Hi all,
I see a periodic problem with some email servers that report "User
Unknown" for valid users. The most recognizable problematic host is
hotmail.com, but there usually are others mixed in (today's additional
problematic hosts included msn.com, verizon.net, and incentre.net).
Here is one of the errors:
Dec 13 11:20:55 mail sm-msp-queue[5360]: iBDGFPc0004630:
to=<frank-****@msn.com>, delay=00:05:30, xdelay=00:00:00,
mailer=esmtp, pri=470333, relay=mx1.hotmail.com. [64.4.50.99],
dsn=5.7.1, stat=User unknown
I found this post on Neohapsis that suggests the problem is DNS/firewall
related:
http://archives.neohapsis.com/archives/postfix/2004-03/1774.html
What I can't understand is why this would be periodic and what, if
anything, I can do to validate the authenticity of the errors?
Do others see this same issue?
-Jim P.
Hi Jim.
I don't think your problem is dns related.
We had problems with many hotmail/msn accounts returning user unknown
for valid users. We tried solving it by resending all email and ignore 550
errors/bounces up to 50 times (several emails were delivered even after 40
550 bounces). Unfortunately hotmail complained about it
after short time because it generated very many bounces.
They suggested signing up for bondedsender.com. Temporary resolved the
problem by still ignoring 550 but up to 15 times and retry in a slower
sequence. We might sign up for bondedsender though.. seems like an okay
idea.
Joergen Hovland ENK
I see a periodic problem with some email servers that report "User
Unknown" for valid users. The most recognizable problematic host is
hotmail.com, but there usually are others mixed in (today's additional
problematic hosts included msn.com, verizon.net, and incentre.net).
I found this post on Neohapsis that suggests the problem is DNS/firewall
related:
http://archives.neohapsis.com/archives/postfix/2004-03/1774.html
What I can't understand is why this would be periodic and what, if
anything, I can do to validate the authenticity of the errors?
I'm not sure why a dns problem would result in "user unknown". But the
discussion on the postfix list could still be pertinent.
Hotmail.com and msn.com both produce incomplete responses to udp dns
queries for their MX records. That will trigger your nameserver to send a
second query using tcp. If there is a firewall (likely at your own site)
that blocks this tcp query or the response, you won't get any response at
all - the domain lookup will fail.
Here's a test for you. On the nameserver used by your mail server (or you
can do it on the mail server itself), issue the following command (or
equivalent); the "-vc" option is critical - it means "use tcp". If you
don't get any response, that could be the problem - fix your firewall. If
you do get a good response, I don't know what the problem is (nor do I
know what it is for verizon.net, and incentre.net, which don't look like
they would produce this issue).
nslookup -qt=any -vc hotmail.com.
Do others see this same issue?
Not I.
Tony Rall
I see a periodic problem with some email servers that report "User
Unknown" for valid users. The most recognizable problematic host is
hotmail.com, but there usually are others mixed in (today's additional
problematic hosts included msn.com, verizon.net, and incentre.net).
I found this post on Neohapsis that suggests the problem is DNS/firewall
related:
http://archives.neohapsis.com/archives/postfix/2004-03/1774.html
What I can't understand is why this would be periodic and what, if
anything, I can do to validate the authenticity of the errors?
I'm not sure why a dns problem would result in "user unknown". But the
discussion on the postfix list could still be pertinent.
Hotmail.com and msn.com both produce incomplete responses to udp dns
queries for their MX records. That will trigger your nameserver to send a
second query using tcp. If there is a firewall (likely at your own site)
that blocks this tcp query or the response, you won't get any response at
all - the domain lookup will fail.
Here's a test for you. On the nameserver used by your mail server (or you
can do it on the mail server itself), issue the following command (or
equivalent); the "-vc" option is critical - it means "use tcp". If you
don't get any response, that could be the problem - fix your firewall. If
you do get a good response, I don't know what the problem is (nor do I
know what it is for verizon.net, and incentre.net, which don't look like
they would produce this issue).
nslookup -qt=any -vc hotmail.com.
Do others see this same issue?
Not I.
Tony Rall