Discussion:
Mail Admin Question
(too old to reply)
Nathan Findley
2012-08-14 04:19:22 UTC
Permalink
This question is not, admittedly, specifically about Mimedefang so I
hope it doesn't bring insult to anybody :P

I have a question about a deferred status being returned by a mail
server I am trying to send mail to and how one, as a mail server admin,
tries to deal with these situations.

First of all, a deferred status is really out of my hands correct?
Perhaps their server mistakenly thinks mine is spamming for some reason,
but, given that my servers are set up correctly, other deferred statuses
are going to indicate a "problem" on their end yes?

The server in question is returning:

Aug 8 11:52:18 asp sendmail[13710]: q772pt1H016314:
to=<*******@*****.co.jp>, delay=1+00:00:21, xdelay=00:00:00,
mailer=esmtp, pri=129960390, relay=mail.*****.co.jp. [IP], dsn=4.0.0,
stat=Deferred: Connection reset by mail.*****.co.jp.

This deferred error message is new to me. Based on the domain, I have
sent mail to the supposed administrators asking them for help on their
end. They have yet to reply, unfortunately.

Is there anything else I can do?

Thanks,
Nate
--
??????????/?????
Zenlok????
kd6lvw
2012-08-14 05:59:52 UTC
Permalink
Post by Nathan Findley
...
First of all, a deferred status is really out of my hands
correct? ...
Is there anything else I can do?
Retry until timeout (several days), then bounce with a permanent error.
The accepted standard value is 5 days, but I use 4, and some major ISPs use as short as 2 days.
David F. Skoll
2012-08-14 13:44:12 UTC
Permalink
On Tue, 14 Aug 2012 13:19:22 +0900
Post by Nathan Findley
First of all, a deferred status is really out of my hands correct?
Most likely.
Post by Nathan Findley
mailer=esmtp, pri=129960390, relay=mail.*****.co.jp. [IP], dsn=4.0.0,
stat=Deferred: Connection reset by mail.*****.co.jp.
Connection reset might indicate a network problem. Is the message in question
rather large?
Post by Nathan Findley
Is there anything else I can do?
No, not really, other than phoning the intended recipient and asking
him/her to nag the system administrators.

Regards,

David.
Nathan Findley
2012-08-15 03:49:56 UTC
Permalink
Connection reset might indicate a network problem. Is the message in
question rather large?
Unfortunately no. Thanks for the input! I just wanted to make sure that
I wasn't somehow in error.

Regards,
Nate
--
??????????/?????
Zenlok????
Nathan Findley
2012-08-17 09:29:51 UTC
Permalink
Post by David F. Skoll
On Tue, 14 Aug 2012 13:19:22 +0900
Post by Nathan Findley
First of all, a deferred status is really out of my hands correct?
Most likely.
Post by Nathan Findley
mailer=esmtp, pri=129960390, relay=mail.*****.co.jp. [IP], dsn=4.0.0,
stat=Deferred: Connection reset by mail.*****.co.jp.
Connection reset might indicate a network problem. Is the message in question
rather large?
Post by Nathan Findley
Is there anything else I can do?
No, not really, other than phoning the intended recipient and asking
him/her to nag the system administrators.
Regards,
David.
Is it generally accepted as being ok to directly contact the other
servers email administrator in order to try to resolve an undelivered
email? I am finding myself being berated by the other systems admin for
my "unconventional" methods in trying to resolve the matter because I
sent him an email asking him to look into the "connection reset by mail"
message. I am a total newbie in this arena.

Thanks,
Nate
--
??????????/?????
Zenlok????
WBrown
2012-08-17 11:55:45 UTC
Permalink
Post by Nathan Findley
Is it generally accepted as being ok to directly contact the other
servers email administrator in order to try to resolve an undelivered
email? I am finding myself being berated by the other systems admin for
my "unconventional" methods in trying to resolve the matter because I
sent him an email asking him to look into the "connection reset by mail"
message. I am a total newbie in this arena.
If you have done everything you can on your end and have network dumps or
some other evidence that it is at their end, then you will need their
help.

I get emails and phone calls routed through our service desk from
outsiders (usually end users) about delivery issues. Frequently, they are
not even my fault (borked SPF, etc.)

That being said, the call I hate the most is "I didn't get and email from
someone!" It's so much easier to track from the sending side. If a
cursory look doesn't find it I tell them to call sender to have it tracked
from that end.



Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Kevin A. McGrail
2012-08-17 12:24:05 UTC
Permalink
Post by Nathan Findley
Is it generally accepted as being ok to directly contact the other
servers email administrator in order to try to resolve an undelivered
email? I am finding myself being berated by the other systems admin
for my "unconventional" methods in trying to resolve the matter
because I sent him an email asking him to look into the "connection
reset by mail" message. I am a total newbie in this arena.
I would say yes. That was the purpose of the whois records and I've
professional contacted hundreds of admins to work out email delivery
issues. Most are very appreciative because usually we are notifying
them of something that's setup wrong on their end.

regards,
KAM
David F. Skoll
2012-08-17 12:48:58 UTC
Permalink
On Fri, 17 Aug 2012 18:29:51 +0900
Post by Nathan Findley
Is it generally accepted as being ok to directly contact the other
servers email administrator in order to try to resolve an undelivered
email?
Absolutely.
Post by Nathan Findley
I am finding myself being berated by the other systems admin
for my "unconventional" methods in trying to resolve the matter
because I sent him an email asking him to look into the "connection
reset by mail" message. I am a total newbie in this arena.
That other admin is being a jerk and obviously doesn't care about his users
or their email.

I would escalate it to his superior if you don't get satisfaction (or drop
it, depending on how important it is to you.)

Regards,

David.
Nathan Findley
2012-08-20 03:14:59 UTC
Permalink
Post by David F. Skoll
That other admin is being a jerk and obviously doesn't care about his
users or their email. I would escalate it to his superior if you don't
get satisfaction (or drop it, depending on how important it is to you.)
Thanks for the input everybody. I am going to let it slide for now. I
just wanted to make sure I wasn't breaking some sort of mail server
admin code of ethics (as it were).

Regards,
Nate
--
??????????/?????
Zenlok????
Tilman Schmidt
2012-08-17 13:57:49 UTC
Permalink
Post by Nathan Findley
Is it generally accepted as being ok to directly contact the other
servers email administrator in order to try to resolve an undelivered
email?
Of course.
Post by Nathan Findley
I am finding myself being berated by the other systems admin for
my "unconventional" methods in trying to resolve the matter because I
sent him an email asking him to look into the "connection reset by mail"
message. I am a total newbie in this arena.
That's far from unconventional.
He should be grateful you notified him of a potential problem.

Regards,
Tilman
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.roaringpenguin.com/pipermail/mimedefang/attachments/20120817/a4c7ec87/attachment.pgp>
Ben Kamen
2012-08-17 16:39:45 UTC
Permalink
Is it generally accepted as being ok to directly contact the other servers email administrator in order to try to resolve an undelivered email? I am finding myself being berated by the other systems admin for my "unconventional" methods in trying to resolve the matter because I sent him an email asking him to look into the "connection reset by mail" message. I am a total newbie in this arena.
If someone is trying to send me email and my system (for some reason) is dropping connections, I'd want to know.

So I don't think a call is unreasonable.

If they are berating you for bringing a problem that appears to be on their system to their attention... yikes.

I would evaluate if I wanted to do business with such a company. I regularly encounter companies that have either had their email set up incorrectly... or they use a third party for email who isn't set up correctly. In those cases, be prepared for a lot of dumb grunts and "huh?" type sounds. Realistically, they should have their computers taken away before they hurt themselves or break the coffee cup holder.

Not a whole lot you can do for them.

-Ben
WBrown
2012-08-17 17:05:36 UTC
Permalink
Post by Ben Kamen
Not a whole lot you can do for them.
Lately, my attitude runs towards "Just because you can install Exchange
doesn't mean you know what you're doing."



Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Ben Kamen
2012-08-17 17:07:46 UTC
Permalink
Post by WBrown
Post by Ben Kamen
Not a whole lot you can do for them.
Lately, my attitude runs towards "Just because you can install Exchange
doesn't mean you know what you're doing."
And I've run into those types...

They're scary.

-Ben
WBrown
2012-08-17 17:15:18 UTC
Permalink
Post by Ben Kamen
And I've run into those types...
They're scary.
And they tend to resent when you point out their problems.



Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
David F. Skoll
2012-08-17 17:16:44 UTC
Permalink
On Fri, 17 Aug 2012 13:05:36 -0400
Post by WBrown
Lately, my attitude runs towards "Just because you can install
Exchange doesn't mean you know what you're doing."
<snark>
Proficiency at installing Exchange is *inversely* correlated with competence.
</snark>

Regards,

David.
Jon Rowlan
2012-08-17 17:41:15 UTC
Permalink
On Fri, 17 Aug 2012 13:05:36 -0400
Post by WBrown
Lately, my attitude runs towards "Just because you can install
Exchange doesn't mean you know what you're doing."
<snark>
Proficiency at installing Exchange is *inversely* correlated with
competence.
</snark>

Wow ... where did all this come from?

As I run exchange and sendmail/MD systems I thought I would see why the
exchange bods were being bashed again ...

Someone has obviously had a pretty bad time with an Exchange dodo ...

This seems to have come from nowhere (at least as far as I can see in
this thread)

Did I miss something?

jON
David F. Skoll
2012-08-17 17:49:28 UTC
Permalink
On Fri, 17 Aug 2012 18:41:15 +0100
"Jon Rowlan" <jon.rowlan at sads.com> wrote:

[DFS]
Post by David F. Skoll
<snark>
Proficiency at installing Exchange is *inversely* correlated with competence.
</snark>
Wow ... where did all this come from?
Years of customer support for lots of small businesses who use
Exchange.

Pop quiz: How many Microsoft shops do you know who name all their
servers with FQDNs ending in ".local" or ".lan"? How many Microsoft
Exchange installations do you know that don't reject nonexistent RCPT:
commands? (Answer to both questions: Most of them.)

In my experience, most Exchange admins have no clue that the
following things are stupid:

http://david.skoll.ca/blog/2010-12-29-microsoft-dumbness.html

Regards,

David.
Kevin A. McGrail
2012-08-17 18:08:34 UTC
Permalink
Post by David F. Skoll
Proficiency at installing Exchange is *inversely* correlated with competence.
Post by Jon Rowlan
Wow ... where did all this come from?
Years of customer support for lots of small businesses who use
Exchange.
Now you missed the perfect snarky moment to tell Jon we were actually
talking about him.
Post by David F. Skoll
Pop quiz: How many Microsoft shops do you know who name all their
servers with FQDNs ending in ".local" or ".lan"? How many Microsoft
commands? (Answer to both questions: Most of them.)
To play devil's advocate, I actually can put a good spin on both of these.

A) Microsoft's Active Directory Domains pre-date the general concept of
Internet Domains. When the two got combined it causes a lot of issues
and especially causes issues when an AD thinks it is named, for example,
rp.com but isn't authoritative for DNS.

The "correct" solution is to name the server locally rp.local since it
isn't a real internet domain and then use rp.com in the FQDN for the
forward facing ports like SMTP.

And to Microsoft's credit, I'm pretty sure this has been in their best
practices for at least a decade. I believe starting with SBS 2003 they
now enforce using .local because that's really for Active Directory.

B) Many people, Microsoft included, consider responding to nonexistent
RCPT commands as a security vulnerability because it answers whether an
account is valid or not. A search of PrivacyOptions and noexpn, novrfy
will validate that this isn't just Microsoft's position.

So while I agree with your position on #B about email, from a security
perspective, I can be swayed that knowing acknowledging if an email is
valid isn't necessarily a good thing. I choose to do it but only after
vetting the pros and cons.

Regards,
KAM
David F. Skoll
2012-08-17 18:21:40 UTC
Permalink
On Fri, 17 Aug 2012 14:08:34 -0400
Post by Kevin A. McGrail
A) Microsoft's Active Directory Domains pre-date the general concept
of Internet Domains. When the two got combined it causes a lot of
issues and especially causes issues when an AD thinks it is named,
for example, rp.com but isn't authoritative for DNS.
The "correct" solution is to name the server locally rp.local since
it isn't a real internet domain and then use rp.com in the FQDN for
the forward facing ports like SMTP.
Umm... no. The correct solution would be to fix AD so it doesn't get
confused by accurate Internet FQDNs. If AD is confused by them, then
it's a design problem with AD. Naming machines "rp.local" is a truly
horrible workaround.
Post by Kevin A. McGrail
B) Many people, Microsoft included, consider responding to
nonexistent RCPT commands as a security vulnerability because it
answers whether an account is valid or not.
Right. So it's better to generate DSNs and get yourself blacklisted
for backscatter?
Post by Kevin A. McGrail
A search of PrivacyOptions and noexpn, novrfy will validate that
this isn't just Microsoft's position.
noexpn and novrfy disable the EXPN and VRFY SMTP commands respectively.
They do not disable Sendmail's internal checking of the validity of
a RCPT To: address.
Post by Kevin A. McGrail
So while I agree with your position on #B about email, from a
security perspective, I can be swayed that knowing acknowledging if
an email is valid isn't necessarily a good thing. I choose to do it
but only after vetting the pros and cons.
IMO, there are no cons whatsoever to validating RCPT To: commands and huge
cons if you *don't* do it.

In fact, on our hosted service, we refuse to host domains that don't have some
way to validate RCPT To: addresses.

Regards,

David.
Ben Kamen
2012-08-17 18:58:05 UTC
Permalink
Post by Kevin A. McGrail
A) Microsoft's Active Directory Domains pre-date the general concept
of Internet Domains.
Not possible.

http://en.wikipedia.org/wiki/Active_Directory

I had an official internet email address in 1989 when I was on GEnie Information Services. I was bkamen at genie.geis.com

-Ben
WBrown
2012-08-17 19:17:55 UTC
Permalink
Post by Ben Kamen
I had an official internet email address in 1989 when I was on GEnie
Information Services. I was bkamen at genie.geis.com
According to the grasshopper book, RFCs 882 and 883 were released in 1984,
which defined DNS, which replaced a centrally managed hosts.txt file.



Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Kevin A. McGrail
2012-08-17 19:27:37 UTC
Permalink
Post by Ben Kamen
On Fri, 17 Aug 2012 14:08:34 -0400 "Kevin A. McGrail"
Post by Kevin A. McGrail
A) Microsoft's Active Directory Domains pre-date the general concept
of Internet Domains.
Not possible.
http://en.wikipedia.org/wiki/Active_Directory
Actually, I'm talking for the general public and using AD to encompass
the non-internet domain aspects that go back as far as NT 3.51. That
pushes it back to 1994 or thereabouts.

Microsoft was using terminology like a "Domain Controller" and then just
sort of lumped in Internet stuff and didn't really differentiate the
two. It leads to a lot of confusion even today.

I consider .local to be officially grandfathered as an internal-use TLD
akin to non routing IPv4 space like 192.168.X and 10.X albeit not as
based in standards.

Regards,
KAM
David F. Skoll
2012-08-17 19:35:37 UTC
Permalink
On Fri, 17 Aug 2012 15:27:37 -0400
Post by Kevin A. McGrail
I consider .local to be officially grandfathered as an internal-use
TLD akin to non routing IPv4 space like 192.168.X and 10.X albeit not
as based in standards.
This is interesting reading: http://en.wikipedia.org/wiki/.local

"Despite not being a valid top-level domain in the Internet,
considerable DNS traffic that queries the local domain exists in the
public Domain Name System. In June 2009, the L root server received
more than 400 such queries per second,[2] ranking 4th in DNS traffic
of all TLDs after COM, ARPA, and NET."

RFC 1918 addresses don't typically leak out onto the Internet, so
they don't cause much damage outside an organization. .local clearly does.

Regards,

David.
Tilman Schmidt
2012-08-18 12:50:37 UTC
Permalink
Post by David F. Skoll
RFC 1918 addresses don't typically leak out onto the Internet, so
JFTR: Yes, they do.
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany
David F. Skoll
2012-08-18 14:49:13 UTC
Permalink
On Sat, 18 Aug 2012 14:50:37 +0200
Post by Tilman Schmidt
Post by David F. Skoll
RFC 1918 addresses don't typically leak out onto the Internet, so
JFTR: Yes, they do.
Maybe a hop or two because of misconfigured routers, but not typically
all the way to a root name server (unless your ISP is asleep.)

Regards,

David.
Les Mikesell
2012-08-18 18:24:24 UTC
Permalink
Post by David F. Skoll
On Sat, 18 Aug 2012 14:50:37 +0200
Post by Tilman Schmidt
Post by David F. Skoll
RFC 1918 addresses don't typically leak out onto the Internet, so
JFTR: Yes, they do.
Maybe a hop or two because of misconfigured routers, but not typically
all the way to a root name server (unless your ISP is asleep.)
Where do all the reverse DNS lookups go for the private-range IPs if
you fire up a linux (etc.) name server without configuring it with
your local ranges?
--
Les Mikesell
lesmikesell at gmail.com
David F. Skoll
2012-08-18 20:34:20 UTC
Permalink
On Sat, 18 Aug 2012 13:24:24 -0500
On Sat, Aug 18, 2012 at 9:49 AM, David F. Skoll
Post by David F. Skoll
On Sat, 18 Aug 2012 14:50:37 +0200
Post by Tilman Schmidt
Post by David F. Skoll
RFC 1918 addresses don't typically leak out onto the Internet, so
JFTR: Yes, they do.
Maybe a hop or two because of misconfigured routers, but not
typically all the way to a root name server (unless your ISP is
asleep.)
Where do all the reverse DNS lookups go for the private-range IPs if
you fire up a linux (etc.) name server without configuring it with
your local ranges?
Ah, I was referring to actual packets routed to/from RFC 1918 addresses,
not reverse lookups.

Sure, x.y.z.10.in-addr.arpa probably does hit the root name servers pretty
often.

Regards,

David.
WBrown
2012-08-20 12:12:46 UTC
Permalink
Post by David F. Skoll
Sure, x.y.z.10.in-addr.arpa probably does hit the root name servers pretty
often.
Yes it does. http://public.as112.net/node/6



Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
SM
2012-08-20 03:21:18 UTC
Permalink
Post by David F. Skoll
Maybe a hop or two because of misconfigured routers, but not typically
all the way to a root name server (unless your ISP is asleep.)
I'm Being Attacked by PRISONER.IANA.ORG! (RFC 6305). A root server
would likely implement BCP 38.

Regards,
-sm
Jon Rowlan
2012-08-17 18:33:15 UTC
Permalink
Well some of us are not quite so stupid as we choose
Linux/Sendmail/MimeDefang/SpamAssassin as well as Exchange.

It's a case of horses for courses ..

For usability, I have never seen anything that competes with Outlook
integrated with Exchange for workgroup collaboration.

For relaying email I prefer SM/MD/SA for speed, protection and
configurability.

But you have to consider that not everyone wants to spend their whole
life tweaking various settings in various config files.

Most small businesses simply want to use what they can that will allow
their users to integrate with their chosen word processor or spreadsheet
on their chosen desktop system best.

I manage a whole load of mail accounts so I have the time and
inclination to tweak but most of my customers don't.

We give them Exchange because it integrates with their desktop apps and
I relay mail for them because its fast and can be tweaked easily.

I can see the benefits of both sides, my question was simply, why is
there an assumption that the problem is caused by a badly managed
Exchange system?

I didn't mean to stir up a hornets nest.

jON
David F. Skoll
2012-08-17 18:52:45 UTC
Permalink
On Fri, 17 Aug 2012 19:33:15 +0100
Post by Jon Rowlan
I can see the benefits of both sides, my question was simply, why is
there an assumption that the problem is caused by a badly managed
Exchange system?
Ah, sorry. I was replying snarkily about the competence of most Exchange
admins, not really about the original post.

To be sure: There are probably many very competent Exchange admins and
I bet you're one of them. The problem is that Exchange is *so*
popular that there are way more incompetent Exchange admins than
competent ones.

If you pick a random Exchange admin from the whole population, you're
more likely to end up with an incompetent one than if you try the same
thing with Sendmail admins, for the simple reasons that Sendmail is
less popular than Exchange and it requires a certain level of
competence (masochism?) to get *anywhere* :)

Microsoft markets its products as easy to use and to set up. That's
probably true on a superficial level so you end up with thousands of
admins with only superficial knowledge.

Regards,

David.
Ben Kamen
2012-08-17 19:05:56 UTC
Permalink
Post by David F. Skoll
If you pick a random Exchange admin from the whole population, you're
more likely to end up with an incompetent one than if you try the same
thing with Sendmail admins, for the simple reasons that Sendmail is
less popular than Exchange and it requires a certain level of
competence (masochism?) to get *anywhere* :)
Microsoft markets its products as easy to use and to set up. That's
probably true on a superficial level so you end up with thousands of
admins with only superficial knowledge.
I have actually heard company managers suggest "the receptionist" or some similar level employee manage the mail server.

I've actually heard it.

(blink blink)

-Ben
David F. Skoll
2012-08-17 19:09:54 UTC
Permalink
Hi, all,

I've had a request to end this thread as it's off-topic and I tend to
agree. Let's let it go.

Thanks,

David.
Ben Kamen
2012-08-17 19:12:22 UTC
Permalink
Post by David F. Skoll
Hi, all,
I've had a request to end this thread as it's off-topic and I tend to
agree. Let's let it go.
I thought it was interesting - but agree. I have a couple more emails queued before this one.

This will be my last on the subject.

Cheers,

-Ben
Ben Kamen
2012-08-17 18:04:51 UTC
Permalink
Post by Jon Rowlan
As I run exchange and sendmail/MD systems I thought I would see why the
exchange bods were being bashed again ...
Did I miss something?
Sort of. And it's because you run sendmail/MD systems (most importantly, not exchange).

My best story on exchange admins is:

A client of mine had a local pair of Email admins acting as consultants installed an exchange server for my client.
This was something that apparently they had much proficiency doing.

They called me (at the request of my client) to sort out some final issues they were having that they hoped I could help resolve.

The told me in their final testing, they couldn't telnet to the mail server. (This new exchange system.)

In our conversations, they were rather bland in their level of detail. They told me they enabled telnet in services, but when they tried to connect it didn't work. So I gave them some suggestions and they told me they'd try and call me back.

They call back a couple hours later with no luck...

So now I start to really quiz them on why they're trying to telnet to a windows server -- I know Windows can do it - but it's not like a Unix shell where you can do *anything* you want to a poor system.

They explained to me "the instructions" recommend it... I asked them to describe for me and read back some of these steps. So they proceed to tell me about using "telnet" to "test the mail server" on "port 25"...

HA!!

I asked them, "do you have exchange running yet"? They told me "no".

I informed them, you do realize that telnet, the service is on port 23. You are "telnetting" to port 25 to establish a connection with the mail daemon which is Exchange -- and you don't have it running. Telnet, the windows service has nothing to do with what you are trying to do.


These were seasoned/experience MAIL ADMINs...

They scared me.

-Ben
WBrown
2012-08-17 18:08:30 UTC
Permalink
Post by Jon Rowlan
As I run exchange and sendmail/MD systems I thought I would see why the
exchange bods were being bashed again ...
Running exchange is not proof you don't know what you're doing, but not
knowing how to run a mail system seems to correlate closely with running
exchange.
Post by Jon Rowlan
Someone has obviously had a pretty bad time with an Exchange dodo ...
Seems more than one someone.
Post by Jon Rowlan
This seems to have come from nowhere (at least as far as I can see in
this thread)
It would be interesting if Nate would post what mail system is used at
domain he raised the question about. Does it even respond to "telnet
$HOST 25"?




Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
Ben Kamen
2012-08-17 18:10:17 UTC
Permalink
Post by Jon Rowlan
Did I miss something?
I forgot to conclude...

For YOU: you sort of did miss something.. but not in a bad way.

You have experience far beyond your Exchange brethren.

It's a good thing. I wouldn't be upset I didn't "get that one"...

-Ben

p.s. I also have set up exchange in my IT days... It was around 2001. Exchange (back then) seemed to be the "duplo" blocks of email.
I laughed at it's simplicity (read: lacking of features) and just shook my head.
Todd Aiken
2012-08-17 18:40:52 UTC
Permalink
-----Original Message-----
From: Jon Rowlan <jon.rowlan at sads.com>
Reply-To: "mimedefang at lists.roaringpenguin.com"
<mimedefang at lists.roaringpenguin.com>
Date: Friday, August 17, 2012 2:33 PM
To: "mimedefang at lists.roaringpenguin.com"
<mimedefang at lists.roaringpenguin.com>
Subject: Re: [Mimedefang] Mail Admin Question
Post by Jon Rowlan
Well some of us are not quite so stupid as we choose
Linux/Sendmail/MimeDefang/SpamAssassin as well as Exchange.
It's a case of horses for courses ..
I'm with you Jon, and in the exact same boat. Right now I'm in the
process of migrating from Exchange 2007 to Exchange 2010, and surprisingly
things are going quite smoothly. But there's no way I would want to be
without the power and flexibility of my Linux gateways and
MIMEDefang/SpamAssassin for their ability to filter out the spam.



Todd A. Aiken
Systems Analyst & Administrator
ITS Department
BISHOP'S UNIVERSITY
2600 College Street
Sherbrooke, Quebec
CANADA J1M 1Z7
Ben Kamen
2012-08-17 19:09:48 UTC
Permalink
Curiosity question for Todd and Jon,

At this point in the game with people moving to very web based mail operation, are there any compelling reasons are there to stick with Exchange in the future? (other than legacy setup and a new learning curve?)

And have your companies considered moving to cloud services like Gmail?

-Ben
Jon Rowlan
2012-08-17 19:23:18 UTC
Permalink
Post by Ben Kamen
Curiosity question for Todd and Jon,
At this point in the game with people moving to very web based mail
operation, are there any compelling reasons are there to stick with
Post by Ben Kamen
Exchange in the future? (other than legacy setup and a new learning
curve?)
Post by Ben Kamen
And have your companies considered moving to cloud services like Gmail?
-Ben
Ok, well closed thread now but I would say ...

When my clients drop the use of Office applications, Windows 7 OS then
yes, I would consider suggesting a move to Gmail (I have my own google
apps account)

Fact of the matter is Micro$oft is master of this arena which is why
Google is not (yet) winning that battle.

jON
Les Mikesell
2012-08-17 19:31:09 UTC
Permalink
Post by Ben Kamen
Curiosity question for Todd and Jon,
At this point in the game with people moving to very web based mail
operation, are there any compelling reasons are there to stick with Exchange
in the future? (other than legacy setup and a new learning curve?)
And have your companies considered moving to cloud services like Gmail?
The mail part is easy - shared calendars and meeting scheduling have
always been the big draw for exchange/outlook. Gmail might be getting
close if the associated phones are running android.
--
Les Mikesell
lesmikesell at gmail.com
John Nemeth
2012-08-17 19:08:13 UTC
Permalink
On Jan 7, 7:40am, Ben Kamen wrote:
}
} These were seasoned/experience MAIL ADMINs...

Some people have ten years of experience, others have one year of
experience repeated nine times. Or, in this case, one month of
experience repeated 119 times.

}-- End of excerpt from Ben Kamen
Ben Kamen
2012-08-17 19:11:17 UTC
Permalink
Post by John Nemeth
}
} These were seasoned/experience MAIL ADMINs...
Some people have ten years of experience, others have one year of
experience repeated nine times. Or, in this case, one month of
experience repeated 119 times.
}-- End of excerpt from Ben Kamen
I hear ya... I was just trying to emphasize that some people have been in this industry for years and are still freakishly lacking.

-Ben
John Nemeth
2012-08-17 19:12:38 UTC
Permalink
On Jan 7, 8:44am, "Kevin A. McGrail" wrote:
} On 8/17/2012 1:49 PM, David F. Skoll wrote:
} > Proficiency at installing Exchange is *inversely* correlated with
} > competence.
} >> Wow ... where did all this come from?
} > Years of customer support for lots of small businesses who use
} > Exchange.
} Now you missed the perfect snarky moment to tell Jon we were actually
} talking about him.
} > Pop quiz: How many Microsoft shops do you know who name all their
} > servers with FQDNs ending in ".local" or ".lan"? How many Microsoft
} > Exchange installations do you know that don't reject nonexistent RCPT:
} > commands? (Answer to both questions: Most of them.)
} To play devil's advocate, I actually can put a good spin on both of these.
}
} A) Microsoft's Active Directory Domains pre-date the general concept of
} Internet Domains. When the two got combined it causes a lot of issues
} and especially causes issues when an AD thinks it is named, for example,
} rp.com but isn't authoritative for DNS.
}
} The "correct" solution is to name the server locally rp.local since it
} isn't a real internet domain and then use rp.com in the FQDN for the
} forward facing ports like SMTP.

Maybe for systems that have been around for a long time. New
installs should be perfectly fine using a proper internet domain.

} And to Microsoft's credit, I'm pretty sure this has been in their best
} practices for at least a decade. I believe starting with SBS 2003 they
} now enforce using .local because that's really for Active Directory.

Not surprising, given the target market for SBS.

} B) Many people, Microsoft included, consider responding to nonexistent
} RCPT commands as a security vulnerability because it answers whether an
} account is valid or not. A search of PrivacyOptions and noexpn, novrfy
} will validate that this isn't just Microsoft's position.

Uh, e-mail addresses don't necesarily map directly to accounts,
and in large systems they usually don't. Really, this is nonsense.
And, backscatter is extremely anti-social behaviour.

}-- End of excerpt from "Kevin A. McGrail"
John Nemeth
2012-08-17 19:21:43 UTC
Permalink
On Jan 7, 2:08pm, "Jon Rowlan" wrote:
}
} Well some of us are not quite so stupid as we choose
} Linux/Sendmail/MimeDefang/SpamAssassin as well as Exchange.

And, some of us use *BSD/sendmail/MIMEDefang/SpamAssassin, but
let's not get into an OS war. :->

} But you have to consider that not everyone wants to spend their whole
} life tweaking various settings in various config files.
}
} Most small businesses simply want to use what they can that will allow
} their users to integrate with their chosen word processor or spreadsheet
} on their chosen desktop system best.

This is why they should hire outside help to manage their IT
systems for them. They don't have the time or expertise to properly do
it themselves. Nor would it be cost effective for them to develope the
capability to handle it in-house. This is not a slag against small
businesses, just reality. The smarter ones will out-source.

} I can see the benefits of both sides, my question was simply, why is
} there an assumption that the problem is caused by a badly managed
} Exchange system?

Probably because there are a whole lot of bads ones. The flip
side is there a lot of Linux based systems managed by kids that learned
IT by playing on systems in their parent's basements, who have no idea
how to do enterprise level system administration. With the popularity
and ease of setting up unix-like systems at home, I'm (and I'm sure
many others) are seeing a lot of very poorly run Linux systems in
business settings.

One place the aforementioned small businesses need to be careful
when out-sourcing IT is to not go with the lowest bidder, otherwise
they are likely to get one of these clueless kids. They need to make
sure that they hire somebody that knows what they are doing.

}-- End of excerpt from "Jon Rowlan"
John Nemeth
2012-08-17 19:24:47 UTC
Permalink
On Jan 7, 8:45am, Ben Kamen wrote:
}
} Curiosity question for Todd and Jon,
}
} At this point in the game with people moving to very web based mail
} operation, are there any compelling reasons are there to stick with
} Exchange in the future? (other than legacy setup and a new learning
} curve?)
}
} And have your companies considered moving to cloud services like Gmail?

Personally I would never consider cloud services for reasons like
security, reliability, privacy, control, responsiveness, etc.

}-- End of excerpt from Ben Kamen
kd6lvw
2012-08-17 20:09:54 UTC
Permalink
...
Microsoft markets its products as easy to use and to set up.? That's
probably true on a superficial level so you end up with thousands of
admins with only superficial knowledge.
Too bad that they don't create their products with Internet standards compliance in mind (especially RFC 5321 and its predecessors).
kd6lvw
2012-08-19 18:30:41 UTC
Permalink
Post by David F. Skoll
...
Sure, x.y.z.10.in-addr.arpa probably does hit the root name servers
pretty often.
If that were true, then explain the AS112 name servers.
David F. Skoll
2012-08-19 19:57:04 UTC
Permalink
On Sun, 19 Aug 2012 11:30:41 -0700 (PDT)
Post by kd6lvw
Post by David F. Skoll
Sure, x.y.z.10.in-addr.arpa probably does hit the root name servers
pretty often.
If that were true, then explain the AS112 name servers.
I wasn't aware of the AS112 project. But anyway, it was set up
explicitly to *prevent* PTR lookups on RFC 1918 addresses from
bothering the root name servers.

-- David.
Tilman Schmidt
2012-08-20 07:38:32 UTC
Permalink
Post by kd6lvw
Post by David F. Skoll
...
Sure, x.y.z.10.in-addr.arpa probably does hit the root name servers
pretty often.
If that were true, then explain the AS112 name servers.
Isn't that obvious? The former is the raison d'?tre of the latter.
--
Tilman Schmidt
Phoenix Software GmbH
Bonn, Germany

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 260 bytes
Desc: OpenPGP digital signature
URL: <http://lists.roaringpenguin.com/pipermail/mimedefang/attachments/20120820/06c919ea/attachment.pgp>
Michael D. Sofka
2012-08-28 18:08:34 UTC
Permalink
Post by Nathan Findley
mailer=esmtp, pri=129960390, relay=mail.*****.co.jp. [IP], dsn=4.0.0,
stat=Deferred: Connection reset by mail.*****.co.jp.
This deferred error message is new to me. Based on the domain, I have
sent mail to the supposed administrators asking them for help on their
end. They have yet to reply, unfortunately.
Is there anything else I can do?
You might be on the sending end of the Cisco DKIM bug. If the receiving
site is using a Cisco router, the rules to check DKIM in e/smtp may be
enabled (they are by default). The implementation is buggy and will
reject some small number of messages, while allowing others through.
The error will be consistent for the message, but other email from the
same MTA and sender is accepted. It does not appear to have anything to
do with message size.

If the message you are sending has DKIM keys, try sending them without.
If you are in contact with the admin, see if they are using Cisco
routers, and if the DKIM rules are enabled.

Mike
--
Michael D. Sofka sofkam at rpi.edu
C&MT Sr. Systems Programmer, Email, HPC, TeX, Epistemology
Rensselaer Polytechnic Institute, Troy, NY. http://www.rpi.edu/~sofkam/
Ben Kamen
2012-08-28 18:19:00 UTC
Permalink
Post by Nathan Findley
mailer=esmtp, pri=129960390, relay=mail.*****.co.jp. [IP], dsn=4.0.0,
stat=Deferred: Connection reset by mail.*****.co.jp.
This deferred error message is new to me. Based on the domain, I have
sent mail to the supposed administrators asking them for help on their
end. They have yet to reply, unfortunately.
Is there anything else I can do?
You might be on the sending end of the Cisco DKIM bug. If the receiving site is using a Cisco router, the rules to check DKIM in e/smtp may be enabled (they are by default). The implementation is buggy and will reject some small number of messages, while allowing others through. The error will be consistent for the message, but other email from the same MTA and sender is accepted. It does not appear to have anything to do with message size.
If the message you are sending has DKIM keys, try sending them without. If you are in contact with the admin, see if they are using Cisco routers, and if the DKIM rules are enabled.
Mike, that's a most excellent observation|tech tip!

Thanks!

-Ben
--
Ben Kamen - O.D.T., S.P.
----------------------------------------------------------------------
eMail: ben at benjammin.net http://www.benjammin.net
http://www.linkedin.com/in/benkamen
Fortune says:
Lots of people drink from the wrong bottle sometimes.
-- Edith Keeler, "The City on the Edge of Forever",
stardate unknown
- -
NOTICE: All legal disclaimers sent to benjammin.net/benkamen.net
or any of it's affiliated domains are rendered null and void on
receipt of communications will be handled/considered as such.
Continue reading on narkive:
Loading...