Stale DNS Records

P

pantherguy

Verified User
Joined
Sep 23, 2008
Messages
5
We are having trouble with a local business emailing us. It started just after we changed our mail filtering service. It looks as though the emails are going to our old mail filtering service. Here is the bounce back message they get:

Your message could not be sent.
A transcript of the attempts to send the message follows.
The number of attempts made: 1
Addressed To: [email protected]

Fri, 05 Sep 2008 15:00:02 -0500
Failed to send to identified host,
[email protected]: 147.202.xx.xx (our old mail filtering ip), 553 sorry, mail relay to [email protected] prohibited, please authenticate or set up relaying
for 69.66.xx.xx (there mail server ip) unknown (#5.7.1)
--- Message non-deliverable.

Why is there outbound mail pointing at our old mail filtering ip? We are having no other problems with anyone else. I talked to our ISP support and they said, "They could certainly have stale DNS entries on their end that would cause that, as I do show that IP is not any one of your current MX's." Does this sound like it could be the issue? What do I need to tell the company that's trying to send to us?

Thanks.
 
You probably should have followed these directions first
http://help.directadmin.com/item.php?id=87

But some isp's hold on to their cache even longer.

Since you did not provide us with domains or ip addresses its hard for us to diagnose a problem. Its amazing how people want help with something but don't want to provide critical details.

Because you left out critical information we cannot even determine that the MX records are set up correctly.
 
I apologize for not listing all of the information.

The emails are being sent to jvetter[at]washsb.com
Our old mail filtering service's ip is 147.202.16.4
It's asking to setup relaying at 69.66.61.158

Thanks, I had not read the article. Is this a change I can make or does the company that hosts our domain need to do this? They are the ones that changed our mx records. This issue has been going on since the 1st of the month. Could the TTL really be set that long?

Thanks for your help.
 
Jeff is a lot better at this than I am but this is what I came up with:

Code: 
[root@server70 ~]# dig washsb.com MX

; <<>> DiG 9.3.3rc2 <<>> washsb.com MX
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11053
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;washsb.com.                    IN      MX

;; ANSWER SECTION:
washsb.com.             60      IN      MX      40 washsb.com.s7b2.psmtp.com.
washsb.com.             60      IN      MX      10 washsb.com.s7a1.psmtp.com.
washsb.com.             60      IN      MX      20 washsb.com.s7a2.psmtp.com.
washsb.com.             60      IN      MX      30 washsb.com.s7b1.psmtp.com.

;; AUTHORITY SECTION:
washsb.com.             60      IN      NS      ns2.perimeterusa.com.
washsb.com.             60      IN      NS      ns1.perimeterusa.com.

;; ADDITIONAL SECTION:
washsb.com.s7a1.psmtp.com. 14325 IN     A       64.18.6.14
washsb.com.s7a2.psmtp.com. 14362 IN     A       64.18.6.13
washsb.com.s7b1.psmtp.com. 14381 IN     A       64.18.6.11
washsb.com.s7b2.psmtp.com. 14393 IN     A       64.18.6.10

;; Query time: 1 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Tue Sep 23 15:05:38 2008
;; MSG SIZE  rcvd: 275

You did not say what your new ip address was so I assume the above is correct?


It's asking to setup relaying at 69.66.61.158
Click to expand...

No. Its asking to set up relaying at 147.202.xx.xx for 69.66.61.158. Its asking to allow relaying for 69.66.61.158 at 147.202.xx.xx.

I believe the server at 147.202.xx.xx has the problem. It still thinks for some reason the mail server is still at the old ip. You will need to contact the admin of that server to find out the problem.

Code: 
[root@server70 ~]# whois 69.66.61.158
[Querying whois.arin.net]
[whois.arin.net]

OrgName:    Iowa Telecom 
OrgID:      IOWATE
Address:    115 South Second Avenue West
City:       Newton
StateProv:  IA
PostalCode: 50208
Country:    US

NetRange:   69.66.0.0 - 69.66.255.255 
CIDR:       69.66.0.0/16 
NetName:    IOWA-TELECOM
NetHandle:  NET-69-66-0-0-1
Parent:     NET-69-0-0-0-0
NetType:    Direct Allocation
NameServer: AR.IOWATELECOM.NET
NameServer: HE.IOWATELECOM.NET
Comment:    
RegDate:    2003-07-31
Updated:    2004-06-01

OrgTechHandle: ITNOC1-ARIN
OrgTechName:   Iowa Telecom Network Operations Center 
OrgTechPhone:  +1-877-255-4837
OrgTechEmail:  [email protected]

# ARIN WHOIS database, last updated 2008-09-22 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.
 
Thanks for your help Floyd. I don't understand much about DNS, as you can tell,so here's my assumption of your post.

Whenever there server (69.66.61.158) sends mail to ours (69.66.45.151), the first thing it does is lookup in DNS where that mail should go. Our MX records currently all point to Postini, and for whatever reason it looks like when they do that lookup, they are looking at old data and seeing our previous spam filtering solution (147.202.16.4), who probably was our MX record some time ago.

I believe the server at 147.202.xx.xx has the problem. It still thinks for some reason the mail server is still at the old ip. You will need to contact the admin of that server to find out the problem.
Click to expand...
I don't know if I confused you or if I read it wrong but are you saying I need to contact the company that's having problems sending us email or the old mail filtering company? I think I've confused myself.
 
sends mail to ours (69.66.45.151)
Click to expand...

According to the MX records your mail server is primarily 64.18.6.14.

But now I am getting confused with some of the numbers.

The other company's isp needs to figure out they are giving out the wrong ip address for your domain.

69.66.61.158 has the problem. Not 147.202.xx.xx.
 
According to the MX records your mail server is primarily 64.18.6.14.
Click to expand...
I apologize, that is where it's going, then it goes to our exchange server. Sorry.

Thanks. I'll let them know. The strange thing is they have the ISP as us and we've (me and the other company's IT person) have talked to there email admin but no one has figured that out.
 
nslookup needs to be run from the other company's computer to see what MX record is being returned for the domain. That is the starting point.
 
floyd, I talked with there IT person and he shows these records retrieved from there mail server:

Non-authoritative answer:
washsb.com MX preference = 30, mail exchanger = washsb.com.s7b1.psmtp.com
washsb.com MX preference = 40, mail exchanger = washsb.com.s7b2.psmtp.com
washsb.com MX preference = 10, mail exchanger = washsb.com.s7a1.psmtp.com
washsb.com MX preference = 20, mail exchanger = washsb.com.s7a2.psmtp.com
washsb.com.s7b1.psmtp.com internet address = 64.18.6.11
washsb.com.s7b2.psmtp.com internet address = 64.18.6.10
washsb.com.s7a1.psmtp.com internet address = 64.18.6.14
washsb.com.s7a2.psmtp.com internet address = 64.18.6.13

I said those looked correct but we still can't figure out where there getting the wrong record. Is it possible that the company that changed our MX records didn't delete one of the old ones?
 
You must log in or register to reply here.
Back
Top