[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

administrivia: ip lookup failure, bmw-digest



kevin lee, kevin@domain.elided, is having a problem that may be more common
than i realized. i am cc'ing this to the digest in case any of you hear of
similar problems from others who aren't making it to the new server
properly.

the error message that Kevin is seeing is as follows:

   Recipient: <Majordomo@domain.elided>
    Reason:    rejected: administrative prohibition (failed to find sending
host name from IP address)

this includes the actual text of the error from the digest.net server,
which is good. some mail systems discard this text ("administrative
prohibition (...)") and instead report "User Unknown", which is stupid and
inaccurate.

here is the simple outline of the problem, and an outline of the band-aid
we will use to solve it in Kevin's case, at least for the moment. the
actual problem is a misconfiguration of the systems at his workplace, a
misconfiguration which is depressingly common.

basically, the admins who manage the domain ebsco.com (which forwards
kevin's outbound mail) have not configured what is called Domain Name
Service properly. the new server is somewhat insistent about only accepting
mail from "well configured" systems, as there is about a 95% correlation of
such misconfigurations with spam.

according to the Received: lines i'm seeing, the mail passes through a
system that calls itself IRIS.ebsco.com, with an IP address of
208.147.194.188:

Received: from IRIS.ebsco.com ([208.147.194.188])

when i run nslookup (the standard un*x tool for investigating these issues),
i get the following when i try and look up iris.ebsco.com

     > iris.ebsco.com
     Server:  ns1.krusty-motorsports.com
     Address:  192.94.170.7

     *** ns1.krusty-motorsports.com can't find iris.ebsco.com: Non-existent
     host/domain

which is not good, and has to be fixed by the admins at ebsco.com
then, if i try and do the reverse lookup, converting 208.147.194.188 into a
domain name, i get the following:

     > set type=ptr
     > 208.147.194.188
     Server:  ns1.krusty-motorsports.com
     Address:  192.94.170.7

     *** ns1.krusty-motorsports.com can't find 188.194.147.208.in-addr.arpa.:
     Non-existent host/domain

which is really, really bad, as the new server will flatly reject incoming
mail from hosts whose ip addresses cannot be resolved into their names.

these problems are both serious; many sysadmins including myself are
rejecting mail from hosts with problems like this now as part of the
anti-spam effort. while it may be difficult to convince sysadmins to fix
these things because of the bmw-digest, it may be easier to get them to
straighten things out when you point out that work related email may be
impacted to, if you need to send to one of the increasing number of sites
that do such rejections. being in charge of such things at my "day job", i
know that we won't accept mail from such misconfigured sites, so if you
wanted to hire us to design/provision/manage a WAN, email might be tough.

anyway, here's the fix:

the new server can still send to such hosts. i will manually add kevin's
address after i send this message. if any of you hear of anyone else having
these sorts of problems, have them email to me at rwelty@domain.elided, which
will forward to me at rwelty@domain.elided, thus circumventing the
immediate problem. furthermore, since bmw-digest@domain.elided
forwards to bmw@domain.elided, users with this problem can still post by
sending to the old address.

richard

------------------------------