Hi Jeff,
Let me know how it goes. I've been playing with adding the following
block to various nameservers in my network, with mixed success:
server 0.0.0.0/0 {
edns no;
};
Adding the above block to the instance of BIND that resides on my qmail
server, and setting 127.0.0.1 as the primary nameserver in /etc/resolv.conf
worked.
Adding that same block to my ns1 and ns2 nameservers, that are used for
recursive lookups within my network, was a complete bust. Still
experimenting with that.
-Chris
On Wed, Jun 21, 2017 at 6:18 PM, Jeff Koch <jeffk...@intersessions.com>
wrote:
> Hi Chris:
>
> Thank you for troubleshooting this. Adding 'edns no' to our BIND dns
> server looks like a great solution to the issue. I'll give it a try and let
> you know.
>
> Thanks, Jeff
>
> On 6/21/2017 12:09 PM, Chris wrote:
>
> Howdy Jeff,
>
> My apologies. I guess I should have gone into more technical detail,
> rather than just supplying solutions. My original reply was sent from my
> iPhone, and I was just trying to get you a quick solution while I was on a
> train.
>
> First one bit of explanation, then the meat of it all, and a new third
> option you can implement: The reason I routed email through mailcleaner
> had nothing to do with the content of the email. It had to do with
> mailcleaner not using qmail under the hood, and therefore not having the
> same problem with the returned DNS for the outlook hosted domain I was
> trying to mail to. The particular email server I applied the mailcleaner
> fix to is an OLD FreeBSD box that I'm in the process of replacing, and as
> such I didn't want to waste time shoehorning in a new DNS server when I had
> a ready fix available. Again, not a content issue, just trying to get
> qmail/BIND out of the equation.
>
> So, the crux of my issue was that qmail doesn't like it when a DNS query
> returns more than 512 bytes of data. There is another issue, solved the
> same way, where some name servers give a malformed response when edns is
> enabled. qmail doesn't try to figure out malformed responses, as that
> would go against its philosophy. This can be seen in the thread that Eric
> sent you on 6/12 (https://www.mail-archive.com/
> qmailtoaster-list@qmailtoaster.com/msg40505.html) where one of the viable
> solutions was to disable the edns option in the bind config. (So, solution
> #3: Add "edns no;" to the server block in your bind config of the dns
> server that your qmailtoaster is using for resolution.)
>
> qmail's issue with large DNS packets is also documented here:
> https://www.webfactory.de/blog/patch-qmail-in-ubuntu-to-
> avoid-cname-lookup-failed-temporarily-errors
> The crux of the above post was an issue with CNAME responses, but that's
> not what's happening to you.
>
> In troubleshooting the domain you were trying to send to, grupodecor.com,
> I discovered something very interesting. The DNSSEC analysis tool at
> http://dnsviz.net/d/grupodecor.com/dnssec/ reported the following: "
> grupodecor.com/A: *The response (160 bytes) was malformed until EDNS was
> disabled.* (34.194.232.55, 34.197.49.47, 34.197.219.118, 52.207.176.29,
> 54.236.164.22, 54.236.167.176, 54.236.168.41, UDP_0_EDNS0_32768_4096)"
>
> So, there is something borked with the DNS at grupodecor.com when the
> querying server has edns enabled. My suggestion of using djbdns works
> because djbdns
> doesn't do edns. My suggestion of relaying through something like
> mailcleaner works because it isn't running qmail and doesn't flat out
> reject the malformed response the way qmail does. The latest suggestion of
> turning off edns in your bind server will work because it won't ask for
> edns responses anymore.
>
> Does that help explain the why's of this issue?
>
> -Chris
>
>
>
> -Sent from my Pip-Boy 3000
>
> On Jun 21, 2017, at 5:01 AM, Jeff Koch <jeffk...@intersessions.com> wrote:
>
> Hi Boheme:
>
> Sorry If I was rude - I do appreciate your response on 6/12 and I
> considered the two solutions you recommended.
>
> With respect to routing the mail through mailcleaner - if I understand the
> purpose of this recommendation - I don't think the problem has anything to
> the contents of the email we are trying to send. Qmail is saying that it
> couldn't find any host named grupodecor.com. So it's an issue on the side
> of our sending mailserver and I'd really like to understand how our
> mailserver came to that conclusion - what exactly is qmail testing to
> determine that.
>
> With respect to your second recommendation about installing djbdns we
> already have a BIND server running on our network and I prefer not to
> install another DNS server ( I will if I absolutely have to.)
>
> The problem here does not seem to be related to Outlook 365 since we are
> able to send email to many other domains with email hosted by Outlook.
>
> I really would like to understand what's going on in the qmail code that
> is causing qmail to come to the conclusion that it can't find this host. (
> What exactly does qmail mean by 'host' ? Does this mean qmail can't find
> the DNS zone? Can't find an 'A' record or host? Can't find the MX record or
> host?)
>
> Jeff
>
>
>
> On 6/20/2017 11:34 PM, Boheme wrote:
>
> I replied with two solutions to this problem on 6/12.
>
> You never replied, so I have no idea whether you tried my suggestions.
>
> -Sent from my Pip-Boy 3000
>
> On Jun 20, 2017, at 8:10 PM, Jeff Koch <jeffk...@intersessions.com> wrote:
>
>
> I'm having trouble sending email to anyone at grupodecor.com. All of my
> qmail mailservers say:
>
> Sorry, I couldn't find any host named grupodecor.com. (#5.1.2)
>
> And yet I can send from my hotmail account and the MX host -
> grupodecor-com.mail.protection.outlook.com - responds to smtp
> connections. Try sending an email to anyone at that domain ( like abcde@
> grupodecor.com )
>
> Anyone know why thisis happening?
>
> Jeff
>
>
>
>
