RE: delayed emails
- From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
- To: "'[ExchangeList]'" <exchangelist@xxxxxxxxxxxxx>
- Date: Tue, 9 Dec 2003 23:11:25 -0800
I have not been following this as I have been very busy.
> Here is another header for an email sent Monday 12/8/03 @ 2:34pm and
> received on Tuesday 12/9/03 11:30am. Can anyone help me figure out why it
> would be delayed? i have checked my mx records and firewall configs.
> everything checks out fine.
Nope! What are you using for a firewall and how is it configured?
> Received: from valiant.cnchost.com ([207.155.252.9]) by hera.olympus with
> Microsoft SMTPSVC(5.0.2195.6713);
> Tue, 9 Dec 2003 11:30:16 -0500
This message was received by some server claiming to be hera.olympus on Tue,
9 Dec 2003 at 11:30:16 AM from server valiant.cnchost.com at IP
207.155.252.9.
Red flag #1: Who is that server and what is the IP address and why does it
not have a FQDN?
Yellow flag #1: The IP address 207.155.252.9 is listed in 2 spam databases.
Red flag #2: The PTR record for 207.155.252.9 is valiant.concentric.net
which is different that what it is claiming to be above.
Yellow flag #2: Neither valiant.concentric.net nor valiant.cnchost.com nor
IP 207.155.252.9 are in the MX records for cnchost.com.
Yellow flag #3: The DNS records for cnchost.com point to concentric.net
servers, and visa versa.
> Received: (russelldesign.com (329709)@localhost)
> by valiant.cnchost.com
> id OAA29755; Mon, 8 Dec 2003 14:34:20 -0500 (EST)
> [ConcentricHost SMTP Relay 1.16]
This was receved by valiant.cnchost.com on Mon, 8 Dec 2003 at 14:34:20 PM
from some thing claiming to be russelldesign.com(329709)@localhost.
Red flag #3: This was received by valiant.cnchost.com on Monday at 2:34 PM
but was not received by the next hop, hera.olympus, until almost 21 hours
later.
If you do a DNSReport on cityharvest.org, you find some interesting
information.
http://www.dnsreport.com/tools/dnsreport.ch?domain=cityharvest.org
Red flag #4: One of your MX records is a private IP and has no place being
in a public DNS record for that domain.
Yellow flag #4: mail.cityharvest.org claims to be host hera.olympus. This is
a violation of RFC821 4.3
Red flag #5: If you do a who is on IP 66.155.149.42 you find Verio.net
mentioned. Gee, why does that not surprise me? I have a client that was
using them for MX records and we found lots of examples of delayed mails.
Looking up 66.155.149.42 at whois.radb.net.
NOTE: More information appears to be available at AS15270.
route: 66.155.148.0/22
descr: NYC
origin: AS15270
notify: bgpadmin@xxxxxxxxxx
notify: routing@xxxxxxxxxxxx
mnt-by: MAINT-PAETEC
changed: ted.sanfilippo@xxxxxxxxxx 20030313
source: VERIO
aut-num: AS15270
as-name: PAETEC2-AS
descr: PaeTec Communications, Inc.
admin-c: SH9-ARIN
tech-c: SIN-ORG
import: from AS2914 action pref = 120; accept ANY AND NOT
{0.0.0.0/0}
export: to AS2914 announce AS15270
notify: routing@xxxxxxxxxxxx
mnt-by: MAINT-VERIO-RA
changed: boudreat@xxxxxxxxxxxxx 20001113
source: VERIO
Conclusion, the more "issues" there are, the harder to diagnose a problem.
John Tolmachoff
Engineer/Consultant/Owner
eServices For You
Other related posts:
