Operating System - OpenVMS
cancel
Showing results for 
Search instead for 
Did you mean: 

SMTP mail and "unreachable" node

 
SOLVED
Go to solution
Bill Pedersen
Regular Advisor

SMTP mail and "unreachable" node

I have an issue with mail to some nodes. I get a failure that they are "unreachable", for instance:

%TCPIP-E-SMTP_UNREACHABL, cannot connect to remote host, ingres.com -SYSTEM-F-UNREACHABLE, remote node is not currently reachable

I can ping the node.

But when I traceroute the node it goes for 15 hops and then times out:

traceroute to ingres.com (98.129.177.130): 1-30 hops, 38 byte packets
1 213.173.170.9 (213.173.170.9) 0.0 ms 0.0 ms 0.0 ms
2 atm6-0-1115.ar3.gva.ch.colt.net (212.23.238.121) 10.0 ms 10.0 ms 0.0 ms
3 ge3-0-0-pr2.FRA.router.colt.net (212.74.76.191) 20.0 ms (ttl=248!) 20.0 ms
(ttl=248!) 10.0 ms (ttl=248!)
4 xe-1-2-0.mpr1.fra4.de.above.net (80.81.194.26) 10.0 ms (ttl=246!) 20.0 ms
(ttl=246!) 10.0 ms (ttl=246!)
5 xe-1-1-0.mpr1.cdg12.fr.above.net (64.125.24.6) 50.0 ms (ttl=246!) 30.0 ms
(ttl=246!) 30.0 ms (ttl=246!)
6 * xe-0-0-0.mpr1.cdg11.fr.above.net (64.125.31.225) 20.0 ms (ttl=245!) 30.0
ms (ttl=245!)
7 xe-3-1-0.mpr1.lhr2.uk.above.net (64.125.24.1) 30.0 ms 40.0 ms 30.0 ms
8 so-0-1-0.mpr1.dca2.us.above.net (64.125.27.57) 110 ms (ttl=249!) 120 ms (t
tl=249!) 110 ms (ttl=249!)
9 ge-2-0-0.mpr3.iah1.us.above.net (64.125.25.114) 130 ms (ttl=249!) 160 ms (
ttl=249!) 130 ms (ttl=249!)
10 xe-0-3-0.cr1.iah1.us.above.net (64.125.30.101) 130 ms (ttl=249!) 130 ms (t
tl=249!) 130 ms (ttl=249!)
11 xe-0-1-0.er1.iah1.us.above.net (64.125.28.5) 140 ms (ttl=246!) 140 ms (ttl
=246!) 150 ms (ttl=246!)
12 xe-7-0-0.er1.dfw2.us.above.net (64.125.30.58) 150 ms (ttl=243!) 150 ms (tt
l=243!) 150 ms (ttl=243!)
13 main1.above.net (209.133.126.42) 140 ms 150 ms 150 ms
14 vlan905.core5.dfw1.rackspace.com (67.192.56.229) 150 ms 150 ms 140 ms
15 67.192.56.31 (67.192.56.31) 150 ms 160 ms 150 ms
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 * * *
24 * * *
25 * * *
26 * * *
27 * * *
28 * * *
29 * * *
30 * * *
TCPIP>

SHOW HOST (nslookup) works fine:

TCPIP> show host ingres.com

BIND database

Server: 81.23.73.120

Host address Host name

98.129.177.130 INGRES.COM
TCPIP>

This is on the following configuration:

HP TCP/IP Services for OpenVMS Alpha Version V5.6
on an AlphaServer ES40 running OpenVMS V8.3


Thoughts?

I get this for more than one site. And have gotten it off and on for some time. Is there a logical that needs to be set regarding name translation or something for SMTP?

Thanks,

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
23 REPLIES 23
Jim_McKinney
Honored Contributor

Re: SMTP mail and "unreachable" node

> Thoughts?

If HP's SMTP is well behaved it would not be attempting to communicate with the address associated with ingres.com. ingres.com has DNS MX records registered and any SMTP mail should be directed to them. You might want to see if they are reachable. (You may also discover that other SMTP targets that you are having issues with also have MX registration.)

A$ mu nsl/typ=mx ingres.com
Server: LOCALHOST
Address: 127.0.0.1

Non-authoritative answer:
INGRES.COM preference = 10, mail exchanger = proofpoint1.invision.net
INGRES.COM preference = 10, mail exchanger = proofpoint2.invision.net

Authoritative answers can be found from:
INGRES.COM nameserver = pdns4.ultradns.org
INGRES.COM nameserver = pdns1.ultradns.net
INGRES.COM nameserver = pdns5.ultradns.info
INGRES.COM nameserver = pdns3.ultradns.org
INGRES.COM nameserver = pdns6.ultradns.co.uk
INGRES.COM nameserver = pdns2.ultradns.net
pdns4.ultradns.org internet address = 199.7.69.1
pdns4.ultradns.org IPv6 address = 2001:0502:4612::0001
pdns5.ultradns.info internet address = 204.74.114.1
pdns6.ultradns.co.uk internet address = 204.74.115.1
pdns1.ultradns.net internet address = 204.74.108.1
pdns1.ultradns.net IPv6 address = 2001:0502:f3ff::0001
pdns2.ultradns.net internet address = 204.74.109.1
pdns3.ultradns.org internet address = 199.7.68.1
A$ mu nsl proofpoint1.invision.net
Server: LOCALHOST
Address: 127.0.0.1

Non-authoritative answer:
Name: PROOFPOINT1.INVISION.NET
Address: 69.18.136.194

A$ mu nsl proofpoint2.invision.net
Server: LOCALHOST
Address: 127.0.0.1

Non-authoritative answer:
Name: PROOFPOINT2.INVISION.NET
Address: 69.18.136.195

A$
Robert Gezelter
Honored Contributor

Re: SMTP mail and "unreachable" node

Bill,

Please also note that there is no guarantee that ICMP (PING) and SMTP (mail) go to the same actual machine. Many traffic management devices to differential routing based on port number in addition to IP address.

One good step is to use a telnet session to see what comes back when you connect to the SMTP port.

- Bob Gezelter, http://www.rlgsc.com
Hoff
Honored Contributor

Re: SMTP mail and "unreachable" node

If you are working from an OpenVMS host or cluster at 213.173.170.9, then your local DNS looks to be misconfigured, and that'll definitely get your SMTP flagged either for graylisting or blocked as spam.
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Ok, yes, A and MX records can be different the issue I see though is that the traceroute works from my laptop, located on an entirely different network and location while it does not from the OpenVMS system which I keep having issues with.

Hoff: You bring up the issue of mis-configuration.

Here is the config information:

TCPIP> sho name

BIND Resolver Parameters

Local domain: stromasys.com

System

State: Started, Enabled

Transport: UDP
Domain: stromasys.com
Retry: 2
Timeout: 5
Servers: 81.23.73.120, 81.23.73.90
Path: No values defined

Process

State: Enabled

Transport:
Domain:
Retry:
Timeout:
Servers:
Path:
TCPIP>

Other than servers am not sure what can be done here...

Enter configuration option: 4

BIND RESOLVER Configuration

A BIND resolver has already been configured.

BIND Resolver Configuration

Transport: UDP
Domain: stromasys.com
Retry: 2
Timeout: 5
Servers: ns1.Cybernetwork.CH, ns2.Cybernetwork.CH
Path: No values defined

* Do you want to reconfigure BIND [NO]:

The SHOW MX_RECORD gives:

TCPIP> sho mx ingres.com


BIND MX database


Server: 81.23.73.120

Gate address Preference Gate name

69.18.136.194 10 proofpoint1.invision.net
69.18.136.195 10 proofpoint2.invision.net


BIND database


Server: 81.23.73.120

Host address Host name

98.129.177.130 INGRES.COM

So, now where?

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

On the issue of MX records... I really do not see where this is taking us since my own domain is defined by MX records and I have no issue sending mail to myself from this remote system.

The MX information for my domain is below:

TCPIP> sho mx ccsscorp.com


BIND MX database


Server: 81.23.73.120

Gate address Preference Gate name

207.111.237.9 5 mx2005.mx2.got.net
207.111.237.8 5 mx2004.mx2.got.net
209.66.101.141 5 mx2003.mx2.got.net
209.66.101.140 5 mx2002.mx2.got.net
209.66.101.139 5 mx2001.mx2.got.net
207.111.237.10 5 mx2006.mx2.got.net


BIND database


Server: 81.23.73.120

Host address Host name

207.111.217.162 CCSSCORP.COM

This is in contrast to the MX information for ingres.com...

Now, if there is an issue of graylisting then I need to understand how to get around that...

The number of sites which do not get email from this site is probably 5% or less of the total number I send to as people sign up but I would like to think it should be near zero if they provide valid mail addresses.

Thanks,

Bill.

Thanks,

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Jim_McKinney
Honored Contributor

Re: SMTP mail and "unreachable" node

If a DNS MX record for a particular host name exists, then any mail for that host name should be delivered to the host specified by the associated MX record(s)(and not the host specified by the A(ddress) resource record). In the absence of MX records SMTP mail will be directed to the host specified by the A record. SMTP mail from your host to ingres.com will be sent to one of the hosts specified by the associated MX records (and not that address you were PINGing) presuming that HP's SMTP client software plays by the rules. In practice many clients ignore the MX records and always target the A records. For this reason most enterprises have assigned an IP address to their domain name rather than risk losing mail from braindead clients. I would expect that HP's SMTP client is doing the correct thing and targeting the MX records (you could verify this by using TCPDUMP).

Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Hoff:

The 213.173.170.9 address is the gateway. I believe it is a router but I do not have the details, since I did not install the net.

The OpenVMS system is at 213.173.170.13.

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Hoff
Honored Contributor

Re: SMTP mail and "unreachable" node

213.173.170.13 within your DNS environment looks to be misconfigured. No valid rDNS response to dig.

Some of the more permissive SMTP servers around will accept that, but many of the servers will detect this and the message will get grey-listed, or will be flagged as spam and dropped.

The MX entry is the routing path from the client to the server.

The rDNS setting and associated detection is the reverse; the view from the SMTP server back to the originating mail server.
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Yes, I expect the SMTP is in fact looking at the MX records.

Ok, rDNS. So how does one set this? What settings are necessary or capable withing TCPIP, or do we need a DNS entry someplace which gives this information.

When I do nslookup for 213.173.170.13 and charon.stromasys.com I get:

C:\Documents and Settings\wpederse>nslookup 213.173.170.13
*** Can't find server name for address 192.168.1.1: Query refused
*** Default servers are not available
Server: UnKnown
Address: 192.168.1.1

Name: charon.stromasys.com
Address: 213.173.170.13


C:\Documents and Settings\wpederse>nslookup charon.stromasys.com
*** Can't find server name for address 192.168.1.1: Query refused
*** Default servers are not available
Server: UnKnown
Address: 192.168.1.1

Non-authoritative answer:
Name: charon.stromasys.com
Address: 213.173.170.13

So what more do we need to do?

Thanks,

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Ok, given my investigation of rDNS then using nslookup and PTR records I get:

$ multi nslookup charon.stromasys.com/type=ptr
Server: LOCALHOST
Address: 127.0.0.1

Authoritative answers can be found from:
STROMASYS.COM
origin = ns1.register.eu
mail addr = info.register.eu
serial = 2009102202
refresh = 7200 (2H)
retry = 3600 (1H)
expire = 86400 (1D)
minimum ttl = 3600 (1H)
$ multi nslookup ccsscorp.com/type=ptr
Server: LOCALHOST
Address: 127.0.0.1

Authoritative answers can be found from:
CCSSCORP.COM
origin = ns1.got.net
mail addr = dns-admin.got.net
serial = 2009030601
refresh = 10800 (3H)
retry = 3600 (1H)
expire = 604800 (1W)
minimum ttl = 86400 (1D)
$ multi nslookup charon.stromasys.com info.register.eu
*** Can't find server address for 'INFO.REGISTER.EU':
Unknown host
Server: LOCALHOST
Address: 127.0.0.1

Non-authoritative answer:
Name: CHARON.STROMASYS.COM
Address: 213.173.170.13

So to my untrained eye this looks "ok".

So, now the question is "What is ingres.com seeing when the SMTP connection is established?" Or at least that is what I would suspect might be the consideration.

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

I was so quick since it gave the number I was expecting I missed the error message that it could not find info.register.eu...

So I guess my untrained eye is still lost.

Insight please.

Thanks,

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Jim_McKinney
Honored Contributor

Re: SMTP mail and "unreachable" node

> So, now the question is "What is ingres.com seeing when the SMTP connection is established?"

ingres.com shouldn't be receiving a direct connection from your system. Any mail that you send to them should go to one of the hosts defined by the DNS MX records associated with ingres.com (69.18.136.194 -proofpoint1.invision.net or 69.18.136.195 - proofpoint2.invision.net). Your system would send mail to one of them and then they would later relay it on to the system with the addressee's mailbox (perhaps after performing some virus checking or what-have-you). You might try simulating an SMTP session to one or both of these hosts using telnet on port 25 and see what happens. The recipe for that is similar to what follows (your telnet command line might differ slightly - the following presumes MultiNet's telnet CLD)

$ TELNET/PORT=25 proofpoint1.invision.net
helo
mail from:
rcpt to:
data
put all of your
message text here
.
quit
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

ok, yes, I understand that proofpoint... is doing the email processing for ingres.com. The issue being as far as I can concerned it is ingres.com - in the long run. The same as a normal email recipient at ingres.com would think.

Yes, ok so when I find the time I will test the telnet operation to see what is happening there.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Hoff
Honored Contributor

Re: SMTP mail and "unreachable" node

SMTP traffic from an SMTP server with invalid rDNS will not be accepted by most modern mail servers.
Jim_McKinney
Honored Contributor

Re: SMTP mail and "unreachable" node

> SMTP traffic from an SMTP server with invalid rDNS will not be accepted by most modern mail servers.

Yes, this is true for many servers - and if they terminate your connection for this reason they usually say so during the SMTP dialogue - simulate an SMTP conversation or use TCPDUMP to watch one and you'll likely learn if this is the case here. This case is certainly distinct from the "unreachable node" scenario that began this thread.
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Using TCPDUMP I end up with an interesting message:

0x0000: 4500 0063 c89f 4000 3006 3465 4512 88c3 E..c..@.0.4eE...
0x0010: d5ad aa0d 0019 c05b ec26 6be1 4661 421e .......[.&k.FaB.
0x0020: 5018 05b4 a38a 0000 3535 3420 7072 6f6f P.......554.proo
0x0030: 6670 6f69 6e74 322e 696e 7669 7369 6f6e fpoint2.invision
0x0040: 2e6e 6574 2045 534d 5450 206e 6f74 2061 .net.ESMTP.not.a
0x0050: 6363 cc


ESMTP not accepting...

I can not believe that HP SMTP would not talk to an Extended SMTP but...

In using telent to port 25...

$ telnet proofpoint1.invision.net 25
%TELNET-I-TRYING, Trying ... 69.18.136.194
%TELNET-I-SESSION, Session 01, host proofpoint1.invision.net, port 25
554 proofpoint1.invision.net ESMTP not accepting messages
HELO charon.stromasys.com
250 proofpoint1.invision.net Hello [213.173.170.13], pleased to meet you

There is a fair pause between when the "...port 25" is printed and then the "554 ..." error message.

It would appear that OpenVMS SMTP does not support, ie does not email, the necessary information to be recognized by the remote system.

And in getting the 554 message then goes and places the message back in the queue when in fact it should continue.

Thoughts?

Thanks,

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Here is a sample between two different servers:

$ telnet mx2001.mx2.got.net 25
%TELNET-I-TRYING, Trying ... 209.66.101.139
%TELNET-I-SESSION, Session 01, host mx2001.mx2.got.net, port 25
HELO stromasys.comEscape character is ^]
220 mx2001.mx2.got.net ESMTP Wed, 23 Dec 2009 13:13:38 -0800
250 mx2001.mx2.got.net Hello [213.173.170.13], pleased to meet you
TELNET> exit
%TELNET-S-LCLCLOSED, Local connection closed
-TELNET-I-SESSION, Session 01, host mx2001.mx2.got.net, port 25
$ telnet proofpoint1.invision.net 25
%TELNET-I-TRYING, Trying ... 69.18.136.194
%TELNET-I-SESSION, Session 01, host proofpoint1.invision.net, port 25
HELO stromasys.comEscape character is ^]
554 proofpoint1.invision.net ESMTP not accepting messages
250 proofpoint1.invision.net Hello [213.173.170.13], pleased to meet you

Mail through got.net eventually ends up at ccsscorp.com.

In using telnet from my laptop to proofpoint1.invision.net I get a similar 554 message...

If I then go ahead and try to send a message it accepts the HELO but then rejects any following messages.

I suspect that there is more that needs to be passed between the two systems so as to be happy with the connection before proceeding. The what is the big issue now.

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Hoff
Honored Contributor

Re: SMTP mail and "unreachable" node

>Yes, this is true for many servers ...

Yes, true, and it's likely also true that if the DNS isn't corrected, then the whole process of resolving the connectivity will be for naught. (OpenVMS with TCP/IP Services is one of the few boxes that doesn't look at this stuff.)

> I can not believe that HP SMTP would not talk to an Extended SMTP but...

Google: "Your search - site:h71000.www7.hp.com esmtp - did not match any documents."

http://forums11.itrc.hp.com/service/forums/questionanswer.do?threadId=1101097

Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Ok, Hoff, so what needs to be changed in the DNS. As far as I can tell it is ok at least from my prospective of looking at the records.

If can can provide a pointer as to what needs to be changed I would be happy to make sure the changes are implemented.

Thanks,

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Steve Reece_3
Trusted Contributor

Re: SMTP mail and "unreachable" node

Can you send email elsewhere?

If I try a traceroute ingres.com from my mac I get:

traceroute to ingres.com (98.129.177.130), 64 hops max, 40 byte packets
1 myrouter.home (192.168.0.1) 1.328 ms 0.940 ms 0.832 ms
2 cr7.thbz.uk.easynet.net (87.87.254.201) 25.492 ms 26.260 ms 49.321 ms
3 82.111.105.161 (82.111.105.161) 20.753 ms 22.055 ms 21.732 ms
4 te0-1-0-2.er11.thlon.ov.easynet.net (89.200.135.99) 25.290 ms 23.942 ms 24.825 ms
5 ge-2-1-0.mpr1.lhr2.uk.above.net (195.66.224.76) 34.519 ms 23.242 ms 22.826 ms
6 so-1-1-0.mpr1.dca2.us.above.net (64.125.31.186) 97.489 ms 96.441 ms 96.784 ms
7 ge-2-0-0.mpr3.iah1.us.above.net (64.125.25.114) 123.226 ms 123.150 ms 123.929 ms
8 xe-1-3-0.cr1.iah1.us.above.net (64.125.30.105) 123.415 ms 122.866 ms 123.136 ms
9 xe-0-1-0.er1.iah1.us.above.net (64.125.28.5) 123.756 ms 124.770 ms 122.895 ms
10 xe-7-0-0.er1.dfw2.us.above.net (64.125.30.58) 128.852 ms 128.578 ms 127.735 ms
11 main1.above.net (209.133.126.42) 138.827 ms 139.238 ms 139.931 ms
12 vlan905.core5.dfw1.rackspace.com (67.192.56.229) 137.717 ms 138.136 ms 138.713 ms
13 67.192.56.31 (67.192.56.31) 140.393 ms 139.742 ms 138.915 ms
14 * * *

which is ultimately where you get to as well.
DNS may not be set up correctly but, also, could it also be that the Ingres site doesn't like traceroute for some reason.

Steve
Volker Halle
Honored Contributor
Solution

Re: SMTP mail and "unreachable" node

Bill,

to make sure, that reverse lookup works, you can test this on the following page:

http://www.mxtoolbox.com/SuperTool.aspx

ptr:213.173.170.13 - this would be the reverse lookup for charon.stromasys.com

It does not work, so I believe there is some problem with the DNS name registration.

Volker.
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Thank you gentlemen!

We'll get the PTR record fixed!

Merry Chistmas
Bill Pedersen
CCSS - Computer Consulting System Services, LLC
Bill Pedersen
Regular Advisor

Re: SMTP mail and "unreachable" node

Yes, DNS is the issue. Specifically the rDNS as pointed out by Hoff. GREAT tool from Volker!

Thanks!

Happy Holidays.

Bill.
Bill Pedersen
CCSS - Computer Consulting System Services, LLC