Link to home
Start Free TrialLog in
Avatar of Aylward
AylwardFlag for United States of America

asked on

Some cant resolve my mail server after a recent domain move, while most can.

here's the scenario:  Recently moved a customer's web domain from one provider to another. (ez-web to GoDaddy). Along with the outside website hosted by the provider, we are running an SBS2003 Exchange Server with the MX record for this domain pointing to the IP address of the company's firewall and exchange server at a different location.  When the domain was moved, the MX records were apparently reset to GoDaddy's internal email servers temporarily (about 2-3 hrs) before I became aware, and went into their interface and updated the MX and A records back to the IP and host of the mail server, not the webhost. Within 5 minutes after that, mail was incoming again and working.  However, since this move several customers report they cannot send email to us anymore, and have forwarded a variety of errors for me to try and correct on my end. I contacted GoDaddy and they say my MX and other DNS records are all set up properly, and confirmed they were working.  

here's one of the errors..which points to the incorrect mail servers... the domains and email addys are obscured here.

--- Session Transcript ---
 Fri 2008-06-13 11:11:57: Parsing message
<xxxxxxxxxxxxxxxxxx\pd50000321100.msg>
 Fri 2008-06-13 11:11:57: *  From: customer
 Fri 2008-06-13 11:11:57: *  To: enduser@mydomain.com
 Fri 2008-06-13 11:11:57: *  Subject: TEST
 Fri 2008-06-13 11:11:57: *  Message-ID:
 Fri 2008-06-13 11:11:57: Attempting SMTP connection to
[mydomain.com]
 Fri 2008-06-13 11:11:57: Resolving MX records for [mydomain.com]
(DNS
Server: 12.127.16.68)...
 Fri 2008-06-13 11:11:57: *  P=000 S=001 D=mydomain.com TTL=(50)
MX=[smtp.secureserver.net]
 Fri 2008-06-13 11:11:57: *  P=010 S=000 D=mydomain.com TTL=(50)
MX=[mailstore1.secureserver.net] {64.202.166.11}
 Fri 2008-06-13 11:11:57: Attempting SMTP connection to
[smtp.secureserver.net:25]
 Fri 2008-06-13 11:11:57: Resolving A record for [smtp.secureserver.net]
(DNS Server: 12.127.16.68)...
 Fri 2008-06-13 11:11:57: *  D=smtp.where.secureserver.net TTL=(4)
A=[64.202.166.12]
 Fri 2008-06-13 11:11:57: Attempting SMTP connection to
[64.202.166.12:25]
 Fri 2008-06-13 11:11:57: Waiting for socket connection...
 Fri 2008-06-13 11:11:57: *  Connection established (192.168.0.99:1616
->
64.202.166.12:25)
 Fri 2008-06-13 11:11:57: Waiting for protocol to start...
 Fri 2008-06-13 11:11:57: <-- 220
pre-smtp21-02.prod.mesa1.secureserver.net
ESMTP
 Fri 2008-06-13 11:11:57: --> HELO .com
 Fri 2008-06-13 11:11:57: <-- 250
pre-smtp21-02.prod.mesa1.secureserver.net
 Fri 2008-06-13 11:11:57: --> MAIL From:<customer>
 Fri 2008-06-13 11:11:58: <-- 250 ok
 Fri 2008-06-13 11:11:58: --> RCPT To:<enduser>
 Fri 2008-06-13 11:11:58: <-- 553 sorry, relaying denied from your
location
[63.173.109.60] (#5.7.1)
 Fri 2008-06-13 11:11:58: --> QUIT

=====================================================
here's another one..

-----Original Message-----
From: mailer-daemon@maxmail021.maximumasp.com
[mailto:mailer-daemon@maxmail021.maximumasp.com]
Sent: Tuesday, June 17, 2008 8:47 AM
Subject: Undeliverable: RE: PURCHASE

Your message did not reach some or all of the intended recipients.

   Sent: Tue, 17 Jun 2008 08:59:06 -0400
   Subject: RE: PURCHASE

The following recipient(s) could not be reached:

myuser@mydomain.com
   Error Type: SMTP
   Error Description: No mail server
   Additional information: No mail servers exists for the address.

hMailServer
 =======================================================
And the First one to report an issue, this error:

Subject: Delivery failure notification


With reference to your message with the subject:
   "Internet Messages"

The local mail transport system has reported the following problems it encountered while trying to deliver your message:

-------------------------------------------------------------------
*** user@mydomain.com
Error connecting to primary server '68.178.232.100'.

=========================================================

Anything I can point these people to that will help them get more accurate DNS data and/or get them resolving this domain handled by Godaddy ??.. this last customer example tried to email me at another domain also handled by GoDaddy and it also did not get through, but did to another outside domain not associated to that provider..so in this case, it doesnt appear to be the destination mail server at all so much as the source sender having trouble resolving anything past godaddy name servers...   but all of the 3 cases now in front of me occurred just after this domain was moved and hasnt worked itself out in the last 4-5 days now.

Help !!  

Avatar of Kurt Richter
Kurt Richter
Flag of United States of America image

So what you have here is a problem with DNS servers caching the temporary GoDaddy MX data.  Anyone who did an MX query on your domain has cached the incorrect MX info for whatever length of time was specified in the TTL field in the temporary GoDaddy zone file.  

Fortunately, this problem will eventually fix itself.  Unfortunately, there is almost nothing you can do to speed up the process.

sorry i dont have a better answer.

kr
errr . . . i meant to say "Anyone who did an MX query on your domain while the temporary GoDaddy zone data was authoritative has cached the incorrect MX info for whatever length of time was specified in the TTL field in the temporary GoDaddy zone file."

kr
Avatar of Aylward

ASKER

The TTL was for 1/2 hr to an hour.. and this is days later.
are you certain that the TTL was an hour in the GoDaddy temp zone data?  Cuz it doesnt matter what you had set before, or now; the SOA from the temp zone data would govern how long it was cached.

i understand you may wish not to, but if you can post the domain name, the community could be of more assistance.

kr
Avatar of Aylward

ASKER

the domain is petrocomcorp.com

 the TTL on that other entry showed as 1 hour when I changed it to the IP i needed it pointed to.
Avatar of Aylward

ASKER

This is the DNS listing I see at the provider for my domain. Am i missing anything ??

Name Servers: (Last Update 6/13/2008)
NS45.DOMAINCONTROL.COM
NS46.DOMAINCONTROL.COM
Total DNS: (Available)
ARecord mainserver 74.219.116.170
ARecord mail 74.219.116.170
ARecord @ 208.109.181.211
CNAME www @
CNAME ftp @
MX @ 74.219.116.170
So a few recommendations:

1 - You have an MX record that is listed as an IP address rather than a host name.  You need to change the record from 74.219.116.170 to the canonical DNS name for that address (i.e., the unique A record for that address).  Fully RFC-compliant mailservers will not be able to send email to your domain until you change this.

2 - There is no rDNS (PTR) record for 74.219.116.170.  This will not affect who can send you mail, but it will affect who you can send to.  You need to contact the ISP who owns the IP and either have them create a rDNS entry for the IP address, or delegate the in-addr.arpa zone containing that address to you.

3 - Also, not related to the MX issue, you have listed ns46.domaincontrol.com as a name server for your domain, but there is no NS record for it in your domain.

kr
Avatar of Aylward

ASKER

i actually had it listed as the A record name and just changed it yesterday to the IP itself, hoping it would help those having trouble resolving that A record.. it didnt help but wasnt working as a pointer to the A record either. I will change it back. Unfortunately, still no closer to getting any of these 3 customers sending mail to us successfully yet, Im afraid.  :(
Avatar of Aylward

ASKER

still the same problem for these customers.... its not correcting itself.. anything else I can do here ??
ASKER CERTIFIED SOLUTION
Avatar of Kurt Richter
Kurt Richter
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Aylward

ASKER

can you run that again and see how it does now ?? it all resolves for me just fine, so your view is definitely helpful here. I have modified the MX records as suggested. Does it show up right now, short of the RDNS ??
Avatar of Aylward

ASKER

Your last gave me the last couple bits I needed I think... Thank you for the education in Mail DNS ! Obviously, I was lacking there...hehe.. One of my problem customers just got thru this morning, after the last MX record change.I believe you showed me what was wrong there..Thanks again !!
Everything appears to be RFC-compliant with the following exceptions:

1) There is an rDNS entry (RR's stock rDNS zone data), but it doesnt match your A record obviously.

In addition:

=======================================================
WARN Mail server host name in greeting WARNING: One or more of your mailservers is claiming to be a host other than what it really is (the SMTP greeting should be a 3-digit code, followed by a space or a dash, then the host name). If your mailserver sends out E-mail using this domain in its EHLO or HELO, your E-mail might get blocked by anti-spam software. This is also a technical violation of RFC821 4.3 (and RFC2821 4.3.1). Note that the hostname given in the SMTP greeting should have an A record pointing back to the same server. Note that this one test may use a cached DNS record.
mail.petrocomcorp.com claims to be non-existent host barracuda.petrocomcorp.com: <br /> 220 barracuda.petrocomcorp.com ESMTP (38228bb00cd6e368f95b35630d887d6b) <br />

WARN Acceptance of abuse address WARNING: One or more of your mailservers does not accept mail to abuse@petrocomcorp.com. Mailservers are expected by RFC2142 to accept mail to abuse.
mail.petrocomcorp.com's abuse response:<br /> >>> RCPT TO:<abuse@petrocomcorp.com><br /> <<< 550 No such user (abuse@petrocomcorp.com) <br />

WARN SPF record Your domain does not have an SPF record. This means that spammers can easily send out E-mail that looks like it came from your domain, which can make your domain look bad (if the recipient thinks you really sent it), and can cost you money (when people complain to you, rather than the spammer). You may want to add an SPF record ASAP, as 01 Oct 2004 was the target date for domains to have SPF records in place (Hotmail, for example, started checking SPF records on 01 Oct 2004).
=======================================================

None of these will likely prevent mail transfer, but they are easily corrected to bring them up to compliance.

The rDNS can be fixed by getting RR to change it, or by getting them to delegate to you rDNS for your IP block.

The hostname can be fixed by either changing the A record to barracuda.petrocomcorp.com or changing the hostname in the SMTP server from barracuda.petrocomcorp.com to mail.petrocomcorp.com.

Create an email address for abuse@petrocomcorp.com either via creating a new account or adding alias to existing account (postmaster@ or admin@, etc.)

You can learn about Sender Policy Framework here: http://www.openspf.org/ 

Glad you got it worked out.

kr

Avatar of Aylward

ASKER

all are working now... thanks again for your help !! :)