Unable to receive mail from the outside world

19 posts / 0 new
Last post
#1 Thu, 01/29/2009 - 09:30
hillb

Unable to receive mail from the outside world

I am unable to receive e-mail from the outside world. The e-mail doesn't bounce back nor do I get any indication that it failed to go through. When I look at /var/log/mail.log there is nothing to indicate my Virtualmin domain knew an e-mail had been sent to it.

I can receive e-mail internally (inside@mydomain.com to inside2@mydomain.com) just fine. I can e-mail the outside world just fine (inside@mydomain.com to outside@foobar.com).

Any pointers on what to do? This appears to be a different problem than what "loufeliz" posted about earlier.

Thu, 01/29/2009 - 10:39
andreychek

Yeah, it sounds like the emails aren't getting to your server -- if I had to guess, I'd guess it was one of these two issues:

1. The MX record, as viewed from the outside world, points to the wrong IP address. Do you have an external machine you can check the MX record with?

2. Port 25/SMTP is being blocked by your ISP. Having an external machine may help here as well -- are you able to telnet into port 25 of your server?
-Eric

Thu, 01/29/2009 - 12:45 (Reply to #2)
hillb

Using this website (http://www.mxtoolbox.com/index.aspx) I can confirm that I have an MX record (there is only one) that points to the correct IP address.

I am able to telnet to my domain (telnet domainname 25) successfully.

Thu, 01/29/2009 - 17:38 (Reply to #3)
andreychek

Yeah, something is fishy.

Is there any chance you could identify the domain? I could look into a few things, and/or send a test email, to try and figure out why you aren't receiving them there.
-Eric

Fri, 01/30/2009 - 05:49 (Reply to #4)
hillb

myriadminds.net

Fri, 01/30/2009 - 06:48 (Reply to #5)
hillb

Sorry, I should have mentioned a valid e-mail address as well: "webmaster" at that domain is valid. So is "support" at that domain.

Fri, 01/30/2009 - 09:33 (Reply to #6)
andreychek

Okay, I tried it from two different systems on two different networks.

One worked perfectly.

The other resulted in a DNS error -- neither the A nor the MX record could be looked up.

That makes me think one of your two DNS servers isn't working.

Doing a "whois" on your domain shows both nameservers -- and when I queried each for information, the second one doesn't resolve.

So, you need to make sure both nameservers have DNS setup for them.
-Eric

Fri, 01/30/2009 - 10:03 (Reply to #7)
hillb

Hi Eric,

You say "One worked perfectly." May I ask which address you sent mail to? I have received nothing and I see nothing in /var/log/mail.log to indicate that mail was received. If you just did a simple "telnet myriadminds.net 25" and you happen to have Verizon's fiber service - I see you in the log (and I'm jealous of your connection).

But even if that is you in the log - I can do a "telnet myriadminds.net 25" and see the mail server respond - it's just that when I send email to either of the addresses I mentioned earlier nothing shows up in the logs at all.

Both name servers (ns1.hydraenterprises.net and ns2.hydraenterprises.net) are set up with GoDaddy (meaning GoDaddy knows they are nameservers). When I go to Domain Dossier (http://centralops.net/co/DomainDossier.aspx) and put in myriadminds.net it sees that SMTP is available (it gets a 220 response). For me, both nameservers resolve and I'm on a completely different network.

An interesting note here: when I look in /var/log/mail.log I can see that Domain Dossier connected to my server.

So from my point of view, DNS is set up for everything and it all resolves as expected.

I'm unsure of what to do from here. I can see the mail server but when I try to send mail to it the mail seems to just go into a black hole and there's never any mention of it in the log.

Fri, 01/30/2009 - 10:43 (Reply to #8)
andreychek

Well, log into a server outside your LAN, other than this particular one, and type this:

host NS1.HYDRAENTERPRISES.NET

host NS2.HYDRAENTERPRISES.NET

The first works for me, the second does not.

So, indeed, some of the lookups you do would work -- but anytime a lookup occurred which hit the second nameserver, rather than the first, would fail.
-Eric

Fri, 01/30/2009 - 12:00 (Reply to #9)
hillb

Ok, *now* I'm seeing DNS issues. I can't ping either of the nameservers (but I can ping the domain itself). I'm going to make some changes and see if that resolves the issue.

I appreciate the help Eric!

Brian

Fri, 01/30/2009 - 11:43 (Reply to #10)
ronald
ronald's picture

for me the ns2 works however
When I run a check:
WARNING: At least one of your NS name does not seem a valid host name
The ones that do not seem valid:
neptune

ERROR: looks like you have lame nameservers. The following nameservers are lame:
205.167.142.104

FAIL: The following nameservers are listed at your nameservers as nameservers for your domain, but are not listed at the parent nameservers (see RFC2181 5.4.1). You need to make sure that these nameservers are working.If they are not working ok, you may have problems!
neptune

ERROR: One or more of the nameservers listed at the parent servers are not listed as NS records at your nameservers. The problem NS records are:
ns2.natcotech.com
ns2.hydraenterprises.net
ns1.hydraenterprises.net
This is listed as an ERROR because there are some cases where nasty problems can occur (if the TTLs vary from the NS records at the root servers and the NS records point to your own domain, for example).

Fri, 01/30/2009 - 12:10 (Reply to #11)
hillb

Thank you Ronald - could you tell me what tool you are using to check? Perhaps I can use the same tool to determine when I've fixed my problem(s).

Brian

Fri, 01/30/2009 - 12:22 (Reply to #12)
Joe
Joe's picture

There's a whole chapter in the Webmin documentation about troubleshooting DNS. It's also linked from our troubleshooting DNS problems guide here:

http://www.virtualmin.com/documentation/id,dns_troubleshooting/

The Webmin DNS troubleshooting guide is here:

http://doxfer.com/Webmin/BINDTroubleshootingTools

There are, of course, a handful of DNS checking tools on the web, as well. Jamie has also just implemented a "check this site" feature for the next Virtualmin release that'll do a handful of tests--DNS, SMTP connectivity, HTTP connectivity, etc. and help narrow down problems with a specific site--it calls home and has our Virtualmin.com server do the tests so that network and DNS can be tested reliably.

--

Check out the forum guidelines!

Fri, 01/30/2009 - 12:31 (Reply to #13)
hillb

Excellent, thank you Joe!

Fri, 01/30/2009 - 14:32 (Reply to #14)
ronald
ronald's picture

i like http://intodns.com/ for a quick check
and http://www.squish.net/dnscheck/ to get a lot deeper

Fri, 01/30/2009 - 15:28 (Reply to #15)
hillb

Thank you Ronald, it's always handy to have the right tools for the job. :-)

Fri, 01/30/2009 - 16:54 (Reply to #16)
hillb

Eric, Ronald and Joe - thank you all for your help. It appears that things are working now.

I believe the root cause of my DNS problems was that when I installed the OS on the machine I named it "neptune". When I installed Virtualmin I told it the hostname was "ns1.hydraenterprises.net".

Some of the DNS information being returned on queries mentioned "neptune". I've gone through and changed the hostname and cleaned up some DNS stuff (updated the SOA serial number, added A records for the nameservers) and everything seems happy now.

Thanks again!
Brian

Sat, 01/31/2009 - 02:44 (Reply to #17)
ronald
ronald's picture

its a lot better already. On your box you could add A records for your nameservers ns1.hydraenterprises.net. + ns2.hydraenterprises.net.

more importantly ns2.natcotech.com is still lame

<i>ERROR: looks like you have lame nameservers. The following nameservers are lame:
205.167.142.104</i>

It seems that this nameserver doesn't know your correct A record? Per haps cache or misconfiguration..

<i>Asking ns2.natcotech.com (205.167.142.104) for myriadminds.net (type A)
Loop detected! Probable cause is lame delegation to server with cached NS data
Response is:
100.0% 205.167.142.104 (ns2.natcotech.com) with nameserver loop detected</i>

Sat, 01/31/2009 - 05:48 (Reply to #18)
hillb

Hi Ronald, I've already added A records for both nameservers - I'm assuming it just hasn't propagated yet. The most recent SOA serial number is 2009013003 (intoDNS still sees the 2009013001 record).

As for the lame nameserver - the folks who can fix that for me live in the part of Arkansas that just got slammed by that ice storm. At the moment they've got bigger worries than me so I've just got a note here on my desk reminding me to contact them later this week.

Have a great weekend!
Brian

Topic locked