sendmail stopped working - ISP"s MX record to blame?

sendmail stopped working - ISP"s MX record to blame?

am 25.07.2006 23:38:15 von Chris Rankin

Hi,

My ISP requires customers to use SMTP-AUTH to send outgoing emails, and
I had successfully configured my server to authenticate. However, it has
suddenly stopped working!

A quick examination of the ISP's MX record showed the following(-ish;
names changed to protect the guilty):

$ dig mail.isp.com mx

; <<>> DiG 9.3.2 <<>> mail.isp.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32759
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 10

;; QUESTION SECTION:
;mail.isp.com. IN MX

;; ANSWER SECTION:
mail.isp.com. 390 IN CNAME pop-smtp.isp.mail.com.
pop-smtp.isp.mail.com. 1194 IN CNAME pop-smtp1-f.isp.mail.com.
pop-smtp1-f.isp.mail.com. 132 IN MX 0 .

So the final MX record is to "." !!! Surely this must be wrong!

I have tried to work around this by putting "." in /etc/hosts, aliased
to the SMTP server's correct address. However, now the SMTP-AUTH is not
working! Am I fighting a losing battle unless the ISP repairs its MX
record, please? Or is there something else I can do to work around this?

My auth file contains the line:

AuthInfo:mail.isp.com ... name, password etc.

Thanks for any assistance,
Cheers,
Chris

Re: sendmail stopped working - ISP"s MX record to blame?

am 26.07.2006 00:18:40 von gtaylor

Chris Rankin wrote:

Can you set your smart host to be an IP? Or worse comes to worse set up your own name to use as the host and set it to resolve to the IP of the ISP server.



Grant. . . .

Re: sendmail stopped working - ISP"s MX record to blame?

am 26.07.2006 01:16:59 von Chris Rankin

Taylor, Grant wrote:
> Can you set your smart host to be an IP?

Well, shiver me gibblets! Putting the [w.x.y.z] address as the smart
host and in the server in the AuthInfo has saved the day.

Thanks, Bicycle-Repair-Man :-) !!

Cheers,
Chris

P.S. Do you reckon that this MX record was a deliberate attempt to
neutralise customers' SMTP servers, or an accident, or something else?

Re: sendmail stopped working - ISP"s MX record to blame?

am 26.07.2006 01:57:39 von Bill Cole

In article ,
Chris Rankin wrote:

> Hi,
>
> My ISP requires customers to use SMTP-AUTH to send outgoing emails, and
> I had successfully configured my server to authenticate. However, it has
> suddenly stopped working!

What do your logs say?


> A quick examination of the ISP's MX record showed the following(-ish;
> names changed to protect the guilty):

No need to bother, and all it does is add needless obfuscation. DNS
records are published openly, so there's no need for you to confuse
matters. BT and Yahoo are the parties you see as "guilty."

>
> $ dig mail.isp.com mx
>
> ; <<>> DiG 9.3.2 <<>> mail.isp.com mx
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32759
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 13, ADDITIONAL: 10
>
> ;; QUESTION SECTION:
> ;mail.isp.com. IN MX

Why are you doing an MX lookup here at all?

> ;; ANSWER SECTION:
> mail.isp.com. 390 IN CNAME pop-smtp.isp.mail.com.
> pop-smtp.isp.mail.com. 1194 IN CNAME pop-smtp1-f.isp.mail.com.
> pop-smtp1-f.isp.mail.com. 132 IN MX 0 .

Actually, this is what you're talking about:

$ dig mail.btinternet.com mx

; <<>> DiG 9.2.2 <<>> mail.btinternet.com mx
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 529
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.btinternet.com. IN MX

;; ANSWER SECTION:
mail.btinternet.com. 600 IN CNAME pop-smtp.bt.mail.yahoo.com.
pop-smtp.bt.mail.yahoo.com. 1800 IN CNAME pop-smtp1-f.bt.mail.vip.ird.yahoo.com.
pop-smtp1-f.bt.mail.vip.ird.yahoo.com. 900 IN MX 0 .


> So the final MX record is to "." !!! Surely this must be wrong!

No, that bit may be fine. Pointing an MX at '.' (an absolute null name)
is a fairly common way of assuring that no one tries to deliver mail
for addresses in that domain anywhere.

MX records and CNAME records intended to function are supposed to point
to names that have A records. You should not be chasing a CNAME or MX
record for a name you get from a CNAME or MX query. No one should.

You probably want to do an A query initially:

$ dig mail.btinternet.com a

; <<>> DiG 9.2.2 <<>> mail.btinternet.com a
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 41305
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 5, ADDITIONAL: 0

;; QUESTION SECTION:
;mail.btinternet.com. IN A

;; ANSWER SECTION:
mail.btinternet.com. 207 IN CNAME pop-smtp.bt.mail.yahoo.com.
pop-smtp.bt.mail.yahoo.com. 1407 IN CNAME pop-smtp1-f.bt.mail.vip.ird.yahoo.com.
pop-smtp1-f.bt.mail.vip.ird.yahoo.com. 900 IN A 217.146.188.192


This provides an important clue.

> I have tried to work around this by putting "." in /etc/hosts, aliased
> to the SMTP server's correct address. However, now the SMTP-AUTH is not
> working! Am I fighting a losing battle unless the ISP repairs its MX
> record, please? Or is there something else I can do to work around this?
>
> My auth file contains the line:
>
> AuthInfo:mail.isp.com ... name, password etc.

Brackets around the name would tell sendmail that it is a host name,
not a mail domain. Host names have A records. Mail domains have MX
records. You want sendmail to do an A query, NOT an MX query.

--
Now where did I hide that website...

Re: sendmail stopped working - ISP"s MX record to blame?

am 26.07.2006 04:12:14 von gtaylor

Chris Rankin wrote:
> Well, shiver me gibblets! Putting the [w.x.y.z] address as the smart
> host and in the server in the AuthInfo has saved the day.
>
> Thanks, Bicycle-Repair-Man :-) !!

???

> P.S. Do you reckon that this MX record was a deliberate attempt to
> neutralise customers' SMTP servers, or an accident, or something else?

That depends. What does your ISP want customers to use as the host name to access the AuthSMTP servers now? If they changed the name they may be purposefully disabling the old name. If you are indeed trying to use the correct host name then someone probably made a mistake that will soon be fixed. I'm betting that things will be fixed because if you are using the correct host name and it is not working, no one will be sending email, not even MUA users, AuthSMTP or not.



Grant. . . .

Re: sendmail stopped working - ISP"s MX record to blame?

am 27.07.2006 00:07:38 von Chris Rankin

Bill Cole wrote:
> What do your logs say?

Originally:

Jul 24 22:07:13 xxxxxxxx sm-mta[13387]: k6OL7CmX013385:
to=, ctladdr= (0/0),
delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120365, relay=.,
dsn=5.1.2, stat=Host unknown (Name server: .: host not found)
Jul 24 22:07:13 xxxxxxxx sm-mta[13387]: k6OL7CmX013385: k6OL7DmX013387:
DSN: Host unknown (Name server: .: host not found)

>> So the final MX record is to "." !!! Surely this must be wrong!
>
> No, that bit may be fine. Pointing an MX at '.' (an absolute null name)
> is a fairly common way of assuring that no one tries to deliver mail
> for addresses in that domain anywhere.

The MX record doesn't look fine to me. It is almost certainly what
sendmail is complaining about. Replacing the DNS name with the A
record's [w.x.y.z] address has repaired the configuration.

> Why are you doing an MX lookup here at all?

I have absolutely no idea, and am simply assuming that is what sendmail
"does".

Cheers,
Chris

Re: sendmail stopped working - ISP"s MX record to blame?

am 27.07.2006 00:10:38 von Chris Rankin

Chris Rankin wrote:
>> Thanks, Bicycle-Repair-Man :-) !!

Taylor, Grant wrote:
> ???

Obligatory Monty Python reference ... ;-).

Cheers,
Chris

Re: sendmail stopped working - ISP"s MX record to blame?

am 27.07.2006 01:52:52 von Bill Cole

In article <64qdneQ1R-82elrZRVnyhg@bt.com>,
Chris Rankin wrote:

> Bill Cole wrote:
> > What do your logs say?
>
> Originally:
>
> Jul 24 22:07:13 xxxxxxxx sm-mta[13387]: k6OL7CmX013385:
> to=, ctladdr= (0/0),
> delay=00:00:01, xdelay=00:00:00, mailer=relay, pri=120365, relay=.,
> dsn=5.1.2, stat=Host unknown (Name server: .: host not found)
> Jul 24 22:07:13 xxxxxxxx sm-mta[13387]: k6OL7CmX013385: k6OL7DmX013387:
> DSN: Host unknown (Name server: .: host not found)
>
> >> So the final MX record is to "." !!! Surely this must be wrong!
> >
> > No, that bit may be fine. Pointing an MX at '.' (an absolute null name)
> > is a fairly common way of assuring that no one tries to deliver mail
> > for addresses in that domain anywhere.
>
> The MX record doesn't look fine to me.

As an MX record, it is. It is appropriate and useful when the intent is
to use the original name as a mail domain (i.e. the domain part of an
email address) but not useful when using the name as that of a specific
host or set of hosts.

> It is almost certainly what
> sendmail is complaining about. Replacing the DNS name with the A
> record's [w.x.y.z] address has repaired the configuration.

You could get the same result by replacing it with the name in brackets.

>
> > Why are you doing an MX lookup here at all?
>
> I have absolutely no idea, and am simply assuming that is what sendmail
> "does".

Okay, so I was a bit indirect...

Sendmail was doing the MX instead of the A query because that is what
sendmail does with names in many circumstances, unless the name is
inside square brackets. So if you wanted to smarthost through
mail.btinternet.com or any other name whose MX resolution ends up
differently than its A resolution, you need to enclose it in brackets
wherever you use it.

This even makes some sense. It allows an abstraction in smarthosting or
in mailertable entries to make sendmail pass all mail (or that mail
matching the mailertable entry) to the MX results for some other domain
name.

--
Now where did I hide that website...

Re: sendmail stopped working - ISP"s MX record to blame?

am 27.07.2006 02:21:03 von Chris Rankin

Bill Cole wrote:
> As an MX record, it is. It is appropriate and useful when the intent is
> to use the original name as a mail domain (i.e. the domain part of an
> email address) but not useful when using the name as that of a specific
> host or set of hosts.

Well, the MX record must have changed regardless. There's no other
explanation for my config suddenly stopping working.

>> It is almost certainly what
>> sendmail is complaining about. Replacing the DNS name with the A
>> record's [w.x.y.z] address has repaired the configuration.
>
> You could get the same result by replacing it with the name in brackets.

Hmm, interesting. I have put [mail.isp.com] as the smarthost in
sendmail.cf, but have needed to put the actual A name in the AuthInfo
record before SMTP AUTH would work again. Still, I suppose that this is
an improvement over writing the address [w.x.y.z].

Cheers,
Chris

Re: sendmail stopped working - ISP"s MX record to blame?

am 27.07.2006 22:59:21 von Bill Cole

In article ,
Chris Rankin wrote:

> Bill Cole wrote:
> > As an MX record, it is. It is appropriate and useful when the intent is
> > to use the original name as a mail domain (i.e. the domain part of an
> > email address) but not useful when using the name as that of a specific
> > host or set of hosts.
>
> Well, the MX record must have changed regardless. There's no other
> explanation for my config suddenly stopping working.

Indeed. The change in behavior is almost certainly due to a change in
the DNS.

>
> >> It is almost certainly what
> >> sendmail is complaining about. Replacing the DNS name with the A
> >> record's [w.x.y.z] address has repaired the configuration.
> >
> > You could get the same result by replacing it with the name in brackets.
>
> Hmm, interesting. I have put [mail.isp.com] as the smarthost in
> sendmail.cf, but have needed to put the actual A name in the AuthInfo
> record before SMTP AUTH would work again. Still, I suppose that this is
> an improvement over writing the address [w.x.y.z].

Did you try enclosing the original name in brackets in the AuthInfo
record as well?

Another approach that I think will work is to use a parent domain of the
host with the actual A record as the name in the AuthInfo record.

--
Now where did I hide that website...

Re: sendmail stopped working - ISP"s MX record to blame?

am 29.07.2006 13:18:03 von Chris Rankin

In article , Chris Rankin
wrote:
> Hmm, interesting. I have put [mail.isp.com] as the smarthost in
> sendmail.cf, but have needed to put the actual A name in the AuthInfo
> record before SMTP AUTH would work again. Still, I suppose that this is
> an improvement over writing the address [w.x.y.z].

Bill Cole wrote:
> Did you try enclosing the original name in brackets in the AuthInfo
> record as well?

Yes, I did. It did not work.

Cheers,
Chris