On Tue, Jan 26, 2021 at 11:38:57AM -0500, Viktor Dukhovni wrote:
> On Tue, Jan 26, 2021 at 10:46:04AM -0500, Ruben Safir wrote:
>
> > I am getting this strange rejections to talk to NYC government
> >
> > Final-Recipient: rfc822; cdeut...@council.nyc.gov
> > Original-Recipient: rfc822;cdeut...@council.nyc.gov
> > Action: delayed
> > Status: 4.4.3
> > Diagnostic-Code: X-Postfix; delivery temporarily suspended: Host or domain
> > name not found. Name service error for name=mx2.nycdoitt.iphmx.com
> > type=A: Host not found, try again
> > Will-Retry-Until: Sun, 31 Jan 2021 04:42:53 -0500 (EST)
>
> Are these delay notices reported by your Postfix MTA, or by a remote
> MTA? Assuming it is yours. Make sure that your smtp(8) client is not
> chrooted (or else fix resolv.conf and its permissions in the chroot)
> and that unprivileged accounts can successfully perform DNS lookups.
>
It looks like postfix. That is the error I am getting in total in the
bouce email
> Post the output of:
>
> $ postconf -M | awk '$8 == "smtp" {print $1,$5}'
www2:~ # postconf -M | awk '$8 == "smtp" {print $1,$5}'
smtp n
relay n
> $ postconf default_transport transport_maps
www2:~ # postconf default_transport transport_maps
default_transport = smtp
transport_maps = hash:/etc/postfix/transport
cat /etc/postfix/transport|grep -v '#'
This is from the logs...
2021-01-26T09:25:49.845785-05:00 www2 postfix/smtp[16846]: CF8C4163FD5:
to=<cdeu t...@council.nyc.gov>, relay=none, delay=17058,
delays=16803/0.06/255/0, dsn=4.4 .3,
status=deferred (Host or domain name not found. Name service error for name=
mx2.nycdoitt.iphmx.com type=A: Host not found, try again)
2021-01-26T10:00:50.870560-05:00 www2 postfix/smtp[17129]: warning: no MX host
for council.nyc.gov has a valid address record 2021-01-26T10:00:50.875743-05:00
www2 postfix/smtp[17136]: warning: no MX host for council.nyc.gov has a valid
address record
2021-01-26T11:13:42.962486-05:00 www2 postfix/error[18616]: 68739163FD9:
to=<cdeut...@council.nyc.gov>, relay=none, delay=23430,
delays=23302/128/0/0.07, dsn=4.4.3, status=deferred (delivery
temporarily suspended: Host or domain name not found. Name service error
for name=mx2.nycdoitt.iphmx.com type=A: Host not found, try again)
2021-01-26T11:13:42.964384-05:00 www2 postfix/error[18617]: 2108F163FD8:
to=<cdeut...@council.nyc.gov>, relay=none, delay=23450,
delays=23322/128/0/0.06, dsn=4.4.3, status=deferred (delivery
temporarily suspended: Host or domain name not found. Name service error
for name=mx2.nycdoitt.iphmx.com type=A: Host not found, try again)
2021-01-26T11:13:42.967284-05:00 www2 postfix/error[18618]: 28F04163FDA:
to=<cdeut...@council.nyc.gov>, relay=none, delay=23407,
delays=23279/128/0/0.05, dsn=4.4.3, status=deferred (delivery
temporarily suspended: Host or domain name not found. Name service error
for name=mx2.nycdoitt.iphmx.com type=A: Host not found, try again)
2021-01-26T11:16:35.343551-05:00 www2 postfix/error[18780]: 955BB163FE5:
to=<cdeut...@council.nyc.gov>, relay=none, delay=1754,
delays=1754/0.05/0/0.13, dsn=4.4.3, status=deferred (delivery
temporarily suspended: Host or domain name not found. Name service error
for name=mx2.nycdoitt.iphmx.com type=A: Host not found, try again)
2021-01-26T11:31:58.671034-05:00 www2 postfix/smtp[1600]: F0C3F163FEE:
to=<cdeut...@council.nyc.gov>, relay=none, delay=1873,
delays=1829/0.31/43/0, dsn=4.4.3, status=deferred (Host or domain name
not found. Name service error for name=council.nyc.gov type=MX: Host not
found, try again)
>
> > dig mx2.nycdoitt.iphmx.com
>
> Was this test done as "root" or an unprivileged user.
>
> On Tue, Jan 26, 2021 at 04:02:11PM +0000, Dominic Raferd wrote:
>
> > > ;; ANSWER SECTION:
> > > mx2.nycdoitt.iphmx.com. 3326 IN A 68.232.143.122
> > > ...
> >
> > Check that your postfix instance can reach resolv.conf:
> >
> > |# sudo -u postfix -H cat /etc/resolv.conf|
>
> There may also be a chroot jail involved.
>
> On Tue, Jan 26, 2021 at 11:04:39AM -0500, Bill Cole wrote:
>
> > > dig mx2.nycdoitt.iphmx.com
> >
> > [... list of A records snipped ...]
> >
> > Assuming that the "Diagnostic-Code" field of the rejection message is in
> > fact the real reason for the failure and not doing something thatb
> > mimics DNS failure or tells outright lies, this indicates that their DNS
> > resolver is broken.
>
> Whose DNS resolver? And perhaps you mean authoritative server (operated
> by Akamai, and working adequately):
>
> https://dnsviz.net/d/mx2.nycdoitt.iphmx.com/YBBCIA/dnssec/
>
> > The fact that they are replying with a temporary code means that they
> > are getting a SERVFAIL response or a timeout when trying to resolve
> > mx2.nycdoitt.iphmx.com.
>
> Again, which "they"? The temporary failure is probably downstream,
> either at the resolvers configured in /etc/resolv.conf, or even failure
> to reach those in the first place.
>
> --
> Viktor.
--
So many immigrant groups have swept through our town
that Brooklyn, like Atlantis, reaches mythological
proportions in the mind of the world - RI Safir 1998
http://www.mrbrklyn.com
DRM is THEFT - We are the STAKEHOLDERS - RI Safir 2002
http://www.nylxs.com - Leadership Development in Free Software
http://www2.mrbrklyn.com/resources - Unpublished Archive
http://www.coinhangout.com - coins!
http://www.brooklyn-living.com
Being so tracked is for FARM ANIMALS and extermination camps,
but incompatible with living as a free human being. -RI Safir 2013
