[prev in list] [next in list] [prev in thread] [next in thread]
List: ngw
Subject: Re: [ngw] Internet email queued
From: Danita Zanre <dzanre.ngwlist () gmail ! com>
Date: 2009-07-30 20:34:17
Message-ID: bdc473350907301334q4fa0abdasa9b8239914a40db2 () mail ! gmail ! com
[Download RAW message or body]
Depends on how you are configured. If you have direct links configured
between external domains, it's no problem. If you are depending on the MTP
records (which it doesn't sound like you are), then you would definitely
have a problem.
Danita
On Thu, Jul 30, 2009 at 2:11 PM, Douglas Smith <drsmith@lumc.edu> wrote:
> If we were to disable the MTA to MTA communication, would it affect
> our External System Synchronization with our parent University?
>
> All the IDomains that I found in our seven domains with post offices are
> closed. Also the details show only 3 octets of the IP address.
>
> Thanks again for your help.
>
> - Doug
>
> > > > On 2009/07/30 at 14:30, in message <
> bdc473350907301230v4701eea1m640e06bd39958bac@mail.gmail.com>, Danita Zanre
> <dzanre.ngwlist@gmail.com> wrote:
> BTW - I have reported this to Novell. It looks to me like even doing a
> query for the TXT record comes back with their SPF record for that host - so
> I think Novell should really only use the record if it has a Port associated
> with it - it must be defaulting to using port 7100 if no port is specified.
> I can see how this could become a big issue if a lot of sites started using
> wildcard DNS.
> Danita
>
>
> On Thu, Jul 30, 2009 at 1:07 PM, Danita Zanre <dzanre.ngwlist@gmail.com>wrote:
>
> > They are using some kind of wildcard DNS and anything you ask for comes
> > back as valid. I'm not sure why anyone would do such a thing, but since they
> > are, the only way a GW site can ever send mail to them except for once a day
> > at midnight will be to turn MTA>MTA deliver off
> >
> >
> > On Thu, Jul 30, 2009 at 1:02 PM, Danita Zanre <dzanre.ngwlist@gmail.com>wrote:
> >
> > > Heehee - well they HAVE to have a record for gwmtp.tcp.hrsolutions.comdon't \
> > > they - otherwise how could I do this?? paisley:~ danita$ ping \
> > > gwmtp.tcp.hrsolutionsinc.com PING gwmtp.tcp.hrsolutionsinc.com (74.205.37.10): \
> > > 56 data bytes 64 bytes from 74.205.37.10: icmp_seq=0 ttl=116 time=3039.905 ms
> > > 64 bytes from 74.205.37.10: icmp_seq=1 ttl=116 time=45.549 ms
> > > 64 bytes from 74.205.37.10: icmp_seq=2 ttl=116 time=32.346 ms
> > > 64 bytes from 74.205.37.10: icmp_seq=3 ttl=116 time=38.547 ms
> > > 64 bytes from 74.205.37.10: icmp_seq=4 ttl=116 time=43.004 ms
> > > 64 bytes from 74.205.37.10: icmp_seq=5 ttl=116 time=30.105 ms
> > > 64 bytes from 74.205.37.10: icmp_seq=6 ttl=116 time=35.265 ms
> > >
> > >
> > > On Thu, Jul 30, 2009 at 12:53 PM, Douglas Smith <drsmith@lumc.edu>wrote:
> > >
> > > > Talked with the admin again. He says that they don't have any
> > > > gwmtp.tcp.hrsolutionsinc.com in their DNS. If fact, if you ping
> > > > aardvark9999.hrsolutionsinc.com, you will get the same response as for
> > > > gwmtp.tcp.hrsolutionsinc.com.
> > > > - Doug.
> > > >
> > > > > > > On 2009/07/30 at 13:43, in message <
> > > > bdc473350907301143j779bca20wcab188767fc12893@mail.gmail.com>, Danita
> > > > Zanre <dzanre.ngwlist@gmail.com> wrote:
> > > > well, that explains why they don't have a mtp record <g> - but they must
> > > > have been on GW at some point, deleted that, but left in an A record for
> > > > some reason. Tell them to get rid of the A record for
> > > > gwmtp.tcp.hrsolutionsinc.com.
> > > > Danita
> > > >
> > > >
> > > > On Thu, Jul 30, 2009 at 12:38 PM, Douglas Smith <drsmith@lumc.edu>wrote:
> > > >
> > > > > Thanks Danita. I just checked with hrsolutionsinc's admin and they
> > > > > are using Exchange. How could they disable this feature?
> > > > > We have our University's GW system set up for External System
> > > > > Synchronization -- Would disabling the MTA to MTA communication adversely
> > > > > affect this setup. I currently have the links set up so that they can talk
> > > > > directly to any of our domains.
> > > > > - Doug.
> > > > > > > > On 2009/07/30 at 13:10, in message <
> > > > > bdc473350907301110s1ff47f3ahf80cec73a416a50b@mail.gmail.com>, Danita
> > > > > Zanre <dzanre.ngwlist@gmail.com> wrote:
> > > > > For example:
> > > > > gwmtp.tcp.hrsolutionsinc.com 172800 IN SRV 1 0 7100 74.205.37.10
> > > > >
> > > > > That says that server at 74.205.37.10 is listening on part 7100 for
> > > > > messages.
> > > > >
> > > > > Now, of course, not only do they need to have this record, but they
> > > > > also need to have port 7100 open for access, and you have to allow port \
> > > > > 7100 out as well!
> > > > >
> > > > > It's actually a quite misunderstood function <g>. But if two GW sites
> > > > > talk like this, they can see status, retract messages that haven't been
> > > > > opened, and even busy search each other if the option is selected.
> > > > >
> > > > > Danita
> > > > >
> > > > >
> > > > >
> > > > > On Thu, Jul 30, 2009 at 11:43 AM, Douglas Smith <drsmith@lumc.edu>wrote:
> > > > >
> > > > > > Thanks Danita, Joe, Morris. I will check on this. Just out of
> > > > > > curiosity, how do you set up a "proper" TXT record?
> > > > > > - Doug.
> > > > > >
> > > > > > > > > On 2009/07/30 at 12:20, in message <
> > > > > > bdc473350907301020q6dd35374g7309ebf0bf133928@mail.gmail.com>, Danita
> > > > > > Zanre <dzanre.ngwlist@gmail.com> wrote:
> > > > > > He's not even getting to the GWIA. The entry in the MTA clearly
> > > > > > indicates that the MTA has found a record for hrsolutionsinc.com and
> > > > > > is trying to queue the message to that server. This has nothing to do \
> > > > > > with MX records. It has to do with TXT records, and A records. They don't
> > > > > > actually have a proper TXT record for gwmtp.tcp.hrsolutionsinc.comthat \
> > > > > > directs the MTA what port the message should be delivered to, but they \
> > > > > > have an A record for gwmtp.tcp.hrsolutionsinc.com and this is totally \
> > > > > > confusing the MTA into thinking it's supposed to do the delivery. If you \
> > > > > > have MTA>MTA delivery enabled for your MTA, just send a message to \
> > > > > > test@hrsolutionsinc.com and then go look at your MTA domain links. You \
> > > > > > will now see: Direct Link Type Status Messages Queued Oldest
> > > > > > hrsolutionsinc.com IDomain Closed 1 0:01:05
> > > > > >
> > > > > > Danita
> > > > > >
> > > > > >
> > > > > > On Thu, Jul 30, 2009 at 11:09 AM, Joseph Marton \
> > > > > > <jmmarton@gmail.com>wrote:
> > > > > > > Where do you see that?
> > > > > > >
> > > > > > > > set querytype=mx
> > > > > > > > hrsolutionsinc.com
> > > > > > > Server: 10.1.1.53
> > > > > > > Address: 10.1.1.53#53
> > > > > > >
> > > > > > > Non-authoritative answer:
> > > > > > > hrsolutionsinc.com mail exchanger = 10 mail2.hrsolutionsinc.com.
> > > > > > >
> > > > > > > Authoritative answers can be found from:
> > > > > > > hrsolutionsinc.com nameserver = ns71.worldnic.com.
> > > > > > > hrsolutionsinc.com nameserver = ns72.worldnic.com.
> > > > > > > mail2.hrsolutionsinc.com internet address = 66.237.133.213
> > > > > > >
> > > > > > >
> > > > > > > I don't see any MX record for gwmtp.tcp.hrsolutionsinc.com.
> > > > > > >
> > > > > > > Joe
> > > > > > >
> > > > > > >
> > > > > > > On Thu, Jul 30, 2009 at 12:03 PM, Danita Zanre <
> > > > > > > dzanre.ngwlist@gmail.com> wrote:
> > > > > > >
> > > > > > > > Yep - they have a record defined for gwmtp.tcp.hrsolutionsinc.comthat \
> > > > > > > > is totally invalid.
> > > > > > >
> > > > > > >
> > > > > >
> > > > >
> > > >
> > >
> >
>
[Attachment #3 (text/html)]
Depends on how you are configured. If you have direct links configured between \
external domains, it's no problem. If you are depending on the MTP records \
(which it doesn't sound like you are), then you would definitely have a problem. \
<div> <br></div><div>Danita</div><div><br><br><div class="gmail_quote">On Thu, Jul \
30, 2009 at 2:11 PM, Douglas Smith <span dir="ltr"><<a \
href="mailto:drsmith@lumc.edu">drsmith@lumc.edu</a>></span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex;">
<div style="margin:4px 4px 1px;font:12pt Comic Sans MS">
<div>If we were to disable the MTA to MTA communication, would it affect our External \
System Synchronization with our parent University?</div> <div> </div>
<div>All the IDomains that I found in our seven domains with post offices are closed. \
Also the details show only 3 octets of the IP address.</div> <div> </div>
<div>Thanks again for your help.</div>
<div> </div>
<div> - Doug<br><br>>>> On 2009/07/30 at 14:30, in message <<a \
href="mailto:bdc473350907301230v4701eea1m640e06bd39958bac@mail.gmail.com" \
target="_blank">bdc473350907301230v4701eea1m640e06bd39958bac@mail.gmail.com</a>>, \
Danita Zanre <<a href="mailto:dzanre.ngwlist@gmail.com" \
target="_blank">dzanre.ngwlist@gmail.com</a>> wrote:<br> </div>
<div style="border-left:#050505 1px solid;background-color:#f3f3f3;margin:0px 0px 0px \
15px;padding-left:7px">BTW - I have reported this to Novell. It looks to me like even \
doing a query for the TXT record comes back with their SPF record for that host - so \
I think Novell should really only use the record if it has a Port associated with it \
- it must be defaulting to using port 7100 if no port is specified. I can see how \
this could become a big issue if a lot of sites started using wildcard DNS. \
<div><br></div> <div>Danita</div>
<div><br><br>
<div class="gmail_quote">On Thu, Jul 30, 2009 at 1:07 PM, Danita Zanre <span \
dir="ltr"><<a href="mailto:dzanre.ngwlist@gmail.com" \
target="_blank">dzanre.ngwlist@gmail.com</a>></span> wrote:<br> <blockquote \
style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" \
class="gmail_quote">They are using some kind of wildcard DNS and anything you ask for \
comes back as valid. I'm not sure why anyone would do such a thing, but since \
they are, the only way a GW site can ever send mail to them except for once a day at \
midnight will be to turn MTA>MTA deliver off <div>
<div></div>
<div>
<div><br><br>
<div class="gmail_quote">On Thu, Jul 30, 2009 at 1:02 PM, Danita Zanre <span \
dir="ltr"><<a href="mailto:dzanre.ngwlist@gmail.com" \
target="_blank">dzanre.ngwlist@gmail.com</a>></span> wrote:<br> <blockquote \
style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" \
class="gmail_quote">Heehee - well they HAVE to have a record for <a \
href="http://gwmtp.tcp.hrsolutions.com" target="_blank">gwmtp.tcp.hrsolutions.com</a> \
don't they - otherwise how could I do this?? <div><br></div>
<div>
<div>paisley:~ danita$ ping <a href="http://gwmtp.tcp.hrsolutionsinc.com" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a></div> <div>PING <a \
href="http://gwmtp.tcp.hrsolutionsinc.com" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a> (74.205.37.10): 56 data bytes</div> \
<div>64 bytes from <a href="http://74.205.37.10" target="_blank">74.205.37.10</a>: \
icmp_seq=0 ttl=116 time=3039.905 ms</div> <div>64 bytes from <a \
href="http://74.205.37.10" target="_blank">74.205.37.10</a>: icmp_seq=1 ttl=116 \
time=45.549 ms</div> <div>64 bytes from <a href="http://74.205.37.10" \
target="_blank">74.205.37.10</a>: icmp_seq=2 ttl=116 time=32.346 ms</div> <div>64 \
bytes from <a href="http://74.205.37.10" target="_blank">74.205.37.10</a>: icmp_seq=3 \
ttl=116 time=38.547 ms</div> <div>64 bytes from <a href="http://74.205.37.10" \
target="_blank">74.205.37.10</a>: icmp_seq=4 ttl=116 time=43.004 ms</div> <div>64 \
bytes from <a href="http://74.205.37.10" target="_blank">74.205.37.10</a>: icmp_seq=5 \
ttl=116 time=30.105 ms</div> <div>64 bytes from <a href="http://74.205.37.10" \
target="_blank">74.205.37.10</a>: icmp_seq=6 ttl=116 time=35.265 ms</div> <div>
<div></div>
<div>
<div><br></div>
<div><br></div>
<div>
<div class="gmail_quote">On Thu, Jul 30, 2009 at 12:53 PM, Douglas Smith <span \
dir="ltr"><<a href="mailto:drsmith@lumc.edu" \
target="_blank">drsmith@lumc.edu</a>></span> wrote:<br> <blockquote \
style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" \
class="gmail_quote"> <div style="margin:4px 4px 1px;font:12pt Comic Sans MS">
<div>Talked with the admin again. He says that they don't have any <a \
href="http://gwmtp.tcp.hrsolutionsinc.com/" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a> in their DNS. If fact, if you ping \
<a href="http://aardvark9999.hrsolutionsinc.com" \
target="_blank">aardvark9999.hrsolutionsinc.com</a>, you will get the same response \
as for <a href="http://gwmtp.tcp.hrsolutionsinc.com/" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a>.</div>
<div></div>
<div>- Doug. <br><br>>>> On 2009/07/30 at 13:43, in message <<a \
href="mailto:bdc473350907301143j779bca20wcab188767fc12893@mail.gmail.com" \
target="_blank">bdc473350907301143j779bca20wcab188767fc12893@mail.gmail.com</a>>, \
Danita Zanre <<a href="mailto:dzanre.ngwlist@gmail.com" \
target="_blank">dzanre.ngwlist@gmail.com</a>> wrote:<br> </div>
<div style="border-left:#050505 1px solid;background-color:#f3f3f3;margin:0px 0px 0px \
15px;padding-left:7px">well, that explains why they don't have a mtp record \
<g> - but they must have been on GW at some point, deleted that, but left in an \
A record for some reason. Tell them to get rid of the A record for <a \
href="http://gwmtp.tcp.hrsolutionsinc.com" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a>. <div><br></div>
<div>Danita</div>
<div><br><br>
<div class="gmail_quote">On Thu, Jul 30, 2009 at 12:38 PM, Douglas Smith <span \
dir="ltr"><<a href="mailto:drsmith@lumc.edu" \
target="_blank">drsmith@lumc.edu</a>></span> wrote:<br> <blockquote \
style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" \
class="gmail_quote"> <div style="margin:4px 4px 1px;font:12pt Comic Sans MS">
<div>Thanks Danita. I just checked with hrsolutionsinc's admin and they are using \
Exchange. How could they disable this feature? </div> <div></div>
<div>We have our University's GW system set up for External System \
Synchronization -- Would disabling the MTA to MTA communication adversely affect this \
setup. I currently have the links set up so that they can talk directly to any of our \
domains.</div>
<div></div>
<div>- Doug. </div>
<div></div>
<div>>>> On 2009/07/30 at 13:10, in message <<a \
href="mailto:bdc473350907301110s1ff47f3ahf80cec73a416a50b@mail.gmail.com" \
target="_blank">bdc473350907301110s1ff47f3ahf80cec73a416a50b@mail.gmail.com</a>>, \
Danita Zanre <<a href="mailto:dzanre.ngwlist@gmail.com" \
target="_blank">dzanre.ngwlist@gmail.com</a>> wrote:<br> </div>
<div style="border-left:#050505 1px solid;background-color:#f3f3f3;margin:0px 0px 0px \
15px;padding-left:7px">For example: <div><br></div>
<div>
<div><a href="http://gwmtp.tcp.hrsolutionsinc.com" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a> 172800 IN SRV 1 0 7100 \
74.205.37.10</div> <div><br></div>
<div>That says that server at 74.205.37.10 is listening on part 7100 for \
messages.</div> <div><br></div>
<div>Now, of course, not only do they need to have this record, but they also need to \
have port 7100 open for access, and you have to allow port 7100 out as well!</div> \
<div><br></div> <div>It's actually a quite misunderstood function <g>. But \
if two GW sites talk like this, they can see status, retract messages that \
haven't been opened, and even busy search each other if the option is \
selected.</div>
<div><br></div>
<div>Danita</div>
<div><br></div>
<div><br></div><br>
<div class="gmail_quote">On Thu, Jul 30, 2009 at 11:43 AM, Douglas Smith <span \
dir="ltr"><<a href="mailto:drsmith@lumc.edu" \
target="_blank">drsmith@lumc.edu</a>></span> wrote:<br> <blockquote \
style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" \
class="gmail_quote"> <div style="margin:4px 4px 1px;font:12pt Comic Sans MS">
<div>Thanks Danita, Joe, Morris. I will check on this. Just out of curiosity, how do \
you set up a "proper" TXT record?</div> <div></div>
<div>- Doug. <br>
<div>
<div></div>
<div><br>>>> On 2009/07/30 at 12:20, in message <<a \
href="mailto:bdc473350907301020q6dd35374g7309ebf0bf133928@mail.gmail.com" \
target="_blank">bdc473350907301020q6dd35374g7309ebf0bf133928@mail.gmail.com</a>>, \
Danita Zanre <<a href="mailto:dzanre.ngwlist@gmail.com" \
target="_blank">dzanre.ngwlist@gmail.com</a>> wrote:<br> </div></div></div>
<div>
<div></div>
<div>
<div style="border-left:#050505 1px solid;background-color:#f3f3f3;margin:0px 0px 0px \
15px;padding-left:7px">He's not even getting to the GWIA. The entry in the MTA \
clearly indicates that the MTA has found a record for <a \
href="http://hrsolutionsinc.com" target="_blank">hrsolutionsinc.com</a> and is trying \
to queue the message to that server. This has nothing to do with MX records. It has \
to do with TXT records, and A records. They don't actually have a proper TXT \
record for <a href="http://gwmtp.tcp.hrsolutionsinc.com" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a> that directs the MTA what port the \
message should be delivered to, but they have an A record for <a \
href="http://gwmtp.tcp.hrsolutionsinc.com" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a> and this is totally confusing the \
MTA into thinking it's supposed to do the delivery. If you have MTA>MTA \
delivery enabled for your MTA, just send a message to <a \
href="mailto:test@hrsolutionsinc.com" target="_blank">test@hrsolutionsinc.com</a> and \
then go look at your MTA domain links. You will now see: <div><br></div>
<div>
<div><span style="white-space:pre"></span>Direct Link <span \
style="white-space:pre"></span>Type <span style="white-space:pre"></span>Status <span \
style="white-space:pre"></span>Messages Queued <span \
style="white-space:pre"></span>Oldest</div>
<div><span style="white-space:pre"></span><a href="http://hrsolutionsinc.com" \
target="_blank">hrsolutionsinc.com</a> <span style="white-space:pre"></span>IDomain \
<span style="white-space:pre"></span>Closed <span style="white-space:pre"></span>1 \
<span style="white-space:pre"></span>0:01:05</div>
<div><br></div>
<div>Danita</div>
<div><br></div><br>
<div class="gmail_quote">On Thu, Jul 30, 2009 at 11:09 AM, Joseph Marton <span \
dir="ltr"><<a href="mailto:jmmarton@gmail.com" \
target="_blank">jmmarton@gmail.com</a>></span> wrote:<br> <blockquote \
style="border-left:#ccc 1px solid;margin:0px 0px 0px 0.8ex;padding-left:1ex" \
class="gmail_quote">Where do you see that?<br><br>> set querytype=mx<br>> <a \
href="http://hrsolutionsinc.com" \
target="_blank">hrsolutionsinc.com</a><br>
Server: 10.1.1.53<br>Address: 10.1.1.53#53<br><br>Non-authoritative answer:<br><a \
href="http://hrsolutionsinc.com" target="_blank">hrsolutionsinc.com</a> mail \
exchanger = 10 <a href="http://mail2.hrsolutionsinc.com" \
target="_blank">mail2.hrsolutionsinc.com</a>.<br> <br>Authoritative answers can be \
found from:<br><a href="http://hrsolutionsinc.com" \
target="_blank">hrsolutionsinc.com</a> nameserver = <a \
href="http://ns71.worldnic.com" target="_blank">ns71.worldnic.com</a>.<br><a \
href="http://hrsolutionsinc.com" target="_blank">hrsolutionsinc.com</a> nameserver = \
<a href="http://ns72.worldnic.com" target="_blank">ns72.worldnic.com</a>.<br> <a \
href="http://mail2.hrsolutionsinc.com" target="_blank">mail2.hrsolutionsinc.com</a> \
internet address = 66.237.133.213<br><br><br>I don't see any MX record for <a \
href="http://gwmtp.tcp.hrsolutionsinc.com" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a>.<br> <br>Joe
<div>
<div></div>
<div><br><br>
<div class="gmail_quote">On Thu, Jul 30, 2009 at 12:03 PM, Danita Zanre <span \
dir="ltr"><<a href="mailto:dzanre.ngwlist@gmail.com" \
target="_blank">dzanre.ngwlist@gmail.com</a>></span> wrote:<br> <blockquote \
style="border-left:rgb(204,204,204) 1px solid;margin:0pt 0pt 0pt \
0.8ex;padding-left:1ex" class="gmail_quote">Yep - they have a record defined for <a \
href="http://gwmtp.tcp.hrsolutionsinc.com" \
target="_blank">gwmtp.tcp.hrsolutionsinc.com</a> that is totally invalid. <br> \
</blockquote></div><br></div></div></blockquote></div><br></div></div></div></div></di \
v></blockquote></div><br></div></div></div></blockquote></div><br></div></div></div></blockquote></div><br></div></div></div></div></blockquote>
</div><br></div></div></div></blockquote></div><br></div></div></div>
</blockquote></div><br></div>
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic