Background: the senior tech is away this week I was away last week. Over the past few weeks we've had to change our main mail exchange's IP a few times as we'd been blacklisted several different users compromised their accounts responing to spam asking for their user name and password 😡 We've got a seconardy mail server rented externally that doesn't send only recieves external mail, filters it for spam then passes on to the main once it's free, so it shouldn't have needed an IP change while I was away.

Problem: Yesterday I checked out the DNS as we'd had reports of missing emails, to be expected with the blacklisting but I checked it out and MX lookups show inconistant results, all 3 name servers will switch between reporting the IP of our external server correctly or as 0.0.0.0 . The MX lookups always show the main mailserver's IP correctly. I checked the DNS on all 3 servers the host record for external is correct on all 3. The external server is also one of the 3 nameservers.

Any ideas whats wrong? This has defo only been happening with the past 2 weeks.

Have you checked the flux capacitor?

😆

I would guess you have multiple MX entries, some are null. Do an nslookup to see all the entries. Alternatively let me know the domain and I can do it for you.

Cheers samuri

winchester.ac.uk

should just be the MX 2 entries for the domain. I'd been using mxtoolbox.com to check only should the 2 entries just sometimes reports externals IP wrong.

I assume you can decipher that dyslexic babble that was my last previous post 🙂

Non-authoritative answer:
winchester.co.uk MX preference = 10, mail exchanger = 127.0.0.1

Oops! you're not going to get much mail 🙂

Your subscription has expired

Looks fine for me

Here's your two MX records

;; ANSWER SECTION:
winchester.ac.uk. 3591 IN MX 15 external.winchester.ac.uk.
winchester.ac.uk. 3591 IN MX 5 excalibur.winchester.ac.uk.

And both have valid external A records associated with them using my DNS servers. I agree though, mxtool gives a null entry for excalibur so it might be their DNS servers (and presumably others) have an incorrect entry. My guess is you have propagated an incorrect entry at some point and you're seeing the results of that. Can you force an update from your DNS service?

Samuri, yeah could be someone dropped a b*llock last week. To force an update do I just update the server data file on the primary dns server and drop the TTl right down?

Oh and allthepies not much only 9094 emails in the last 2 hours 😉

Allthepies might help if you looked up the correct domain!

If you update the TTL, that won't make any difference until the current TTL expires and the new one is collected. Depending on the DNS system you have, a restart typically forces an update to other DNS servers in the cluster but obviously you might not want to do that and that still won't update third party servers.

edit: sorry, re-reading that, it seems it doesn't make sense.
The best you can do now I'm afraid is update your DNS, make sure it propagates to your own servers and then wait unfortunately. You might want to reduce the TTL anyway while you're going through this transitionary period and then up it again once things have settled down.

Although not related to your DNS problem, why does the external mail server have a higher (number) preference than the other one which I assume is your internal one. Is the internal one only accepting connections from the external spam filtered one? Have I missed something?

So pretty much just sit back and wait for the scr*wed entries out there to expire by themselves then.

Thanks for the help been rooting round for an answer for a good while now.

>Allthepies might help if you looked up the correct domain!

Oops! 🙂

no problem. I'm not guaranteeing that's your issue but it certainly looks that way.

btbb- not my decision to make it so but I'm fairly sure lower number servers have higher priority, external is 15 excalibur is 5 so excalibur (internal) is prefered. I accept I may be talking out of my a*se, most of my DNS knowledge is based on lots of reading over the past 24 hours 😀

Also reading wiki entry which could be b*llocks but says spamers prefer higher number servers as they usually have lesser spam filtering, ours has the same so we're happy for it to take the hit from spamers.

Lower number has higher priority and yes, secondary servers often tend to be less well protected. For lots of companies the secondary will just be a simple relay with none of the expensive heuristic filtering that they've put on the primary. Bizarre really.

We've added our spam filter as both the lowest and highest preference on the MX with our ISP as failover in the middle. The theory being spammers assume the lowest preference is the unprotected one and target it. Not been able to prove this as our spam volumes vary greatly from one day to another but it doesn't cause any (more) harm.