Re: [qmailtoaster] re: delay

[Maxwell Smart]

I am still having delays of up to 20 minutes for e mail to be 
delivered.  Here is a snip of a header sent from the mail server to the 
same mail server.  These used to be virtually simultaneous. 

Content-Filter: maildrop-toaster
Return-Path: <r...@area510.net>
Delivered-To: yother.com...@yother.com
Received: (qmail 1363 invoked by uid 89); 24 Sep 2009 02:30:18 -0000
Received: by simscan 1.4.0 ppid: 1340, pid: 1342, t: 11.6467s
        scanners: attach: 1.4.0 clamav: 0.95.2
/m:51/d:9803 spam: 3.2.5
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on laetitia.area510.net
X-Spam-Level: 
X-Spam-Status: No, score=-2.5 required=5.0 tests=AWL,BAYES_00,RDNS_NONE
        autolearn=no version=3.2.5
Received: from unknown (HELO nlpi157.prodigy.net) (unkn...@207.115.36.171)
 by laetitia.area510.net with SMTP; 24 Sep 2009 02:30:06 -0000
Received-SPF: unknown (laetitia.area510.net: Maximum nesting level exceeded, 
possible loop)
Received: from sophia.area510.net (ns1.area510.net [64.168.70.132])
        (authenticated bits=0)
        by nlpi157.prodigy.net (8.13.8 smtpauth/dk/map_regex/8.13.8) with ESMTP 
id n8O2U52w001792
        for <c...@yother.com>; Wed, 23 Sep 2009 21:30:05 -0500
Received: by sophia.area510.net (Postfix, from userid 0)
        id EFB17202B9; Wed, 23 Sep 2009 19:30:05 -0700 (PDT)
If I am reading this correctly there is only 13 seconds elapsed from the 
time the server received the message to the time it sent it, yet I am 
not able to check it for up to 20 minutes in some cases.  Any ideas 
where to look to try and isolate this?

Here is another snip from the mail server to a sbc account.  Nearly 19 
minutes lapse.

From - Wed Sep 23 21:45:56 2009
X-Account-Key: account4
X-UIDL: 20090924044227M04001q1vre000078
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:                                                                                 
Received: from nlpi147.prodigy.net ([207.115.36.161])
         by isp.att.net (frfwmxc04) with ESMTP
         id <20090924044226M0400n0jore>; Thu, 24 Sep 2009 04:42:26 +0000
X-Originating-IP: [207.115.36.161]
X-Originating-IP: [64.168.70.133]
Received: from laetitia.area510.net (mail.yother.com [64.168.70.133])
        by nlpi147.prodigy.net (8.13.8 inb ipv6 jeff0203/8.13.8) with ESMTP id 
n8O4gPhU017190
        for <cjyot...@pacbell.net>; Wed, 23 Sep 2009 23:42:26 -0500
Received: (qmail 7599 invoked by uid 89); 24 Sep 2009 04:23:50 -0000
Received: by simscan 1.4.0 ppid: 7591, pid: 7594, t: 0.0982s
        scanners: attach: 1.4.0 clamav: 0.95.2
/m: 51/d:9803
Received: from unknown (HELO ?192.168.1.145?) (c...@yother.com@71.139.170.193)
 by laetitia.area510.net with ESMTPA; 24 Sep 2009 04:23:50 -0000
Message-ID: <4abaf455.4030...@yother.com>


I can also watch tail -f /var/log/qmail/smtp/current and see an email 
pass through, but still not be able to retrieve it for up to 20 minutes 
sometimes. 

I have also tested my ISP's  DNS server response times and they are both 
in the 8.00ms range.  The caching nameserver appears to be working 
correctly too.

64 bytes from 206.13.28.12: icmp_seq=1 ttl=253 time=8.01 ms
64 bytes from 206.13.28.12: icmp_seq=2 ttl=253 time=7.81 ms
64 bytes from 206.13.28.12: icmp_seq=3 ttl=253 time=8.45 ms
64 bytes from 206.13.28.12: icmp_seq=4 ttl=253 time=7.66 ms
64 bytes from 206.13.28.12: icmp_seq=5 ttl=253 time=7.99 ms

CJ

Maxwell Smart wrote:
Thanks Jake,

That's what I was able to glean from the info I read.  I am not sure how
I am going to ultimately set this up yet.  This is all making me rethink
my entire rack configuration.  I have been trying to simplify this and
it only seems to be getting more complex.

Is it OK to see entries like this in my message file.  My understanding
is the only one that is critical is the host unreachable, but I have
periodically checked it and it's working correctly.

Sep 23 11:15:25 laetitia named[22986]: unexpected RCODE (SERVFAIL)
resolving '95.193.115.189.in-addr.arpa/CNAME/IN': 200.175.89.133#53
Sep 23 11:15:25 laetitia named[22986]: unexpected RCODE (SERVFAIL)
resolving '95.193.115.189.in-addr.arpa/PTR/IN': 200.175.89.133#53
Sep 23 11:17:03 laetitia named[22986]: client 127.0.0.1#53386: error
sending response: host unreachable
Sep 23 12:05:43 laetitia named[22986]: unexpected RCODE (REFUSED)
resolving 'pdnssr01.ebnccsb.com.my/AAAA/IN': 161.142.2.17#53
Sep 23 12:05:43 laetitia named[22986]: unexpected RCODE (REFUSED)
resolving 'pdnssr01.ebnccsb.com.my/A/IN': 161.142.2.17#53
Sep 23 12:05:46 laetitia named[22986]: lame server resolving
'maybank.my' (in 'maybank.my'?): 202.187.45.2#53
Sep 23 12:06:12 laetitia named[22986]: client 127.0.0.1#33727: error
sending response: host unreachable
Sep 23 12:06:45 laetitia named[22986]: client 127.0.0.1#43177: error
sending response: host unreachable
Sep 23 12:09:38 laetitia named[22986]: lame server resolving
'205.111.106.86.in-addr.arpa' (in '111.106.86.in-addr.arpa'?): 89.38.57.5#53
Sep 23 12:09:39 laetitia named[22986]: lame server resolving
'205.111.106.86.in-addr.arpa' (in '111.106.86.in-addr.arpa'?):
86.55.208.16#53

CJ

Jake Vickers wrote:
  
Eric Shubert wrote:
    
I don't know off hand.

Hey Jake, what do you know about this? (I'm guessing quite a bit!)

Maxwell Smart wrote:
      
Eric,

I think I am getting it sorted.  Here is a snip of my named.conf
file.   Do I need to allow-query;?  Also do I need the forwarders,
ISP's DNS servers since the db.cache is the ROOT SERVERS?  From what
I have read it is the recommended way to set it up.

options {
       directory "/etc";
       pid-file "/var/run/named/named.pid";
       version "request not permitted";
       allow-notify {64.168.70.132;};
       allow-transfer {"none";};
       forwarders {
               63.203.35.55;
               206.13.28.12;
               206.13.30.12;
               };
};

zone "." {
       type hint;
       file "/etc/db.cache";
       };

        
There are 2 mind sets to forwarders. If you do not define your ISPs,
your server will use the root servers. You are obviously getting the
highest authority on answers there, but resolve times can lag a little.
By using your ISPs upstream servers for forwarders, you're cutting
down on network traffic since your request is only going to the ISP
office/colo instead of one of the root DNS servers (which may be in
another state). So you have to look at it both as a security view, and
a bandwidth view. I think by now all of the ISP DNS servers are
patched for the cache poisoning so that is probably not  a concern,
but if your ISP does DNS redirecting for unknown/unresolvable domains
then you may need to take that into consideration.

For allow query, you're now going to be moving into the realm of an
authoritative and resolving server in the same box. Perfectly fine, if
you configure correctly. Normally with allow-query you would define an
acl (access list) that is allowed to query your server. You can even
do some fancy stuff like I do here in my office and have different DNS
zones for your internal network and your external network.


---------------------------------------------------------------------------------

Qmailtoaster is sponsored by Vickers Consulting Group
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and
installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------

    Please visit qmailtoaster.com for the latest news, updates, and
packages.
         To unsubscribe, e-mail:
qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail:
qmailtoaster-list-h...@qmailtoaster.com


    

---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
    Vickers Consulting Group offers Qmailtoaster support and installations.
      If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
     Please visit qmailtoaster.com for the latest news, updates, and packages.
     
      To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
     For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com


  

---------------------------------------------------------------------------------
Qmailtoaster is sponsored by Vickers Consulting Group 
(www.vickersconsulting.com)
   Vickers Consulting Group offers Qmailtoaster support and installations.
     If you need professional help with your setup, contact them today!
---------------------------------------------------------------------------------
    Please visit qmailtoaster.com for the latest news, updates, and packages.
    
     To unsubscribe, e-mail: qmailtoaster-list-unsubscr...@qmailtoaster.com
    For additional commands, e-mail: qmailtoaster-list-h...@qmailtoaster.com