Thedailywtf.com’s mail server



  • Upon electing to post about the relational worthiness (or lack thereof) of Oracle for keeping grocery lists, I decided to register. After gamely entering my info, I waited for the confirmation e-mail—and waited. Then, I found this:

    To: adam+[unguessable-string]@certifound.com
      Client name or IP address greylisted
       3 T use-the-contact-form@thedailywtf.com   12:53:54 12:53:55 unknown[74.50.106.245]  mail.thedailywtf.com

    …which leaves the following questions:

    1. What extra-curricular activities is 74.50.106.245 performing to get itself greylisted?

    2. Why does 74.50.106.245 lack proper rDNS? This is such a “WTF” for mail hosts nowadays that I double-checked:

      [adam@lux ~]$ host 74.50.106.245
      Host 245.106.50.74.in-addr.arpa. not found: 3(NXDOMAIN)

      (Come to think of it, this might have been what triggered the greylisting.)

    3. And perhaps most importantly: In response to 4xx temporary rejection, why is 74.50.106.245 retrying 3 times within 1 second instead of deferring ’til a bit later? That’s a real mail-server “WTF”—the kind which makes server admins tear their hair out, and then block you.

    In order to successfully activate my account, I needed to whitelist 74.50.106.245 and use the “Forgot Password” function. I still do not know whether I will ever receive the original activation e-mail; after 3 retries within 1 second and nothing thereafter, outlook not good. Spoke too soon; my mail client simply hadn’t downloaded the e-mail, which was retried again after an hour (and after I had already posted using my account).



  • @Samuel Adam said:

    What extra-curricular activities is 74.50.106.245 performing to get itself greylisted?

  • Why does 74.50.106.245 lack proper rDNS?

  • Your DNS is smoking something. Here's what a.root-servers.net (my upstream DNS) tells me, once its been piped through dnsmasq:

    [16:25]<%indrora@lilac>dig -x  74.50.106.245                                                                                                
    

    ; <<>> DiG 9.6-ESV-R1 <<>> -x 74.50.106.245
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14539
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;245.106.50.74.in-addr.arpa. IN PTR

    ;; AUTHORITY SECTION:
    106.50.74.in-addr.arpa. 658 IN SOA ns.noc4hosts.com. admin.ns.noc4.hosts.com. 2001120817 10800 3600 604800 900

    ;; ANSWER SECTION:
    ;245.106.50.74.in-addr.arpa. 34 IN A mx.worsethanfailure.com

    ;; Query time: 82 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun Nov 7 16:26:29 2010
    ;; MSG SIZE rcvd: 142



  • Interesting -- I also get NXDOMAIN for the IP address, from my home connection (Virgin Media, UK) and from DreamHost's Monrovia server via SSH in the States.

    Greylisting doesn't indicate a server is nefarious: it's simply the act of forcing an incoming server to retry, working on the principle that legitimate mail servers will retry, and spammers will give up.

    However, the mail server I use had Spamdyke enabled, which was blocking all mails from TDWTF's mail server. I only rediscovered that Spamdyke was there and running as it was blocking mail from Review Centre's mail servers, and I was trawling all the settings trying to figure out what on earth was stopping their mail getting through. After I turned it off, I noticed that mail from TDWTF forums started coming through again. I had been wondering for the longest time why it had stopped and just blamed Community Server. The only check that Spamdyke was doing, it seems (according to the hosting co's FAQ) was reverse DNS checking, as I'd never enabled greylisting; this ties in with what we're seeing here -- DNS problems.



  •  From here i only recieve the authority record but no answer or error from both of their dns servers...

     

    Also...@Indrora said:

    ;; ANSWER SECTION: ;245.106.50.74.in-addr.arpa. 34 IN A mx.worsethanfailure.com

    Shouldn't reverse records always be PTR and not A?

     



  • @bdew said:

     From here i only recieve the authority record but no answer or error from both of their dns servers...

     

    Also...@Indrora said:

    ;; ANSWER SECTION:
    ;245.106.50.74.in-addr.arpa. 34 IN A mx.worsethanfailure.com

    Shouldn't reverse records always be PTR and not A?

     


    Dnsmasq makes anything it can an A or CNAME record if its been cached, just so it can maintain some level of "Authority" -- I know its breaks the entire point of DNS, but then again, I call dnsmasq "Fuck-You DNS"



  • @Indrora said:

    Your DNS is smoking something. Here's what a.root-servers.net (my upstream DNS) tells me, once its been piped through dnsmasq:

    [16:25]<%indrora@lilac>dig -x  74.50.106.245                                                                                                
    
    ; <<>> DiG 9.6-ESV-R1 <<>> -x 74.50.106.245
    ;; global options: +cmd
    ;; Got answer:
    

    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 14539

    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
    
    ;; QUESTION SECTION:
    ;245.106.50.74.in-addr.arpa.    IN      PTR
    
    ;; AUTHORITY SECTION:
    106.50.74.in-addr.arpa. 658     IN      SOA     ns.noc4hosts.com. admin.ns.noc4.hosts.com. 2001120817 10800 3600 604800 900
    
    ;; ANSWER SECTION:
    ;245.106.50.74.in-addr.arpa. 34 IN      A       mx.worsethanfailure.com
    
    ;; Query time: 82 msec
    ;; SERVER: 127.0.0.1#53(127.0.0.1)
    ;; WHEN: Sun Nov  7 16:26:29 2010
    ;; MSG SIZE  rcvd: 142
    

    More like you have something weird going with your DNS setup. Your DNS returns NXDOMAIN (like it should), but you have commented line in the answer section...and that line doesn't even make sense.



  • Google (8.8.8.8) says, 74.50.106.245 does not have any domain.


  • ♿ (Parody)

    This DNS stuff is way over my head. Should I change anything?



  • @Alex Papadimoulis said:

    This DNS stuff is way over my head. Should I change anything?

     

     

    Close your eyes and press Escape three times.

    Trust me, it works!



  • @Samuel Adam said:

    And perhaps most importantly: In response to 4xx temporary rejection, why is 74.50.106.245 retrying 3 times within 1 second instead of deferring ’til a bit later? That’s a real mail-server “WTF”—the kind which makes server admins tear their hair out, and then block you.
    Exchange? If you're really lucky, the other side is running a version of Exchange where messages simply disappear when the delivery attempt returns a 4xx code. Looking through logs and doing traces (on Exchange) will give you the impression that the message was delivered, when it in fact wasn't - but the message won't appear in any queue. Until you restart the SMTP service. Then the message will suddenly reappear, and be delivered.@Alex Papadimoulis said:
    This DNS stuff is way over my head. Should I change anything?
    Get in contact with your host, and have them add PTR to mail.thedailywtf.com for 74.50.106.245.



  • @Alex Papadimoulis said:

    This DNS stuff is way over my head. Should I change anything?

    If your upstream does your DNS for you, and if they are even halfway competent, all you need to say is “give me matching forward/reverse DNS for my mailserver”. They ought well understand what you are talking about; if they don’t, they should not be in the business of providing Internet services.

    In lieu of time to write up a coherent explanation, a quick glance with $SEARCH_ENGINE produces the following:

    I am not affiliated with any of these sites; and I only briefly skimmed their explanations for general signs of cluefulness and/or usefulness. I also skimmed over some disastrously bad advice, e.g., saying that you need separate IP addresses and PTR records set up for each of your virtual hosts at which you have mail aliases (!). At the bottom line, all you need is for forward DNS, reverse DNS, and HELO/EHLO on your mailserver to all agree with each other; the actual addresses you are sending and receiving at are irrelevant.

    [Edit: Added nofollow link to identify persons guilty of bad advice.]



  • @Samuel Adam said:

    @Alex Papadimoulis said:

    This DNS stuff is way over my head. Should I change anything?

    <snip>

    I am not affiliated with any of these sites; and I only briefly skimmed their explanations for general signs of cluefulness and/or usefulness. I also skimmed over some disastrously bad advice, e.g., saying that you need separate IP addresses and PTR records set up for each of your virtual hosts at which you have mail aliases (!). At the bottom line, all you need is for forward DNS, reverse DNS, and HELO/EHLO on your mailserver to all agree with each other; the actual addresses you are sending and receiving at are irrelevant.

    [Edit: Added nofollow link to identify persons guilty of bad advice.]

     

    I once ran into someone even dimmer. We were helping someone set up a coffee shop/Internet cafe back in the late 90s (dude was way ahead of his time). This was before wifi, so the guy had about 6 PCs in the back for Internet access. In talking to the "network admin", I found out that they had Three  class C blocks (yes, this was back in the pre-CIDR days). When I asked why he had three class-Cs, his answer was "well, I have to have three, after all, I have three domains".

    Yep, he thought that registering three domain names required him to have three class C blocks of addresses.

    Things didn't go well from there. Last I heard, the owner was found living in a steam tunnel beneath the building. Sad situation.



  • Speaking of the mail server, why are the thread reply emails always a near-useless mangled ball of text? This is what they look like, no HTML or anything:

    Re: Oracle and fractions of seconds...By Rick in "Side Bar" WTFhttp://forums.thedailywtf.com/forums/p/20496/236463.aspx#236463__________________________________aihtdikh: Rick:Does anyone remember the old DOS Recover command? The documentation on one page told you how to recover a single file whose length was not recorded correctly in the FAT filesystem. The second page, which happened to be on the back, told you that if you executed the command without a filename it would rename every single file in all the directories on your C: drive to C:\RECOVER.001, C:\RECOVER.002, etc. That wasn't a bug either, but they changed the command anyway. :-) I don't see how it relates... You really didn't see how Oracle documenting a poor implementation relates to Microsoft documenting a poor implentation? Documenting the insane format of the Interval doesn't fix the problem.It didn't fix Recover and it wouldn't fix Intervals.__________________________________You were sent this email because you opted to receive emailnotifications when someone responded to this thread. To unsubscribe, either:1. Visit the above URL and deselect 'Email me when someone replies...'2. Visit your user profile page and uncheck 'Enable email tracking


  • Is your email client set to plain text? They look fine to me in gmail and on my Android phone.


  • Discourse touched me in a no-no place

    @db2 said:

    Speaking of the mail server, why are the thread reply emails always a near-useless mangled ball of text? This is what they look like, no HTML or anything:
    Do you have "Receive rich (HTML) emails " selected from your profile? GMail does a reasonable rendering of most email from here sent that way.



  • @Buzer said:

    @Indrora said:

    More like you have something weird going with your DNS setup. Your DNS returns NXDOMAIN (like it should), but you have commented line in the answer section...and that line doesn't even make sense.
     

     My DNS is all kinds of messed up. I'm running dnsmasq. It returns NXDOMAIN when it hasn't cached it yet or if the cache is to a PTR record. The commented out line is a bug in my terminal... I didn't catch it. Stupid eterm... 

    Now, however (since my dns has had time to flush things) I get a totally different result:

     

    [ 8:53AM]( snapdragon:~ )% dig mx.worsethanfailure.com                                       (@indrora)

    ; <<>> DiG 9.7.1-P2 <<>> mx.worsethanfailure.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 44823
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;mx.worsethanfailure.com. IN A

    ;; ANSWER SECTION:
    mx.worsethanfailure.com. 3533 IN A 74.50.106.245

    ;; Query time: 1 msec
    ;; SERVER: 192.168.0.2#53(192.168.0.2)
    ;; WHEN: Mon Nov 8 08:54:00 2010
    ;; MSG SIZE rcvd: 57

    [ 8:54AM]( snapdragon:~ )% dig -x 74.50.106.245 (@indrora)

    ; <<>> DiG 9.7.1-P2 <<>> -x 74.50.106.245
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 22605
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;245.106.50.74.in-addr.arpa. IN PTR

    ;; Query time: 2 msec
    ;; SERVER: 192.168.0.2#53(192.168.0.2)
    ;; WHEN: Mon Nov 8 08:54:02 2010
    ;; MSG SIZE rcvd: 44

     the plot thickens though... As the domain points to... Everything. Yes folks, DiG doesn't lie:

    [ 9:04AM]( snapdragon:~ )% dig trwtf.is.hivelocity.thedailywtf.com                         (@indrora)

    ; <<>> DiG 9.7.1-P2 <<>> trwtf.is.hivelocity.thedailywtf.com
    ;; global options: +cmd
    ;; Got answer:
    ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45356
    ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

    ;; QUESTION SECTION:
    ;trwtf.is.hivelocity.thedailywtf.com. IN A

    ;; ANSWER SECTION:
    trwtf.is.hivelocity.thedailywtf.com. 43200 IN A 74.50.106.245

    ;; Query time: 108 msec
    ;; SERVER: 192.168.0.2#53(192.168.0.2)
    ;; WHEN: Mon Nov 8 09:04:58 2010
    ;; MSG SIZE rcvd: 62

    HiVelocity is to blame. Go yell at them to get rDNS records, Alex!

    Yes, I run zsh.



  • @Buzer said:

    @Indrora said:

    Your DNS is smoking something. Here's what a.root-servers.net (my upstream DNS) tells me, once its been piped through dnsmasq:

    More like you have something weird going with your DNS setup. Your DNS returns NXDOMAIN (like it should), but you have commented line in the answer section...and that line doesn't even make sense.

    Not to mention the fact that root servers don't recurse.




  • @PJH said:

    @db2 said:
    Speaking of the mail server, why are the thread reply emails always a near-useless mangled ball of text? This is what they look like, no HTML or anything:
    Do you have "Receive rich (HTML) emails " selected from your profile? GMail does a reasonable rendering of most email from here sent that way.

    Nope, I didn't - now I do. I guess TRWTF is that sending non-HTML email is performed by taking the text-only version and sending it as HTML. A lesson on MailMessage.IsBodyHtml is in order.



  • mails?



  • @db2 said:

    Speaking of the mail server, why are the thread reply emails always a near-useless mangled ball of text? This is what they look like, no HTML or anything:

    Re: Oracle and fractions of seconds...By Rick in "Side Bar" WTFhttp://forums.thedailywtf.com/forums/p/20496/236463.aspx#236463__________________________________aihtdikh: Rick:Does anyone remember the old DOS Recover command? The documentation on one page told you how to recover a single file whose length was not recorded correctly in the FAT filesystem. The second page, which happened to be on the back, told you that if you executed the command without a filename it would rename every single file in all the directories on your C: drive to C:\RECOVER.001, C:\RECOVER.002, etc. That wasn't a bug either, but they changed the command anyway. :-) I don't see how it relates... You really didn't see how Oracle documenting a poor implementation relates to Microsoft documenting a poor implentation? Documenting the insane format of the Interval doesn't fix the problem.It didn't fix Recover and it wouldn't fix Intervals.__________________________________You were sent this email because you opted to receive emailnotifications when someone responded to this thread. To unsubscribe, either:1. Visit the above URL and deselect 'Email me when someone replies...'2. Visit your user profile page and uncheck 'Enable email tracking
    I feel honored.


  • @Indrora said:

    HiVelocity is to blame. Go yell at them to get rDNS records, Alex!

    The real WTF is ... catch-all domains? Maybe I got your wrong, but that seems a little weak to me. Sure, a CNAME would have been more elegant but it hardly seems to be a violation of DNS not to use one.

    I mean, even Google does it like that:

    C:\Users\PS>dig @192.168.1.10 www.google.com
    *snip*
    ;; QUESTION SECTION:
    ;www.google.com. IN A

    ;; ANSWER SECTION:
    www.google.com. 237219 IN CNAME www.l.google.com.
    www.l.google.com. 275 IN A 209.85.229.99
    www.l.google.com. 275 IN A 209.85.229.104
    www.l.google.com. 275 IN A 209.85.229.147
    *snip*


    C:\Users\PS>dig @192.168.1.10 google.com
    *snip*
    ;; QUESTION SECTION:
    ;google.com. IN A

    ;; ANSWER SECTION:
    google.com. 42 IN A 209.85.229.104 ;(Look ma, no CNAME!)
    google.com. 42 IN A 209.85.229.147
    google.com. 42 IN A 209.85.229.99
    *snip*


    C:\Users\PS>dig @192.168.1.10 -x 209.85.229.104
    *snip*
    ;; QUESTION SECTION:
    ;104.229.85.209.in-addr.arpa. IN PTR

    ;; ANSWER SECTION:
    104.229.85.209.in-addr.arpa. 67318 IN PTR ww-in-f104.1e100.net.
    *snip*


  • @PSWorx said:

    google.com.             42      IN      A       209.85.229.104 ;(Look ma, no CNAME!)

    If there was a CNAME, I would be wondering how the heck I could access it... (well, okay, "foobar.com. CNAME foo.com." probably works) CNAME is probably one of the most commonly misunderstood things about DNS (it's an alias for domain X, not only for domain X's A/AAAA/CNAME record)



  • @PSWorx said:

    @Indrora said:

    HiVelocity is to blame. Go yell at them to get rDNS records, Alex!

    The real WTF is ... catch-all domains? Maybe I got your wrong, but that seems a little weak to me. Sure, a CNAME would have been more elegant but it hardly seems to be a violation of DNS not to use one.

    This is a case of poorly done Wildcard DNS. Wildcard DNSs mean that if I have a DNS foo.com with Wildcarding enabled, it will catch big.foo.com and little.foo.com. However, whatever flavor of BIND (Sounds actually like MenAndMice) they're running at HiVelocity is literally translating.

    Blame rests on: HiVelocity for doing shitty DNS.



  • @RichP said:

    I found out that they had Three  class C blocks (yes, this was back in the pre-CIDR days). When I asked why he had three class-Cs, his answer was "well, I have to have three, after all, I have three domains".

    It is interesting what brings back memories.  In the mid to late 90's I worked for a young engineer in the Air Force who has single handedly put together the 2nd largest Lantastic Network in the world and had obtained a class A block of IP addresses (useable for over 16M connections) for the approximately 1000 connections we were supporting!!! As we were an early adopter to the Internet it made sense to him to do this - and he thought he was quite powerful weilding this powercard of addresses around, until that is, the Big Air Force ultimately caught on and appropriated it from him and sub-domained his users underneath the .af domain!



  • @Buzer said:

    well, okay, "foobar.com. CNAME foo.com." probably works
     

    It works sometimes but is known to cause problems with some resolvers and caching dns servers.

    It's against the spec (unless you can get the .com authoritative servers to serve that record... and you can't), you can't have CNAME and other kinds of records for the same name  at the same time, that includes NS and SOA records.

    It has biten in the ass lots and lots of clueless people trying to set their domain.com (without www.) to be served from appengine/google pages/amazon/etc.



  • @Indrora said:

    This is a case of poorly done Wildcard DNS. Wildcard DNSs mean that if I have a DNS foo.com with Wildcarding enabled, it will catch big.foo.com and little.foo.com. However, whatever flavor of BIND (Sounds actually like MenAndMice) they're running at HiVelocity is literally translating.

    Blame rests on: HiVelocity for doing shitty DNS.

    I'm sorry but I don't see the difference to the original case. Quote one example from the DNS wildcards article on wikipedia:

    [quote user="one example from the DNS wildcards article on wikipedia"]

    Say there is a DNS zone with the following resource records: [...]

          *.example.               3600     TXT   "this is a wildcard"
     

    The following responses would be synthesized from one of the wildcards in the zone:

    foo.bar.example. TXT the answer will be "foo.bar.example. IN TXT ..." because bar.example. does not exist, but the wildcard does.

    [/quote]

    Replace foo.bar.example with ghtj.edtcv.jhkz.thedailywtf.com and you're there. How would that be shitty?



  • @bdew said:

    It's against the spec (unless you can get the .com authoritative servers to serve that record... and you can't), you can't have CNAME and other kinds of records for the same name  at the same time

    Except NSEC and RRSIG.



  • @Samuel Adam said:

    If your upstream does your DNS for you, and if they are even halfway competent, all you need to say is “give me matching forward/reverse DNS for my mailserver”. They ought well understand what you are talking about; if they don’t, they should not be in the business of providing Internet services.

    It should be noted though, that while the forward record (A, AAAA, MX, CNAME,...) are placed in the nameserver for the domain and thus handled by your domain registerar, the PTR record must be served by nameserver handling the IP address block and thus handled by your connectivity provider. Which may or may not be the same person.



  • Hopefully everybody else isn't as dimwitted as me and took the time to check out the comments to the blog post linked above (http://www.dougboude.com/blog/1/2008/06/Email-NonDelivery-Due-To-No-Reverse-DNS-Record.cfm) that was labeled as disastrously bad advice. The author of the post wasn't an admin but had been tasked with resolving an admin type issue, and from what he had gleaned and seen in his experimentation, posted what he believed to be sound advice. A later commenter to that post, however, corrected the author and indicated that it was quite unnecessary to assign a separate IP to each domain simply for the purpose of creating a properly resolving reverse PTR record. Those doggone dimwits and their blogging!


Log in to reply