Email or server identification issues

[Katixa]

Hi there,

Recently we acquired a new dedicated server on our company. We had to move all the domains from our old server to this new one. There are around 90 domains right now and they all seem to work OK.

The problem is that when I receive an email on the "Received: by...." section I get a completely random domain hosted on that server. The same happens to any of my coworkers.

I don't know what could be happening. I've been doing some research, thinking about some theories or causes, and the only info I can give right now is the following:

- The old server had a unique IP (the one represented with a crown) that wasn't used for any domain. The second IP was used for all the domains. This new server came with one IP and it was shared. There seems to be no unique IP.
- I have tried changing the host name on Plesk and also the inverse on our hosting company control panel, but the same is happening (well, the new name isn't even yet showed, so maybe I missed something).

To give you an idea:

Some info edited, added *** with my comment inside, and important text in bold:

From - Thu Dec 11 16:28:07 2008
X-Account-Key: account10
X-UIDL: UID373241-1163420069
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
X-Mozilla-Keys:
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on ***hostnamehere***
X-Spam-Level:
X-Spam-Status: No, score=-1.9 required=5.0 tests=AWL,BAYES_00 autolearn=ham
version=3.2.5
Received: (qmail 15430 invoked from network); 11 Dec 2008 16:33:59 +0100
Received: from 142.red-79-xxx-xx.staticip.rima-tde.net (HELO ?127.0.0.1?) (79.xxx.xx.142)
by ***random-domain-on-my-server*** with SMTP; 11 Dec 2008 16:33:59 +0100
Message-ID: <4941317D.1030400@***sender-domain***>
Date: Thu, 11 Dec 2008 16:27:57 +0100
From: ***name*** <***sender-address***>
User-Agent: Thunderbird 2.0.0.18 (Windows/20081105)
MIME-Version: 1.0
To: ***name*** <***address***>
Subject: prueba
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

prueba

I can reproduce this any time sending myself an email message. Everytime the domain "by..." will be different, random, and always will be a domain on my server.

Any clue?

The thing is that I'm also receiving a "failure notice" when I try to send an email to one domain hosted on my server. This domain has the email dissabled on Plesk because they host it elsewhere. Of course, the "by" is also a random domain:

Sorry. Although I'm listed as a best-preference MX or A for that host,
it isn't in my control/locals file, so I don't treat it as local. (#5.4.6)

I'm afraid that this is caused by the same thing.

Thanks in advance for any help.

 

[breun]

I've seen the random domain thing happen when DNS zones incorrectly contain PTR records (reverse DNS). You only need one PTR record for an IP address (e.g. server.example.com), and I guess that most people that rent a server don't even manage their own IP ranges (ask your service provider to correctly set the PTR record), so you generally shouldn't have any PTR records in your DNS zones. If you have multiple PTR records for an IP address your MTA will just pick a random one and that's probably what your seeing.

 

[Katixa]

I've seen the random domain thing happen when DNS zones incorrectly contain PTR records (reverse DNS). You only need one PTR record for an IP address (e.g. server.example.com), and I guess that most people that rent a server don't even manage their own IP ranges (ask your service provider to correctly set the PTR record), so you generally shouldn't have any PTR records in your DNS zones. If you have multiple PTR records for an IP address your MTA will just pick a random one and that's probably what your seeing.

Thanks for your help. I've contacted the support of the ones hosting our server. I'll post any updates.

I hope the email delivery error is related with this thing, meaning that it will stop if we fix this.

(( F**** computers and system administrating. In next life I'll be baker.
Oh wait, there isn't "next"... maybe I should switch right now. ))

 

[Katixa]

Update:

I contacted the "support" at the company that hosts our server talking about this problem and pasting what breun said about the PTR record, but I got a reply telling me that "that's an administration related task" and that they don't do anything related to that. They directed me to this forums to look for help. Funny.

I replied again asking them to read the email properly, and looking for a clarification about that PTR or inverse thing (so they could tell me if I could do it my self (and how) or was something related to them), and got another reply telling me that they "cannot help with that".

Simply great.

Any clues about where or how could I check that PTR thing without contacting these b*st**ds? I've Googled for it but I'm still not sure about what it is exactly or what I have to do with it at all. I mean, we've had 2 servers in the past 5 years (in another company by the way) and didn't even hear about it...

Thanks again.

 

[breun]

There are two things here and you can take care of at least of one of them.

1. Check your DNS zones in Plesk and see if they have PTR records in them. You should probably delete all of them, since you don't control your own IP range (if you did, you'd know). This should take care of the 'random hostnames in mailheaders' issue.

2. Check if your server has reverse DNS correctly configured. Running 'host <IP-address-of-your-server>' should return the hostname. Maybe reverse DNS is set up, but returns not your hostname, but some name assigned by your server provider. You could stick with that, but it's better to have it actually resolve back to your server's hostname. It's also possible that you don't get a hostname for your server's IP address at all. In that case the party managing the IP range your server is in should be contacted to set this up.

Oh, and maybe you should start looking for another server company if you receive answers like that.

 

[Katixa]

Thanks breun,

OK, lets go part by part.

First, some days ago I used the "Configure Reverse" option in the Manager they offer to customers (is a control panel developed by them that allows some tasks). I set it to a domain hosted in our server. I also changed the host name in Plesk to that same domain. Anyway I sill see the name assigned by them when installing (I didn't restart any service at all, maybe I missed some step).

Second, I checked what you say in Plesk, and I don't see anything weird at all. I checked our "old" server too (the one we moved all the domains from, that is still running) and the records look pretty much the same, but with a couple differences:

Old one:

<domain>. NS ns.<domain>.
<domain>. A <ip>
<domain>. MX (10) mail.<domain>.
<ip> / 24 PTR <domain>.
ftp.<domain>. CNAME <domain>.
mail.<domain>. A <ip>
ns.<domain>. A <ip>
webmail.<domain>. A <ip>

New one:

<domain>. NS sdns1.xxx.xxx.
<domain>. NS nsxxxxxx.xxx.xxx.
<domain>. A <ip>
<domain>. MX (10) mail.<domain>.
<ip> / 24 PTR <domain>.
ftp.<domain>. CNAME <domain>.
mail.<domain>. A <ip>
webmail.<domain>. A <ip>

The "x" represent the name given by our company followed by their own domain. As I see, there are two NS records there, one more than on the old server.

Also, I tried doing that "host [IP-here]" you said. What I got is a bunch of domains, all hosted on the server. It's the IP followed by .in-addr.arpa pointing to each domain in the server.

So maybe my problem is that I still haven't set the reverse properly, or maybe I have to give it a restart or something so some settings are enabled?

Thanks again.

 

[breun]

That configure reverse option is something on your provider's servers, so that should just work. If it doesn't, contact them. It might be cached on your side though. Flush your DNS cache or check on another machine.

And just remove all PTR records in your domain's DNS zones (and in the DNS template). They're useless in your situation and cause the whole 'random domain in mail header' thing.

 

[Katixa]

That configure reverse option is something on your provider's servers, so that should just work. If it doesn't, contact them. It might be cached on your side though. Flush your DNS cache or check on another machine.

And just remove all PTR records in your domain's DNS zones (and in the DNS template). They're useless in your situation and cause the whole 'random domain in mail header' thing.

Thanks again.

Update: I finally contacted a tech external to us that we hired some time ago for special tasks (like when mail queue gets spamed or something I don't know how to control happens). I told him about the issue, about the things I did and what was happening, and right now it seems it's fixed. I guess that this shows the difference between a veteran server administrator and a developer that has been assigned the task of managing the customer's server.

The "by" part shows the real domain. The hostname is now our host. And running "host" against the IP shows only the hostname (the reverse also).

Also I sent an email message to an address that hosts the email outside the server (but domain is created here) and I got no error this time.

So I guess it's all working.

Finally.

 

[levelup3]

I have the same problem and now it has been sorted!