Announcement

Collapse
No announcement yet.

Mail server madness!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Mail server madness!

    I have a really odd problem. We switched ISPs and now we cannot send mail to two domain: sbcglobal.net and earthlink.net

    I can send to hotmail.com and yahoo.com

    When I send to sbcglobal.net or earthlink.net I get a bounceback error message that says "SMTP connection failed." The header information ONLY shows the alias domain and makes no reference to the email domain.

    There are two domains at work. One is an alias. The other is the domain that the employees are using as their email address. The mail server is hosted internally and the mail system is an IMAP system (by IP Switch, called 'IMail').

    I have set a public IP address to point to the internally hosted mail server. The A record for the email domain is set to this IP, and the MX record for the alias is set to the email domain. Yes, there is a PTR record set up for the alias that points to this A record (the public IP).

    When I checked today, I could not find an MX record for the alias domain. I just added it this evening and am hoping that, after a propagation period, this is will resolve the mail issue.

    But, now I am confused if I need to do something on the Firewall and with the NAT settings as well.

    Any thoughts? I can provide more details if requested. Please help!
    Last edited by MadHatter; 21st February 2009, 08:41. Reason: More details I forgot.

  • #2
    Re: Mail server madness!

    Knowing what mail server you use would be a very big help!
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Mail server madness!

      Originally posted by Ossian View Post
      Knowing what mail server you use would be a very big help!
      Hi Ossian,

      As stated in my original post, the mail server is an IMAP system by IP Switch called 'IMail.' If there is more to it than that, let me know and I will try to get more details.

      Thank you for your response!

      Comment


      • #4
        Re: Mail server madness!

        Originally posted by MadHatter View Post
        I have set a public IP address to point to the internally hosted mail server. The A record for the email domain is set to this IP, and the MX record for the alias is set to the email domain. Yes, there is a PTR record set up for the alias that points to this A record (the public IP).
        Could you give some bogus domain names as examples because I'm having a hard time keeping track of what you're referring to when you say "alias" and "email domain".

        The issues it most likely DNS. One thing you want to make sure is to have the PTR for your public IP resolve to the A record that points to the IP.

        You may have done that but when you said "a PTR record set up for the alias that points to this A record" there's three things at play and there should only be two.
        Regards,
        Jeremy

        Network Consultant/Engineer
        Baltimore - Washington area and beyond
        www.gma-cpa.com

        Comment


        • #5
          Re: Mail server madness!

          Originally posted by JeremyW View Post
          Could you give some bogus domain names as examples because I'm having a hard time keeping track of what you're referring to when you say "alias" and "email domain".

          The issues it most likely DNS. One thing you want to make sure is to have the PTR for your public IP resolve to the A record that points to the IP.

          You may have done that but when you said "a PTR record set up for the alias that points to this A record" there's three things at play and there should only be two.
          Alias = titanic.com
          Email domain (e.g. @sunset.com emails) = sunset.com

          The PTR record for the Public IP is currently set for the alias (titanic.com) domain, which is the same IP used for sunset.com

          When I ping titanic.com, however, I get a 'request timed out.'

          Breakthrough:

          I looked into the outbound and inbound ACLs on the firewall and allowed SMTP to talk to external SMTP on port 25. I think this is why I am now able to send email to sbcglobal.net , but for some reason still cannot send to earthlink.net addresses.
          Last edited by MadHatter; 22nd February 2009, 00:03.

          Comment


          • #6
            Re: Mail server madness!

            Not sure I get it.

            Please fill in the question mark and correct any information below:
            - host (A) record "titanic.com' points to 11.11.11.11
            - host (A) record "sunset.com" points to ???
            - PTR record "11.11.11.11" points to titanic.com
            - your email server send email out on IP address 11.11.11.11

            Also, do you have any SPF records or domain keys that need to be updated?
            Regards,
            Jeremy

            Network Consultant/Engineer
            Baltimore - Washington area and beyond
            www.gma-cpa.com

            Comment


            • #7
              Re: Mail server madness!

              Originally posted by JeremyW View Post
              Not sure I get it.

              Please fill in the question mark and correct any information below:
              - host (A) record "titanic.com' points to 11.11.11.11
              - host (A) record "sunset.com" points to ???
              - PTR record "11.11.11.11" points to titanic.com
              - your email server send email out on IP address 11.11.11.11

              Also, do you have any SPF records or domain keys that need to be updated?
              Thank you for your response.

              A record (sunset.com) points to 11.11.11.11 (same as titanic.com which is supposed to be the alias email domain for sunset.com

              All other information you have listed is accurate as to the current configuration.
              I do not think any SPF records or domain keys need updating.

              I tried setting the MX record for titanic.com to point to sunset.com (NOT mail.sunset.com, but sunset.com) and I'm not sure I should have done that as I didn't see an MX record from before.

              So, the only change has been a switch to another ISP.

              Comment


              • #8
                Re: Mail server madness!

                OK, what is the hostname that is in the SMTP header when your server sends email?
                Is it titanic.com? sunset.com? mail.sunset.com?

                If it's titanic.com then your DNS is configured correctly.

                What it might be is earthlink.net is blocking your IP because it used to be an open relay or it used to be part of a dynamic range. If you continue to get errors you should contact earthlink.net and ask them why they are blocking your IP. They probably need to remove it from an RBL of theirs.

                You can check your domain and IP address against multiple RLBs by using free sites or scripts: http://www.google.com/search?q=check...ient=firefox-a
                Regards,
                Jeremy

                Network Consultant/Engineer
                Baltimore - Washington area and beyond
                www.gma-cpa.com

                Comment


                • #9
                  Re: Mail server madness!

                  Originally posted by JeremyW View Post
                  OK, what is the hostname that is in the SMTP header when your server sends email?
                  Is it titanic.com? sunset.com? mail.sunset.com?

                  If it's titanic.com then your DNS is configured correctly.

                  What it might be is earthlink.net is blocking your IP because it used to be an open relay or it used to be part of a dynamic range. If you continue to get errors you should contact earthlink.net and ask them why they are blocking your IP. They probably need to remove it from an RBL of theirs.

                  You can check your domain and IP address against multiple RLBs by using free sites or scripts: http://www.google.com/search?q=check...ient=firefox-a
                  Amazing!

                  Yes, the error message is 'Received by titanic.com' and sent from '[email protected]'

                  I believe you are right about the IP blocking. I just spoke to the ISP and they confirmed that Earthlink is possibly blocking the IP.

                  AOL's postmaster also said the IP may have been part of a dynamic range.

                  I don't know how if these were given to us to be used as static IPs. Were they once dynamic, blocked back then, and now handed out as static? Sounds like that is what happened.

                  I will give an update in a couple of days when I hear back from the other ISPs' spam abuse teams. Thank you everyone for your insight.

                  Comment


                  • #10
                    Re: Mail server madness!

                    Originally posted by MadHatter View Post
                    Yes, the error message is 'Received by titanic.com' and sent from '[email protected]'
                    That's not what I'm talking about. The SMTP header looks something like this:
                    Code:
                    Received: from exprod6mo101.postini.com (1.1.1.1) by mail.domain.com
                     (10.10.10.53) with Microsoft SMTP Server (TLS) id 8.1.336.0; Tue, 24 Feb 2009
                     06:19:59 -0500
                    Received: from exprod6lut001.postini.com (exprod6lut001.postini.com
                     [1.1.1.1])	by exprod6mo101.postini.com (Postfix) with SMTP id 4E18A98D99
                    	for <[email protected]>; Tue, 24 Feb 2009 03:17:40 -0800 (PST)
                    From: Blah blah blah <[email protected]>
                    To: <[email protected]>
                    Subject: blah blah blah
                    Date: Tue, 24 Feb 2009 03:17:40 -0800
                    MIME-Version: 1.0
                    Content-Type: text/plain
                    Message-ID: <[email protected]>
                    Return-Path: [email protected]
                    You will need to test by sending an email to an external account and then check the header on it. The highlighted portion should read titanic.com (11.11.11.11).

                    But I still suspect it's setup correctly and the problem lies with the RBLs and the IP past history.
                    Regards,
                    Jeremy

                    Network Consultant/Engineer
                    Baltimore - Washington area and beyond
                    www.gma-cpa.com

                    Comment

                    Working...
                    X