Solved

Reverse DNS not working, mail not flowing

Posted on 2009-07-09
9
489 Views
Last Modified: 2013-11-30
On the morning of the July 7th our email stopped flowing to a number of domains, namely aol,cox,comcast,rr,juno and a bunch of others. Basically the error we get in the log is this...

2009-07-09 16:14:49 205.188.155.72 OutboundConnectionResponse SMTPSVC1 GEMINI - 25 - - 220-rly-dg08.mx.aol.com+ESMTP+mail_relay_in-dg08.6;+Thu,+09+Jul+2009+12:14:51+-0400 0 0 83 0 32 SMTP - - -
2009-07-09 16:14:49 205.188.155.72 OutboundConnectionCommand SMTPSVC1 GEMINI - 25 EHLO - mail.libertyhospital.org 0 0 4 0 32 SMTP - - -
2009-07-09 16:14:49 167.206.4.77 OutboundConnectionResponse SMTPSVC1 GEMINI - 25 - - 452+4.2.1+Your+host+66.141.233.241+has+no+DNS+record+.+If+you+are+using+a+firewall+please+configure+DNS+and+try+again+authoritative+host+not+found:+ovacc@optonline.net 0 0 167 0 610 SMTP - - -
2009-07-09 16:14:49 167.206.4.77 OutboundConnectionCommand SMTPSVC1 GEMINI - 25 RSET - - 0 0 4 0 610 SMTP - - -
2009-07-09 16:14:49 205.188.249.91 OutboundConnectionResponse SMTPSVC1 GEMINI - 25 - - 220-rly-de08.mx.aol.com+ESMTP+mail_relay_in-de08.3;+Thu,+09+Jul+2009+12:14:51+-0400 0 0 83 0 93 SMTP - - -
2009-07-09 16:14:49 205.188.249.91 OutboundConnectionCommand SMTPSVC1 GEMINI - 25 EHLO - mail.libertyhospital.org 0 0 4 0 93 SMTP - - -
2009-07-09 16:14:49 205.188.155.72 OutboundConnectionResponse SMTPSVC1 GEMINI - 25 - - 250-rly-dg08.mx.aol.com+peer+name+unknown 0 0 41 0 78 SMTP - - -
2009-07-09 16:14:49 205.188.155.72 OutboundConnectionCommand SMTPSVC1 GEMINI - 25 MAIL - FROM:<Crodick@libertyhospital.org> 0 0 4 0 78 SMTP - - -
2009-07-09 16:14:49 63.138.68.59 smtp.paydaymess.com SMTPSVC1 GEMINI 192.168.223.4 0 RCPT - +TO:<julie.hering@libertyhospital.org> 550 0 0 42 12782 SMTP - - -
2009-07-09 16:14:49 167.206.4.77 OutboundConnectionResponse SMTPSVC1 GEMINI - 25 - - 250+2.5.0+Ok. 0 0 13 0 657 SMTP - - -
2009-07-09 16:14:49 205.188.249.91 OutboundConnectionResponse SMTPSVC1 GEMINI - 25 - - 250-rly-de08.mx.aol.com+peer+name+unknown 0 0 41 0 125 SMTP - - -
2009-07-09 16:14:49 205.188.249.91 OutboundConnectionCommand SMTPSVC1 GEMINI - 25 MAIL - FROM:<LRICHWINE@libertyhospital.org> 0 0 4 0 125 SMTP - - -
2009-07-09 16:14:49 167.206.4.77 OutboundConnectionResponse SMTPSVC1 GEMINI - 25 - - 452+4.2.1+Your+host+66.141.233.241+has+no+DNS+record+.+If+you+are+using+a+firewall+please+configure+DNS+and+try+again+authoritative+host+not+found:+oilmanshoney@optonline.com 0 0 174 0 687 SMTP - - -
2009-07-09 16:14:49 167.206.4.77 OutboundConnectionCommand SMTPSVC1 GEMINI - 25 RSET - - 0 0 4 0 687 SMTP - - -

We have exchange 2003 with a frontend server in the DMZ behind a PIX firewall and an enternal server with all the mailboxes. Email flows in just fine and out to some domains with no problem. When I run a test from mxtoolbox this is what I get

RESULT: mail.libertyhospital.org
Banner: 220 mail.libertyhospital.org Microsoft ESMTP MAIL Service, Version: 6.0.3790.3959 ready at Thu, 9 Jul 2009 11:27:15 -0500
Connect Time: 0 seconds - Good
Transaction Time: 12.641 seconds - Not good!
Relay Check: OK - This server is not an open relay.
Rev DNS Check: Reverse DNS FAILED! This is a problem.
GeoCode Info: Geocoding server is unavailable
Session Transcript: HELO please-read-policy.mxtoolbox.com
250 mail.libertyhospital.org Hello [64.20.227.13 [47 ms]
MAIL FROM: <test@mxtoolbox.com>
250 2.1.0 test@mxtoolbox.com....Sender [31 ms]
RCPT TO: <test@mxtoolbox.com>
550 5.7.1 Unable to relay for test@mxtoolbox.c [12516 ms]
 
 
I ran the dnsdiag on our frontend server and it checks out ok. At home I have roadrunner (one of the offending domains) and I am unable to reverse lookup our IP from there but internally and on our public wireless we have it works just fine.

The main thing I am trying to figure out is why would our DNS servers not be replying with the rDNS info. We host our own DNS servers (long story, but SBC kept screwing up the records before). They are both W2K3, one is the primary, one a secondary.

If you need more info let me know.
0
Comment
Question by:arosenboom
9 Comments
 
LVL 70

Accepted Solution

by:
Chris Dent earned 500 total points
Comment Utility

If the name above is the name of the e-mail server then no public delegation for the IP range exists beneath 141.66.in-addr.arpa which belongs to swbell.net / sbcglobal.net.

Without the delegation there's no way for a system asking for that record to find your servers, assuming those are the ones hosting the reverse lookup zone.

Chris
0
 
LVL 8

Expert Comment

by:Npatang
Comment Utility
Make sure you have the pointer record created in your external DNS......SOme of the domains do loko for the reverse DNS resolution ..
0
 

Author Comment

by:arosenboom
Comment Utility
We do have the PTR record on our DNS. I've checked it, deleted it, recreated it. That doesn't seem to be the problem.

It is name of the server. Last year this time the same thing happened and it took a couple of days for the problem to go away pretty much by itself even though we tried a lot. Could SBC be messing with our domain and IP range. We bought the 66.141.233 from SBC a few years ago (2003). It sounds like they need a pointer for the 233 network to point to our DNS server, is that correct?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

> It sounds like they need a pointer for the 233 network to point to our DNS server, is that correct?

They need a delegation, but I think you mean the same thing. They need to create this if you have the /24 from them:

233.141.66.in-addr.arpa. IN NS ns1.you.com.
233.141.66.in-addr.arpa. IN NS ns2.you.com.

If it's classless delegation it's a bit more complex, but it still fails at their name servers.

Chris
0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 65

Expert Comment

by:Mestha
Comment Utility
Where did you look for the reverse DNS?
If you are looking in the DNS server applet on your network, then that is the wrong place. Your ISP has to set the reverse DNS and it is highly unusual for an ISP to delegate control of the IP addresses to a customer.
You need to speak to your ISP and see what they can do for you.

Simon.
0
 

Author Comment

by:arosenboom
Comment Utility
Thanks Chris, we are looking into it. Our guy that usually deals with the SBC is on vacation so I am waiting on an email back from him.

Mestha - Yes I was looking on our DNS server. We control DNS for our domain and IP range, we "own" it. I will be contacting them though since it does sound like they have messed something up with the 233 delegation.

I will let you know more in a while.
0
 

Author Comment

by:arosenboom
Comment Utility
Chris - what did you use to find that data in your first post?
0
 
LVL 70

Expert Comment

by:Chris Dent
Comment Utility

I use Dig with a nice Windows version of it here:

http://members.shaw.ca/nicholas.fong/dig/

If you follow the instructions to set it up (you can leave resolv.conf blank) you can run this:

dig 241.233.141.66.in-addr.arpa +trace

It shows you exactly where the delegations stop.

Assuming that's the correct IP address of course :)

NsLookup can do it as well, but it's harder to get useful results.

Chris
0
 

Author Closing Comment

by:arosenboom
Comment Utility
We were able to contact SBC, they claimed the rDNS was never even setup for our domain although this had worked in the past. They added the delegation earlier today and all the email is flowing again. Thanks for your help.
0

Featured Post

Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

Join & Write a Comment

Resolve DNS query failed errors for Exchange
Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
In this video we show how to create a User Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Recipients >> Mailb…
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

7 Experts available now in Live!

Get 1:1 Help Now