cancel
Showing results for 
Search instead for 
Did you mean: 

Something Very odd

SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Something Very odd

OK, I'm probably not going to get an answer to this.
I have a domain (pubnight.org.uk) on JTN which has mail forwarding set up. The mail forwarding redirects various email addresses off to various different domains so friends can have an email alias.
There is an "admin" account called drtone. That account redirects to me at my plusnet domain.
I have smtp forwarding turned on at PN.
So email to drtone at pubnight gets redirected to drtone  at my domain which gets forwarded through PN's email servers to my server and gets picked up.
Today something odd happened. A friend on hotmail tried to email drtone and it got bounced with a relay access denied.
I looked in my mail server event logs and usually you see something like:
[tt]
Aug  1 17:09:12 kodaly postfix/smtpd[24077]: connect from relay.ptn-ipout02.plus.net[212.159.7.36]
Aug  1 17:09:12 kodaly postfix/smtpd[24077]: setting up TLS connection from relay.ptn-ipout02.plus.net[212.159.7.36]
Aug  1 17:09:13 kodaly postfix/smtpd[24077]: Anonymous TLS connection established from relay.ptn-ipout02.plus.net[212.159.7.36]: TLSv1 with cipher RC4-SHA (128/128 bits)
Aug  1 17:09:13 kodaly postfix/smtpd[24077]: 343DDA4A162: client=relay.ptn-ipout02.plus.net[212.159.7.36]
Aug  1 17:09:13 kodaly postfix/cleanup[24085]: 343DDA4A162: message-id=<SNT102-W385C1A1C51BD8BECB6BD9BDE110@phx.gbl>
Aug  1 17:09:13 kodaly postfix/qmgr[29987]: 343DDA4A162: from=<friends hotmail address here>, size=5969, nrcpt=2 (queue active)
Aug  1 17:09:13 kodaly postfix/local[24086]: 343DDA4A162: to=<drtone @ my plusnet domain here>, relay=local, delay=0.33, delays=0.3/0.01/0/0.02, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")
Aug  1 17:09:13 kodaly postfix/qmgr[29987]: 343DDA4A162: removed
Aug  1 17:09:18 kodaly postfix/smtpd[24077]: disconnect from relay.ptn-ipout02.plus.net[212.159.7.36]
[/tt]
Which is what you expect. Email to drtone at pubnight goes to JTN who forward it to drtone at my domain and the PN server gets it and forward it in.
But when it went wrong this afternoon I got:
[tt]
Aug  1 15:32:43 kodaly postfix/smtpd[22792]: connect from snt0-omc3-s15.snt0.hotmail.com[65.55.90.154]
Aug  1 15:32:43 kodaly postfix/smtpd[22792]: NOQUEUE: reject: RCPT from snt0-omc3-s15.snt0.hotmail.com[65.55.90.154]: 554 5.7.1 <drtone at pubnight domain>: Relay access denied; from=<friends hotmail account here> to=<drtone at pubnight domain> proto=ESMTP helo=<snt0-omc3-s15.snt0.hotmail.com>
Aug  1 15:32:43 kodaly postfix/smtpd[22792]: disconnect from snt0-omc3-s15.snt0.hotmail.com[65.55.90.154]
[/tt]
So how did that happen? How did hotmail manage to get my plusnet domain from the redirect at JTN? The only direct link between the Pubnight Domain and my PN IP address is in the A record for the domain (as I host the site locally).
BTW - if this is in the wrong area then please feel free to move it somewhere. I haven't raised it as a ticket as I've been able to send mail from Yahoo and its been OK, and I've had emails to drtone from hotmail since this glitch happened.
13 REPLIES 13
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: Something Very odd

Quote from: SteveA

I have smtp forwarding turned on at PN.

Quote from: SteveA

So how did that happen? How did hotmail manage to get my plusnet domain from the redirect at JTN? The only direct link between the Pubnight Domain and my PN IP address is in the A record for the domain (as I host the site locally).

When you changed to have have mail delivered by smtp the DNS records would have been updated. So know the MX records will point to the  IP address of the smtp server.
csogilvie
Grafter
Posts: 5,852
Registered: ‎04-04-2007

Re: Something Very odd

itsme:
But in this case, it's the DNS records for the domain mentioned in the first post which is still set to be JTN from what I can see - the DNS records for his username.plus.com won't be seen to hotmail (or shouldn't be)?
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: Something Very odd

Yes they will. If you have setup username.plus.com to be delivered by smtp the DNS records will reflect this unless you have gone into the records and removed the automatic generated records. Do a MX lookup on both domains.
I also assume that you have only configured your server for one of the domains hence the reason that your friend is seeing the relay error message.
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Something Very odd

Yes I understand that MY MX records got updated.
But the MX records for pubnight.org.uk are:
[tt]Domain Type Class Result
pubnight.org.uk. MX IN 10 mail.metronet.co.uk.
pubnight.org.uk. MX IN 20 mail1.metronet.co.uk.
pubnight.org.uk. MX IN 4 mail.just-the-name.co.uk.
pubnight.org.uk. NS IN dns0.getsurfed.com.
pubnight.org.uk. NS IN dns1.getsurfed.com.
mail.metronet.co.uk. A IN 212.159.9.85
mail.metronet.co.uk. A IN 212.159.8.85
mail1.metronet.co.uk. A IN 213.162.97.76 [/tt]
Which is how it should be - email goes to JTN who do a mail forward  to my pn domain.
The A record for pubnight are:
[tt]
Domain Type Class Result
pubnight.org.uk. A IN 212.159.61.36
pubnight.org.uk. NS IN dns0.getsurfed.com.
pubnight.org.uk. NS IN dns1.getsurfed.com.[/tt]
Which is what I'd expect.
How did Hotmail get hold of the IP address associated with a PN domain which has NO MX records associated with the pubnight domain. That is the thing I don't understand.
This has been working perfectly for over 2 years and its only gone wrong once today and now seem to be working as normal again.
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Something Very odd

Quote from: csogilvie
itsme:
But in this case, it's the DNS records for the domain mentioned in the first post which is still set to be JTN from what I can see - the DNS records for his username.plus.com won't be seen to hotmail (or shouldn't be)?

Precisely
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: Something Very odd

It's hard to see what going on without have the actual domains so that a smtp tester can be used. But I have to ask why are you using email forwarding when you can change this record
Quote
pubnight.org.uk.  MX  IN  4 mail.just-the-name.co.uk

to point directly to your server?
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Something Very odd

Quote from: itsme
It's hard to see what going on without have the actual domains so that a smtp tester can be used. But I have to ask why are you using email forwarding when you can change this record
Quote
pubnight.org.uk.   MX   IN   4 mail.just-the-name.co.uk

to point directly to your server?

Because I want to use the mail redirects on the JTN account which means that fred @ pubnight.org.uk goes off to fred's email address at hotmail and joe @ pubnight.org.uk goes off to joe's email address at virgin  etc.
It also means that if my server goes down then JTN/PN just stack everything until I come back on line and I finger autoturn.

Ignore my PN domain, look at the DNS records I posted above for pubnight.org.uk
How can Hotmail have picked up the A address for the domain (which is my IP address) and used that instead of the MX records?
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: Something Very odd

Another thought. What happen to the emails when the other MX servers are used, mail.metronet.co.uk?
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: Something Very odd

http://www.zoneedit.com/smtp.html
Try the above with the email server as mail.just-the-name.co.uk and then mail.metronet.co.uk
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Something Very odd

Quote from: itsme
Another thought. What happen to the emails when the other MX servers are used, mail.metronet.co.uk?

They're all part of PN which is why they get delivered to me via PN (as shown in the "good" delivery in the first post).
I DO NOT want to change the pubnight.org.uk MX records to point to my IP, I want to maintain the functionality which has been working fine for over 2 years on the pubnight.org.uk domain and my other primary JTN hosted domain.
As I said this seems to be a transitory error but I don't see how it can have happened, unless Hotmail falls back to A records if the servers on the MX records fail to respond.
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Something Very odd

Quote from: itsme
http://www.zoneedit.com/smtp.html
Try the above with the email server as mail.just-the-name.co.uk and then mail.metronet.co.uk

This is with the JTN email server sending to drtone at pubnight.org.uk
[tt]
Aug  1 20:44:33 kodaly dovecot: POP3(kathy2): Disconnected: Logged out top=0/0, retr=0/0, del=0/0, size=0
Aug  1 20:44:42 kodaly postfix/smtpd[27510]: connect from relay.ptn-ipout02.plus.net[212.159.7.36]
Aug  1 20:44:42 kodaly postfix/smtpd[27510]: setting up TLS connection from relay.ptn-ipout02.plus.net[212.159.7.36]
Aug  1 20:44:42 kodaly postfix/smtpd[27510]: Anonymous TLS connection established from relay.ptn-ipout02.plus.net[212.159.7.36]: TLSv1 with cipher RC4-SHA (128/128 bits)
Aug  1 20:44:42 kodaly postfix/smtpd[27510]: 61DF8A4A2C9: client=relay.ptn-ipout02.plus.net[212.159.7.36]
Aug  1 20:44:42 kodaly postfix/cleanup[27514]: 61DF8A4A2C9: message-id=<20090801194433.A8FBE404D55@mail.just-the-name.co.uk>
Aug  1 20:44:42 kodaly postfix/qmgr[29987]: 61DF8A4A2C9: from=<posty@ a domain>, size=1216, nrcpt=1 (queue active)
Aug  1 20:44:42 kodaly postfix/local[27515]: 61DF8A4A2C9: to=<drtone@p my pn domain>, relay=local, delay=0.22, delays=0.18/0.01/0/0.03, dsn=2.0.0, status=sent (delivered to command: procmail -a "$EXTENSION")
Aug  1 20:44:42 kodaly postfix/qmgr[29987]: 61DF8A4A2C9: removed
Aug  1 20:44:47 kodaly postfix/smtpd[27510]: disconnect from relay.ptn-ipout02.plus.net[212.159.7.36][/tt]
The mail.metronet.co.uk server errors out... I suspect these have been taken off line and JTN haven't updated their global MX records (which I've not touched on the domain)
itsme
Grafter
Posts: 5,924
Thanks: 3
Registered: ‎07-04-2007

Re: Something Very odd

You could be right with your other assumption if the just the name server is off line and the other 2 servers are not working then Hotmail could be using the A record for the domain. On my server I have not got that option but, Try Domain if no MX Found, which to me is not the same as I read that as no record but may work in a similar way.
SteveA
Pro
Posts: 1,847
Thanks: 106
Fixes: 3
Registered: ‎17-06-2007

Re: Something Very odd

So who sent the test message at 20:49 that came through like normal  Smiley
Do we know if there was a glitch in the PN email service at about 15:30 this afternoon that caused hotmail to go wobbly?
Also if the metronet mail servers are now gone do PN/JTN need to change the MX records for all their hosted domains so they have fall backs?