[Cialug] Hostname issue

David Champion dchamp1337 at gmail.com
Tue Nov 25 10:19:29 CST 2014


Some people shouldn't be allowed to touch DNS.

-dc

On Tue, Nov 25, 2014 at 10:11 AM, Josh More <jmore at starmind.org> wrote:

> That didn't happen when I tried a -x earlier, though it is happening
> now.  However, this is also happening:
>
> $ dig mail2.gilstermarylee.com
>
> ;; QUESTION SECTION:
> ;mail2.gilstermarylee.com.    IN    A
>
> ;; ANSWER SECTION:
> mail2.gilstermarylee.com. 6159    IN    A    216.138.60.195
>
>
> So there's that issue too.
>
>
> I say to nuke the zone file from orbit.  It's the only way to be sure.   ;)
>
>
> (Or you could fix the forward lookup for mail2.glistermarylee.com ...
> whatever.)
>
>
>
> On Tue, Nov 25, 2014 at 10:02 AM, David Champion <dchamp1337 at gmail.com>
> wrote:
> > Dude, the PTR isn't the problem.
> >
> > $ dig -x 66.186.99.236
> >
> > ...
> >
> > ;; QUESTION SECTION:
> > ;236.99.186.66.in-addr.arpa.    IN      PTR
> >
> > ;; ANSWER SECTION:
> > 236.99.186.66.in-addr.arpa. 85405 IN    PTR     mail2.gilstermarylee.com
> .
> >
> > ;; AUTHORITY SECTION:
> > 99.186.66.in-addr.arpa. 85405   IN      NS      ns2.clearwave.com.
> > 99.186.66.in-addr.arpa. 85405   IN      NS      ns1.clearwave.com.
> >
> > ;; ADDITIONAL SECTION:
> > ns1.clearwave.com.      171805  IN      A       199.30.61.2
> > ns2.clearwave.com.      171805  IN      A       199.30.63.2
> >
> >
> > ...
> >
> > -dc
> >
> >
> > On Tue, Nov 25, 2014 at 9:56 AM, Josh More <jmore at starmind.org> wrote:
> >
> >> $ dig barracuda.gilstermarylee.com MX
> >>
> >> On my system, this shows no DNS entry for barracuda.gilstermarylee.com
> >>
> >> The fallback SMTP host (A record) points to 75.149.203.77
> >>
> >> A reverse on 75.149.203.77 points to visionitnow.com, which doesn't
> >> match the forward.
> >>
> >> As Jonathan points out, a reverse on 66.186.99.236 isn't set up.
> >>
> >> There is also no SPF or DOMAINKEYS entry for 66.186.99.236
> >>
> >> So, the problem is that the receiving mail server doesn't think you're
> >> a legitimate sender (don't blame it, I wouldn't either).
> >>
> >> To fix it:
> >>
> >> 1) Add an MX record for barracuda.gilstermarylee.com that points to
> >> the barracuda devices's external interface, which is probably
> >> 66.186.99.236.
> >> 2) Add a TXT record for barracuda.gilstermarylee.com that lists the
> >> SPF rules.  (http://www.spfwizard.net/ can be helpful here)
> >> 3) Consider a TXT record for DOMAINKEYS. This isn't so important these
> >> days, but you might as well look into it.  (
> >> https://www.socketlabs.com/domainkey-dkim-generation-wizard/ may help)
> >> 4) Review the A record for barracuda.gilstermarylee.com and see if you
> >> really want it pointing to 75.149.203.77.  I think this is a wildcard
> >> and probably not what you want.  Odds are, it should be set to the
> >> same as the MX record in step 1.
> >> 5) Recognize that SMTP sucks and it shouldn't take 15 years of
> >> routing, SMTP and DNS experience just to set up a freaking server.
> >> Outsource your email to someone else and wash your hands of the whole
> >> stinking mess of it.
> >>
> >> -Josh
> >>
> >>
> >> On Tue, Nov 25, 2014 at 9:46 AM, Jonathan A. Kollasch
> >> <jakllsch at kollasch.net> wrote:
> >> > On Tue, Nov 25, 2014 at 09:38:09AM -0600, L. V. Lammert wrote:
> >> >> Trying to assist a friend in fixing an issue with their email
> system, ..
> >> >> they appears to be using a Barracuda appliance (per hostname), yet it
> >> >> appears to not be sending a valid hostname:
> >> >>
> >> >> ================
> >> >>
> >> >> Nov 23 03:38:37 mx2 postfix/smtpd[5951]: NOQUEUE: reject: RCPT from
> >> >> unknown[66.186.99.236]: 450 Client host rejected: cannot find your
> >> >> hostname, [66.186.99.236]; from=<rhayden at gilstermarylee.com>
> >> >> to=<lvl at omnitec.net> proto=ESMTP helo=<barracuda.gilstermarylee.com>
> >> >>
> >> >> ================
> >> >>
> >> >> I do know they are switching providers, but I do not think that would
> >> >> affect the issue. Any suggestion on how to troubleshoot this problem?
> >> >
> >> > This sounds like 66.186.99.236 doesn't have reverse DNS records.
> >> >
> >> >         Jonathan Kollasch
> >> > _______________________________________________
> >> > Cialug mailing list
> >> > Cialug at cialug.org
> >> > http://cialug.org/mailman/listinfo/cialug
> >> _______________________________________________
> >> Cialug mailing list
> >> Cialug at cialug.org
> >> http://cialug.org/mailman/listinfo/cialug
> >>
> > _______________________________________________
> > Cialug mailing list
> > Cialug at cialug.org
> > http://cialug.org/mailman/listinfo/cialug
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>


More information about the Cialug mailing list