#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Location
    Oregon
    Posts
    7
    Rep Power
    0

    Question Send/receive email problem to comcast.net users.


    Hi All...

    First time posting in one of these so be kind...

    I've been running a Windows 2003 / Exchange 2003 server for a while now with the domain name, sjovan.com. And for a long time it's been running without problem.

    At some point, however (within a month or so), I lost the ability to send/receive email to/from comcast.net users (ie user@comcast.net).

    I've used dnsreport.com to help generate clues about possible problems with DNS etc... Tried many things (including adding an SPF record) without success.

    Here is the return message I get:
    Your message did not reach some or all of the intended recipients.

    Subject: RE: ERROR MESSAGE
    Sent: 12/7/2004 2:27 PM

    The following recipient(s) could not be reached:

    user@comcast.net on 12/9/2004 2:40 PM
    The e-mail system was unable to deliver the message, but did not report a specific reason. Check the address and try again. If it still fails, contact your system administrator.
    <sjovan.com #4.0.0 smtp;450 [TEMPFAIL] comcast.net requires valid sender domain>


    And this is returned to the comcast user when trying to email sjovan.com:
    From: postmaster@comcast.net (Webmail Postmaster)
    To: user@comcast.net
    Subject: Returned mail: User unknown
    Date: Fri, 19 Nov 2004 02:21:53 +0000

    The following addresses had fatal errors:
    user_at_sjovan.com: 450 [TEMPFAIL] destination not valid within DNS

    And here is a telnet session with one of comcast's mail servers:
    > telnet gateway-r.comcast.net
    220 rwcrmxc17.comcast.net - Maillennium ESMTP/MULTIBOX rwcrmxc17 #477

    ehlo sjovan.com
    250-rwcrmxc17.comcast.net
    250-7BIT
    250-8BITMIME
    250-DSN
    250-EXPN
    250-HELP
    250-NOOP
    250-PIPELINING
    250-SIZE 10485760
    250-VERS V04.80c++
    250 XMUP 2

    mail from: <user_at_sjovan.com>
    250 ok

    rcpt to: <user@comcast.net>
    450 [TEMPFAIL] comcast.net requires valid sender domain


    I'm guessing that comcast is doing something to check that sjovan.com is a valid domain, but I don't know how to pass their test...

    I'm really at my wits end here ...
    If anyone has any idea what I can do to get comcast to like me again (Man! that's pothetic... haha!), please let me know.

    Thanx for any help I can get...
  2. #2
  3. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Posts
    14
    Rep Power
    0
    Probably not of any help, but that is usually because of a failed Reverse DNS test I believe.

    I just checked your reverse DNS, and it seems fine, so it's odd that it's failing.

    Mike
  4. #3
  5. cave painting, the 1st Opn Src
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2003
    Posts
    532
    Rep Power
    0
    My gut sez that you processed enough mail thru Comcast to get noticed and got banned...but I could be wrong.

    Did you set the MX record to pipe all your mail thru your COMCAST acct?
    If so you probably are getting a DOMAIN not found because they aren't letting you use them to process your mail anymore.

    Try this...
    Goto noip.com
    Get a free acct
    Set up a domain, ie whatever.servebeer.com
    set the MX record to your domain
    Check your DNS entry and update IT to your noip acct

    NOW, send a test mail.

    IF IT WORKS...then you know that Comcast is the cuprit.

    OR, just check your DNS settings.
    Last edited by dba_frog; December 10th, 2004 at 07:48 AM.
    Curious by Nature,
    Linux by Choice
    Lawson ERP reference tools: Lawsuss.com
  6. #4
  7. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Location
    Oregon
    Posts
    7
    Rep Power
    0
    Originally Posted by dba_frog
    My gut sez that you processed enough mail thru Comcast to get noticed and got banned...but I could be wrong.

    Did you set the MX record to pipe all your mail thru your COMCAST acct?
    If so you probably are getting a DOMAIN not found because they aren't letting you use them to process your mail anymore.
    I probably should have mentioned this in the original post...
    I have a static IP address (216.99.216.97) and my domain is registered at godaddy. My ISP is aracnet.com and they've been very helpful (ie, they setup my PTR record). So I don't think I'm doing anything "under the table" here.

    I don't have comcast, I have a DSL account (Verizon DSL).
    Right now the server is behind a D-Link router/firewall and configured as the DMZ. I've taken the router out of the picture already as a test, without any luck.

    So far I haven't seen any evedence that there is any problem with the DNS setup, although if anyone can show me otherwise, that's why I'm here, and I'm all ears

    I've spent many hours surfing the internet for information on DNS, including looking through the appropriate RFC's and even writing a quick dns check program to test the DNS server on different ports (other than 53).

    And as I wrote in my original post, I've used dnsreport.com (as well as others) to checkout my configuration. As far as I can tell, I'm setup correctly.

    dba_frog, did you see anything in my setup that lead you to believe that DNS (MX specifically) was not resolving correctly?
    dnsreport.com shows that its ok:
    INFO MX Record Your 1 MX record is:
    10 sjovan.com. [TTL=3600] IP=216.99.216.97 [TTL=3600] [US]

    Also dba_frog, I'm curious about your comment that I may have been banned. From the telnet session I posted originally, you can see that I'm able to make connection and initiate the email exchange, but then the comcast mail server declares sjovan.com an invalid domain after sending the "rcpt to:" command.

    Please let me know if I'm misunderstanding your comments.

    Thanx,
    Cary
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Posts
    14
    Rep Power
    0
    Have you tried contacting Comcast?

    I've looked over your setup, and it seems near on perfect. I havn't even organised with my ISP to change their PTR record to my domain name instead of their original record (still shows up as the connections name, not my domain), and I can connect to Comcast fine.

    I don't think the problem is at your end, I think that you have been banned - it really depends on how they secure their mail server (Reverse DNS, SPF...)

    You should definitely get in contact with them.

    Mike
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Location
    Oregon
    Posts
    7
    Rep Power
    0

    Contacting Comcast


    Originally Posted by betaaus
    Have you tried contacting Comcast?

    I've looked over your setup, and it seems near on perfect. I havn't even organised with my ISP to change their PTR record to my domain name instead of their original record (still shows up as the connections name, not my domain), and I can connect to Comcast fine.

    I don't think the problem is at your end, I think that you have been banned - it really depends on how they secure their mail server (Reverse DNS, SPF...)

    You should definitely get in contact with them.

    Mike
    Yes, I've sent them 4 emails and called them once... The phone call was a waste of time. Two of the emails I actually received replies to. Of the 2 replies one of them was completeley irrelevant to my intial query. (I'm sure the receiver pulled the answer out of a troubleshooting tree without really understanding my question). And the other reply was on topic, but a pretty useless response:

    Dear Cary,

    I have checked the account and do not see any problems with it. The
    error message indicates that your email address was rejected. It does
    not recognize sjovan.com

    If there is anything else we can assist you with, please contact us.
    Thank you for choosing Comcast.


    Haha.... Ok, I admit it, the above rant was only for my benefit. But the "vent" sure was nice!

    From the jist of this thread I'm getting the idea that maybe Comcast is blocking my domain. I'll keep trying to contact them and resolve it that way.

    But if there are any more suggestions in the mean time, I'll be monitoring this thread, so please don't hesitate to fire away.

    Thanx for the responses so far...
    Cary
  12. #7
  13. cave painting, the 1st Opn Src
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2003
    Posts
    532
    Rep Power
    0
    OK, Let's back up a momemt...I mis-read your problem.
    Forget the prior post...You already have your server setup, YOUR error is in sending mail to @comcast.net receipiants.

    The good news...You aren't banned or known in Spamhaus.org, or Sorbs.net
    So far I haven't seen any evedence that there is any problem with the DNS setup, although if anyone can show me otherwise, that's why I'm here, and I'm all ears
    But, I can't get a DNS return on your IP { 216.99.216.97 }
    I get a reverse listing tho'.

    Try www.dollardns.net, choose the DNS crawler on the left side of the page and input you IP to verify my findings.
    It returns NO RECORD for a DNS entry. This maybe why COMCAST is booting your emails...No Record entries usually denote a SPAMMER.

    Are you running BIND? or using a service? ...
    Last edited by dba_frog; December 13th, 2004 at 10:58 AM.
    Curious by Nature,
    Linux by Choice
    Lawson ERP reference tools: Lawsuss.com
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Location
    Oregon
    Posts
    7
    Rep Power
    0
    Originally Posted by dba_frog
    Try www.dollardns.net, choose the DNS crawler on the left side of the page and input you IP to verify my findings.
    It returns NO RECORD for a DNS entry. This maybe why COMCAST is booting your emails...No Record entries usually denote a SPAMMER.

    Are you running BIND? or using a service? ...
    OK! This may be something new to me and was just the sort of thing I was hoping to find.

    So now I just want to make sure I understand what you are saying...
    I'm not aware of a "dns entry" record (or at least not by that name). I now I have NS, A, MX, SOA, SPF, etc setup on my physical server. And I had a PTR record setup on the ISP side.

    So when I go to dollardns, I enter my IP address in the "Name:" field and leave the defaults in the other fields and I press the "Reverse IP" button. Like you say, I can see the PTR record that my ISP set up for me but I don't see anything else that relates to sjovan.com.

    Now, if I enter my domain name in the "Name:" field (instead of the IP) and hit the "Send Query" button, the query gets out to my physical server and I can see all of the records that are stored there.

    Are you saying that comcast wants to see all the the records on my server (A, MX, SOA, NS, etc) by doing a lookup on my IP address?

    by the way I'm running Exchange 2003 on Windows Server 2003 OS.
  16. #9
  17. cave painting, the 1st Opn Src
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2003
    Posts
    532
    Rep Power
    0
    Are you saying that comcast wants to see all the the records on my server (A, MX, SOA, NS, etc) by doing a lookup on my IP address?
    NO...
    Go back to dollardns.net, input fedoradocs.com into the NAME field and press the send query button. THAT is a DNS record.
    YOU should have the same look if you input SJOVAN.COM into the NAME field.

    Your ISP was nice enough to set up a reverse DNS entry for you on their server, but you don't seem to have a regular DNS entry.

    Resolution:: Run BIND on your system, create a DNS entry for your Domain. (see the DNS thread for tutorial)
    **Note: it will take 24-72 hrs from the time you go live with your DNS entry in BIND for it to propagate across the 'Net.

    Conjecture:: The reason that COMCAST is turfing your emails is because they started checking for an SPF record to help reduce spam. You were fine with the rev. DNS listing until that point.
    GOOD NEWS:: once you set up BIND you should be GTG and not have any similar problems moving forward.
    Curious by Nature,
    Linux by Choice
    Lawson ERP reference tools: Lawsuss.com
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Posts
    14
    Rep Power
    0
    dba_frog - I think he has done something to his nameservers. I had previously seen his domain at dnsreport.com and everything seemed fine. Now it's an absolute mess - which accounts for why the DNS Crawler isn't reporting the A record for his domain.

    What did you do indigokid? Revert back to what you had originally!

    Mike
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Location
    Oregon
    Posts
    7
    Rep Power
    0
    Originally Posted by betaaus
    dba_frog - I think he has done something to his nameservers. I had previously seen his domain at dnsreport.com and everything seemed fine. Now it's an absolute mess - which accounts for why the DNS Crawler isn't reporting the A record for his domain.

    What did you do indigokid? Revert back to what you had originally!

    Mike
    Have no fear... That was just me doing work in progress.
    I was in the process of setting up the ISC BIND service.

    I hope that I'm correct in assuming the "ISC BIND" service should replace both the "DNS Server" and "DNS Client" services. I went ahead and disabled those two services and set the new one to Automatically startup. Once I'm confident this fixes my problem I'll probably just uninstall the DNS server feature altogether.

    The transition was fairly straight forward and seems to be running stable now. Although, I am seeing random internet disconnects now and then (I'm hoping that this is coincedence).

    So I'll start the clock running, cross my fingers and wait for the new DNS settings to propagate.
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2004
    Location
    Oregon
    Posts
    7
    Rep Power
    0

    Final resolution


    My problem is resolved and I wanted to post the final response so that anyone else monitoring this thread might benefit.

    After installing BIND (as dba_frog recommended) my problem still persisted.

    But with a little reading I was able to configure the logging output (Which I think is much better, and more configurable then Windows DNS Server) such that I could see that comcast.net is the only email server that is sending DNS queries on port 53. There may be others, I just haven't run into them. It turns out that my firwewall had an internal DNS mode that was conflicting with all port 53 traffic coming from the internet.

    So.... when a server makes DNS queries originating from a port other then 53, everything was good. That's why It took me a while to admit I had a DNS problem. But since comcast is the only server (that I noticed in my logs anyway) performing dns validation originating from port 53, that was why it I was ok with all other email servers.

    I'm sure that the Windows DNS Server would also work here, but now that it works, why mess with it.

    Thank you dba_frog and betaaus for helping me get through this. As usual, my problem was caused by actions that were my own. But talking it through and trying new things is what lead me to the solution.

    -Indigo
  24. #13
  25. cave painting, the 1st Opn Src
    Devshed Novice (500 - 999 posts)

    Join Date
    Jun 2003
    Posts
    532
    Rep Power
    0
    As usual, my problem was caused by actions that were my own.
    Your Welcome...
    Admitting you have LINUX is the first Step...

    Glad we could help. I'll file that Comcast Port 53 issue...Because THAT is a wierd one...
    Curious by Nature,
    Linux by Choice
    Lawson ERP reference tools: Lawsuss.com

IMN logo majestic logo threadwatch logo seochat tools logo