"User Unknown" errors related to DNS issues?
Hi all, I see a periodic problem with some email servers that report "User Unknown" for valid users. The most recognizable problematic host is hotmail.com, but there usually are others mixed in (today's additional problematic hosts included msn.com, verizon.net, and incentre.net). Here is one of the errors: Dec 13 11:20:55 mail sm-msp-queue[5360]: iBDGFPc0004630: to=<frank-****@msn.com>, delay=00:05:30, xdelay=00:00:00, mailer=esmtp, pri=470333, relay=mx1.hotmail.com. [64.4.50.99], dsn=5.7.1, stat=User unknown I found this post on Neohapsis that suggests the problem is DNS/firewall related: http://archives.neohapsis.com/archives/postfix/2004-03/1774.html What I can't understand is why this would be periodic and what, if anything, I can do to validate the authenticity of the errors? Do others see this same issue? -Jim P.
On Mon, 13 Dec 2004, Jim Popovitch wrote:
Hi all,
I see a periodic problem with some email servers that report "User Unknown" for valid users. The most recognizable problematic host is hotmail.com, but there usually are others mixed in (today's additional problematic hosts included msn.com, verizon.net, and incentre.net).
Do others see this same issue?
Hi Jim. I don't think your problem is dns related. We had problems with many hotmail/msn accounts returning user unknown for valid users. We tried solving it by resending all email and ignore 550 errors/bounces up to 50 times (several emails were delivered even after 40 550 bounces). Unfortunately hotmail complained about it after short time because it generated very many bounces. They suggested signing up for bondedsender.com. Temporary resolved the problem by still ignoring 550 but up to 15 times and retry in a slower sequence. We might sign up for bondedsender though.. seems like an okay idea. Joergen Hovland ENK
On Monday, 2004-12-13 at 17:38 EST, Jim Popovitch <jimpop@yahoo.com> wrote:
I see a periodic problem with some email servers that report "User Unknown" for valid users. The most recognizable problematic host is hotmail.com, but there usually are others mixed in (today's additional problematic hosts included msn.com, verizon.net, and incentre.net).
I found this post on Neohapsis that suggests the problem is DNS/firewall related:
http://archives.neohapsis.com/archives/postfix/2004-03/1774.html
What I can't understand is why this would be periodic and what, if anything, I can do to validate the authenticity of the errors?
I'm not sure why a dns problem would result in "user unknown". But the discussion on the postfix list could still be pertinent. Hotmail.com and msn.com both produce incomplete responses to udp dns queries for their MX records. That will trigger your nameserver to send a second query using tcp. If there is a firewall (likely at your own site) that blocks this tcp query or the response, you won't get any response at all - the domain lookup will fail. Here's a test for you. On the nameserver used by your mail server (or you can do it on the mail server itself), issue the following command (or equivalent); the "-vc" option is critical - it means "use tcp". If you don't get any response, that could be the problem - fix your firewall. If you do get a good response, I don't know what the problem is (nor do I know what it is for verizon.net, and incentre.net, which don't look like they would produce this issue). nslookup -qt=any -vc hotmail.com.
Do others see this same issue?
Not I. Tony Rall
On Monday, 2004-12-13 at 17:38 EST, Jim Popovitch <jimpop@yahoo.com> wrote:
I see a periodic problem with some email servers that report "User Unknown" for valid users. The most recognizable problematic host is hotmail.com, but there usually are others mixed in (today's additional problematic hosts included msn.com, verizon.net, and incentre.net).
I found this post on Neohapsis that suggests the problem is DNS/firewall related:
http://archives.neohapsis.com/archives/postfix/2004-03/1774.html
What I can't understand is why this would be periodic and what, if anything, I can do to validate the authenticity of the errors?
I'm not sure why a dns problem would result in "user unknown". But the discussion on the postfix list could still be pertinent. Hotmail.com and msn.com both produce incomplete responses to udp dns queries for their MX records. That will trigger your nameserver to send a second query using tcp. If there is a firewall (likely at your own site) that blocks this tcp query or the response, you won't get any response at all - the domain lookup will fail. Here's a test for you. On the nameserver used by your mail server (or you can do it on the mail server itself), issue the following command (or equivalent); the "-vc" option is critical - it means "use tcp". If you don't get any response, that could be the problem - fix your firewall. If you do get a good response, I don't know what the problem is (nor do I know what it is for verizon.net, and incentre.net, which don't look like they would produce this issue). nslookup -qt=any -vc hotmail.com.
Do others see this same issue?
Not I. Tony Rall
participants (3)
-
Jim Popovitch -
Jørgen Hovland -
Tony Rall