Network admins... I need help... really WIERD email server/routing problem!!!

I’m a system admin for an Intermediate school district and we have a really strange problem.

We have six sites within our district that we are getting email bounce back messages from. The sites that we are having this problem with are all on different isp’s and each have their own e-mail server. They can send to us just fine, but when we send to them, we get the bounce back message (Saying it tried 20 attempts).

What is weird is that they all started having this problem about the same time. As far as I can tell, nothing has changed on our DNS or email server.

What I have done to try and troubleshoot/fix this is the following:

  • Tried changing the IP address of the email server and updating the MX record in the DNS. No change.
  • Tried changing the IP addresss of the DNS setting on the email server to a DNS that we know to be farther up the chain. No change.
  • Tried changing the IP address of the DNS setting on the email server to a DNS that was outside of our ISP. No change, plus it caused other problems. I changed it back.
  • I even tried going to a backup of our DNS server that I had made before we even had problems, still no change.
  • I’ve contacted our ISP about this, but they can’t find anything wrong on their network

Also, a couple of the sites occasionally will receive e-mails from us, but it is VERY sporadic. It is sounding like this is a routing problem. Especially when I see entries in our email log file that say, “Trying [domain name]…” with no HELO/EHLO response.

I am at my wits end. All of our users here are complaining about how they can’t email out to certain sites in the district and the sites we are having problems with are complaining that they aren’t receiving anything from us.

I don’t know what else to do? Any help that you network-admin dopers can give me would be greatly appreciated. :frowning:

A few guesses off the top of my head.

Try traceroutes both by name and IP in both directions( if you can, you dont say if you admin the remote boxen), see if something is getting dropped along the way. After reading the OP a little more, try getting a traceroute to each of the blocked sites and a few for sites that arent blocked and compare, maybe there is a similar route being taken by all the dropped traffic. Are there just the 6 sites in the district or do you have some that are working fine? If there are some working district sites get traceroutes from them.

Maybe try skipping DNS altogether and putting static entries in your hosts file?

Can you telnet to port 25 from your email server to theirs? by name and IP? And remote back to you? how about from another machine on the same network as your email server? If not his would point to a blocked port.

Do you or the other sites use any blackholing or prompt delays for spam prevention that might cause timeouts?

I’ll stop back tonight when I have more time and see if I have anymore ideas.

Send an e-mail manually:

Telnet to port 25.

You should get a connection message like:
220 mail.testsite.com Microsoft Exchange Internet Mail Connector <version xxx>

Type:

HELO yourdomainname.com

You should get back:

250 OK yourdomainname.com

Type:

MAIL FROM:You@yourdomainname.com

You should get back:

250 OK - MAIL FROM You@yourdomainname.com

Type:

RCPT TO: User@TheirDomainName.com

You should get back:

250 OK - Recipient User@TheirDomainName.com

Type:

DATA

You should get back:

354 Send data. End with CRLF.CRLF

Type:

SUBJECT: TEST MESSAGE
Here is a test message.

You won’t get any response from that.

Type a period (.) at the next blank line, and then press ENTER.

You should get back:

250 OK

Then type QUIT to break the connection.

If the process breaks at some point, you know where the problem is.

We have had our ISP turn off ICMP traffic at the router that feeds us to help prevent DDOS attacks so a traceroute doesn’t work, but I suppose we could ask them to turn it on for a few days so we can run some tests.

That might be an option there. I guess I’d have to find each email server’s ip address so that we can put that mapping in.

I hadn’t thought of that. Good idea.

Not that I know of. I will confirm with the network admins of the remote sites to rule that out.

Bricker:
Your’s is also a really good idea. I didn’t know you could send email manually that way.

I will let you all know what I find out after doing these suggestions. I really appreciate the help. Thanks!!!

Well? Don’t keep us in suspense. :slight_smile: