OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: wierd errors suddenly appeared...
From: lambertcswnet.com
Date: Thu Dec 21 2000 - 15:13:27 CST

We have never had MX records for this host. It is not a sub-domain. It
is simply the host to which we forward employee mail accounts. My
understanding of DNS is not great but I didn't think we should need
anything other than the A record for this host.

My understanding of what you just said is that postfix should have fallen
back to looking for the A record for csw.csw.net and that should have
worked. Am I not following this properly?

 $ dig a csw.csw.net

 ; <<>> DiG 8.3 <<>> a csw.csw.net
 ;; res options: init recurs defnam dnsrch
 ;; got answer:
 ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4
 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 3
 ;; QUERY SECTION:
 ;; csw.csw.net, type = A, class = IN

 ;; ANSWER SECTION:
 csw.csw.net. 23h55m32s IN A 209.136.201.8

 ;; AUTHORITY SECTION:
 csw.net. 23h56m17s IN NS ns1.csw.net.
 csw.net. 23h56m17s IN NS ns1.cswnet.com.
 csw.net. 23h56m17s IN NS ns3.cswnet.com.

 ;; ADDITIONAL SECTION:
 ns1.csw.net. 23h55m31s IN A 209.136.192.20
 ns1.cswnet.com. 1D IN A 209.136.194.10
 ns3.cswnet.com. 1D IN A 209.136.205.10

 ;; Total query time: 1 msec
 ;; FROM: mail.cswnet.com to SERVER: default -- 127.0.0.1
 ;; WHEN: Thu Dec 21 15:29:55 2000
 ;; MSG SIZE sent: 29 rcvd: 157

In <20001221210815.5B53F45637spike.porcupine.org>, on 12/21/2000
   at 04:08 PM, wietseporcupine.org (Wietse Venema) said:

>When delivering mail via SMTP, Postfix looks up the MX record first. If
>the reply is "does not exist" then Postfix looks up the A record.

>If the reply can't be determined Postfix tries again later.

>In your case the name server is hosed up. An MX lookup of
>csw.csw.net fails. See "dig mx csw.csw.net." output below.

>Fix the name server and try again.

> Wietse

>; <<>> DiG 8.2 <<>> mx csw.csw.net.
>;; res options: init recurs defnam dnsrch
>;; got answer:
>;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 4
>;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;;
>QUERY SECTION:
>;; csw.csw.net, type = MX, class = IN

>;; Total query time: 381 msec
>;; FROM: spike.porcupine.org to SERVER: default -- 127.0.0.1 ;; WHEN: Thu
>Dec 21 15:58:49 2000
>;; MSG SIZE sent: 29 rcvd: 29

>lambertcswnet.com:
>>
>> I have been getting some wierd error log messages today since 11:06 a.m..
>> There have been no main.cf changes since Tuesday the 19th. Postfix was
>> reloaded twice on the 19th after the changes were made to main.cf. The
>> changes added use of the transport_maps feature for one of my dial-up
>> customers. I don't like it when things stop working for no understandable
>> reason. Please shed some light on this for me.
>>
>> The only external activities that I think may have affected the server
>> this morning are :
>>
>> At 8:25 a.m., one admin took two lines out of
>> /usr/local/etc/postfix/virtual that dealt with a domain other than
>> csw.net. Then he did the "postmap /usr/local/etc/postfix/virtual &&
>> postfix reload".
>>
>> We recieved several messages after this point.
>>
>> At 9:55 a.m., another admin regenerated the DNS tables. No changes were
>> made to the program that generates the DNS tables or the csw.net domain's
>> records in the MYSQL DB from whence we generate the tables.
>>
>> We recieved several messages after this point.
>>
>> csw.csw.net is our internal mail server. mail.cswnet.com is the customer
>> mail server.
>>
>> This shows the last message that got through and the first message that
>> did not get through. I can't find any error messages in the intervening
>> timeperiod.
>>
>> cat /var/log/maillog | egrep
>> '(523305D075|A838C5D095|5C3375D0EF|996CD5D0F3)'
>>
>> Dec 21 11:01:07 mail postfix/smtpd[52128]: 523305D075:
>> client=ssabsd.csw.net[209.136.201.12]
>>
>> Dec 21 11:01:07 mail postfix/cleanup[52141]: 523305D075:
>> message-id=<20001221170040.1323413ssabsd.csw.net>
>>
>> Dec 21 11:01:07 mail postfix/qmgr[31995]: 523305D075:
>> from=<rootssabsd.csw.net>, size=1409, nrcpt=1 (queue active)
>>
>> Dec 21 11:01:07 mail postfix/cleanup[52120]: A838C5D095:
>> message-id=<20001221170040.1323413ssabsd.csw.net>
>>
>> Dec 21 11:01:07 mail postfix/local[54700]: 523305D075:
>> to=<lambertcswnet.com>, relay=local, delay=0, status=sent
>> (forwarded as A838C5D095)
>>
>> Dec 21 11:01:07 mail postfix/qmgr[31995]: A838C5D095:
>> from=<rootssabsd.csw.net>, size=1538, nrcpt=1 (queue active)
>>
>> Dec 21 11:01:08 mail postfix/smtp[51155]: A838C5D095:
>> to=<lambertcsw.csw.net>, relay=csw.csw.net[209.136.201.8], delay=1,
>> status=sent (250 Ok: queued as BA4F62C902)
>>
>> Dec 21 11:06:01 mail postfix/smtpd[52130]: 5C3375D0EF:
>> client=ssabsd.csw.net[209.136.201.12]
>>
>> Dec 21 11:06:01 mail postfix/cleanup[51499]: 5C3375D0EF:
>> message-id=<20001221170533.0322213ssabsd.csw.net>
>>
>> Dec 21 11:06:01 mail postfix/qmgr[31995]: 5C3375D0EF:
>> from=<rootssabsd.csw.net>, size=1409, nrcpt=1 (queue active)
>>
>> Dec 21 11:06:01 mail postfix/cleanup[52120]: 996CD5D0F3:
>> message-id=<20001221170533.0322213ssabsd.csw.net>
>>
>> Dec 21 11:06:01 mail postfix/local[55448]: 5C3375D0EF:
>> to=<lambertcswnet.com>, relay=local, delay=0, status=sent
>> (forwarded as 996CD5D0F3)
>>
>> Dec 21 11:06:01 mail postfix/qmgr[31995]: 996CD5D0F3:
>> from=<rootssabsd.csw.net>, size=1538, nrcpt=1 (queue active)
>>
>> Dec 21 11:06:01 mail postfix/smtp[51155]: 996CD5D0F3:
>> to=<lambertcsw.csw.net>, relay=none, delay=0, status=deferred
>> (Name service error for domain csw.csw.net: Host not found, try again)
>>
>>
>>
>>
>> More examples of the error message:
>>
>> Dec 21 12:56:53 mail postfix/qmgr[71355]: 4247B5D16D:
>> to=<warrencsw.csw.net>, relay=none, delay=879, status=deferred
>> (Name service error for domain csw.csw.net : Host not found, try again)
>>
>> Dec 21 12:56:53 mail postfix/qmgr[71355]: 46BCA5D14C:
>> to=<lambertcsw.csw.net>, relay=none, delay=878, status=deferred
>> (Name service error for domain csw.csw.net: Host not found, try again)
>>
>> Dec 21 12:56:53 mail postfix/qmgr[71355]: BFCF45D157:
>> to=<lambertcsw.csw.net>, relay=none, delay=870, status=deferred
>> (Name service error for domain csw.csw.net: Host not found, try again)
>>
>> Dec 21 12:56:53 mail postfix/qmgr[71355]: 3628A5D02C:
>> to=<cswmrkcsw.csw.net>, relay=none, delay=681, status=deferred
>> (Name service error for domain csw.csw.net : Host not found, try again)
>>
>> Dec 21 12:56:53 mail postfix/qmgr[71355]: 3890C5D043:
>> to=<lambertcsw.csw.net>, relay=none, delay=652, status=deferred
>> (Name service error for domain csw.csw.net: Host not found, try again)
>>
>> Dec 21 12:56:54 mail postfix/qmgr[71355]: 547795D09E:
>> to=<lambertcsw.csw.net>, relay=none, delay=412, status=deferred
>> (Name service error for domain csw.csw.net: Host not found, try again)
>>
>> Dec 21 12:56:54 mail postfix/qmgr[71355]: DE0B45D064:
>> to=<lambertcsw.csw.net>, relay=none, delay=354, status=deferred
>> (Name service error for domain csw.csw.net: Host not found, try again)
>>
>>
>> There are no MX records for csw.csw.net but the A record does exist on all
>> of my name servers including the caching name server on the mail server.
>>
>> lambertmail /var/log
>> 12:57:00 Thu Dec 21 $ nslookup csw.csw.net
>> Server: localhost.csw.net
>> Address: 127.0.0.1
>>
>> Non-authoritative answer:
>> Name: csw.csw.net
>> Address: 209.136.201.8
>>
>> lambertmail /var/log
>> 13:32:38 Thu Dec 21 $ postconf -n
>> alias_database = hash:/etc/mail/aliases
>> hash:/usr/local/etc/postfix/alias_list
>> alias_maps = hash:/etc/mail/aliases
>> hash:/usr/local/etc/postfix/alias_list
>> biff = no
>> body_checks = regexp:/usr/local/etc/postfix/body_checks
>> command_directory = /usr/local/sbin
>> daemon_directory = /usr/local/libexec/postfix
>> debug_peer_level = 2
>> default_destination_concurrency_limit = 10
>> default_process_limit = 200
>> disable_vrfy_command = yes
>> header_checks = regexp:/usr/local/etc/postfix/header_checks
>> local_destination_concurrency_limit = 2
>> local_recipient_maps = $alias_maps unix:passwd.byname
>> mail_owner = postfix
>> maps_rbl_domains = rbl.maps.vix.com, dul.maps.vix.com
>> mydestination = $myhostname, localhost.$mydomain, $mydomain
>> mynetworks = $config_directory/cswnetworks 127.0.0.0/8
>> myorigin = $mydomain
>> queue_directory = /var/spool/postfix
>> recipient_delimiter = +
>> relay_domains = $mydestination, $config_directory/relay-domains
>> smtpd_client_restrictions = permit_mynetworks, reject_maps_rbl
>> smtpd_etrn_restrictions = permit_mynetworks, reject
>> swap_bangpath = no
>> transport_maps = hash:$config_directory/transports
>> virtual_maps = hash:/usr/local/etc/postfix/virtual
>>
>> lambertmail /var/log
>> 13:34:10 Thu Dec 21 $ cat /usr/local/etc/postfix/transports
>> rsvlprtg.com smtp:209.136.194.9
>> .rsvlprtg.com smtp:209.136.194.9
>> cswnet.com local:
>> mail.cswnet.com local:
>>
>> # added so we could get our mail after the problem was discovered.
>> csw.csw.net smtp:209.136.201.8
>>
>>
>> --
>> Scott Lambert
>> lambertcswnet.com
>> Systems and Security Administrator
>> CSW Net, Inc.
>> ================================================================
>> Written: Thursday, December 21, 2000 - 01:23 PM
>>
>>
>>
>>
>> 

-- 
Scott Lambert
lambertcswnet.com
Systems and Security Administrator
CSW Net, Inc.
================================================================
Written: Thursday, December 21, 2000 - 03:13 PM