Telarin Posted September 1, 2006 Share Posted September 1, 2006 This is a totally non-spamcop related question, thus its posting in the Geek/Tech Things forum, however, this forum seems to have a pretty good collection of people with an understanding of mailservers and the SMTP process. I've recently run into some issues with my personal mailserver at home, and wanted to get a second opinion on it. The setup for said mailserver is pretty convoluted (due to it being on a dynamic IP address and me being cheap). The primary domain chimera-tech.com uses the tzo server to provide dynamic name resolution. I host a secondary domain (intuitmassage.com) for a friend of mine who is a massage therapist. She has an email address at that domain. She only receives email through my server, her outgoing mail goes through her ISP so there are no problems with the lack of PTR record. The domain intuitmassage.com has a CNAME record that points it back to chimera-tech.com (because it is much cheaper than hosting a second domain on tzo). Because it is a CNAME, it has no MX, as a mailserver SHOULD pull the CNAME for intuitmassage.com, which returns chimera-tech.com, and then pull the MX for that. In most cases, this works just fine, mail flows in just as it should. However, I recently ran into a problem with someone sending her (my friend with the intuitmassage.com email address) an email from SBC. Instead of going through, she got the following bounce from SBCs mailserver (note the left hand side of addresses have been munged to protect the guilty... err, I mean innocent): ------ Forwarded Message From: Mail Delivery Subsystem <MAILER-DAEMON[at]ylpvm12.prodigy.net> Date: Wed, 30 Aug 2006 12:15:22 -0400 To: <xxxx[at]worrellcreative.com> Subject: Returned mail: see transcript for details The original message was received at Wed, 30 Aug 2006 12:15:20 -0400 from ppp-70-255-182-127.dsl.hstntx.swbell.net [70.255.182.127] ----- The following addresses had permanent fatal errors ----- <xxxx[at]intuitmassage.com> (reason: 550 5.7.1 Unable to relay for xxxx[at]www.chimera-tech.com) ----- Transcript of session follows ----- ... while talking to mail.chimera-tech.com.: >> DATA <<< 550 5.7.1 Unable to relay for xxxx[at]www.chimera-tech.com 550 5.1.1 <xxxx[at]intuitmassage.com>... User unknown <<< 554 5.5.2 No valid recipients Reporting-MTA: dns; ylpvm12.prodigy.net Received-From-MTA: DNS; ppp-70-255-182-127.dsl.hstntx.swbell.net Arrival-Date: Wed, 30 Aug 2006 12:15:20 -0400 Final-Recipient: RFC822; xxxx[at]www.chimera-tech.com Action: failed Status: 5.7.1 Remote-MTA: DNS; mail.chimera-tech.com Diagnostic-Code: SMTP; 550 5.7.1 Unable to relay for xxxx[at]www.chimera-tech.com Last-Attempt-Date: Wed, 30 Aug 2006 12:15:22 -0400 ------ End of Forwarded Message Now, from looking at this, it looks to me as if the SBC mail server is rewriting the recipient using the cname record, so instead of sending to xxxx[at]intuitmassage.com, SBC pulls the CNAME for intuitmassage.com which is www.chimera-tech.com and rewrites the Recipient as xxxx[at]www.chimera-tech.com, which doesn't exist. So first, am I reading that correct, or is there something else going on here that I am missing? Second, if that is what is happening, is this RFC compliant? I can't find anywhere in the RFCs for SMTP that I have looked for that indicate recipient addresses should ever be rewritten with the CNAME values. Link to comment Share on other sites More sharing options...
jrssystemsnet Posted November 11, 2006 Share Posted November 11, 2006 You don't have any NS records for intuitmassage.com, is the problem. break# dig +short [at]a.gtld-servers.net NS intuitmassage.com ns0.directnic.com. ns1.directnic.com. The root servers list ns0 and ns1 .directnic.com as the glue servers for intuitmassage.com, but when you query them... break# dig [at]ns0.directnic.com ANY intuitmassage.com ; <<>> DiG 9.3.2 <<>> [at]ns0.directnic.com ANY intuitmassage.com ; (1 server found) ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6532 ;; flags: qr aa rd; QUERY: 1, ANSWER: 5, AUTHORITY: 2, ADDITIONAL: 4 ;; QUESTION SECTION: ;intuitmassage.com. IN ANY ;; ANSWER SECTION: intuitmassage.com. 86400 IN SOA ns0.directnic.com. hostmaster.ns0.directnic.com. 1144250083 28800 14400 604800 86400 intuitmassage.com. 86400 IN CNAME www.chimera-tech.com. www.chimera-tech.com. 86400 IN A 204.251.15.175 www.chimera-tech.com. 86400 IN MX 0 iris1.directnic.com. www.chimera-tech.com. 86400 IN MX 10 iris2.directnic.com. ;; Query time: 66 msec ;; SERVER: 204.251.10.100#53(204.251.10.100) ;; WHEN: Sat Nov 11 06:33:02 2006 ;; MSG SIZE rcvd: 281 ... you get absolutely no NS records for that domain at all. This is very, very broken - you should never have a domain without NS records. It's fine to CNAME the A record for the domain as you have above, but there should be NS records, and they should match the glue at the root servers. Link to comment Share on other sites More sharing options...
Telarin Posted November 13, 2006 Author Share Posted November 13, 2006 Hmm, not sure why you're getting no NS records, they should be set up with directnic. I'll fire them an email to find out why no NS records are being returned. Link to comment Share on other sites More sharing options...
jrssystemsnet Posted November 13, 2006 Share Posted November 13, 2006 Hmm, not sure why you're getting no NS records, they should be set up with directnic. I'll fire them an email to find out why no NS records are being returned. Lemme know if you need any more help figuring it out. Might want to email me at jim[AT]youcanprobablyfigurethedomainoutifyoutryreallyhard if you do, I don't monitor forums here so much and may forget they exist entirely if not reminded. =) Link to comment Share on other sites More sharing options...
Wazoo Posted November 13, 2006 Share Posted November 13, 2006 I don't monitor forums here so much and may forget they exist entirely if not reminded. =) Your posts thus far have been appreciated. Thanks for the time spent thus far ... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.