Mailing List CGatePro@mail.stalker.com Message #101415
From: dhazzard@yoursummit.com <dhazzard@yoursummit.com>
Subject: host name is unkown
Date: Wed, 19 Jan 2011 13:10:34 -0600
To: CommuniGate Pro Discussions <CGatePro@mail.stalker.com>
X-Mailer: CommuniGate Pro MAPI Connector 1.52.53.10/1.53.3.2

We're having some issues with a particular domain emailing us.  Our logs are reporting the following:

 

// Excluded initial TLS handshake

12:24:48.96 5 SMTPI-454661(mail202c2.megamailservers.com) s-inp: EHLO mail202c2.megamailservers.com

12:24:49.04 5 SMTPI-454661(mail202c2.megamailservers.com) s-out: 250-yoursummit.com is pleased to meet you\r\n250-DSN\r\n250-SIZE\r\n250-AUTH LOGIN PLAIN CRAM-MD5 DIGEST-MD5 GSSAPI MSN NTLM\r\n250-ETRN\r\n250-TURN\r\n250-ATRN\r\n250-NO-SOLICITING\r\n250-8BITMIME\r\n250-HELP\r\n250-PIPELINING\r\n250 EHLO\r\n

12:24:49.04 5 SMTPI-454661(mail202c2.megamailservers.com) TLS out 23: (240) FA B2 E7 01 1C FA 9E 86 2D B2 A3 29 A6 8C 6E 7E BB 55 46 B1 7C 2E EB 3B 3A 16 47 10 1F D0 B5 95 48 BF 83 A1 8A DF D3 19 91 50 08 17 86 BF 20 62 D1 B3 E9 3D B4 CE 4F 58 18 EE C4 97 0A C7 6B 20 2F 3B 74 BB 3F 90 DF D6 9F 38 E4 3A 22 2B D8 14 07 83 DA 5D 95 FB 36 B5 57 84 FB C6 DA B4 6B 92 8B 6B D3 FD 79 45 B7 2C 08 9D 9A 35 38 0A 8B D7 FF 89 ED D1 C5 06 86 68 30 67 19 BB FB 0D 49 58 26 DD 39 D8 BB E0 F1 F3 22 6F 7D 7B CF

12:24:49.11 5 SMTPI-454661(mail202c2.megamailservers.com) TLS inp 23: (64) 9B F2 A9 C9 8D 26 49 3E 4F 91 82 8F DD 74 5C 51 79 C5 4A 8A EB 84 1C 64 B3 9F 33 1A C0 9F BD 83 CA 56 97 92 E1 DF 4F 5C 8F A2 69 36 25 A9 D5 CB 7D 7A 2E 5B F2 81 E0 DD 41 64 67 75 1B 89 D2 E0

12:24:49.11 5 SMTPI-454661(mail202c2.megamailservers.com) s-inp: MAIL From:<someuser@gfstexas.com> SIZE=12051

12:24:49.11 4 SMTPI-454661(mail202c2.megamailservers.com) SPF(gfstexas.com) checking

12:24:49.17 4 SMTPI-454661(mail202c2.megamailservers.com) SPF(gfstexas.com) result=none

12:24:49.17 4 SMTPI-454661(mail202c2.megamailservers.com) checking MX-record for gfstexas.com

12:24:49.23 4 SMTPI-454661(mail202c2.megamailservers.com) checking relay mx3c2.mgamailservers.com

12:24:49.31 1 SMTPI-454661(mail202c2.megamailservers.com) failed to resolve '*' relay 'mx3c2.mgamailservers.com'. Error Code=host name is unknown

12:24:49.31 1 SMTPI-454661(mail202c2.megamailservers.com) Return-Path 'someuser@gfstexas.com' rejected: host name is unknown

12:24:51.32 5 SMTPI-454661(mail202c2.megamailservers.com) s-out: 572 someuser@gfstexas.com host name is unknown\r\n

12:24:51.32 5 SMTPI-454661(mail202c2.megamailservers.com) TLS out 23: (72) 66 E1 C7 65 66 03 18 7D 32 21 9B 12 1C 37 3F 59 15 5A 1A C2 B2 CF D9 A2 51 A6 C9 C6 90 0A 33 8C E1 CB 86 58 14 01 00 1E 24 27 96 E2 11 87 DE 22 B3 9C 40 D2 E8 23 DB 93 F7 B4 BB 37 7A DB EE 94 B7 52 C4 8F 11 24 74 69

12:24:51.59 5 SMTPI-454661(mail202c2.megamailservers.com) TLS inp 23: (32) 36 B4 36 F6 1F CB F2 F6 E2 25 97 63 EF AC 97 47 87 38 DB C1 14 45 17 1F CB 41 12 77 19 A1 73 2D

12:24:51.59 5 SMTPI-454661(mail202c2.megamailservers.com) s-inp: QUIT

12:24:51.59 5 SMTPI-454661(mail202c2.megamailservers.com) s-out: 221 yoursummit.com CommuniGate Pro SMTP closing connection\r\n

12:24:51.59 5 SMTPI-454661(mail202c2.megamailservers.com) TLS out 23: (88) B6 98 AA B9 34 7F 59 D3 83 AD 04 84 FC 95 34 1C 00 C7 A9 1B 12 62 C6 E9 DF 69 8C 11 53 09 C0 C7 B8 F9 24 48 E2 4D 95 FA EC 90 53 C0 52 2F 7E 0F 1E C7 A9 76 50 36 2F 0C 8C E1 25 A6 DD 4A 2D 29 7D C5 82 B3 A6 D3 8A 21 1C 79 50 B8 E7 DF 5B 63 28 DC B2 9A FF A6 32 EC

12:24:51.59 4 SMTPI-454661(mail202c2.megamailservers.com) TLS connection is closing

12:24:51.59 5 SMTPI-454661(mail202c2.megamailservers.com) TLS out 21: (24) 52 37 89 79 F0 49 1A 2E 6C D5 E8 82 15 3E 8E 76 D0 02 C7 DA F1 57 E2 AA

12:24:51.59 2 TLS-260155 session closed by SMTPI-454661, refCount=1

12:24:51.59 4 SMTPI-454661(mail202c2.megamailservers.com) closing connection

12:24:51.59 4 SMTPI-454661(mail202c2.megamailservers.com) releasing stream

 

If I run a dig mx gfstexas.com from our mail server I get the following:

 

[root@mail SystemLogs]# dig mx gfstexas.com

 

; <<>> DiG 9.2.4 <<>> mx gfstexas.com

;; global options:  printcmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4852

;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 0

 

;; QUESTION SECTION:

;gfstexas.com.                  IN      MX

 

;; ANSWER SECTION:

gfstexas.com.           6645    IN      MX      10 mx3c2.mgamailservers.com.

gfstexas.com.           6645    IN      MX      10 mx2c2.megamailservers.com.

gfstexas.com.           6645    IN      MX      10 mx1c2.megamailservers.com.

 

;; Query time: 60 msec

;; SERVER: 8.8.8.8#53(8.8.8.8)

;; WHEN: Wed Jan 19 13:05:49 2011

;; MSG SIZE  rcvd: 127

 

I emailed megamailservers.com to see if this was a typo or intentional for spam prevention but have not heard back.

 

I’ve added the domain to our “Detect Clients by DNS Name” and “Detect White Holes by DNS Name” but they are still failing.

 

Any suggestions?

 

Thanks,

-Dana

Subscribe (FEED) Subscribe (DIGEST) Subscribe (INDEX) Unsubscribe Mail to Listmaster