mail sent from aol to specific domains is not received at our server

[jonathanc]

We have had a client who is complaining that some email sent to their account on a directadmin server was not being delivered. In fact there was no trace of the "sent" email in any log and I assumed it was a "user" sending problem.

But I have had another report from another client of the same disappearing mail problem, and both concern mail from aol users

We seem to receive email OK from aol every day. Currently the problem seems to be limited to two domains, and mail disappears when sent to different users on those domains. I can't see any entry at all in the mainlog that indicates connection from aol that would tie up with the sent emails. So no errors or mail rejected.

In the first case, mail has been received at the problem domain before and after the lost mail.

I can't identify any blocked IP addresses in any of our security logs -- and it is only these two specific domains on our server that seem to be a problem.

I asked aol user to send me an email which I received OK via the server. Then I asked the aol user to send another test email to me, cc to one of the problem domains and also to my google email address.

The email arrived at the cc google address. But was not received at my normal address on the server (where it had previously delivered OK), or the client cc problem address.

Does anybody have any suggestions on where I should look next to try sort out this problem? The result where the test cc mail to the problem domain seems to have stopped delivery to my address on the server seems particularly baffling.


Thank you


Jonathan

 

[jonathanc]

Ah user has found an error message from AOL server...

--AOL Postmaster

-----
The delivery status notification errors
-----


<user@domain>: conversation with
* * mailserver.domain[xxx.xxx.xxx.xxx.] timed out while receiving the
* * initial server greeting




So AOL server is timing out.

This does not seem to be a general issus. Anybody got any clue why AOL is timing out.

Thank you


Jonathan

 

[nobaloney]

The most common reason would be because you're taking too long to respond. Do you use greylisting? If so, then whitelist AOL servers to see if it solves the problem.

Jeff

 

[jonathanc]

Yes that makes sense. But I am just using standard spamblocker 4. I have not configured any greylisting. We do receive mail from aol every day. Problem seems to be on particular domains -- but it is possible these are the customers who have complained. Can you think of any other tests I should run? Thank you.

Jonathan

 

[nobaloney]

Mail to AOL is often delayed when they've gotten a lot of complaints about emails from your server, but I've never seen it on incoming emails from AOL.

I've got no other ideas; perhaps someone else does.

Jeff

 

[jonathanc]

Thanks for your feedback Jeff. One other factor I have noticed... almost all mail received from aol fails dkim verification

d=mx.aol.com s=20110426 c=relaxed/relaxed a=rsa-sha256 t=1352984784 [verification failed - signature did not verify (headers probably modified in transit)]

I have seen this reported elsewhere and it does seem to be associated with non-deliverance of some mail. The vast majority of DKIM verification is successful. A small proportion is not and of that proportion most seems to be aol mail but linkedin.com is in there too. Does anyone have a suggestion on what to do next.

Thank you.

Jonathan

 

[jkirker]

Any help would be greatly appreciated...

When I send mail to [email protected] I also get:

----------------------------------------------------------
DKIM check details:
----------------------------------------------------------
Result: fail (signature doesn't verify)
ID(s) verified:
Canonicalized Headers:
content-transfer-encoding:7bit'0D''0A'
content-type:text/plain;'20'charset=ISO-8859-1;'20'format=flowed'0D''0A'
subject:test'0D''0A'
to:[email protected]'0D''0A'
mime-version:1.0'0D''0A'
from:Johnx1'20'Kirker'20'<[email protected]>'0D''0A'
date:Fri,'20'20'20'Dec'20'2013'20'06:09:56'20'-0800'0D''0A'
message-id:<[email protected]>'0D''0A'
dkim-signature:v=1;'20'a=rsa-sha256;'20'q=dns/txt;'20'c=relaxed/relaxed;'20'd=kirker.com;'20's=x;'20'h=Content-Transfer-Encoding:Content-Type:Subject:To:MIME-Version:Fromate:Message-ID;'20'bh=[removed]/[removed]=;'20'b=;

Canonicalized Body:
test'0D''0A'


DNS record(s):
x._domainkey.kirker.com. 60 IN TXT "v=DKIM1; k=rsa; p=[removed]+/[removed]/[removed]/[removed]/[removed]"

Public key used for verification: x._domainkey.kirker.com (1024 bits)

NOTE: DKIM checking has been performed based on the latest DKIM specs
(RFC 4871 or draft-ietf-dkim-base-10) and verification may fail for
older versions. If you are using Port25's PowerMTA, you need to use
version 3.2r11 or later to get a compatible version of DKIM.