Singletrack Mountain Bike Magazine

• Overview
• Bike Forum
• Chat Forum
• For Sale
• Wanted
• Forum Help
• Classified Rules

Chat Forum

1. Danny79 - Member

   Background: the senior tech is away this week I was away last week. Over the past few weeks we've had to change our main mail exchange's IP a few times as we'd been blacklisted several different users compromised their accounts responing to spam asking for their user name and password We've got a seconardy mail server rented externally that doesn't send only recieves external mail, filters it for spam then passes on to the main once it's free, so it shouldn't have needed an IP change while I was away.

   Problem: Yesterday I checked out the DNS as we'd had reports of missing emails, to be expected with the blacklisting but I checked it out and MX lookups show inconistant results, all 3 name servers will switch between reporting the IP of our external server correctly or as 0.0.0.0 . The MX lookups always show the main mailserver's IP correctly. I checked the DNS on all 3 servers the host record for external is correct on all 3. The external server is also one of the 3 nameservers.

   Any ideas whats wrong? This has defo only been happening with the past 2 weeks.

   Posted 2 years ago #
2. geoffj - Member

   Have you checked the flux capacitor?

   Posted 2 years ago #
3. Danny79 - Member

   

   Posted 2 years ago #
4. samuri - Member

   I would guess you have multiple MX entries, some are null. Do an nslookup to see all the entries. Alternatively let me know the domain and I can do it for you.

   Posted 2 years ago #
5. Danny79 - Member

   Cheers samuri

   winchester.ac.uk

   should just be the MX 2 entries for the domain. I'd been using mxtoolbox.com to check only should the 2 entries just sometimes reports externals IP wrong.

   Posted 2 years ago #
6. Danny79 - Member

   I assume you can decipher that dyslexic babble that was my last previous post

   Posted 2 years ago #
7. allthepies - Member

   Non-authoritative answer:
   winchester.co.uk MX preference = 10, mail exchanger = 127.0.0.1

   Oops! you're not going to get much mail

   Posted 2 years ago #
8. DezB - Member

   Your subscription has expired

   Posted 2 years ago #
9. samuri - Member

   Looks fine for me

   Here's your two MX records

   ;; ANSWER SECTION:
   winchester.ac.uk. 3591 IN MX 15 external.winchester.ac.uk.
   winchester.ac.uk. 3591 IN MX 5 excalibur.winchester.ac.uk.

   And both have valid external A records associated with them using my DNS servers. I agree though, mxtool gives a null entry for excalibur so it might be their DNS servers (and presumably others) have an incorrect entry. My guess is you have propagated an incorrect entry at some point and you're seeing the results of that. Can you force an update from your DNS service?

   Posted 2 years ago #
10. Danny79 - Member

    Samuri, yeah could be someone dropped a b*llock last week. To force an update do I just update the server data file on the primary dns server and drop the TTl right down?

    Posted 2 years ago #
11. Danny79 - Member

    Oh and allthepies not much only 9094 emails in the last 2 hours

    Posted 2 years ago #
12. mossimus - Member

    Allthepies might help if you looked up the correct domain!

    Posted 2 years ago #
13. samuri - Member

    If you update the TTL, that won't make any difference until the current TTL expires and the new one is collected. Depending on the DNS system you have, a restart typically forces an update to other DNS servers in the cluster but obviously you might not want to do that and that still won't update third party servers.

    edit: sorry, re-reading that, it seems it doesn't make sense.
    The best you can do now I'm afraid is update your DNS, make sure it propagates to your own servers and then wait unfortunately. You might want to reduce the TTL anyway while you're going through this transitionary period and then up it again once things have settled down.

    Posted 2 years ago #
14. btbb - Member

    Although not related to your DNS problem, why does the external mail server have a higher (number) preference than the other one which I assume is your internal one. Is the internal one only accepting connections from the external spam filtered one? Have I missed something?

    Posted 2 years ago #
15. Danny79 - Member

    So pretty much just sit back and wait for the scr*wed entries out there to expire by themselves then.

    Thanks for the help been rooting round for an answer for a good while now.

    Posted 2 years ago #
16. allthepies - Member

    >Allthepies might help if you looked up the correct domain!

    Oops!

    Posted 2 years ago #
17. samuri - Member

    no problem. I'm not guaranteeing that's your issue but it certainly looks that way.

    Posted 2 years ago #
18. Danny79 - Member

    btbb- not my decision to make it so but I'm fairly sure lower number servers have higher priority, external is 15 excalibur is 5 so excalibur (internal) is prefered. I accept I may be talking out of my a*se, most of my DNS knowledge is based on lots of reading over the past 24 hours

    Also reading wiki entry which could be b*llocks but says spamers prefer higher number servers as they usually have lesser spam filtering, ours has the same so we're happy for it to take the hit from spamers.

    Posted 2 years ago #
19. samuri - Member

    Lower number has higher priority and yes, secondary servers often tend to be less well protected. For lots of companies the secondary will just be a simple relay with none of the expensive heuristic filtering that they've put on the primary. Bizarre really.

    Posted 2 years ago #
20. btbb - Member

    We've added our spam filter as both the lowest and highest preference on the MX with our ISP as failover in the middle. The theory being spammers assume the lowest preference is the unprotected one and target it. Not been able to prove this as our spam volumes vary greatly from one day to another but it doesn't cause any (more) harm.

    Posted 2 years ago #

RSS feed for this topic

Topic Closed

This topic has been closed to new replies.