Cannot Receive from a particular Domain

quadium

Verified User
Joined
Sep 29, 2007
Messages
44
I have a strange one here.

There’s a domain that is sending email to us, but it cannot be received. I checked the logs, and I see no record of any attempts with that address.

I looked into it, and it’s a subdomain that has no a record. They do have a DMARC setup for it and it’s from an otherwise large institution.

I whitelisted it initially before I had looked into it, but it had no effect. Later I looked into the logs to see what was happening and found it wasn’t in the logs at all. Then I looked for the DNS info.

Would having no A record be automatically blocked so that it doesn’t even register in the logs? Seems strange, but I feel it’s either overzealous core spam blocking in exim or something on their end where they don’t attempt to send to a particular domain for whatever reason. Very odd for there to be no record in the logs, because I see discarded messages all the time in the logs if they are flagged.

It’s happening to two domains, both hosted on our server for the same customer.

If they send to another provider’s generic email account they come through no problem.

There’s nothing blacklisted, but even then that shouldn’t affect incoming. DNS records seem to be fine and haven’t changed in decades.

I personally have received email 8 months ago from the same address at one of my domains, but haven’t been able to test recently since this problem started occurring.

Any idea what might be going on here?
 
Hello,

If you don't see traces in logs, then a connection can not be established. You might need to check a firewall in such a case. Probably you whitelisted wrong IPs.
 
They do have a DMARC setup for it and it’s from an otherwise large institution.
So they also have SPF and DKIM? Otherwise DMARC is useless.

Since it's coming from an external server, seems to me the issue is caused on their part somehow if you don't block their ip, because if all other mail can reach you and they are the only ones who can't, there must be an issue on their side. Maybe your server ip is blocked on their side?
It's also very odd they don't have any A record. However, this would not cause to not show some connection attempt.

Check exim mainlog, exim error log and check ip in system log. If nothing is to be found, not even a block, then the issue is on their side.
If you want you can send me your domain and their (sub)domain per pm and I'll have a second look for you.
 
Hello,

If you don't see traces in logs, then a connection can not be established. You might need to check a firewall in such a case. Probably you whitelisted wrong IPs.
I whitelisted the e-mail address it was being sent from. I checked to ensure it actually was the address, but if it was erroneously blacklisted it should still be in the logs. Have not done any white/blacklisting for IPs outside the normal client side and LFD IPs.
 
Have not done any white/blacklisting for IPs outside the normal client side and LFD IPs.

Whenever a sending server connects to your server it should be registered in logs. If nothing can be found in logs, then a sending server never connected to your server.
 
So they also have SPF and DKIM? Otherwise DMARC is useless.

Since it's coming from an external server, seems to me the issue is caused on their part somehow if you don't block their ip, because if all other mail can reach you and they are the only ones who can't, there must be an issue on their side. Maybe your server ip is blocked on their side?
It's also very odd they don't have any A record. However, this would not cause to not show some connection attempt.

Check exim mainlog, exim error log and check ip in system log. If nothing is to be found, not even a block, then the issue is on their side.
If you want you can send me your domain and their (sub)domain per pm and I'll have a second look for you.
Checked SPF and It's AmazonSES that's included there.

So it could one of many IPs.

Checked the logs and I suppose I'll have to do some pattern searches...
 
Whenever a sending server connects to your server it should be registered in logs. If nothing can be found in logs, then a sending server never connected to your server.
There's plenty in the logs, but nothing that includes that e-mail domain. I have not yet checked Amazon SES for IP connection attempts.
 
I checked the pm. To me it looks like it's an issue on their side. Not only no A record, but no MX record either.

They do indeed have SPF records to send outgoing mail via Amazon SES, but without MX they can't receive mail and chances are high that the mail is already blocked by Amazon SES due to not having an MX record. Which would explain why your server isn't even reached.
 
I checked the pm. To me it looks like it's an issue on their side. Not only no A record, but no MX record either.

They do indeed have SPF records to send outgoing mail via Amazon SES, but without MX they can't receive mail and chances are high that the mail is already blocked by Amazon SES due to not having an MX record. Which would explain why your server isn't even reached.
There are plenty of AmazonSES delivered messages on the server as well discovered while scanning for those IP ranges. The question is why are some providers able to receive from that address? I did confirm, the server is not on any Blacklists. I cannot comment if the receiving addresses are on AmazonSES internal "Global Suppression List" as I do not have access to check, but since they are likely receiving other AmazonSES messages, not sure what's up other than the domain might be misconfigured.
 
Back
Top