Re: [exim] [OT] Why att.net has DNS failure?

Bill Moseley wrote:
> Att.net is reporting a DNS lookup failure on a domain I run. I don't
> see any problems but just curious if anyone is familiar with issues
> with att.net or might have an idea what might be the problem.
>
> A sanity check, if you will.
>
>
> I host a domain whmoseley.com. One sender can only get mail through
> about 1 in 5 tries. Most of the time she gets a bounce:
>

>     From: postmaster@??? (Webmail Postmaster)
>     To: ******@att.net
>     Subject: Returned mail: User unknown
>     Date: Thu, 25 Jan 2007 20:31:17 +0000

>

>     The following addresses had fatal errors:
>     *****@whmoseley.com: 550 [PERMFAIL] destination not valid within DNS

>
> Which is not the most helpful message -- "User unknown" in the subject
> but the DNS error in the body. And no other info, like what server
> had the DNS lookup error.
>
>
> That message never got to my Exim4 machine. The domain gets fifty or
> so other emails a day without any problems. But this one user
> consistently has problems.
>
> The only thing odd about that domain is that there's no A DNS record
> only an MX -- which shouldn't be a problem.
>
> The dns boxes are on the same sub-net, which is not great, but doesn't
> explain why it's only that one sender with problems.
>

>     $ dig mx whmoseley.com. | grep mail
>     whmoseley.com.          86400   IN      MX      5 mail.whmoseley.com.

>

>     $ dig a mail.whmoseley.com. | grep 170
>     mail.whmoseley.com.     86368   IN      A       63.205.225.170

>
> Or:
>

>     $ host whmoseley.com
>     whmoseley.com mail is handled by 5 mail.whmoseley.com.

>

>     $ host mail.whmoseley.com
>     mail.whmoseley.com has address 63.205.225.170

>
> Any ideas?
>
>
>
>

Their message may not say so specifically, but I would suspect rDNS and/or
forward/reverse lookup mismatch:

triligon# dig ptr whmoseley.com

; <<>> DiG 9.3.2-P1 <<>> ptr whmoseley.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49648
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

;; QUESTION SECTION:
;whmoseley.com.                 IN      PTR

;; AUTHORITY SECTION:
whmoseley.com.          10800   IN      SOA     ns1.hank.org. 
hostmaster.whmoseley.com. 2004022241 86400 3600 604800 86400

And then:

triligon# host 63.205.225.170
170.225.205.63.in-addr.arpa is an alias for 170.168.225.205.63.in-addr.arpa.
170.168.225.205.63.in-addr.arpa domain name pointer mardy.hank.org.

Besides the IP aliasing, mardy.hank.org and mail.whmosely.com do not match, even
if their lookup proceeds that far...

HTH,

Bill