaculous
    Windows Reseller Asp.NET 4.5 MSSQL 2012 SmarterMail Enterprise

  4. #4
    Hrm, very odd, could you post me what you are showing for it? I made changes to it as posted below but not sure if I changed what you're referring to.

    Code:
    file: db.69.30.204
    
    $TTL    43200
    @               IN      SOA     ns1.pleiadesdesign.com. pleiades.pleiadesdesign.com. (
                            2008041901 ; serial
                            8H ; refresh
                            2H ; retry
                            7D ; expire
                            1D ; default_ttl
                            )
    ; DNS Records
                    IN      NS      ns1.pleiadesdesign.com.
                    IN      NS      ns2.pleiadesdesign.com.
    
    ; PTR Records
    
    75              IN      PTR     mail.pleiadesdesign.com.
    And if that's the actual issue here's the zone file for the domain itself

    Code:
    $TTL    43200
    
    $ORIGIN pleiadesdesign.com.
    
    @               IN      SOA     ns1.pleiadesdesign.com. pleiades.pleiadesdesign.com. (
                            2008041901 ; serial
                            1H ; refresh
                            10M ; retry
                            14D ; expire
                            12H ; default_ttl
                            )
    
    ; Default Host
    
            IN      A       69.30.204.75
    
    ; MX Records
    
            IN      MX      5       mail.pleiadesdesign.com.
    
    ; DNS Servers
    
            IN      NS      ns1.pleiadesdesign.com.
            IN      NS      ns2.pleiadesdesign.com.
    
    ; DNS Hosts
    
    ns1             IN      A       69.30.204.75
    ns2             IN      A       195.234.42.1
    mail            IN      A       69.30.204.75
    Maybe it is a DNS issue but it seems odd that it would have just started doing this a few weeks ago 'without' any DNS changes being made at that time. It acts like communication between the sending server and my server are completely blocked for some reason. But I guess this is a start.

  5. #5
    Join Date
    Jul 2005
    Location
    Edinburgh
    Posts
    3,878
    Get in touch with your provider and have the RDNS set up..that for sure will help mail going to and coming from aol.com (who bounce mail from servers with no RDNS) and other places too.

    I don't see it to be a firewall issue.

    You could try /scripts/eximup --force to see if that helps.

    owm
    Last edited by Outlaw Web Master; 04-19-2008 at 11:41 AM.
    ()
    Life's what you make it.

  6. #6
    has this been solved?

  7. #7
    No, the problem is not yet resolved. What I have done since though is set up secondary DNS through Xname to see if 'maybe' that would help anything. So far, not. Though my AOL error has changed (which I'll post in a moment).

    Code:
       ----- Transcript of session follows -----
    <tcrass(A-T)pleiadesdesign.com>... Deferred: Connection refused by 
    mail.pleiadesdesign.com.
    Message could not be delivered for 3 hours
    Message will be deleted from queue
    
    Final-Recipient: RFC822; tcrass(A-T)pleiadesdesign.com
    Action: failed
    Status: 4.4.7
    Remote-MTA: DNS; mail.pleiadesdesign.com
    Last-Attempt-Date: Sat, 19 Apr 2008 14:28:21 -0400 (EDT)
    
    Received: from  imo-m20.mx.aol.com (imo-m20.mail.aol.com [172.20.107.66]) by 
    imr-d01.mx.aol.com (v107.10) with ESMTP id RELAYIN1-2480a0f903d7; Sat, 19 Apr 
    2008 11:28:16 -0400
    Received: from covenfreyja(A-T)aim.com
        by imo-m20.mx.aol.com (mail_out_v38_r9.3.) id u.cdf.2a869a1d (57880)
         for <tcrass(A-T)pleiadesdesign.com>; Sat, 19 Apr 2008 11:12:59 -0400 (EDT)
    Received: from webmail-da16 (webmail-da16.webmail.aol.com [205.188.212.211]) by 
    air-ia04.mail.aol.com (v121.4) with ESMTP id MAILINIA42-e218480a0bfb2a7; Sat, 19 
    Apr 2008 11:12:59 -0400
    To: tcrass(A-T)pleiadesdesign.com
    Subject: test
    Date: Sat, 19 Apr 2008 11:12:59 -0400
    X-MB-Message-Source: WebUI
    X-AOL-IP: 172.20.107.66
    X-MB-Message-Type: User
    MIME-Version: 1.0
    From: covenfreyja(A-T)aim.com
    Content-Type: multipart/alternative; 
     boundary="--------MB_8CA7046FD03E0A4_15B8_3F71_webmail-da16.sysops.aol.com"
    X-Mailer: AIM WebMail 36012-STANDARD
    Received: from 76.92.245.162 by webmail-da16.sysops.aol.com (205.188.212.211) 
    with HTTP (WebMailUI); Sat, 19 Apr 2008 11:12:59 -0400
    Message-Id: <[email protected]>
    X-Spam-Flag: NO
    Now, before you say "duh, unblock the server", you need to be fully aware that it is NOT blocked. I have no block rules in my iptables for any of those addresses and have 'cleared' all block rules I had just in case.

    Additionally, this message only appeared "after" I set up secondary DNS at another provider off the present subnet, and the previous error was that it couldn't connect to the DNS server.

    Even more, this is only happening with about 5% of the mail hosts that attempt to deliver mail to my server for some reason.

    And last, there is absolutely NO log of any attempted connection from any of these servers in any of my log files which indicates that the server never actually communicated with my system.

    Thus, it leads me to further believe this could be a bigger issue relating to being able to connect to my server in general through very certain and specific routes but I totally don't understand wtf is going on in terms of why that would be. This is a 'new' development, everything was fine about a month ago, now it seems it's jacked up somewhere along the lines.

    On those lines, is anyone else running into a similiar issue where some of the people trying to send you mails are complaining about either rejects or timeouts?

    Furthermore, if I try and traceroute to the 2 aol systems that touched the mail above I can't get to them, and if I can't get to them, they can't get to me. See below:

    Note: this might be my co-lo provider on this one, I'll be talking to them about this specifically
    Code:
    lyra:~# traceroute 172.20.107.66
    traceroute to 172.20.107.66 (172.20.107.66), 30 hops max, 40 byte packets
     1  69.30.204.73 (69.30.204.73)  0.514 ms  0.474 ms  0.419 ms
     2  69.30.235.45 (69.30.235.45)  1.503 ms  1.197 ms  1.030 ms
     3  69.30.235.1 (69.30.235.1)  1.838 ms  1.106 ms  1.203 ms
     4  69.30.235.210 (69.30.235.210)  1.626 ms  1.234 ms  1.584 ms
     5  * * *
     6  * * *
    Code:
    lyra:~# traceroute 205.188.212.211
    traceroute to 205.188.212.211 (205.188.212.211), 30 hops max, 40 byte packets
     1  69.30.204.73 (69.30.204.73)  0.509 ms  0.450 ms  0.418 ms
     2  69.30.235.45 (69.30.235.45)  1.273 ms  1.052 ms  1.017 ms
     3  69.30.235.1 (69.30.235.1)  1.246 ms  8.890 ms  1.005 ms
     4  69.30.235.210 (69.30.235.210)  1.453 ms  1.306 ms  1.151 ms
     5  rrcs-67-53-162-197.west.biz.rr.com (67.53.162.197)  22.809 ms  15.764 ms  10.949 ms
     6  gig1-0-6.kscymordc-rtr2.rdc-kc.rr.com (24.94.160.73)  1.670 ms  1.658 ms  1.496 ms
     7  so-3-1-1.kscymol3-rtr1.kc.rr.com (24.94.160.169)  1.992 ms  12.002 ms  2.142 ms
     8  te-1-3.car1.StLouis1.Level3.net (4.79.132.33)  17.941 ms ge-5-1-203.hsa1.StLouis1.Level3.net (4.79.132.13)  18.960 ms te-1-3.car1.StLouis1.Level3.net (4.79.132.33)  17.910 ms
     9  ae-11-11.car2.StLouis1.Level3.net (4.69.132.186)  137.024 ms  203.487 ms  204.041 ms
    10  ae-4-4.ebr2.Chicago1.Level3.net (4.69.132.190)  15.623 ms  16.165 ms  17.981 ms
    11  ae-78.ebr3.Chicago1.Level3.net (4.69.134.62)  18.351 ms  16.770 ms  18.419 ms
    12  ae-2.ebr2.Washington1.Level3.net (4.69.132.70)  42.866 ms  33.686 ms  35.861 ms
    13  ae-82-82.csw3.Washington1.Level3.net (4.69.134.154)  44.163 ms  33.172 ms  38.792 ms
    14  ae-3-89.edge5.Washington1.Level3.net (4.68.17.137)  31.369 ms  31.129 ms  31.807 ms
    15  * * *
    16  * * *
    On top of this stopage in the Level3 network, I also get stops trying to get to mail servers passing through the rr.com network at their chicago hub.

    Thank you for your help and insight so far, any additional is always very much appreciated.

  8. #8
    Join Date
    Dec 2004
    Posts
    88
    A simple command line email works...

    Code:
    C:\Documents and Settings\rosshwht>telnet mail.pleiadesdesign.com 25
    
    220 mail.pleiadesdesign.com ESMTP Exim 4.61 Sun, 20 Apr 2008 18:23:54 -0500
    helo me
    250 mail.pleiadesdesign.com Hello me [xxx.yyy.zzz.aaa]
    mail from:[email protected]
    250 OK
    rcpt to:[email protected]
    250 Accepted
    data
    354 Enter message, ending with "." on a line by itself
    some test text
    .
    250 OK id=1Jnitn-0007yL-RQ
    quit
    221 mail.pleiadesdesign.com closing connection
    So your "Message could not be delivered for 3 hours. Message will be deleted from queue" error is the receiving MTA rejecting the mail. Most likely some poorly configured filtering system or a practice like Grey-Listing.

    Regards rossh

  9. #9
    Maybe...

    But you didn't seem to take into account the message regarding "why" the message could not be delivered for 3 hours, one line above that:

    Deferred: Connection refused by mail.pleiadesdesign.com.

    The message being deleted is merely a symptom of the actual problem, not the problem itself. As stated, only about 5% of the messages that are attempting to get to my system appear to be blocked, nearly everyone doesn't seem to have a problem, it's just here and there, unfortunately a few critical ones fall into the here and there.

    Prior to the message above which started once I set up a completely separate 2nd DNS (which I should have anyhow) AOL was chucking this one:

    pleiadesdesign.com: Name server timeout Message could not be delivered for 2 hours Message will be deleted from queue

    So I guess basically I probably need to find someone who actually 'can't' send to my system and then have them traceroute to me and me to them and see if we stop in the same place (which I suspect would be the case). If/when that happens then it should be apparent where the blockage is happening because I'm extremely certain that it's not on my specific servers end, unless my DNS configuration is somehow incorrect, which I've verified time and time again against a bazillion different dns diag tools.

    Hrm...back to the drawing boards on this I guess.

  10. #10
    You might be right, but have your grepped your logs?

    grep -i "aol.com" "/var/log/exim_mainlog" | more

  11. #11
    Yep, first thing I did and aol.com doesn't even show, if I grep for just AOL I get plenty of spam like this:

    Code:
    mainlog.1:836:2008-04-20 08:59:53 H=2.52.100-84.rev.gaoland.net [84.100.52.2] F=<[email protected]> rejected RCPT <[email protected]>: REJECTED - 84.100.52.2 is blacklisted at bl.spamcop.net; Blocked - see linktospamcop/bl.shtml?84.100.52.2
    But nothing with even just aol in the host name. I even checked for IPs and aside from that I didn't just check the exim logs, I checked my "entire" log directory looking for anything which might point to someplace that my stuff is holding it up. No dice.

    Pretty odd issue that's for sure. Don't think I've ever encountered something like this in the last 10 years that I've been doing this on a daily basis LOL.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •