Our System receive ex. This MSG
The original message was received at Tue, 25 Mar 2008 16:20:47 +0100 from localhost [127.0.0.1]
----- Transcript of session follows ----- ... while talking to mxbw.bluewin.ch.: <<< 451 No thanks. (How about PTR records?) ... while talking to mxzhh.bluewin.ch.:
QUIT
<<< 451 No thanks. (How about PTR records?) ... while talking to mxzhb.bluewin.ch.:
QUIT
<<< 451 No thanks. (How about PTR records?) niesen18@bluewin.ch... Deferred: 451 No thanks. (How about PTR records?) Warning: message still undelivered after 4 hours Will keep trying until message is 5 days old
********************************************** Xaver Aerni Zürichstrasse 10a 8340 Hinwil Tel. 001 707 361 68 39
Yes, This is the IP of our Mailserver Greetings Xaver ----- Original Message ----- From: "Adrian Ulrich" swinog@blinkenlights.ch To: swinog@swinog.ch Sent: Wednesday, March 26, 2008 8:57 AM Subject: Re: [swinog] Has Bluewin a DNS Problem
Good Morning,
Is your source ip 195.141.232.78 ?
Regards, Adrian
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Hi Xaver,
I had a similar problem when I set up the mail server on my virtual server and wanted to send mail to domains that are hosted by zoneedit.com.
After searching a while, I think this is the way how it works:
Step 1: ====== Bluewin does a reverse DNS lookup on your IP (195.141.232.78), which returns the following:
# nslookup
195.141.232.78
;; Truncated, retrying in TCP mode. Server: www.multipop.ch. Address: 195.141.232.253#53
78.232.141.195.in-addr.arpa name = mailhost.aa795.ch. 78.232.141.195.in-addr.arpa name = mailhost.aerni.net. 78.232.141.195.in-addr.arpa name = mailhost.bar16.ch. 78.232.141.195.in-addr.arpa name = mailhost.sysop.ch. 78.232.141.195.in-addr.arpa name = mailhost.zingg.org. 78.232.141.195.in-addr.arpa name = mailhost.satshop.cc. 78.232.141.195.in-addr.arpa name = mailhost.aquacare.ch. 78.232.141.195.in-addr.arpa name = mailhost.glaettli.cc. 78.232.141.195.in-addr.arpa name = mailhost.multipop.ch. 78.232.141.195.in-addr.arpa name = mailhost.satshops.ch. 78.232.141.195.in-addr.arpa name = mailhost.spacebbs.ch. 78.232.141.195.in-addr.arpa name = mailhost.amigaland.ch. 78.232.141.195.in-addr.arpa name = mailhost.augsauger.ch. 78.232.141.195.in-addr.arpa name = mailhost.begegnung.ch. 78.232.141.195.in-addr.arpa name = mailhost.satvision.ch. 78.232.141.195.in-addr.arpa name = mailhost.hackernews.ch.ch. 78.232.141.195.in-addr.arpa name = mailhost.natel-news.ch. 78.232.141.195.in-addr.arpa name = mailhost.satanlagen.ch. 78.232.141.195.in-addr.arpa name = mailhost.satantennen.ch. 78.232.141.195.in-addr.arpa name = mailhost.wiso-schoch.ch. 78.232.141.195.in-addr.arpa name = mailhost.xariffusion.ch. 78.232.141.195.in-addr.arpa name = mailhost.sat-receiver.ch. 78.232.141.195.in-addr.arpa name = mailhost.estherundpetr.ch. 78.232.141.195.in-addr.arpa name = mailhost.luisenstrasse.ch. 78.232.141.195.in-addr.arpa name = mailhost.arthurandersen.ch. 78.232.141.195.in-addr.arpa name = mailhost.elektronik-news.ch. 78.232.141.195.in-addr.arpa name = mailhost.zuerichsee-gastro.ch. 78.232.141.195.in-addr.arpa name = mailhost.pop.ch. 78.232.141.195.in-addr.arpa name = mailhost.rtv.ch. 78.232.141.195.in-addr.arpa name = mailhost.dsng.ch.
Step 2: ====== Bluewin does a "normal" forward DNS lookup, using the result from the above query. The forward (A) query has to match your IP address, otherwise Bluewin will complain about the PTR record.
However, the above query returned more than one value, so I am not sure which host is used for the lookup - I guess that just the first host is taken. Since the order is random, you cannot say anything reliable about which host will be used for the lookup. Maybe it even fails directly if the response is not unique - I don't know.
When I tried the lookup the first time, mailhost.aquacare.ch was used for the query. However, mailhost.aquacare.ch does not exist (even the domain does not exist), so the lookup fails and rightly so Bluewin complains about your PTR record.
I think the purpose of this reverse and forward DNS lookup procedure is to prevent spam, since most spam comes from hacked machines (mostly from dynamic IP address ranges) which do not have correct PTR records - just as it is the case with your machine ;-)
Gruass, Franco
Adrian Ulrich wrote:
Good Morning,
Is your source ip 195.141.232.78 ?
Regards, Adrian
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Xaver Aerni wrote:
Our System receive ex. This MSG
The original message was received at Tue, 25 Mar 2008 16:20:47 +0100 from localhost [127.0.0.1]
----- Transcript of session follows ----- ... while talking to mxbw.bluewin.ch.: <<< 451 No thanks. (How about PTR records?) ... while talking to mxzhh.bluewin.ch.:
QUIT
<<< 451 No thanks. (How about PTR records?) ... while talking to mxzhb.bluewin.ch.:
QUIT
<<< 451 No thanks. (How about PTR records?) niesen18@bluewin.ch... Deferred: 451 No thanks. (How about PTR records?) Warning: message still undelivered after 4 hours Will keep trying until message is 5 days old
Xaver Aerni Zürichstrasse 10a 8340 Hinwil Tel. 001 707 361 68 39
The Problem is we have on this IP 30 Domains... When I must have for everery Domain an IP for the reverse of Bluewin is a big Problem... I must have in future an A Net... I think Bluewin must fix this. Greetings X. Aerni ----- Original Message ----- From: "Franco Hug" swinog.ch@grmail.ch To: swinog@swinog.ch Sent: Wednesday, March 26, 2008 1:29 PM Subject: Re: [swinog] Has Bluewin a DNS Problem
Hi Xaver,
I had a similar problem when I set up the mail server on my virtual server and wanted to send mail to domains that are hosted by zoneedit.com.
After searching a while, I think this is the way how it works:
Step 1:
Bluewin does a reverse DNS lookup on your IP (195.141.232.78), which returns the following:
# nslookup
195.141.232.78
;; Truncated, retrying in TCP mode. Server: www.multipop.ch. Address: 195.141.232.253#53
78.232.141.195.in-addr.arpa name = mailhost.aa795.ch. 78.232.141.195.in-addr.arpa name = mailhost.aerni.net. 78.232.141.195.in-addr.arpa name = mailhost.bar16.ch. 78.232.141.195.in-addr.arpa name = mailhost.sysop.ch. 78.232.141.195.in-addr.arpa name = mailhost.zingg.org. 78.232.141.195.in-addr.arpa name = mailhost.satshop.cc. 78.232.141.195.in-addr.arpa name = mailhost.aquacare.ch. 78.232.141.195.in-addr.arpa name = mailhost.glaettli.cc. 78.232.141.195.in-addr.arpa name = mailhost.multipop.ch. 78.232.141.195.in-addr.arpa name = mailhost.satshops.ch. 78.232.141.195.in-addr.arpa name = mailhost.spacebbs.ch. 78.232.141.195.in-addr.arpa name = mailhost.amigaland.ch. 78.232.141.195.in-addr.arpa name = mailhost.augsauger.ch. 78.232.141.195.in-addr.arpa name = mailhost.begegnung.ch. 78.232.141.195.in-addr.arpa name = mailhost.satvision.ch. 78.232.141.195.in-addr.arpa name = mailhost.hackernews.ch.ch. 78.232.141.195.in-addr.arpa name = mailhost.natel-news.ch. 78.232.141.195.in-addr.arpa name = mailhost.satanlagen.ch. 78.232.141.195.in-addr.arpa name = mailhost.satantennen.ch. 78.232.141.195.in-addr.arpa name = mailhost.wiso-schoch.ch. 78.232.141.195.in-addr.arpa name = mailhost.xariffusion.ch. 78.232.141.195.in-addr.arpa name = mailhost.sat-receiver.ch. 78.232.141.195.in-addr.arpa name = mailhost.estherundpetr.ch. 78.232.141.195.in-addr.arpa name = mailhost.luisenstrasse.ch. 78.232.141.195.in-addr.arpa name = mailhost.arthurandersen.ch. 78.232.141.195.in-addr.arpa name = mailhost.elektronik-news.ch. 78.232.141.195.in-addr.arpa name = mailhost.zuerichsee-gastro.ch. 78.232.141.195.in-addr.arpa name = mailhost.pop.ch. 78.232.141.195.in-addr.arpa name = mailhost.rtv.ch. 78.232.141.195.in-addr.arpa name = mailhost.dsng.ch.
Step 2:
Bluewin does a "normal" forward DNS lookup, using the result from the above query. The forward (A) query has to match your IP address, otherwise Bluewin will complain about the PTR record.
However, the above query returned more than one value, so I am not sure which host is used for the lookup - I guess that just the first host is taken. Since the order is random, you cannot say anything reliable about which host will be used for the lookup. Maybe it even fails directly if the response is not unique - I don't know.
When I tried the lookup the first time, mailhost.aquacare.ch was used for the query. However, mailhost.aquacare.ch does not exist (even the domain does not exist), so the lookup fails and rightly so Bluewin complains about your PTR record.
I think the purpose of this reverse and forward DNS lookup procedure is to prevent spam, since most spam comes from hacked machines (mostly from dynamic IP address ranges) which do not have correct PTR records - just as it is the case with your machine ;-)
Gruass, Franco
Adrian Ulrich wrote:
Good Morning,
Is your source ip 195.141.232.78 ?
Regards, Adrian
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Xaver Aerni wrote:
Our System receive ex. This MSG
The original message was received at Tue, 25 Mar 2008 16:20:47 +0100 from localhost [127.0.0.1]
----- Transcript of session follows ----- ... while talking to mxbw.bluewin.ch.: <<< 451 No thanks. (How about PTR records?) ... while talking to mxzhh.bluewin.ch.:
QUIT
<<< 451 No thanks. (How about PTR records?) ... while talking to mxzhb.bluewin.ch.:
QUIT
<<< 451 No thanks. (How about PTR records?) niesen18@bluewin.ch... Deferred: 451 No thanks. (How about PTR records?) Warning: message still undelivered after 4 hours Will keep trying until message is 5 days old
Xaver Aerni Zürichstrasse 10a 8340 Hinwil Tel. 001 707 361 68 39
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
you can just take another name for the mailserver of these domains - only one for all
so you have one PTR Record, pointing to mailserver.domain then you can use the same domainname for mailserver on the others 29 Domains. this fixes this problem
Silvan
Am 26.03.2008 um 13:45 schrieb Xaver Aerni:
The Problem is we have on this IP 30 Domains... When I must have for everery Domain an IP for the reverse of Bluewin is a big Problem... I must have in future an A Net... I think Bluewin must fix this. Greetings X. Aerni
When I must have for everery Domain an IP for the reverse of Bluewin is a big Problem...
You don't have to: The lengthy PTR record just triggered a bug in our MTA Software.
Anyway: Such a multi-ptr record is of no use:
- It does not scale - There is no need for it. A single record (matching $myhostname) would be enough.
Regards, Adrian
Hi,
Bluewin does a reverse DNS lookup on your IP (195.141.232.78),
..yes
Bluewin does a "normal" forward DNS lookup, using the result from the above query.
we don't.
The resolver implementation of our MTA software appears to have a problem with truncated UDP responses. (Btw: Why do you have such a lenghty PTR record for 195.141.232.78 ?)
I'm about to implement a workaround for this issue.
Regards, Adrian
On the Wed, Mar 26, 2008 at 01:57:46PM +0100, Adrian Ulrich blubbered:
Hoi.
The resolver implementation of our MTA software appears to have a problem with truncated UDP responses. (Btw: Why do you have such a lenghty PTR record for 195.141.232.78 ?)
I may be wrong, but doesn't DNS use TCP if the answer to a query exceeds a certain length?
CU, Venty
Salut, Venty,
On Wed, 26 Mar 2008 18:31:19 +0100, Martin Ebnoether wrote:
I may be wrong, but doesn't DNS use TCP if the answer to a query exceeds a certain length?
The use of DNS over TCP allows the answers to exceed a certain length, but the use of NFS over TCP depends soleily on the type of request made. If an UDP request has been made, there is no way to respond via TCP, obviously.
Tonnerre
Hi Martin,
I may be wrong, but doesn't DNS use TCP if the answer to a query exceeds a certain length?
Yes. If the resolver receives a truncated response (TC bit set) it is supposed to re-do the query via TCP.
You are out of luck if your resolver thinks: 'What the hell is a TC bit?! I'll just try to parse the response and pretend that there was no TC bit set. Harr harr..'
This works (somewhat) if the response came from BIND: $ dig -x 195.141.232.78 +short +ignore @cns1.bluewin.ch |grep -vc '^;;' 14
But it fails if dnscache sent the response: $ dig -x 195.141.232.78 +short +ignore @fdad:ecad:e0fb:adf0::f00 |grep -vc '^;;' 0
(dnscache does not include a 'stripped down' response: http://cr.yp.to/djbdns/notes.html => Truncation)
Regards, Adrian
Franco Hug wrote:
Step 1:
Bluewin does a reverse DNS lookup on your IP (195.141.232.78), which returns the following:
# nslookup
195.141.232.78
;; Truncated, retrying in TCP mode. Server: www.multipop.ch. Address: 195.141.232.253#53
78.232.141.195.in-addr.arpa name = mailhost.aa795.ch. 78.232.141.195.in-addr.arpa name = mailhost.aerni.net.
plus another 20 hosts
This is a silly reverse setup. A reverse lookup should only return one hostname, not 20.
/Per Jessen, Herrliberg
Step 1:
Bluewin does a reverse DNS lookup on your IP (195.141.232.78), which returns the following:
# nslookup
195.141.232.78
;; Truncated, retrying in TCP mode. Server: www.multipop.ch. Address: 195.141.232.253#53
78.232.141.195.in-addr.arpa name = mailhost.aa795.ch. 78.232.141.195.in-addr.arpa name = mailhost.aerni.net.
plus another 20 hosts
This is a silly reverse setup. A reverse lookup should only return
one hostname, not 20.
/Per Jessen, Herrliberg
Yes, I agree. This is really a bad design and has nothing to do with DNS problems on the bluewin side, even if the bluewin DNS might have troubles resolving truncated requests, IMHO.
Cheers, Florian
Step 1:
Bluewin does a reverse DNS lookup on your IP (195.141.232.78), which returns the following:
# nslookup
195.141.232.78
;; Truncated, retrying in TCP mode. Server: www.multipop.ch. Address: 195.141.232.253#53
78.232.141.195.in-addr.arpa name = mailhost.aa795.ch. 78.232.141.195.in-addr.arpa name = mailhost.aerni.net.
plus another 20 hosts
This is a silly reverse setup. A reverse lookup should only return
one hostname, not 20.
/Per Jessen, Herrliberg
Yes, I agree. This is really a bad design and has nothing to do with DNS problems on the bluewin side, even if the bluewin DNS might have troubles resolving truncated requests, IMHO.
Cheers, Florian
...
This is a silly reverse setup. A reverse lookup should only return one hostname, not 20.
...
Well, tend to agree.
What about the most stupid wanabe Spam-fighter which are very unhappy as in place (e.g. the third-party service provider systems acting with some SC subsidiaries...) which high rate valid messages if certain brain-dead conditions like PTR not matching MX don't match?
If this approach works out, it could be considered. It is not illegal. It's just against what we are used to over the last 20+ years. Just like the A records on second level domain names - depreciated some years ago, tough more and more common.
Under the line, it is likely not a DNS issue, but the inability by some mail or AS systems resolving lists. Suspect my servers will fail, too. Xaver, pls send private reply for a test from that system, anytime.
Regards,
-Kurt.
-----Original Message----- From: swinog-bounces@lists.swinog.ch [mailto:swinog-bounces@lists.swinog.ch] On Behalf Of Per Jessen Sent: Wednesday, March 26, 2008 2:26 PM To: swinog@lists.swinog.ch Subject: Re: [swinog] Has Bluewin a DNS Problem
-
Adrian Ulrich -
Florian.Frotzler@swisscom.com -
Franco Hug -
Kurt A. Schumacher -
Martin Ebnoether -
Per Jessen -
Silvan Gebhardt -
Tonnerre Lombard -
Xaver Aerni