Sendmail forcing to use a particular MX

the_gripmaster · 08-27-2008, 12:57 AM

My clients are trying to send email to a domain such as example.com

example.com has 2 MXs (found by executing 'host -t mx example.com' in the email server):

Code:

50 mx2.example.com
10 mx1.example.com

mx1.example.com is up and connections can be established on port 25 to it from my server, but mx2.example.com is down.

Now, whenever my clients send email to example.com, it does not get delivered and when i run 'mailq', this is what I see:

Code:

m7R5jlEx028096     2987 Wed Aug 27 11:45 <me@mydomain.com>
               (Deferred: Connection refused by mx2.example.com.)
                                         <postmaster@example.com>

It looks like sendmail is trying to connect to mx2.example.com which is down. How do I force sendmail to send the emails to example.com using mx1.example.com?

Mr. C. · 08-27-2008, 01:13 AM

This may be a form of greylisting.

Unless you control the MX's, or have permission, you should not try to override the MX's for the domain. Allow your server to retry which is normal operating behavior.

Attempting to bypass the normal MX precedence could get you perm rejected from the site.

the_gripmaster · 08-27-2008, 01:26 AM

I can telnet to port 25 of mx1.example.com from my server and can successfully send emails. Why is sendmail trying to use mx2.example.com instead of mx1.example.com?

Mr. C. · 08-27-2008, 01:32 AM

Do the logs show that sendmail tried the primary first, failed, and fell back to the secondary?

the_gripmaster · 08-27-2008, 01:36 AM

Sendmail logs show it never tried to connect to mx1.example.com

Mr. C. · 08-27-2008, 01:50 AM

Sendmail will try a secondary MX if there was a problem during the SMTP greeting. If Sendmail has never tried the primary MX, this would tend to indicate DNS problems not returning the primary MX record.

Can you describe your DNS server?

the_gripmaster · 08-27-2008, 02:18 AM

Here is a dig output from my server (telnet-bd.com is the server I am trying to send the emails to)

Code:

[root@mx1 ~]# dig -t mx telnet-bd.com

; <<>> DiG 9.3.3rc2 <<>> -t mx telnet-bd.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60299
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 4

;; QUESTION SECTION:
;telnet-bd.com.                 IN      MX

;; ANSWER SECTION:
telnet-bd.com.          4705    IN      MX      10 mx-in-01.telnet-bd.com.
telnet-bd.com.          4705    IN      MX      50 mx-in-02.telnet-bd.com.

;; AUTHORITY SECTION:
telnet-bd.com.          1694    IN      NS      ns1.telnet-bd.com.
telnet-bd.com.          1694    IN      NS      ns2.telnet-bd.com.

;; ADDITIONAL SECTION:
mx-in-01.telnet-bd.com. 1694    IN      A       116.212.104.91
mx-in-02.telnet-bd.com. 1694    IN      A       116.212.105.113
ns1.telnet-bd.com.      10704   IN      A       116.212.104.71
ns2.telnet-bd.com.      34754   IN      A       116.212.105.115

;; Query time: 0 msec
;; SERVER: 192.168.100.41#53(192.168.100.41)
;; WHEN: Wed Aug 27 13:17:39 2008
;; MSG SIZE  rcvd: 181

Mr. C. · 08-27-2008, 10:30 PM

I get DNS failures on this domain.

Code:

$ dig -t mx telnet-bd.com

; <<>> DiG 9.5.0-P2 <<>> -t mx telnet-bd.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 7590
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;telnet-bd.com.                 IN      MX

;; Query time: 3221 msec
;; WHEN: Wed Aug 27 20:28:45 2008

That's enough to convince me.

the_gripmaster · 08-28-2008, 03:59 AM

Well...thanks