<Paul Hutchings wrote:
I work on a simple principle with email. If I can prove that my server has
passed the message to the next hop, it's not my problem.
That may sound unhelpful but it's the reality of the situation - if you have logs
that show the message left the systems under your control and you know where it
went to, it becomes the owner of that systems problem.>
I don't work on this simplistic principle, but my users are my clients
so I do what I can to solve their problems.
But this can get complicated and you need to be part detective
sometimes. Here is an example of a problem that manifested itself with
similar symptoms: Several marketing and sales people at client were
complaining about problems with email communications with several ad
agencies with whom they were working on high profile projects. These
agencies were in LA, NY and Chicago. Emails from these various agencies
sometimes arrived on time, sometimes arrived the next morning or in the
middle of the night. Sleuthing and telnet were my friends.
All of these agencies were part of one big umbrella agency and all of
their emails actually originate from one server located in Chicago. At
some point the email admins for the umbrella agency had whitelisted my
clients domain name to keep legitimate mail from getting junked (bad
idea). This meant that any mail claiming to from that domain bypassed
their antispam and went straight to mail servers. The client's domain
name happens to be a VERY, VERY commonly spoofed email domain used by
spammers. So here is what happened to cause the problem:
Ad agency mail servers received TONS of spam to non-legit email
addresses from spoofed emails claiming to be from client. Every spoofed
email they recieved they sent an NDR to my clients MX record. The
barracuda sitting at that MX record was set to prevent denail of service
attacks by denying connections from any IP address that attempts > 1,000
connections during a 24 hour period. Ad company mail server would set
this off every day around lunch time because of the massive backscatter
and then no legitimate mail would flow for another 24 hours.
The fix for this was for me to get their mail admin to replace their
domain name whitelist with our legitimate sending IP address and vice
versa. Trying to track that person down in a multinational ad agency
was fun.
So, moral of the story, it can get complicated. I almost always start
with trying to telnet port 25 from the machine responsible for
delivering message to the other sides MX record and see if that will
give any clue to what the problem is.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
---
To manage subscriptions click here:
http://lyris.sunbelt-software.com/read/my_forums/
or send an email to [email protected]
with the body: unsubscribe ntsysadmin
