[nzlug] (OT) Sorbs etc, was Exim: Limiting outgoing connections
on Debian
Martin D Kealey
martin at kurahaupo.gen.nz
Sat Oct 7 08:57:54 NZDT 2006
On Sat, 7 Oct 2006, Robin Sheat wrote:
> There should be no expectation that mail is delivered instantly.
I agree, but there are ISP's out there selling "faster internet" who aren't
helping the perception. And that gutless wonder the commerce commission
isn't going to make them stop lying to the public any time soon.
> > And I have a client whose odd Mac-based mailserver
> > package doesn't know what retrying is :-(
> If they have a non-RFC-abiding mailserver, they should have no expectation
> that any mail is going to get through at all. That server would fail in the
> face of random network issues, and so shouldn't be used.
Hmm. In general I agree, but I've encountered a couple of weird problems
myself lately, both to do with Exim (which I run, after talking to Phillip
Hazel at NZNOG'05). Both of these are because of underlying DNS quirks:
1. Outbound mail to someone with on a dynamic IP using no-ip.info tends to
fail most of the time. It turns out that the MX record has a 1-day TTL
(lifetime) while the A record it points to has a 1-minute TTL. Not
surprisingly then, the local cache usually answers requests for the MX but
omits the glue A record. The problem is that Exim then interprets this as
meaning the address doesn't exist, and refuses to queue the message at
submission time. My current work-around is to have the submission process
pre-request the MX record from the cache, which gives the A record time to
turn up (from the other side of the planet) before Exim asks for it.
2. Inbound mail to someone else's Exim server is rejecting my mail because
during a call back to verify the sending address, it can't look up my
hostname. It turns out that 2Day.com have botched their data entry process
for "other ISP" and are discarding the A glue records that should accompany
the NS records, so things go too slowly for them. I don't know what DNS
cache they're running - indeed I can't get them to talk to me at all! Apart
from the missing glue records, my DNS is OK - reverse & forward match etc.
I'd considered myself fairly experienced with mail & DNS, but I have to
admit these had me stumped for weeks. And now that I know the cause,
it is galling not to be able to fix them, but to be dependent on
less-than-cooperative other parties.
any suggestions?
-Martin
--
"War against Terrorism" is an oxymoron
More information about the NZLUG
mailing list