We are starting to make a little headway with this. Details are still
coming in but the general idea is that their anti-spam software is requiring
a dns lookup to verify the sending domain.
The dns query that is being sent is an IPv6 type=aaaa. Meaning they
want to know the IPv6 IP address of the domain of the sender. Our dns is
not setup to resolve IPv6 queries so it sends NXDOMAIN, or
NonExistantDomain. And the message get bounced by their antispam software
saying "Domain does not exist"
I am still not sure if IPv4 query is being sent. Or if we are wrong(Non
RFC Compliant) by not being capable of resolving IPv6 type=aaaa queries.
What's funny about this is that the registered dns servers at
reliant.com - my biggest problem and the guy that's pointing fingers at My
dns - doesn't resolve IPv6 queries either. They have an internal dns server
that does recursive IPv6 queries for the antispam software.
Todd
----- Original Message -----
From: "Len Conrad" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, July 03, 2003 7:55 PM
Subject: RE: [IMail Forum] Still getting bounced mail
>
> >
> >Doesn't the PTR have to match the forward?
>
> It should, but the err msg from sendmail is not talking about the reverse
> domain, it says it cannot resolve the envelope sender.domain, "domain does
> not exist", which is clearly false, since both his NSs are on-line and
> answering, to me, under 100 ms.
>
> Todd could fix his PTRs to match the A record, but I really don't think
> that is what sendmail is complaining about.
>
> I bet there's some network problem again, like we saw a couple of weeks
> ago, where I couldn't query an NS, but other could. backbone network got
> fixed, and I could query.
>
> If he had query logging on his NS, he could send mail to these domains,
and
> then see from which ip the queries come from, and then traceroute from his
> DNS to those DNS IPs.
>
> also, the see that the err is "undeliverable 553", which is a fatal error
> (don't try this msg again).
>
> If it were a DNS timeout, then sendmail should return a 4xx in case the
> error was not DNS but connectivity. After the 4xx, the msg will be
retried
> and if a transient connectivity pb, sendmail should get a DNS response
> (this is how postfix handles DNS timeouts, maybe sendmail can be foreced
to
> return 5xx for DNS timeout, bad practice).
>
> I can see one sendmail admin screwing up his config, but not so many
> different sendmails for largish org's.
>
> if re-booting really fixed that one site's rejections, they there may be
> some cache poisoning going on somewhere. re-booting the DNS would have
> cleared the poisoned cache.
>
> Len
>
> _____________________________________________________________________
> http://MenAndMice.com/DNS-training: Seattle; Chicago; San Jose; Wash DC
> IMGate.MEIway.com: anti-spam gateway, effective on 1000's of sites, free
>
>
> To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
> List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
> Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
>
>
To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html
List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
