For the past few months, a user at my company has reported difficulties receiving mail sent from a particular educational institution. After examining the problem and getting some help from someone on the technical staff there, I think I've found what's going on. But I wonder if anyone has any additional insights or suggestions.
The problem occurs when the person sending the mail has an email address where the domain portion lacks an MX record. The domain portion does have a valid A record, though. During the SMTP transaction, SIMS was taking approximately 58 seconds to reply to the MAIL FROM command. E.g., 11:59:42 4 SMTP-300(smtp.bigschool.edu) Input Line: mail from:<[EMAIL PROTECTED]>\r 12:00:40 4 SMTP-300(smtp.bigschool.edu) No relay exists for 'psych.bigschool.edu' 12:00:40 4 SMTP-300(smtp.bigschool.edu) Looking for psych.bigschool.edu 12:00:40 4 SMTP-300(smtp.bigschool.edu) Sending 250 <[EMAIL PROTECTED]> sender accepted\r\n However, by the time SIMS had responded, the remote server had timed out the connection: 12:00:40 3 SMTP-300(smtp.bigschool.edu) Abort Received, reason=54 12:00:40 4 SMTP-300(smtp.bigschool.edu) Nothing read - stream broken 12:00:40 3 SMTP-300(smtp.bigschool.edu) Reading Failed. Error Code=-25010. Read: At the remote end, the sender eventually gets a "warning: could not send message" notice with a transcript that reads: 451 4.4.1 reply: read error from mprinc.com. <[EMAIL PROTECTED]>... Deferred: Connection timed out with mprinc.com It seems there are three things that can be done to fix this problem. 1. Get bigschool.edu to increase its timeouts if possible. (All outbound mail at bigschool.edu passes through a centrally-managed cluster.) This should work since I have found mail from other sources coming through our server where the sender's address only has an A record, provided the remote server is patient. 1a. Get bigschool.edu to create MX records for its various departmental mailservers. Would work, but may be asking too much. 2. Turn off "verify return path". This would let in a little more spam, unfortunately. 3. Reduce the amount of time it takes SIMS to perform the return path lookup. After going into the TCP/IP control panel on the SIMS machine and removing all the DNS servers except itself (QuickDNS 3.5.3 runs on the same machine), I found that the return path verification was reduced to about 14 seconds when the path contained a valid A record but no MX record. Since there were originally 4 DNS servers in the TCP/IP control panel, it's likely that SIMS takes 14 seconds per server to do the verification (4 x 14 = 56 seconds). This brings me to the following questions: 1) Any problems with my analysis? 2) Is bigschool.edu's timeout on their outbound SMTP sessions unreasonably short? 3) How many other DNS servers should I include in the TCP/IP control panel, and which ones? I think I should have at least one besides QuickDNS, but maybe I shouldn't have the server refer to itself at all. Thanks in advance for your help. --Elliot Wilen ############################################################# This message is sent to you because you are subscribed to the mailing list <[EMAIL PROTECTED]>. To unsubscribe, E-mail to: <[EMAIL PROTECTED]> To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]> To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]> Send administrative queries to <[EMAIL PROTECTED]>
