On 21. Nov 2020, at 10:44, Tassilo Philipp <[email protected]> wrote:
FYI, I run into the same issue with a different provider:
relay.yourmailgateway.de which also has a large number of A records.
Trying to reproduce and digging deeper now, by adding debug logs etc.
Interesting... thanks for checking and having thought of my report. I
for myself didn't have any issues anymore, however, I barely ever
receive any mail from sfr. Also, given the random order of IPs in the
DNS reply, I simply might have had luck if it's in any case related
to the IP order. I have no evidence for, but when I was having
problems, the IP in question was among the last ones in the reply.
I'm curious what you'll find…
FYI, after digging deeper into this, I figured out that this was an issue
with the DNS forwarders/resolver I was using (unfortunately not under
my control) on this particular mail server: The forwarder is not able
to resolve relay.yourmailgateway.de <http://relay.yourmailgateway.de/>
at all, likely due to the large number of A records 52 A + 13 AAAA records.
I believe there is a limit in BIND suite (32) and OpenBSD libc (35)
and others, which restricts older gethostbyname() calls with struct
hostent results down to that 30-something number. Likely the used
resolver was using these old/obsolete libc functions…
But OpenSMTPD and filter FCrDNS and OpenBSD ASR all doing fine here,
because using getaddrinfo() alike under the hood with dynamic struct
addrinfo result allocation, which does not expose any such limits and
resolves all 65 A and AAAA records just fine.
Thanks for the feedback, that sounds like a fitting analysis. So if I
follow your thought, the resolver basically truncates the list and what
opensmtpd gets to see at the hand sometimes misses the entry it tries to
verify? Sounds like the culprit indeed.
I personally did not observe this issue anymore, unsure why, some update
might have fixed it on some upstream resolver or dunno...
How are you dealing with this, given you don't control the resolver? I
guess you just switched it?
Thanks again for digging into this more
