Problem: Domain of sender address does not resolve
jim...@stmarkshs.net
I am running Postfix (2.0.16). All of my emails have been coming in and
going out without a problem (now that I have disabled procmail). I am
however having trouble with one domain accepting email from our users.=20
Here is an excerpt from mailq...
90895CD66A 1489 Mon Jan 12 00:10:15 P...@stmarkshs.net
(host i1.state.de.us[167.21.1.74] said: 451 4.1.8 Domain of sender addres=
s
P...@stmarkshs.net does not resolve (in reply to MAIL FROM command))
chstin...@appo.k12.de.us
C8B18D11E6 234012 Mon Jan 12 09:43:06 E...@stmarkshs.net
(host i1.state.de.us[167.21.1.74] said: 451 4.1.8 Domain of sender addres=
s
E...@stmarkshs.net does not resolve (in reply to MAIL FROM command))
poc...@cape.k12.de.us
There are about 10 of these emails all together, all of which end in de.u=
s
I do not get these errors when sending to any other domain. Our domains
are stmarksh.net, stmarkshs.org,and stmarkshs.com. We originally had=20
stmarks.pvt.k12.de.us which we dropped for the shorter domains, however I
believe everything really redirects to our k12.de.us.
We are hosting our own email (postfix) and dns servers on site. As far a=
s
I can tell our MX records for all of our domains are set up properly, but
I cannot be too sure. Can anyone give any insight??
Thanks
Jimmy
P.S. I can include the contents of any of our configuration files if
anyone thinks that will help....
Loic Minier
> Here is an excerpt from mailq...
> 90895CD66A 1489 Mon Jan 12 00:10:15 P...@stmarkshs.net
> (host i1.state.de.us[167.21.1.74] said: 451 4.1.8 Domain of sender address
> P...@stmarkshs.net does not resolve (in reply to MAIL FROM command))
> chstin...@appo.k12.de.us
This shows YOUR machine trying to talk to i1.state.de.us (a mail
server for appo.k12.de.us) which sees its mail refused because YOUR
domain doesn't resolve (their reply to your MAIL FROM command).
And your domain doesn't resolve indeed.
See <http://www.dnsreport.com/>.
--
Loic Minier <lo...@dooz.org>
Ralf Hildebrandt
> 90895CD66A 1489 Mon Jan 12 00:10:15 P...@stmarkshs.net
> (host i1.state.de.us[167.21.1.74] said: 451 4.1.8 Domain of sender address
> P...@stmarkshs.net does not resolve (in reply to MAIL FROM command))
> chstin...@appo.k12.de.us
i1.state.de.us is broken. It has a non working DNSresolver:
$ host -t mx stmarkshs.net
stmarkshs.net mail is handled by 10 aristotle.stmarks.pvt.k12.de.us.
--
Ralf Hildebrandt Ralf.Hil...@charite.de
my current spamtrap spam...@charite.de
http://www.arschkrebs.de/postfix/ Tel. +49 (0)30-450 570-155
Why you can't find your system administrators:
Vendor demonstration
Michael Breton
> From: Ralf Hildebrandt [mailto:Ralf.Hil...@charite.de]
> Sent: Monday, January 12, 2004 11:03 AM
> To: postfi...@postfix.org
> Subject: Re: Problem: Domain of sender address does not resolve
>
>
> * jim...@stmarkshs.net <jim...@stmarkshs.net>:
>
> > 90895CD66A 1489 Mon Jan 12 00:10:15 P...@stmarkshs.net
> > (host i1.state.de.us[167.21.1.74] said: 451 4.1.8 Domain of
> sender address
> > P...@stmarkshs.net does not resolve (in reply to MAIL FROM command))
> >
> chstin...@appo.k12.de.us
>
> i1.state.de.us is broken. It has a non working DNSresolver:
>
> $ host -t mx stmarkshs.net
> stmarkshs.net mail is handled by 10 aristotle.stmarks.pvt.k12.de.us.
Actually, the problem is the mail server at i1.state.de.us is checking for
the existence of an A record for stmarkshs.net, and one does not exist.
Just create an A record for stmarkshs.net in the DNS server and point it to
the current webserver for www.stmarkshs.net and all will be well for the
stmarkshs.net domain.
Michael Breton
Commtel
Rob Foehl
> > -----Original Message-----
> > From: Ralf Hildebrandt [mailto:Ralf.Hil...@charite.de]
> > Sent: Monday, January 12, 2004 11:03 AM
> > To: postfi...@postfix.org
> > Subject: Re: Problem: Domain of sender address does not resolve
> >
> >
> > * jim...@stmarkshs.net <jim...@stmarkshs.net>:
> >
> > > 90895CD66A 1489 Mon Jan 12 00:10:15 P...@stmarkshs.net
> > > (host i1.state.de.us[167.21.1.74] said: 451 4.1.8 Domain of
> > sender address
> > > P...@stmarkshs.net does not resolve (in reply to MAIL FROM command))
> > >
> > chstin...@appo.k12.de.us
> >
> > i1.state.de.us is broken. It has a non working DNSresolver:
> >
> > $ host -t mx stmarkshs.net
> > stmarkshs.net mail is handled by 10 aristotle.stmarks.pvt.k12.de.us.
>
>
> Actually, the problem is the mail server at i1.state.de.us is checking for
> the existence of an A record for stmarkshs.net, and one does not exist.
Also known as 'broken'.
-Rob
Michael Breton
No. This problem does not indicate a broken DNS resolver. The
i1.state.de.us server correctly determined that there was no A record for
the stmarkshs.net domain, and refused the email based on this info. Many
other systems would block email based on this same information.
It is considered poor practice to run a mail server on a domain (Say
domain1.tld has valid MX records for it), but not have an A record for the
domain itself. And that A record need not point to the mail server, and
normally would point to the web server for domain1.tld.
Michael Breton
Commtel
Jimmy Mensinger
> jim...@stmarkshs.net - Mon, Jan 12, 2004:
>=20
>> Here is an excerpt from mailq...
>> 90895CD66A 1489 Mon Jan 12 00:10:15 P...@stmarkshs.net
>> (host i1.state.de.us[167.21.1.74] said: 451 4.1.8 Domain of sender addre=
ss
>> P...@stmarkshs.net does not resolve (in reply to MAIL FROM command))
>> chstin...@appo.k12.de.us
>=20
> This shows YOUR machine trying to talk to i1.state.de.us (a mail
> server for appo.k12.de.us) which sees its mail refused because YOUR
> domain doesn't resolve (their reply to your MAIL FROM command).
>=20
> And your domain doesn't resolve indeed.
>=20
> See <http://www.dnsreport.com/>.
I figured it was a problem with our dns records. I contacted our ISP and h=
e
said our records looked ok, that=B9s why I turned to you people, who in my
opinion are more knowledgeable then most. I tried both tests and here are
the conflicting results:
------
Under the DNS Report option (used stmarkshs.net)
MX FAIL MX Category ERROR: Timeout. I could not reach any of your
nameservers to get a list of your MX records! They are likely down or
unreachable.
Mail FAIL Connect to mail servers ERROR: I could not find any
mailservers for stmarkshs.net.
-------
Under the Mail Test option (used stmarkshs.net)
Getting MX record for stmarkshs.net... Got it!
Host Preference IP(s) [Country]
aristotle.stmarks.pvt.k12.de.us. 10 216.83.116.8 [US]
-------
So the two tests the site offers contradict each other? One says it found
an mx record, the other one didn=B9t? Any further insights??
Jimmy
Jimmy Mensinger
>
> No. This problem does not indicate a broken DNS resolver. The
> i1.state.de.us server correctly determined that there was no A record for
> the stmarkshs.net domain, and refused the email based on this info. Many
> other systems would block email based on this same information.
>
> It is considered poor practice to run a mail server on a domain (Say
> domain1.tld has valid MX records for it), but not have an A record for the
> domain itself. And that A record need not point to the mail server, and
> normally would point to the web server for domain1.tld.
>
> Michael Breton
> Commtel
>
Ok, I just added an A record for stmarkshs.net and our other 3 domains.
Thanks for all of the suggestions. Hopefully this solves it. I guess all I
have to do now is wait for propogation to takes its course and see how
things go. Thanks once again!!!!
Jimmy
Loic Minier
> I figured it was a problem with our dns records. I contacted our ISP a=
nd he
> said our records looked ok, that=B9s why I turned to you people, who in=
my
> opinion are more knowledgeable then most. I tried both tests and here =
are
> the conflicting results:
Try again, it works here. I suggest you follow the WARNing advices at
the beginning of the report and correct them: they show that all your
NS servers won't be used, and worse: one doesn't respond at all (after
multiple retries).
Maybe the dnsreport.com had problems joining this particular nameserver
and could not continue with the MX tests.
On my first "dig mx stmarkshs.net", I got no response (timeout). Now
I see that your DNS configuration is not completely broken but that
because some servers are down and because it is not completely correct,
there are some chances that MX resolution fails.
I understand your ISP just did a MX test, link your contact to the
dnsreport.com site for him to address the problem.
Regards,
--=20
Loic Minier <lo...@dooz.org>
Vivek Khera
On Jan 12, 2004, at 11:14 AM, Michael Breton wrote:
> It is considered poor practice to run a mail server on a domain (Say
> domain1.tld has valid MX records for it), but not have an A record for
> the
> domain itself. And that A record need not point to the mail server,
> and
> normally would point to the web server for domain1.tld.
According to whom? I don't put A records on several of my domains that
are used only for email, and I don't intend to start.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Vivek Khera, Ph.D. Khera Communications, Inc.
Internet: kh...@kciLink.com Rockville, MD +1-301-869-4449 x806
AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
Ralf Hildebrandt
>
> On Jan 12, 2004, at 11:14 AM, Michael Breton wrote:
>
> >It is considered poor practice to run a mail server on a domain (Say
> >domain1.tld has valid MX records for it), but not have an A record for
> >the
> >domain itself. And that A record need not point to the mail server,
> >and
> >normally would point to the web server for domain1.tld.
>
> According to whom? I don't put A records on several of my domains that
> are used only for email, and I don't intend to start.
charite.de works the same, btw. And I can send mail anywhere.
--
Ralf Hildebrandt Ralf.Hil...@charite.de
my current spamtrap spam...@charite.de
http://www.arschkrebs.de/postfix/ Tel. +49 (0)30-450 570-155
What goes up, must come down.
Ask any system administrator.
Jimmy Mensinger
>
> On Jan 12, 2004, at 11:14 AM, Michael Breton wrote:
>
>> It is considered poor practice to run a mail server on a domain (Say
>> domain1.tld has valid MX records for it), but not have an A record for
>> the
>> domain itself. And that A record need not point to the mail server,
>> and
>> normally would point to the web server for domain1.tld.
>
> According to whom? I don't put A records on several of my domains that
> are used only for email, and I don't intend to start.
>
> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> Vivek Khera, Ph.D. Khera Communications, Inc.
> Internet: kh...@kciLink.com Rockville, MD +1-301-869-4449 x806
> AIM: vivekkhera Y!: vivek_khera http://www.khera.org/~vivek/
>
>
If I add an A record to my dns server for my domains I will have to wait for
the information to propogate correct??? I just tried to flush the mailq and
got the same messages. I assume the fix wont happen in real time?
Jimmy
Rob Foehl
> > -----Original Message-----
> > From: Rob Foehl [mailto:r...@loonybin.net]
> > Sent: Monday, January 12, 2004 11:08 AM
> > To: postfi...@postfix.org
> > Subject: RE: Problem: Domain of sender address does not resolve
> >
> >
> > On Mon, 12 Jan 2004, Michael Breton wrote:
> >
> > > > -----Original Message-----
> > > > From: Ralf Hildebrandt [mailto:Ralf.Hil...@charite.de]
> > > > Sent: Monday, January 12, 2004 11:03 AM
> > > > To: postfi...@postfix.org
> > > > Subject: Re: Problem: Domain of sender address does not resolve
> > > >
> > > > i1.state.de.us is broken. It has a non working DNSresolver:
> > > >
> > > > $ host -t mx stmarkshs.net
> > > > stmarkshs.net mail is handled by 10
> > aristotle.stmarks.pvt.k12.de.us.
> > >
> > >
> > > Actually, the problem is the mail server at i1.state.de.us
> > is checking for
> > > the existence of an A record for stmarkshs.net, and one
> > does not exist.
> >
> > Also known as 'broken'.
>
> No. This problem does not indicate a broken DNS resolver. The
> i1.state.de.us server correctly determined that there was no A record for
> the stmarkshs.net domain, and refused the email based on this info. Many
> other systems would block email based on this same information.
Okay, I'll qualify that; the resolver isn't broken, the test performed by
the MTA is. The domain had a valid MX.
> It is considered poor practice to run a mail server on a domain (Say
> domain1.tld has valid MX records for it), but not have an A record for the
> domain itself. And that A record need not point to the mail server, and
> normally would point to the web server for domain1.tld.
There are an awful lot of domains out there without A records attached to
them, and nobody broke any rules in doing so; refusing mail from a domain
with valid MX records but no A records is considered poor practice. ;)
-Rob
Loic Minier
> If I add an A record to my dns server for my domains I will have to wait for
> the information to propogate correct??? I just tried to flush the mailq and
> got the same messages. I assume the fix wont happen in real time?
Yes, you will have to wait. However, it might be because of your
broken NS list that the destination domain can't resolve.
Anyway, correct your NS, and if possible add an A record. I you don't
want to add an unnecessary A record or can't, simply contact the domain
you are trying to contact and tell them it's a bit excessive to check
for A records and they could use MX records instead.
Regards,
--
Loic Minier <lo...@dooz.org>
Alex van den Bogaerdt
> Okay, I'll qualify that; the resolver isn't broken, the test performed by
> the MTA is. The domain had a valid MX.
No, the DNS setup on the sending side is broken.
If one out of "x" DNS servers claim there are no entries for "domain",
there's a one in "x" chance the receiving side talks to this particular
DNS server and is getting a wrong answer.
The receiving side is told there is no MX record and no A record.
Their test is OK.
Alex
--
begin sig
http://www.googlism.com/index.htm?ism=alex+van+den+bogaerdt&type=1
This message was produced without any <iframe tags
Victor....@morganstanley.com
> It is considered poor practice to run a mail server on a domain (Say
> domain1.tld has valid MX records for it), but not have an A record for the
> domain itself. And that A record need not point to the mail server, and
> normally would point to the web server for domain1.tld.
>
Please do not spread FUD in this forum. No such requirement or best
practice exists.
--
Viktor.