Re: No mail from yahoo or ymail
Original Message Date: Thursday, December 04, 2014 23:19:52 -0500 From: Robert Moskowitz r...@htt-consult.com On 12/04/2014 07:46 PM, Wietse Venema wrote: Robert Moskowitz: On 12/04/2014 07:02 PM, Wietse Venema wrote: Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. It worked before the new server, so not a firewall item, as nothing changed there. As far as DNS, I changed server name in MX record. I would hope they are getting z9m9z.htt-consult.com now rather than klovia.htt-consult.com. But there is also the spf record I added for gmail: htt-consult.com.INTXTv=spf1 mx ~all And I do get emails from gmail, and can send them to gmail. Speaking from experience, a bad netmask on a server can have surprising effects. So can a bad netmask on a router. It totally screws up routing, and one has no idea what is going until one runs a sniffer. You said something here that triggered a thought The new server is on a different internal net than the old, thus different firewall rules. I checked over all the addressing and everything there is right, but... DCC (udp port 6277) was enabled for the old mailserver, but not the new! Could that be the problem? Well I enabled DCC and we will see as I just sent a new message from yahoo. If this does not work, I will move the new server to the old address. Really intended to do that after I turned down the old server... I'm seeing a couple of things when I look at your DNS records: dig htt-consult.com mx ;; ANSWER SECTION: htt-consult.com. 43200 IN MX 30 z9m9z.htt-consult.com. htt-consult.com. 43200 IN MX 40 rigel.htt-consult.com. ;; ADDITIONAL SECTION: z9m9z.htt-consult.com.172799 IN A 208.83.67.147 Your first MX host sometimes resolves to 208.83.67.147, which doesn't appear to be reachable on port 25. When this resolves to .180 it is. Your second MX host rigel.htt-consult.com resolves to 208.83.67.188, which doesn't appear to be reachable on port 25 Additionally, given the TTL shown on the z9m9z.htt-consult.com. A-record, did you bring your TTLs down before you made what I assume was an MX host IPnumber switch? If not, and that 2-day TTL is indicative of what you generally use, it could be a bit before the nameservers that various mail servers use will need to requery (and if they get the .147 address it likely won't do them any good anyway). To debug this type of thing you need to look at what the outside world is seeing. Query the DNS so that you see results as seen from the outside, and then try to telnet (from the outside) to the resulting ipnumbers. - Richard
Re: No mail from yahoo or ymail
On 12/05/2014 09:31 AM, Richard wrote: Original Message Date: Thursday, December 04, 2014 23:19:52 -0500 From: Robert Moskowitz r...@htt-consult.com On 12/04/2014 07:46 PM, Wietse Venema wrote: Robert Moskowitz: On 12/04/2014 07:02 PM, Wietse Venema wrote: Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. It worked before the new server, so not a firewall item, as nothing changed there. As far as DNS, I changed server name in MX record. I would hope they are getting z9m9z.htt-consult.com now rather than klovia.htt-consult.com. But there is also the spf record I added for gmail: htt-consult.com.INTXTv=spf1 mx ~all And I do get emails from gmail, and can send them to gmail. Speaking from experience, a bad netmask on a server can have surprising effects. So can a bad netmask on a router. It totally screws up routing, and one has no idea what is going until one runs a sniffer. You said something here that triggered a thought The new server is on a different internal net than the old, thus different firewall rules. I checked over all the addressing and everything there is right, but... DCC (udp port 6277) was enabled for the old mailserver, but not the new! Could that be the problem? Well I enabled DCC and we will see as I just sent a new message from yahoo. If this does not work, I will move the new server to the old address. Really intended to do that after I turned down the old server... I'm seeing a couple of things when I look at your DNS records: dig htt-consult.com mx ;; ANSWER SECTION: htt-consult.com. 43200 IN MX 30 z9m9z.htt-consult.com. htt-consult.com. 43200 IN MX 40 rigel.htt-consult.com. ;; ADDITIONAL SECTION: z9m9z.htt-consult.com. 172799 IN A 208.83.67.147 Your first MX host sometimes resolves to 208.83.67.147, which doesn't appear to be reachable on port 25. When this resolves to .180 it is. Probably 4+ years ago a z9m9z was at .147; for the past 3 years hp7310 has been using that address! Your second MX host rigel.htt-consult.com resolves to 208.83.67.188, which doesn't appear to be reachable on port 25 That is to handle spammers that go to the last MX record, assuming that is the real server. It actually stopped 15% of spam coming into my old server. It is part of the 'nolisting' recommendations. I dropped the 2 fake pre-MX records, becuase they did not seem to help too much and just added delay, while the last bad one did not seem to be causing problems. I am pretty sure I have received yahoo mail with it in place. I can remove it if makes a difference.. Additionally, given the TTL shown on the z9m9z.htt-consult.com. A-record, did you bring your TTLs down before you made what I assume was an MX host IPnumber switch? If not, and that 2-day TTL is indicative of what you generally use, it could be a bit before the nameservers that various mail servers use will need to requery (and if they get the .147 address it likely won't do them any good anyway). 2 days??? This is the SOA I have been using during these changes: htt-consult.com.IN SOA onlo.htt-consult.com. rgm.htt-consult.com. ( 2014120201 2H 20M 2W 2H ) I read this as 2Hours TTL. To debug this type of thing you need to look at what the outside world is seeing. Query the DNS so that you see results as seen from the outside, and then try to telnet (from the outside) to the resulting ipnumbers. As I have done. I use MiFi on my phone and connect another notebook to it to look 'in' and did not see this bad IP address that somehow is long since hung around. Got a hunch on that
Re: No mail from yahoo or ymail
On 12/05/2014 10:51 AM, Robert Moskowitz wrote: On 12/05/2014 09:31 AM, Richard wrote: Original Message Date: Thursday, December 04, 2014 23:19:52 -0500 From: Robert Moskowitz r...@htt-consult.com On 12/04/2014 07:46 PM, Wietse Venema wrote: Robert Moskowitz: On 12/04/2014 07:02 PM, Wietse Venema wrote: Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. It worked before the new server, so not a firewall item, as nothing changed there. As far as DNS, I changed server name in MX record. I would hope they are getting z9m9z.htt-consult.com now rather than klovia.htt-consult.com. But there is also the spf record I added for gmail: htt-consult.com.INTXTv=spf1 mx ~all And I do get emails from gmail, and can send them to gmail. Speaking from experience, a bad netmask on a server can have surprising effects. So can a bad netmask on a router. It totally screws up routing, and one has no idea what is going until one runs a sniffer. You said something here that triggered a thought The new server is on a different internal net than the old, thus different firewall rules. I checked over all the addressing and everything there is right, but... DCC (udp port 6277) was enabled for the old mailserver, but not the new! Could that be the problem? Well I enabled DCC and we will see as I just sent a new message from yahoo. If this does not work, I will move the new server to the old address. Really intended to do that after I turned down the old server... I'm seeing a couple of things when I look at your DNS records: dig htt-consult.com mx ;; ANSWER SECTION: htt-consult.com.43200INMX30 z9m9z.htt-consult.com. htt-consult.com.43200INMX40 rigel.htt-consult.com. ;; ADDITIONAL SECTION: z9m9z.htt-consult.com.172799INA208.83.67.147 Your first MX host sometimes resolves to 208.83.67.147, which doesn't appear to be reachable on port 25. When this resolves to .180 it is. Probably 4+ years ago a z9m9z was at .147; for the past 3 years hp7310 has been using that address! Your second MX host rigel.htt-consult.com resolves to 208.83.67.188, which doesn't appear to be reachable on port 25 That is to handle spammers that go to the last MX record, assuming that is the real server. It actually stopped 15% of spam coming into my old server. It is part of the 'nolisting' recommendations. I dropped the 2 fake pre-MX records, becuase they did not seem to help too much and just added delay, while the last bad one did not seem to be causing problems. I am pretty sure I have received yahoo mail with it in place. I can remove it if makes a difference.. Additionally, given the TTL shown on the z9m9z.htt-consult.com. A-record, did you bring your TTLs down before you made what I assume was an MX host IPnumber switch? If not, and that 2-day TTL is indicative of what you generally use, it could be a bit before the nameservers that various mail servers use will need to requery (and if they get the .147 address it likely won't do them any good anyway). 2 days??? This is the SOA I have been using during these changes: htt-consult.com.IN SOA onlo.htt-consult.com. rgm.htt-consult.com. ( 2014120201 2H 20M 2W 2H ) I read this as 2Hours TTL. To debug this type of thing you need to look at what the outside world is seeing. Query the DNS so that you see results as seen from the outside, and then try to telnet (from the outside) to the resulting ipnumbers. As I have done. I use MiFi on my phone and connect another notebook to it to look 'in' and did not see this bad IP address that somehow is long since hung around. Got a hunch on that Just checked all of my secondary NS, and they are showing current zone information.
Re: No mail from yahoo or ymail
Am 05.12.2014 um 16:54 schrieb Robert Moskowitz: Just checked all of my secondary NS, and they are showing current zone information. from where? http://www.intodns.com/ is *mandatory* to start debugging http://www.intodns.com/htt-consult.com Error DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 208.83.67.147 Missing nameservers reported by your nameservers ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are: z9m9z.htt-consult.com This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).
Re: No mail from yahoo or ymail
On 12/05/2014 11:03 AM, li...@rhsoft.net wrote: Am 05.12.2014 um 16:54 schrieb Robert Moskowitz: Just checked all of my secondary NS, and they are showing current zone information. from where? http://www.intodns.com/ is *mandatory* to start debugging http://www.intodns.com/htt-consult.com Error DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 208.83.67.147 It has not been a name server for 4+ years. It BETTER not be responding. Now why does someone show this. I will have to go over to my Registrar and check there. I have only been with them for 2 years, so I really doubt I will see this showing with them. But it is probably they that will need to fix this upstream. Missing nameservers reported by your nameservers ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are: z9m9z.htt-consult.com This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example). I also see how I mis-read some error messages. On a report. I was wondering why it was talking about z9m9z wrt NS. This is a registrar problem.
Re: No mail from yahoo or ymail
Am 05.12.2014 um 17:17 schrieb Robert Moskowitz: On 12/05/2014 11:03 AM, li...@rhsoft.net wrote: Am 05.12.2014 um 16:54 schrieb Robert Moskowitz: Just checked all of my secondary NS, and they are showing current zone information. from where? http://www.intodns.com/ is *mandatory* to start debugging http://www.intodns.com/htt-consult.com Error DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 208.83.67.147 It has not been a name server for 4+ years. It BETTER not be responding. Now why does someone show this. I will have to go over to my Registrar and check there. I have only been with them for 2 years, so I really doubt I will see this showing with them. But it is probably they that will need to fix this upstream. Missing nameservers reported by your nameservers ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are: z9m9z.htt-consult.com This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example). I also see how I mis-read some error messages. On a report. I was wondering why it was talking about z9m9z wrt NS. This is a registrar problem. it's *your* responsibility to look at your own public whois and verify your configurations published to the world and *not* the registrars Domain servers in listed order: Z9M9Z.HTT-CONSULT.COM ONLO.HTT-CONSULT.COM NS2.CLEARRATE.COM NS1.ICSL.NET NS1.CLEARRATE.COM
Re: No mail from yahoo or ymail
On 12/05/2014 11:17 AM, Robert Moskowitz wrote: On 12/05/2014 11:03 AM, li...@rhsoft.net wrote: Am 05.12.2014 um 16:54 schrieb Robert Moskowitz: Just checked all of my secondary NS, and they are showing current zone information. from where? http://www.intodns.com/ is *mandatory* to start debugging http://www.intodns.com/htt-consult.com Error DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 208.83.67.147 It has not been a name server for 4+ years. It BETTER not be responding. Now why does someone show this. I will have to go over to my Registrar and check there. I have only been with them for 2 years, so I really doubt I will see this showing with them. But it is probably they that will need to fix this upstream. Missing nameservers reported by your nameservers ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are: z9m9z.htt-consult.com This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example). I also see how I mis-read some error messages. On a report. I was wondering why it was talking about z9m9z wrt NS. This is a registrar problem. It was a registrar problem. All I can guess is when I moved registrars almost 2 years ago, the records that got moved were old records from the old registrar that had a track record of messing things up for me (one of the reasons for the move). My bad I did not check that what the new registrar showed is what I had running at the time. Thinking back to 4 years ago, and running sendmail I ran a full bind on that server as well. Just found my notes, that set up 7 years ago. My how the Internet has a good memory. Well 24 hours for the nameserver list to propagate. Now deal with glue records. I bet that is where the .147 addr is coming from.
Re: No mail from yahoo or ymail
Original Message Date: Friday, December 05, 2014 10:51:55 -0500 From: Robert Moskowitz r...@htt-consult.com On 12/05/2014 09:31 AM, Richard wrote: Original Message Date: Thursday, December 04, 2014 23:19:52 -0500 From: Robert Moskowitz r...@htt-consult.com On 12/04/2014 07:46 PM, Wietse Venema wrote: Robert Moskowitz: On 12/04/2014 07:02 PM, Wietse Venema wrote: Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. It worked before the new server, so not a firewall item, as nothing changed there. As far as DNS, I changed server name in MX record. I would hope they are getting z9m9z.htt-consult.com now rather than klovia.htt-consult.com. But there is also the spf record I added for gmail: htt-consult.com.INTXTv=spf1 mx ~all And I do get emails from gmail, and can send them to gmail. Speaking from experience, a bad netmask on a server can have surprising effects. So can a bad netmask on a router. It totally screws up routing, and one has no idea what is going until one runs a sniffer. You said something here that triggered a thought The new server is on a different internal net than the old, thus different firewall rules. I checked over all the addressing and everything there is right, but... DCC (udp port 6277) was enabled for the old mailserver, but not the new! Could that be the problem? Well I enabled DCC and we will see as I just sent a new message from yahoo. If this does not work, I will move the new server to the old address. Really intended to do that after I turned down the old server... I'm seeing a couple of things when I look at your DNS records: dig htt-consult.com mx ;; ANSWER SECTION: htt-consult.com. 43200 IN MX 30 z9m9z.htt-consult.com. htt-consult.com. 43200 IN MX 40 rigel.htt-consult.com. ;; ADDITIONAL SECTION: z9m9z.htt-consult.com.172799 IN A 208.83.67.147 Your first MX host sometimes resolves to 208.83.67.147, which doesn't appear to be reachable on port 25. When this resolves to .180 it is. Probably 4+ years ago a z9m9z was at .147; for the past 3 years hp7310 has been using that address! Your second MX host rigel.htt-consult.com resolves to 208.83.67.188, which doesn't appear to be reachable on port 25 That is to handle spammers that go to the last MX record, assuming that is the real server. It actually stopped 15% of spam coming into my old server. It is part of the 'nolisting' recommendations. I dropped the 2 fake pre-MX records, becuase they did not seem to help too much and just added delay, while the last bad one did not seem to be causing problems. I am pretty sure I have received yahoo mail with it in place. I can remove it if makes a difference.. Additionally, given the TTL shown on the z9m9z.htt-consult.com. A-record, did you bring your TTLs down before you made what I assume was an MX host IPnumber switch? If not, and that 2-day TTL is indicative of what you generally use, it could be a bit before the nameservers that various mail servers use will need to requery (and if they get the .147 address it likely won't do them any good anyway). 2 days??? This is the SOA I have been using during these changes: htt-consult.com.IN SOA onlo.htt-consult.com. rgm.htt-consult.com. ( 2014120201 2H 20M 2W 2H ) I read this as 2Hours TTL. To debug this type of thing you need to look at what the outside world is seeing. Query the DNS so that you see results as seen from the outside, and then try to telnet (from the outside) to the resulting ipnumbers. As I have done. I use MiFi on my phone and connect another notebook to it to look 'in' and did not see this bad IP address that somehow is long since hung around. Got a hunch on that You may not have been pointing z9m9z at .147 for years, but there's a nameserver that is showing that. Also you may have the TTL at 2 hours on the SOA that you are working with, but there's a nameserver that's returning answers that is showing 2 days: ;; ADDITIONAL SECTION: z9m9z.htt-consult.com. 172799 IN A 208.83.67.147 just do the math. What matters is not what you *think* things are set to, but what is showing to others. [also, if you didn't pull the TTL down before you made changes it really doesn't matter much what it is now.] - Richard
Re: No mail from yahoo or ymail
On 12/05/2014 11:24 AM, li...@rhsoft.net wrote: Am 05.12.2014 um 17:17 schrieb Robert Moskowitz: On 12/05/2014 11:03 AM, li...@rhsoft.net wrote: Am 05.12.2014 um 16:54 schrieb Robert Moskowitz: Just checked all of my secondary NS, and they are showing current zone information. from where? http://www.intodns.com/ is *mandatory* to start debugging http://www.intodns.com/htt-consult.com Error DNS servers responded ERROR: One or more of your nameservers did not respond: The ones that did not respond are: 208.83.67.147 It has not been a name server for 4+ years. It BETTER not be responding. Now why does someone show this. I will have to go over to my Registrar and check there. I have only been with them for 2 years, so I really doubt I will see this showing with them. But it is probably they that will need to fix this upstream. Missing nameservers reported by your nameservers ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are: z9m9z.htt-consult.com This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example). I also see how I mis-read some error messages. On a report. I was wondering why it was talking about z9m9z wrt NS. This is a registrar problem. it's *your* responsibility to look at your own public whois and verify your configurations published to the world and *not* the registrars Domain servers in listed order: Z9M9Z.HTT-CONSULT.COM ONLO.HTT-CONSULT.COM NS2.CLEARRATE.COM NS1.ICSL.NET NS1.CLEARRATE.COM Yep, it is. And I know I looked at this when I moved registrars. I have deleted the glue record as well. Now to figure out how to get glue records for NS servers in other domains. The Registrar's tool only allows creating glue records within your own domain. Take this question over the the DNS list.
Re: No mail from yahoo or ymail
On 12/05/2014 11:33 AM, Richard wrote: Original Message Date: Friday, December 05, 2014 10:51:55 -0500 From: Robert Moskowitz r...@htt-consult.com On 12/05/2014 09:31 AM, Richard wrote: Original Message Date: Thursday, December 04, 2014 23:19:52 -0500 From: Robert Moskowitz r...@htt-consult.com On 12/04/2014 07:46 PM, Wietse Venema wrote: Robert Moskowitz: On 12/04/2014 07:02 PM, Wietse Venema wrote: Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. It worked before the new server, so not a firewall item, as nothing changed there. As far as DNS, I changed server name in MX record. I would hope they are getting z9m9z.htt-consult.com now rather than klovia.htt-consult.com. But there is also the spf record I added for gmail: htt-consult.com.INTXTv=spf1 mx ~all And I do get emails from gmail, and can send them to gmail. Speaking from experience, a bad netmask on a server can have surprising effects. So can a bad netmask on a router. It totally screws up routing, and one has no idea what is going until one runs a sniffer. You said something here that triggered a thought The new server is on a different internal net than the old, thus different firewall rules. I checked over all the addressing and everything there is right, but... DCC (udp port 6277) was enabled for the old mailserver, but not the new! Could that be the problem? Well I enabled DCC and we will see as I just sent a new message from yahoo. If this does not work, I will move the new server to the old address. Really intended to do that after I turned down the old server... I'm seeing a couple of things when I look at your DNS records: dig htt-consult.com mx ;; ANSWER SECTION: htt-consult.com.43200 IN MX 30 z9m9z.htt-consult.com. htt-consult.com.43200 IN MX 40 rigel.htt-consult.com. ;; ADDITIONAL SECTION: z9m9z.htt-consult.com. 172799 IN A 208.83.67.147 Your first MX host sometimes resolves to 208.83.67.147, which doesn't appear to be reachable on port 25. When this resolves to .180 it is. Probably 4+ years ago a z9m9z was at .147; for the past 3 years hp7310 has been using that address! Your second MX host rigel.htt-consult.com resolves to 208.83.67.188, which doesn't appear to be reachable on port 25 That is to handle spammers that go to the last MX record, assuming that is the real server. It actually stopped 15% of spam coming into my old server. It is part of the 'nolisting' recommendations. I dropped the 2 fake pre-MX records, becuase they did not seem to help too much and just added delay, while the last bad one did not seem to be causing problems. I am pretty sure I have received yahoo mail with it in place. I can remove it if makes a difference.. Additionally, given the TTL shown on the z9m9z.htt-consult.com. A-record, did you bring your TTLs down before you made what I assume was an MX host IPnumber switch? If not, and that 2-day TTL is indicative of what you generally use, it could be a bit before the nameservers that various mail servers use will need to requery (and if they get the .147 address it likely won't do them any good anyway). 2 days??? This is the SOA I have been using during these changes: htt-consult.com.IN SOA onlo.htt-consult.com. rgm.htt-consult.com. ( 2014120201 2H 20M 2W 2H ) I read this as 2Hours TTL. To debug this type of thing you need to look at what the outside world is seeing. Query the DNS so that you see results as seen from the outside, and then try to telnet (from the outside) to the resulting ipnumbers. As I have done. I use MiFi on my phone and connect another notebook to it to look 'in' and did not see this bad IP address that somehow is long since hung around. Got a hunch on that You may not have been pointing z9m9z at .147 for years, but there's a nameserver that is showing that. Also you may have the TTL at 2 hours on the SOA that you are working with, but there's a nameserver that's returning answers that is showing 2 days: ;; ADDITIONAL SECTION: z9m9z.htt-consult.com. 172799 IN A 208.83.67.147 just do the math. What matters is not what you *think* things are set to, but what is showing to others. [also, if you didn't pull the TTL down before you made changes it really doesn't matter much what it is now.] Oh the change was made back in August in prep for a lot of changes. Still have one more to go, and it will get 'worst', as I just found out that changing ISPs is no longer just maybe a cost
Re: No mail from yahoo or ymail
Am 05.12.2014 um 17:40 schrieb Robert Moskowitz: You may not have been pointing z9m9z at .147 for years, but there's a nameserver that is showing that. Also you may have the TTL at 2 hours on the SOA that you are working with, but there's a nameserver that's returning answers that is showing 2 days: ;; ADDITIONAL SECTION: z9m9z.htt-consult.com.172799INA208.83.67.147 just do the math. What matters is not what you *think* things are set to, but what is showing to others. [also, if you didn't pull the TTL down before you made changes it really doesn't matter much what it is now.] Oh the change was made back in August in prep for a lot of changes. Still have one more to go, and it will get 'worst', as I just found out that changing ISPs is no longer just maybe a cost savings, but my current ISP is dropping their DSL service in my area in a few months. I have been with this ISP for a bit more than 7 years. I will lay odds, this TTL comes from the Registrars' glue record on this host. Which of course overrides my TTL on the zone. I am too rusty on Dig. Need to spend time with it again. Ah for the old days when you could dig out a whole zone worth of information surely - GLUE records have a *damned* long TTL because they are chicken/egg that's why you *never* should use the same A name for NS records and other things because your expectation that the TTL you think is active for the MX or CNAME you now try to changed will be wrong *and* addititionally many nameservers out there answering with old records *log* after the TTL has expired htt-consult.com. 43200 IN MX 30 z9m9z.htt-consult.com.
Re: No mail from yahoo or ymail
Am 05.12.2014 um 17:35 schrieb Robert Moskowitz: On 12/05/2014 11:24 AM, li...@rhsoft.net wrote: it's *your* responsibility to look at your own public whois and verify your configurations published to the world and *not* the registrars Domain servers in listed order: Z9M9Z.HTT-CONSULT.COM ONLO.HTT-CONSULT.COM NS2.CLEARRATE.COM NS1.ICSL.NET NS1.CLEARRATE.COM Yep, it is. And I know I looked at this when I moved registrars. I have deleted the glue record as well. Now to figure out how to get glue records for NS servers in other domains. The Registrar's tool only allows creating glue records within your own domain. Take this question over the the DNS list no, you just have to read what a GLUE record is that's what i meant with doing your homework hours ago because you ask often the wrong questions (not only on that topic) http://en.wikipedia.org/wiki/Domain_Name_System#Circular_dependencies_and_glue_records
Re: No mail from yahoo or ymail
On 12/05/2014 11:53 AM, li...@rhsoft.net wrote: Am 05.12.2014 um 17:35 schrieb Robert Moskowitz: On 12/05/2014 11:24 AM, li...@rhsoft.net wrote: it's *your* responsibility to look at your own public whois and verify your configurations published to the world and *not* the registrars Domain servers in listed order: Z9M9Z.HTT-CONSULT.COM ONLO.HTT-CONSULT.COM NS2.CLEARRATE.COM NS1.ICSL.NET NS1.CLEARRATE.COM Yep, it is. And I know I looked at this when I moved registrars. I have deleted the glue record as well. Now to figure out how to get glue records for NS servers in other domains. The Registrar's tool only allows creating glue records within your own domain. Take this question over the the DNS list no, you just have to read what a GLUE record is And these wonderful DNS web tools that report no glue records for NS servers not under my domain. I could not see where this is defined. And it seems not. I was again pointed where I was reading, to RFC1034. I need glue records for onlo, which I have, but not for ones like ns1.clear Further, I now see clearly that dig responses I was getting from my MiFi connection are incomplete. No additional information with those problems. Just tested again, and nope, not there. Won't bother with that again. Might as well just add the @server from regular connection to one of the root servers. But I do thank you for the help, pointing me in the right direction to check. Or rather the more right way to check DNS. Got notes on this for next time. And there will be a next time. All that readdressing to do. that's what i meant with doing your homework hours ago because you ask often the wrong questions (not only on that topic) http://en.wikipedia.org/wiki/Domain_Name_System#Circular_dependencies_and_glue_records
Re: No mail from yahoo or ymail
Am 05.12.2014 um 19:25 schrieb Robert Moskowitz: On 12/05/2014 11:53 AM, li...@rhsoft.net wrote: Am 05.12.2014 um 17:35 schrieb Robert Moskowitz: On 12/05/2014 11:24 AM, li...@rhsoft.net wrote: it's *your* responsibility to look at your own public whois and verify your configurations published to the world and *not* the registrars Domain servers in listed order: Z9M9Z.HTT-CONSULT.COM ONLO.HTT-CONSULT.COM NS2.CLEARRATE.COM NS1.ICSL.NET NS1.CLEARRATE.COM Yep, it is. And I know I looked at this when I moved registrars. I have deleted the glue record as well. Now to figure out how to get glue records for NS servers in other domains. The Registrar's tool only allows creating glue records within your own domain. Take this question over the the DNS list no, you just have to read what a GLUE record is And these wonderful DNS web tools that report no glue records for NS servers not under my domain you just need to read *and* understand the output not offending; a fool with a tool is still a fool :-) * there is an informational icon * the text starts with INFO * the text contains This is ok * but you should know that in this case an extra A record lookup is required in order to get the IPs of your NS records the last point is pretty clear and just a explaination * a NS in your own GLUE needs one lookup less * a dig NS htt-consult.com @ns2.clearrate.com needs one more * this don't matter as long clearrate.com itself has no problems INFO: GLUE was not sent when I asked your nameservers for your NS records.This is ok but you should know that in this case an extra A record lookup is required in order to get the IPs of your NS records. The nameservers without glue are:
Re: No mail from yahoo or ymail
On Fri, 05 Dec 2014 13:25:49 -0500 Robert Moskowitz r...@htt-consult.com wrote: Further, I now see clearly that dig responses I was getting from my MiFi connection are incomplete. No additional information with those problems. Just tested again, and nope, not there. Won't bother with that again. Might as well just add the @server from regular connection to one of the root servers. Please note that most, if not all mobile wireless services intercept DNS via a transparent proxy and change the responses returned to you. This is also something wired service providers are beginning to do more frequently as well. You will need a completely different means of access to DNS to get unbiased, unfiltered, trustworthy results. jd
No mail from yahoo or ymail
My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he got a 'time out' bounce. I just set up a yahoo.com account for testing and a hour now and no email to me and no bounce message on my yahoo account. Any tricks with yahoo when you have oppurtunistic TLS and self-signed cert (I really hope neither of these are the issue).
Re: No mail from yahoo or ymail
On 12/04/2014 06:47 PM, Robert Moskowitz wrote: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he got a 'time out' bounce. I just set up a yahoo.com account for testing and a hour now and no email to me and no bounce message on my yahoo account. Any tricks with yahoo when you have oppurtunistic TLS and self-signed cert (I really hope neither of these are the issue). Oh, I had no problem sending mail to this test yahoo account. The reply to that test message has not been delivered either.
Re: No mail from yahoo or ymail
Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. Wietse
Re: No mail from yahoo or ymail
On 12/04/2014 07:02 PM, Wietse Venema wrote: Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. It worked before the new server, so not a firewall item, as nothing changed there. As far as DNS, I changed server name in MX record. I would hope they are getting z9m9z.htt-consult.com now rather than klovia.htt-consult.com. But there is also the spf record I added for gmail: htt-consult.com.INTXTv=spf1 mx ~all And I do get emails from gmail, and can send them to gmail.
Re: No mail from yahoo or ymail
Robert Moskowitz: On 12/04/2014 07:02 PM, Wietse Venema wrote: Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. It worked before the new server, so not a firewall item, as nothing changed there. As far as DNS, I changed server name in MX record. I would hope they are getting z9m9z.htt-consult.com now rather than klovia.htt-consult.com. But there is also the spf record I added for gmail: htt-consult.com.INTXTv=spf1 mx ~all And I do get emails from gmail, and can send them to gmail. Speaking from experience, a bad netmask on a server can have surprising effects. So can a bad netmask on a router. It totally screws up routing, and one has no idea what is going until one runs a sniffer. Wietse
Re: No mail from yahoo or ymail
On 12/04/2014 07:46 PM, Wietse Venema wrote: Robert Moskowitz: On 12/04/2014 07:02 PM, Wietse Venema wrote: Robert Moskowitz: My new server does not seem to be allowing yahoo or ymail to deliver mail. I do not see anything in maillog, not supprisingly. My son reports he Postfix logs all connection attempts, so they are not coming through some firewall, or they aren't getting your DNS information. It worked before the new server, so not a firewall item, as nothing changed there. As far as DNS, I changed server name in MX record. I would hope they are getting z9m9z.htt-consult.com now rather than klovia.htt-consult.com. But there is also the spf record I added for gmail: htt-consult.com.INTXTv=spf1 mx ~all And I do get emails from gmail, and can send them to gmail. Speaking from experience, a bad netmask on a server can have surprising effects. So can a bad netmask on a router. It totally screws up routing, and one has no idea what is going until one runs a sniffer. You said something here that triggered a thought The new server is on a different internal net than the old, thus different firewall rules. I checked over all the addressing and everything there is right, but... DCC (udp port 6277) was enabled for the old mailserver, but not the new! Could that be the problem? Well I enabled DCC and we will see as I just sent a new message from yahoo. If this does not work, I will move the new server to the old address. Really intended to do that after I turned down the old server...
