I can actually perform successful dig a and dig mx from the command prompt.
Does qmail really do something that much different in DNS that it could trigger intrusion detection?
I'm just asking because the network guy is going to be reluctant. You know how paranoid they can be. :)
Eero Volotinen wrote:
Rich Kasting wrote:
I'm having CNAME issues when trying to deliver outbound mail. Almost all the mai is getting held up going outbound by an error saying CNAME_lookup_failed_temporarily._(#4.4.3).
I've looked all around and find that all the solutions related to an old patch which is in this version of code.
I also noticed that the system spends quite some time trying to deliver these messaged before the failure.
It used to work fine, but here are the two things that changed:
1) Moved it into production and changed the hostname.
2) Put it behind a Cicso PIX that is running intrusion detection. The PIX keeps raising intrusion alerts on the qmail server relating to DNS.
Sounds like PIX is blocking dns queries, fix it.
-- Eero
