moderated Mail server reverse DNS still flakey #bug


Henning Schulzrinne
 

while talking to lb01.groups.io.:
>>> RCPT To:<arch-econ@groups.io>
<<< 500 Invalid request, no reverse DNS for 148.163.139.74
554 5.0.0 Service unavailable
451 4.4.1 reply: read error from lb01.groups.io.
... while talking to lb02.groups.io.:
>>> DATA
<<< 500 5.5.1 Invalid command

This is from gmail, so not a fringe service...


Jim Wilson
 

Mail server lb01.groups.io is at 45.79.81.153 and lb02.groups.io is at 173.255.221.194 where both belong to Linode. (Links are to ARIN pages)

IP address 148.163.139.74 belongs to "PROOFPOINT-NET-NORTH-AMERICA" so that's not the correct address. Something else is wrong. Perhaps the issue is DNS at your provider or some kind of proxy.

--
Jim


 

Hello,

The email is coming from 148.163.139.74, which isn't Google. It appears there was some sort of DNS hiccup from them yesterday. I believe it was temporary.

Thanks,
Mark

On Mon, Nov 9, 2020 at 5:15 AM Jim Wilson via groups.io <groupsio=texnetsys.com@groups.io> wrote:
Mail server lb01.groups.io is at 45.79.81.153 and lb02.groups.io is at 173.255.221.194 where both belong to Linode. (Links are to ARIN pages)

IP address 148.163.139.74 belongs to "PROOFPOINT-NET-NORTH-AMERICA" so that's not the correct address. Something else is wrong. Perhaps the issue is DNS at your provider or some kind of proxy.

--
Jim


Henning Schulzrinne
 

No, the problem persists as of 10 minutes ago. I can send email from the same account to dozens of other destinations, without any difficulty - it's only groups.io that fails. It's indeed Proofpoint, a very large email security company used by lots of large organizations (https://www.proofpoint.com/us/products/email-protection). If there was a larger problem, thousands of employees at my organization would quickly complain...


Jim Wilson
 

Sorry, I missed the Gmail indication and actually thought it looked like a spoof attempt. If you're using G Suite and Proofpoint email proxy services, then this is not a normal situation at all. That said, line 3 certainly seems to indicate lb01 was unable to retrieve RDNS for 148.163.139.74 at the time of that transaction. I am also wondering if you're saying this is all from one transaction because it looks like several?

@Mark, I may be wrong but it sounds less like caching and more like the DNS servers assigned on the email servers are having issues. I know they're on Linode but I've actually run into a similar issue on AWS.

--
Jim