On 11/1/01 2:44 PM, "Warren Michelsen" <[EMAIL PROTECTED]> wrote:
> In examining logs generated while trying to figure out why dnsreport.com could
> not contact my mail servers, I got to wondering why SIMS takes so long to
> respond to HELO. From one of my server logs:
>
> 14:54:03 4 SMTP-698([24.240.171.218]) Input Line: HELO dnsreport.com\r
> 14:54:03 5 SMTP-698([24.240.171.218]) *Status=21
> 14:54:03 4 SMTP-698(dnsreport.com) Looking for dnsreport.com
> 14:54:18 3 SMTP-698(dnsreport.com) Failed to verify. Real address is
> [24.240.171.218:3884]
> 14:54:18 4 SMTP-698(dnsreport.com) Sending 250 SMTP.az.net cannot verify
> dnsreport.com\r\n
>
>
> And from the other:
>
> 14:35:17 4 SMTP-212([24.240.171.218]) Input Line: HELO dnsreport.com\r
> 14:35:17 4 SMTP-212(dnsreport.com) Looking for dnsreport.com
> 14:35:47 3 SMTP-212(dnsreport.com) Failed to verify. Real address is
> [24.240.171.218:4325]
> 14:35:47 4 SMTP-212(dnsreport.com) Sending 250 MDCCLXXVI.com cannot verify
> dnsreport.com\r\n
>
> Isn't 15-30 seconds a bit long?
This appears to be lagging because dnsreport.com has no A record in DNS. I
suspect SIMS is checking all possible sources to find a proper record. If
that's the case, it seems pretty lame for someone purporting to check
systems. I could be wrong on this, so I would appreciate corrections from
those more knowledgeable.
--Tim
For the record, here's a description of HELO from the self-same RFC821 that
dnsreport.com was complaining about: (Note that it says host name, not
domain name.)
> HELLO (HELO)
>
> This command is used to identify the sender-SMTP to the
> receiver-SMTP. The argument field contains the host name of
> the sender-SMTP.
>
> The receiver-SMTP identifies itself to the sender-SMTP in
> the connection greeting reply, and in the response to this
> command.
>
> This command and an OK reply to it confirm that both the
> sender-SMTP and the receiver-SMTP are in the initial state,
> that is, there is no transaction in progress and all state
> tables and buffers are cleared.
Here's what I got from dig (notice there's no A record):
; <<>> DiG 8.3 <<>> @(null) dnsreport.com a
; Bad server: (null) -- using default server and timer opts
; (2 servers found)
;; res options: init recurs defnam dnsrch
;; got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUERY SECTION:
;; dnsreport.com, type = A, class = IN
;; AUTHORITY SECTION:
dnsreport.com. 2h59m2s IN SOA udns1.ultradns.net.
sce-ultradns.dnsreport.com. (
2001101901 ; serial
3H ; refresh
1H ; retry
4w2d ; expiry
1D ) ; minimum
;; Total query time: 25 msec
;; FROM: localhost to SERVER: default -- 24.40.32.33
;; WHEN: Thu Nov 1 18:16:05 2001
;; MSG SIZE sent: 31 rcvd: 98
--
Rep. Vernon Ehlers (R-Michigan) offered his own suggestion for improving
America's computer security: Use a Mac. "I own a Macintosh. I got through
Y2K -- I didn't even think about it. And I've never had any problems with
viruses. Maybe there's a lesson to be learned."
<http://www.wired.com/news/conflict/0,2100,47479,00.html>
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
