SMTP failure
in [Postfix]
|
Prev: alternatative to Mailman
Next: Mails bounced 550 5.7.1
From: Victor Duchovni on 19 Mar 2010 13:33 On Fri, Mar 19, 2010 at 12:32:13PM -0400, Wietse Venema wrote: > > > And why would Yahoo be doing a CNAME lookup? > > > > Their MTA does that for all destinations, among other lookups. > > > > Your DNS server is a bit odd: > > > > $ dig +trace -t any slsware.com > > > > ;; connection timed out; no servers could be reached > > > > While asking for "cname" or "mx" works... Perhaps their code does a > > "T_ANY" lookup. > > If I recall correctly, Yahoo runs a modified qmail, and indeed: > > switch(resolve(sa,T_ANY)) So that's the issue then, the DNS server in question does not support T_ANY. Most likely it is behind a firewall that does not understand T_ANY, and drops the DNS packets for security reasons. Otherwise, the DNS server itself is deficient. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note.
From: Wietse Venema on 19 Mar 2010 14:27 Victor Duchovni: > On Fri, Mar 19, 2010 at 12:32:13PM -0400, Wietse Venema wrote: > > > > > And why would Yahoo be doing a CNAME lookup? > > > > > > Their MTA does that for all destinations, among other lookups. > > > > > > Your DNS server is a bit odd: > > > > > > $ dig +trace -t any slsware.com > > > > > > ;; connection timed out; no servers could be reached > > > > > > While asking for "cname" or "mx" works... Perhaps their code does a > > > "T_ANY" lookup. > > > > If I recall correctly, Yahoo runs a modified qmail, and indeed: > > > > switch(resolve(sa,T_ANY)) > > So that's the issue then, the DNS server in question does not support > T_ANY. Most likely it is behind a firewall that does not understand T_ANY, > and drops the DNS packets for security reasons. Otherwise, the DNS server > itself is deficient. Just to clarify, this DNS server is likely to create the same problem with other sites that run a version of the qmail MTA. According to the qmail CHANGES file entry 19961003, it uses T_ANY as a workaround for DNS servers that broke with T_CNAME. Of course, using T_ANY introduces other failure modes (reply too big, or broken infrastructure). Wietse
From: brian moore on 19 Mar 2010 16:26 On Fri, 19 Mar 2010 14:27:29 -0400 (EDT) Wietse Venema <wietse(a)porcupine.org> wrote: > Just to clarify, this DNS server is likely to create the same > problem with other sites that run a version of the qmail MTA. That sounds like a feature to me.
From: Glenn English on 19 Mar 2010 16:29 On Mar 19, 2010, at 2:26 PM, brian moore wrote: > On Fri, 19 Mar 2010 14:27:29 -0400 (EDT) > Wietse Venema <wietse(a)porcupine.org> wrote: > >> Just to clarify, this DNS server is likely to create the same >> problem with other sites that run a version of the qmail MTA. > > That sounds like a feature to me. Soon as I get it figured out, I'll let you know how to implement it. -- Glenn English ghe(a)slsware.com
From: Victor Duchovni on 19 Mar 2010 16:30
On Fri, Mar 19, 2010 at 01:26:03PM -0700, brian moore wrote: > On Fri, 19 Mar 2010 14:27:29 -0400 (EDT) > Wietse Venema <wietse(a)porcupine.org> wrote: > > > Just to clarify, this DNS server is likely to create the same > > problem with other sites that run a version of the qmail MTA. > > That sounds like a feature to me. Perhaps, I am misreading the above as a mildly derogatory remark about qmail... If not, then: We don't make a habit of denigrating other MTAs here. We don't need to attack other MTAs to make Postfix look better. Postfix does well enough on its own merit. -- Viktor. P.S. Morgan Stanley is looking for a New York City based, Senior Unix system/email administrator to architect and sustain our perimeter email environment. If you are interested, please drop me a note. |