-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi,
On 02/12/13 15:11, Simon Green wrote: > SMTP error from remote mail server after initial connection: host > mx.bt.lon5.cpcloud.co.uk [65.20.0.49]: 421 > smtpin41.bt.ext.cpcloud.co.uk Service not available - no PTR record > for 134.0.22.242: retry timeout exceeded We hit a similar problem with Critical Path [cpcloud.co.uk] - it was found that their DNS lookup would be in uppercase and a bug in a Cisco ASA firewall in the path was dropping the request. Not sure if this is a similar issue. > $ dig +short -x 134.0.22.242 > > shared4.wirehive.net. Confirmed: marcus@marcus-laptop ~ $ host 134.0.22.242 242.22.0.134.in-addr.arpa domain name pointer shared4.wirehive.net. > Perhaps BT have recently changed something that they check against > and it's a badly trapped error?! Snip from discussions with Critical Path: Your email was forwarded to us to research and help resolve. We (Critical Path) run the mail servers that handle the inbound traffic to btinternet.com / btopenworld.com / talk21.com We have also recently taken over handling mail to [email protected] - - so if you have problems in the future you should find that email to that address gets to us. When we do a reverse DNS check to find the PTR we look up like this 4.234.66.195.IN-ADDR.ARPA this is a valid and common way of checking - with the domain name in uppercase. A while ago CISCO released an update to their IOS firmware that introduced a bug. As a consequence, it no longer accepted PTR lookups that used uppercase alphabetic characters. They have subsequently fixed this and have issued updates (e.g. in ASA 9.0(3) in July 2013) - but the users of their equipment might not have implemented it yet. So, if you (or your partners) are using CISCO equipment then there is a good chance that this is the cause of the problem. The CISCO bug reference for the ASA 9.x dropping case sensitive DNS PTR requests is CSCud64817: http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fet chBugDetails&bugId=CSCud64817&Submit=Search (but will need a CISCO account to access that) Cisco list it as fixed in versions: 9.0(3) 9.0(2.10) 100.9(0.19)M 100.8(50.12)M 100.8(34.1)M 100.8(27.30)M 100.8(38.4)M 100.9(4.1)M 100.9(9.1)M 9.0(2.100) You can see the problem by using a DNS lookup tool - e.g. using "dig" in Linux shows: dig 4.234.66.195.in-addr.arpa PTR +short gold.linx.net. but dig 4.234.66.195.IN-ADDR.ARPA PTR connection timed out; no servers could be reached Paul Webster Critical Path http://www.cp.net Hope this helps.... - -- Marcus Taylor (Database Application Developer) London Internet Exchange Ltd. 2nd Floor Trinity Court, Trinity Street, PE1 1DA Registered England and Wales number 3137929 DDI 01733 207724 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJSnKbgAAoJEG8tIkQeE/vKvBYQAJYqWB2bkTE5Vyvm2TknVn+K L45XefogcvxryMuUMyMwHysJ9ZJ1blRcXA6u602MLweynLl4aedIninkVDcFmdeg UkEVaPtnyFzSmMEhRGq9OYRmOZwvd0BxLwsbJT9KKsf9pbKfGd5XXvHKITtv8xax G2IKxYlvm4yjYJcMfYwa1VtlqSmZ0Mj3EBxzVUSBOb2rE7IuF19ozR28xc6My6ld X+3rL7j5Iy4nbBoehzREPt8Io5oGWHWi3BdQO5aW+nHcS92xvq6413IOgr4dxOTs 5wiRgbKHa/Dxp9JfOTTS/TmYsyPJ5g5Okmy69s8PCCh86mBAg+JORbiuqdr8HdDz 4no7JoXch1w2ZxHbxonOx2KngATFHyjFcuOufqT64Bwtdnz2JQiqysyxh94G8vUk wG6JU6LdTycVbB7+UcWU2EnJy0MxbksR7Sl7JjBOgHgW2muufQnwQIc2rvEzQuaP EfdQtQd24RQndut2oXYnK3vxb9IwSFzZrYCINo2Mr8sjmW0EdT9MT2VmdCDxzgb6 LE2kO+CX/r7zfNQrEN3t1XFCiqN0b1/LkkKPBPBhmsw7nYd6NLSbxlQSRU4jVqmz OSCH5BIbOxTZza4ar219P1H+yd8ZtflWlPo8VDjKxEkxU/LnvfVKLYfNL8Pv8D42 YwIZmos5IfrWp2CSfJUn =r0j/ -----END PGP SIGNATURE-----
