I have not been following this as I have been very busy. > Here is another header for an email sent Monday 12/8/03 @ 2:34pm and > received on Tuesday 12/9/03 11:30am. Can anyone help me figure out why it > would be delayed? i have checked my mx records and firewall configs. > everything checks out fine. Nope! What are you using for a firewall and how is it configured? > Received: from valiant.cnchost.com ([207.155.252.9]) by hera.olympus with > Microsoft SMTPSVC(5.0.2195.6713); > Tue, 9 Dec 2003 11:30:16 -0500 This message was received by some server claiming to be hera.olympus on Tue, 9 Dec 2003 at 11:30:16 AM from server valiant.cnchost.com at IP 207.155.252.9. Red flag #1: Who is that server and what is the IP address and why does it not have a FQDN? Yellow flag #1: The IP address 207.155.252.9 is listed in 2 spam databases. Red flag #2: The PTR record for 207.155.252.9 is valiant.concentric.net which is different that what it is claiming to be above. Yellow flag #2: Neither valiant.concentric.net nor valiant.cnchost.com nor IP 207.155.252.9 are in the MX records for cnchost.com. Yellow flag #3: The DNS records for cnchost.com point to concentric.net servers, and visa versa. > Received: (russelldesign.com (329709)@localhost) > by valiant.cnchost.com > id OAA29755; Mon, 8 Dec 2003 14:34:20 -0500 (EST) > [ConcentricHost SMTP Relay 1.16] This was receved by valiant.cnchost.com on Mon, 8 Dec 2003 at 14:34:20 PM from some thing claiming to be russelldesign.com(329709)@localhost. Red flag #3: This was received by valiant.cnchost.com on Monday at 2:34 PM but was not received by the next hop, hera.olympus, until almost 21 hours later. If you do a DNSReport on cityharvest.org, you find some interesting information. http://www.dnsreport.com/tools/dnsreport.ch?domain=cityharvest.org Red flag #4: One of your MX records is a private IP and has no place being in a public DNS record for that domain. Yellow flag #4: mail.cityharvest.org claims to be host hera.olympus. This is a violation of RFC821 4.3 Red flag #5: If you do a who is on IP 66.155.149.42 you find Verio.net mentioned. Gee, why does that not surprise me? I have a client that was using them for MX records and we found lots of examples of delayed mails. Looking up 66.155.149.42 at whois.radb.net. NOTE: More information appears to be available at AS15270. route: 66.155.148.0/22 descr: NYC origin: AS15270 notify: bgpadmin@xxxxxxxxxx notify: routing@xxxxxxxxxxxx mnt-by: MAINT-PAETEC changed: ted.sanfilippo@xxxxxxxxxx 20030313 source: VERIO aut-num: AS15270 as-name: PAETEC2-AS descr: PaeTec Communications, Inc. admin-c: SH9-ARIN tech-c: SIN-ORG import: from AS2914 action pref = 120; accept ANY AND NOT {0.0.0.0/0} export: to AS2914 announce AS15270 notify: routing@xxxxxxxxxxxx mnt-by: MAINT-VERIO-RA changed: boudreat@xxxxxxxxxxxxx 20001113 source: VERIO Conclusion, the more "issues" there are, the harder to diagnose a problem. John Tolmachoff Engineer/Consultant/Owner eServices For You