I am using dovecot and sendmail on a FC5 server. Actually I have two servers that are almost identical and they are having the same problems and they started over this weekend. Now no one can sendmail. Basically I think the problem is with sendmail. If I telnet over to the system on port 25 it takes a very long time before I see a response. If I try to send a message manually it works. However it takes so long for a response that my mail client will timeout. I have checked all of my yum logs and nothing has been updated recently. I am very confused on this one especially since it is happening in two different locations. The one thing that these locations have in common is the same ISP. Any ideas?

UPDATE: I have this to the point now where if I telnet to port 25 from outside the building it responds very quickly. If I telnet to port 25 from the internal network it takes quite a while. I have a feeling this has something to do with name resolution. Still no solution.

Thanks,

Kris

It most likely is name resolution as you guess.

What DNS servers are the sendmail servers using?

If you log in to the sendmail servers with SSH, can you perform DNS queries?

What about reverse DNS queries?

Have any firewall changes been made, maybe to block outbound traffic?

Have the IP addresses of the internet networks changed?

It most likely is name resolution as you guess.

What DNS servers are the sendmail servers using?
- I am using DNS server provided by my ISP. Do you want the ip address of those servers?

If you log in to the sendmail servers with SSH, can you perform DNS queries?
- I can ping servers by name and the address resolution works. Is there another method for testing dns queries?

What about reverse DNS queries?
- I am a little hazy on what to do here. How do I do a reverse DNS query?

Have any firewall changes been made, maybe to block outbound traffic?
- No changes here. Although our isp had some problems over the weekend. I am not sure what they were.

Have the IP addresses of the internet networks changed?
- These are sill the same as always.

I think it may have something to do with the reverse dns lookup? If I am on the server and I try to telnet to localhost 25 I get connected to sendmail instantly. However if I telnet to 192.168.1.4 25 then it will take about 30 seconds to connect to sendmail.

Sounds like your ISP may have started filtering requests for reverse DNS on non-routable IPs.

What I mean is, if you do a reverse DNS lookup for the IP: 192.168.1.4, your ISP is not going to know the right answer. That IP address is non-routable and is being used all over the world by thousands of companies on their internal network. It can never exist on the open Internet, and thus your ISP can't return an answer for it. IANA resolves these requests to prisoner.iana.org, but recently it seems that due to some concerns over cache poisoning, a lot of DNS operators have stopped answering requests for such reserved IPs.

For a solution, you could either setup your own DNS servers internally to be authoritative just for the reserved IP ranges and forward all other requests to your ISP's DNS server, or you could use a script to add every IP address in your internal network to the /etc/hosts file on each mail server. It would look something like:

You could also see if it's possible to turn off the reverse DNS features in sendmail so it wouldn't time-out waiting for the answer.

Ok I setup a dns server for myself and this started working perfectly. Thanks for the help.