At 3:17 PM -0700 7/11/02, Warren Michelsen imposed structure on a
stream of electrons, yielding:
>At 1:26 PM -0700 07/11/2002, Global Homes Webmaster wrote:
>>
>>What, if anything, does your log say about these messages? That might give
>>you some insight as to why they're being accepted. If you're continuing to
>>receive these messages, you might want to temporarily increase the logging
>>level until you can capture a relevant transaction or two.
>
>Stepped up logging and caught an incoming. What's with "will be
>relayed to a client"? My SMTP setup is to relay for clients only.
>mx1.deals4recruiters.com is not a client!
No, but the MX for mindcorral.com is mail.mdcclxxvi.com, and that
name probably has 2 properties:
1. It resolves to an address in your client list.
2. SIMS does not itself know the name, i.e. you have no router line saying:
mail.MDCCLXXVI.com = MDCCLXXVI.com
Those 2 properties may make SIMS willing to accept mail for that
address, thinking that it is a client address and not realizing that
it is the local machine. I was not aware of this behavior, but a
quick test on my own server indicates that this is a way to get
exactly that 'relayed to a client' response.
From here it looks like a feature, not a bug.
I suggest that you add that router line as a first step, since it
will assure that SIMS knows a name that others might call it.
>14:47:13 4 SMTP-228([12.8.241.102]) Input Line: HELO
>mx1.deals4recruiters.com\r
>14:47:13 4 SMTP-228(mx1.deals4recruiters.com) Looking for
>mx1.deals4recruiters.com
>14:47:13 3 SMTP-228(mx1.deals4recruiters.com) Failed to verify. Real
>address is [12.8.241.102:4170]
>14:47:13 4 SMTP-228(mx1.deals4recruiters.com) Sending 250
>MDCCLXXVI.com cannot verify mx1.deals4recruiters.com\r\n
>14:47:13 4 SMTP-228([12.8.241.102]) Input Line: MAIL
>FROM:<[EMAIL PROTECTED]>\r
>14:47:13 4 SMTP-228([12.8.241.102]) Sending 250
><[EMAIL PROTECTED]> sender accepted\r\n
>WHY is this sender being accepted?
It's a valid domain. At this point the mail might be for you...
>14:47:13 4 SMTP-228([12.8.241.102]) Input Line: RCPT
>TO:<[EMAIL PROTECTED]>\r
>14:47:13 4 SMTP-228([12.8.241.102]) Looking for mail.mdcclxxvi.com
>14:47:13 4 SMTP-228([12.8.241.102]) Sending 250
><[EMAIL PROTECTED]> will be relayed to a client.\r\n
I think that level 5 Router logging would help here. It would show
the logic. I expect the logic would be very simple, but at least it
would eliminate any question about the router's role.
>14:47:13 4 SMTP-228([12.8.241.102]) Input Line: DATA\r
>14:47:13 4 SMTP-228([12.8.241.102]) Sending 354 Enter mail, end with
>"." on a line by itself\r\n
>14:47:14 2 SMTP-228([12.8.241.102]) {S.0000488490} received, 17689 bytes
>14:47:14 4 SMTP-228([12.8.241.102]) Sending 250 S.0000488490 message
>accepted for delivery\r\n
>14:47:14 4 SMTP-228([12.8.241.102]) Input Line: QUIT\r
>14:47:14 4 SMTP-228([12.8.241.102]) Sending 221 MDCCLXXVI.com
>closing connection\r\n
>14:47:14 4 SMTP-228([12.8.241.102]) Closing
>14:47:14 4 SMTP-228([12.8.241.102]) Nothing read - stream closed
>14:47:14 4 SMTP-228([12.8.241.102]) Input Stream ended
>14:47:14 2 SYSTEM [S.0000488490] S.0000488490 1+0
>From:[EMAIL PROTECTED]
>14:47:14 4 SMTP [S.0000488490] is enqueued
>14:47:14 4 SMTP disposing line 12228
>14:47:14 4 SMTP Line 12230 created for mindcorral.com, [S.0000488490]
>14:47:14 4 SMTP [S.0000488490] queued to line 12230(0/1). 1 routes
>14:47:14 4 SMTP-230(mindcorral.com) Got 2 relay(s)
>14:47:14 4 SMTP-230(mindcorral.com) Looking for mail.mdcclxxvi.com
>14:47:15 3 SMTP [S.0000488490] dequeueing
>14:47:15 1 SYSTEM(SMTP) [S.0000488490] failed on
>(mindcorral.com)recipient. Error Code=-15010
>14:47:15 4 SMTP disposing line 12230
That looks like SIMS failing to connect to mail.mdcclxxvi.com. Is
that by any chance the outside address of a NAT? Such a failure is
rather common.
>14:47:15 2 SYSTEM [S.0000488491]
><[EMAIL PROTECTED]> 1+0 From:NULL@NULL
>14:47:15 4 SMTP [S.0000488491] is enqueued
>14:47:15 4 SMTP Line 12231 created for deals4recruiters.com, [S.0000488491]
>14:47:15 4 SMTP [S.0000488491] queued to line 12231(0/1). 1 routes
>14:47:15 4 SMTP-231(deals4recruiters.com) Got 1 relay(s)
>14:47:15 4 SMTP-231(deals4recruiters.com) Looking for
>mail.deals4recruiters.com
>14:47:15 3 SMTP-231(deals4recruiters.com) Failed to connect to
>[64.48.60.226:25]. reason=61
>14:47:15 3 SMTP-231(deals4recruiters.com) No relay address is
>accessable. Error Code=-25010
>14:47:16 3 SMTP [S.0000488491] dequeueing
>14:47:16 4 SMTP disposing line 12231
OOPS! it cannot deliver the bounce either. The bounce will land in
the queue and rot as well.
In addition: your ns1 and ns2 boxes are still happily resolving
mindcorral.com because you apparently:
1. Did too complete a removal job.
2. Do recursive resolution for anything and anyone.
3. Still have the root servers pointing at you.
I suggest that you AT LEAST recreate an empty zone for
mindcorral.com. Make your nameservers authoritative for it, but give
it no records. That way at least you won't have your own nameservers
telling anyone who asks that mail.mdcclxxvi.com is the place that
accepts mindcorral.com mail. Right now, they are doing just that.
--
Bill Cole
[EMAIL PROTECTED]
#############################################################
This message is sent to you because you are subscribed to
the mailing list <[EMAIL PROTECTED]>.
To unsubscribe, E-mail to: <[EMAIL PROTECTED]>
To switch to the DIGEST mode, E-mail to <[EMAIL PROTECTED]>
To switch to the INDEX mode, E-mail to <[EMAIL PROTECTED]>
Send administrative queries to <[EMAIL PROTECTED]>
