Jump to content

5.1.2 - Bad destination host 'DNS Hard Error...


Recommended Posts

Posted

Hi

I have recently re-enabled my Spamcop account as my ISP's own filtering was too leaky. I have Spamcop set up to retrieve mail from 2 external POP accounts. I came in this morning to find very little email from over the weekend. Great! I thought, I would usually have lots of spam. However, the morning drew on and I wasn't receiving any non-spam either. I sent my self a message from a Gmail account to test it and I got this back:

The following message to <myspamcopuser[at]spamcop.net> was undeliverable.

The reason for the problem:

5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX): NXDomain'

All of my clients have been receiving the same message. Why is the mail being bounced in this way?

Regards,

Robin

Posted

That must be an internal issue at Corporate Email Systems. I'm seeing the following:

11/08/04 08:52:21 dig filter2.cesmail.net [at] 216.175.203.50

Dig filter2.cesmail.net[at]dns5.name-services.com (212.118.243.118) ...

Authoritative Answer

Query for filter2.cesmail.net type=255 class=1

  filter2.cesmail.net A (Address) 192.168.1.211

  filter2.cesmail.net A (Address) 192.168.1.214

  filter2.cesmail.net A (Address) 192.168.1.216

  filter2.cesmail.net A (Address) 192.168.1.212

  cesmail.net NS (Nameserver) dns1.name-services.com

  cesmail.net NS (Nameserver) dns2.name-services.com

  cesmail.net NS (Nameserver) dns3.name-services.com

  cesmail.net NS (Nameserver) dns4.name-services.com

  cesmail.net NS (Nameserver) dns5.name-services.com

  dns1.name-services.com A (Address) 63.251.163.102

  dns2.name-services.com A (Address) 216.52.184.230

  dns3.name-services.com A (Address) 63.251.83.36

  dns4.name-services.com A (Address) 64.74.96.242

  dns5.name-services.com A (Address) 212.118.243.118

Dig filter2.cesmail.net[at]dns4.name-services.com (64.74.96.242) ...

Authoritative Answer

Query for filter2.cesmail.net type=255 class=1

  filter2.cesmail.net A (Address) 192.168.1.211

  filter2.cesmail.net A (Address) 192.168.1.214

  filter2.cesmail.net A (Address) 192.168.1.216

  filter2.cesmail.net A (Address) 192.168.1.212

  cesmail.net NS (Nameserver) dns1.name-services.com

  cesmail.net NS (Nameserver) dns2.name-services.com

  cesmail.net NS (Nameserver) dns3.name-services.com

  cesmail.net NS (Nameserver) dns4.name-services.com

  cesmail.net NS (Nameserver) dns5.name-services.com

  dns1.name-services.com A (Address) 63.251.163.102

  dns2.name-services.com A (Address) 216.52.184.230

  dns3.name-services.com A (Address) 63.251.83.36

  dns4.name-services.com A (Address) 64.74.96.242

  dns5.name-services.com A (Address) 212.118.243.118

Dig filter2.cesmail.net[at]dns3.name-services.com (63.251.83.36) ...

Authoritative Answer

Query for filter2.cesmail.net type=255 class=1

  filter2.cesmail.net A (Address) 192.168.1.211

  filter2.cesmail.net A (Address) 192.168.1.214

  filter2.cesmail.net A (Address) 192.168.1.216

  filter2.cesmail.net A (Address) 192.168.1.212

  cesmail.net NS (Nameserver) dns1.name-services.com

  cesmail.net NS (Nameserver) dns2.name-services.com

  cesmail.net NS (Nameserver) dns3.name-services.com

  cesmail.net NS (Nameserver) dns4.name-services.com

  cesmail.net NS (Nameserver) dns5.name-services.com

  dns1.name-services.com A (Address) 63.251.163.102

  dns2.name-services.com A (Address) 216.52.184.230

  dns3.name-services.com A (Address) 63.251.83.36

  dns4.name-services.com A (Address) 64.74.96.242

  dns5.name-services.com A (Address) 212.118.243.118

Dig filter2.cesmail.net[at]dns2.name-services.com (216.52.184.230) ...

Authoritative Answer

Query for filter2.cesmail.net type=255 class=1

  filter2.cesmail.net A (Address) 192.168.1.211

  filter2.cesmail.net A (Address) 192.168.1.214

  filter2.cesmail.net A (Address) 192.168.1.216

  filter2.cesmail.net A (Address) 192.168.1.212

  cesmail.net NS (Nameserver) dns1.name-services.com

  cesmail.net NS (Nameserver) dns2.name-services.com

  cesmail.net NS (Nameserver) dns3.name-services.com

  cesmail.net NS (Nameserver) dns4.name-services.com

  cesmail.net NS (Nameserver) dns5.name-services.com

  dns1.name-services.com A (Address) 63.251.163.102

  dns2.name-services.com A (Address) 216.52.184.230

  dns3.name-services.com A (Address) 63.251.83.36

  dns4.name-services.com A (Address) 64.74.96.242

  dns5.name-services.com A (Address) 212.118.243.118

Dig filter2.cesmail.net[at]dns1.name-services.com (63.251.163.102) ...

Authoritative Answer

Query for filter2.cesmail.net type=255 class=1

  filter2.cesmail.net A (Address) 192.168.1.211

  filter2.cesmail.net A (Address) 192.168.1.214

  filter2.cesmail.net A (Address) 192.168.1.216

  filter2.cesmail.net A (Address) 192.168.1.212

  cesmail.net NS (Nameserver) dns1.name-services.com

  cesmail.net NS (Nameserver) dns2.name-services.com

  cesmail.net NS (Nameserver) dns3.name-services.com

  cesmail.net NS (Nameserver) dns4.name-services.com

  cesmail.net NS (Nameserver) dns5.name-services.com

  dns1.name-services.com A (Address) 63.251.163.102

  dns2.name-services.com A (Address) 216.52.184.230

  dns3.name-services.com A (Address) 63.251.83.36

  dns4.name-services.com A (Address) 64.74.96.242

  dns5.name-services.com A (Address) 212.118.243.118

Dig filter2.cesmail.net[at]216.175.203.50 ...

Non-authoritative answer

Recursive queries supported by this server

Query for filter2.cesmail.net type=255 class=1

  filter2.cesmail.net A (Address) 192.168.1.211

  filter2.cesmail.net A (Address) 192.168.1.212

  filter2.cesmail.net A (Address) 192.168.1.214

  filter2.cesmail.net A (Address) 192.168.1.216

  cesmail.net NS (Nameserver) dns1.name-services.com

  cesmail.net NS (Nameserver) dns2.name-services.com

  cesmail.net NS (Nameserver) dns3.name-services.com

  cesmail.net NS (Nameserver) dns4.name-services.com

  cesmail.net NS (Nameserver) dns5.name-services.com

Posted

Hi Jeff

So what does this mean? CES is Spamcop's owner, so do they have a DNS problem they need to resolve? Or am I doing something wrong?

I can post the full header of the bounce email if necessary.

Robin

Posted
So what does this mean? CES is Spamcop's owner, so do they have a DNS problem they need to resolve? Or am I doing something wrong?

19738[/snapback]

I'm getting the same bounce messages, too. A test message sent to my [name][at]spamcop.net email address came back with:

"5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX): NXDomain' (delivery attempts: 0)"

I've had Spamcop POPping mail from my old account for processing for a couple of years now, and have made no changes to any relevant settings.

Cheers, Nick

Posted

A full copy of the bounce (with personal details elided) would certainly help in the troubleshooting.

Posted

The following message to <[at]spamcop.net> was undeliverable.

The reason for the problem:

5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX): NXDomain'

Here is one Jeff, Can't get the full headers from gmail at the moment, seems to be hung.

JP

Posted

Here you go:

X-Gmail-Received: 1c85586eb5af60437b0cf805c2bf1e9ccd9dcbe7

Delivered-To: mygmailid[at]gmail.com

Received: by 10.38.150.47 with SMTP id x47cs43746rnd;

        Mon, 8 Nov 2004 04:44:18 -0800 (PST)

Received: by 10.38.10.72 with SMTP id 72mr813750rnj;

        Mon, 08 Nov 2004 04:44:17 -0800 (PST)

Return-Path: <>

Received: from c60.cesmail.net ([216.154.195.49])

        by mx.gmail.com with ESMTP id 72si195366rna;

        Mon, 08 Nov 2004 04:44:17 -0800 (PST)

Received-SPF: neutral (gmail.com: 216.154.195.49 is neither permitted nor denied by domain of )

Received: from unknown (0.0.0.0)

  by c60.cesmail.net with ; 08 Nov 2004 07:44:17 -0500

Date: 08 Nov 2004 07:44:17 -0500

To: mygmailid[at]gmail.com

From: Mail Delivery System <MAILER-DAEMON[at]c60.cesmail.net>

Subject: Delivery Status Notification (Failure)

MIME-Version: 1.0

Content-Type: multipart/report; report-type=delivery-status; boundary="326194473129880.c60.cesmail.net"

--326194473129880.c60.cesmail.net

content-type: text/plain

The following message to <myspamcopid[at]spamcop.net> was undeliverable.

The reason for the problem:

5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX):  NXDomain'

--326194473129880.c60.cesmail.net

content-type: message/delivery-status

Final-Recipient: rfc822;myspamcopid[at]spamcop.net

Action: failed

Status: 5.0.0 (permanent failure)

Diagnostic-Code: smtp; 5.1.2 - Bad destination host 'DNS Hard Error looking up filter2.cesmail.net (MX):  NXDomain' (delivery attempts: 0)

Reporting-MTA: dns; c60.cesmail.net

--326194473129880.c60.cesmail.net

content-type: message/rfc822

Received: (qmail 28286 invoked from network); 8 Nov 2004 10:45:44 -0000

Received: from unknown (HELO mailgate.cesmail.net) (192.168.1.101)

  by mailgate.cesmail.net with SMTP; 8 Nov 2004 10:45:44 -0000

X-Sieve: cmu-sieve 2.0

Received: from pop-1.mail.vi.net [212.78.66.245]

by mailgate.cesmail.net with POP3 (fetchmail-6.2.1)

for myspamcopid[at]spamcop.net (single-drop); Mon, 08 Nov 2004 05:45:44 -0500 (EST)

Received: from mxhost-1.vi.net (mxhost-1.vi.net [212.78.66.188])

by pop-1-02.mail.vi.net (Postfix) with ESMTP id 7D7667C034

for <mypopboxid[at]pop-1-02.mail.vi.net>; Mon,  8 Nov 2004 10:33:55 +0000 (GMT)

Received: from rproxy.gmail.com (rproxy.gmail.com [64.233.170.195])

by mxhost-1.vi.net (Postfix) with ESMTP id 889B53AE910

for <robin[at]mydomain.com>; Mon,  8 Nov 2004 10:35:01 +0000 (GMT), Found to be clean

Received: by rproxy.gmail.com with SMTP id j1so360301rnf

        for <robin[at]mydomain.com>; Mon, 08 Nov 2004 02:34:26 -0800 (PST)

DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;

        s=beta; d=gmail.com;

        h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding;

        b=ZGkUDTY6wCL8IuNpZix66mZaSXX1Vzaqd83Uni6rl0PFG7yGcPEnIECnuoCrfZ0i/etGRNcytUBd6Ie8EZgQSVlKHvjdOt9yT36KTa4EqJrAnEw3pCkEvUxm1e3JLOrWwJIaBzXwIuN5TeEE+8lV/CR+4bMgjNStkB3pHuMCPsU=

Received: by 10.38.209.23 with SMTP id h23mr214997rng;

        Mon, 08 Nov 2004 02:34:26 -0800 (PST)

Received: by 10.38.150.47 with HTTP; Mon, 8 Nov 2004 02:34:26 -0800 (PST)

Message-ID: <215f627004110802347c9c037a[at]mail.gmail.com>

Date: Mon, 8 Nov 2004 10:34:26 +0000

From: Robin Hislop <mygmailid[at]gmail.com>

Reply-To: Robin Hislop <mygmailid[at]gmail.com>

To: robin[at]mydomain.com

Subject: Gmail test 10:39

Mime-Version: 1.0

Content-Type: text/plain; charset=US-ASCII

Content-Transfer-Encoding: 7bit

Virtual_Internet-From: mygmailid[at]gmail.com

message body

--326194473129880.c60.cesmail.net--

Posted

From a server in Greece I can send mails to my account in cqmail.net, but from an US server I get bounce mail.

Content-Transfer-Encoding: quoted-printable

Content-Type: text/plain;charset="iso-8859-7"

Date: Mon, 08 Nov 2004 16:52:01 +0200 [16:52:01 EET]

Delivered-To: cqmail-net-XXX[at]cqmail.net

From: xxx[at]vodafone.gr

MIME-Version: 1.0

Message-Context: text-message

Message-Id: <i6v7yp$1424253523271122541[at]vodafone.gr>

Received: (qmail 20823 invoked from network); 8 Nov 2004 14:48:29 -0000

from unknown (192.168.1.101) by blade5.cesmail.net with QMQP; 8 Nov 2004 14:48:29 -0000

from unknown (HELO gsp2.vodafone.gr) (213.249.17.109) by mailgate.cesmail.net with SMTP; 8 Nov 2004 14:48:29 -0000

from vodafone.gr (127.0.0.1) by gsp2.vodafone.gr (NPlex 6.0.021C4.14) id 41846816000069D9; Mon, 8 Nov 2004 16:52:01 +0200

Return-Path: <xxx[at]vodafone.gr>

Subject: TEST

To: xxx[at]cqmail.net

X-spam-Checker-Version: SpamAssassin 3.0.0 (2004-09-13) on blade5

X-spam-Level: **

X-spam-Status: hits=2.2 tests=FROM_ENDS_IN_NUMS,FROM_STARTS_WITH_NUMS, NO_REAL_NAME version=3.0.0

X-SpamCop-Checked:

Headers: Show Limited Headers

There was no text in this message part

The same message through US server

The original message was received at Mon, 8 Nov 2004 09:48:31 -0500

from [x.249.17.x]

----- The following addresses had permanent fatal errors -----

xxx[at]cqmail.net

(reason: 550 Host unknown)

----- Transcript of session follows -----

550 5.1.2 xxx[at]cqmail.net... Host unknown (Name server: cqmail.net: host not found)

Posted

I am concerned that this situation may be leaking to friend and foe alike information about our SpamCop and forwarding addresses and our forwarding configurations.

Posted
I am concerned that this situation may be leaking to friend and foe alike  information about our SpamCop and forwarding addresses and our forwarding configurations.

Be concerned...be *very* concerned, because here's the deal....

Mail is sent to an alias that is then trying to forward to a "cesmail.net" account...but it can't, due to the problems, so it sends back (via email, as opposed to during the SMTP session) a 500-level bounce to the From or Sender of the spam, reporting back not only the alias, but also the full cesmail address to which the alias resolves.

Therefore, cesmail.net addresses which were totally unknown to the "outside world" up to know are being compromised, showing up in postmaster boxes all over the place and even worse.

JT?????????????????????????????????????????????????????

dt

Posted
Be concerned...be *very* concerned, because here's the deal....

Mail is sent to an alias that is then trying to forward to a "cesmail.net" account...but it can't, due to the problems, so it sends back (via email, as opposed to during the SMTP session) a 500-level bounce to the From or Sender of the spam, reporting back not only the alias, but also the full cesmail address to which the alias resolves.

Therefore, cesmail.net addresses which were totally unknown to the "outside world" up to know are being compromised, showing up in postmaster boxes all over the place and even worse.

19754[/snapback]

That's true, and that's a problem, but -- as far as I can see -- the top-secret, final-forwarding-destination address isn't bouncing, only the intermediate [name][at]spamcop.net address. Now, are spammers stupid enough to send spam directly to [at]spamcop.net addresses? (I guess we're going to find out in the next few hours and days... :()

Cheers, Nick

Posted
So what does this mean? CES is Spamcop's owner, so do they have a DNS problem they need to resolve? Or am I doing something wrong?

Yes there are problems, but this post is to clear up some details. CES is JT's system in Georgia. JT is providing space for the NNTP newsgroups, this Forum, and the Filtered E-Mail service for SpamCop E-Mail acounts. The actual SpamCop systems is owned by Julian/Ironport, with that part of the system residing primarily in California, Julian in Washington State, and these days having to add in mirrors and sub-systems around the world. CES is actually a different business identity that provides some SpamCop services.

Posted
Be concerned...be *very* concerned, because here's the deal....

JT?????????????????????????????????????????????????????

Although I've no doubt that JeffG took some action, I don't see that it was mentioned. I'm doing the alert thing again, just in case ...

Posted

Just in;

-=-=-=-=-=-

I've changed the internal handoff so that it no longer depends on DNS

working. This should fix the internal handoff problem entirely.

I'm still trying to figure out why name-services.com is handing out bogus

data occasionally.

Jeff

-=-=-=-=-=-=-

Posted
Now, are spammers stupid enough to send spam directly to [at]spamcop.net addresses? (I guess we're going to find out in the next few hours and days...  :()

Some are... but a lot less than normal....

My address xxxxx[at]spamcop.net is spammed occasionally... but comparatively less than other accounts that have been similarly "in the wild".

Malcolm

Posted
Now, are spammers stupid enough to send spam directly to [at]spamcop.net addresses?

19771[/snapback]

Yes, and they have been for years.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...