Topic: CNAME_lookup_failed_temporarily

[Mace]

Seems I'm experiencing an old bug (8362) or a similar one. For two months I've been having mail delivery get deferred due to (CNAME_lookup_failed_temporarily._(#4.4.3)/) if sent to @wyo.gov. I finally reconfigured my server to use 1.1.1.1 for DNS instead of its internal DNS and now mail to @wyo.gov delivers successfully.

[Jean-Philippe Pialasse]

this domain does resolve directly to a A field and do not show a cname which is the issue presented in the bug 8362 when multiple cname are inside another and the loop limit is reached.

MX does resolve to google.

if qmail starts having dns issue, it is sometime just because it fails to conmect to the dns server once.  simply restarting the service solve the issue. chanhing the dns providers implies restarting the qmails service.

in some specific configuration: dns provided through a vpn, temporary answer missing from the dns server can create similar errors. 
This os however not a standard operating condition for SME.

using 1.1.1.1 dns might seems a fox for this, but it could fail your spam filter with a limit reached error.

[Mace]

My SME server is rebooted nightly with all my Proxmox VM backups so that should restart the qmail service nightly. It is behind an HAProxy server though (which is also rebooted nightly), could that cause this issue somehow? It has been flawless for years though and only had issue with that one domain for the last two months or so.

Edit:
Set it back to internal DNS, did a reconfigure/reboot and now it's failing to wyo.gov again with the same error. It's not even getting to the point of communicating with the wyo.gov mail server as i'm now testing with a nonexistant-user@wyo.gov and it still gets deferred in the queue with CNAME_lookup_failed_temporarily instead of rejecting as no such user.

[bunkobugsy]

Works for me
<nonexistant-user@wyo.gov>:
142.251.168.27 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try

Maybe try something from here:
https://forums.koozali.org/index.php?topic=40458.0

[bunkobugsy]

https://forums.koozali.org/index.php/topic,34321.msg163897.html#msg163897
"The failing site was OK until the ISP changed the IP to a new range of addresses, so it looks like the ISP has an issue."

"in my case, it was firewall's IDS rules which resets DNS queries that is greater than 512 bytes. I shutdown ip audit functions and it is working perfectly now."

https://serverfault.com/questions/189366/cname-lookup-failed-temporarily-4-4-3
"In short: qmail is b0rked. It chokes on DNS packets over 512 bytes and sends queries of type ANY which produces the largest replies to find MX records."

Start testing Sme11 beta, it switched to Postfix for mail delivery.

[Mace]

...
Start testing Sme11 beta, it switched to Postfix for mail delivery.

Do you think the beta is stable enough for operating only as a mail server?

[Jean-Philippe Pialasse]

beta is beta.  no for production. 

[bunkobugsy]

It is behind an HAProxy server though (which is also rebooted nightly), could that cause this issue somehow?

Maybe, see the other forum post, you could change network conditions to expose sme directly or try to remember what changed couple of months ago.
Just to be sure do a   signal-event reboot

[Mace]

Thanks for all the replies and suggestions. I haven't changed anything on my server for a few years, but I only started needing to email wyo.gov a couple of months ago so it likely would have done that all along if i had tried emailing them sooner. Nothing but changing the server's DNS has worked so far, but doing that messes up spamassassin with

Code: [Select]

Query Refused. See http://uribl.com/refused.shtml errors preventing incoming mail delivery like Jean-Philippe said it might. I'll just use my gmail acct for wyo.gov until Koozali 11 is ready for production. I really wish I could be helping with testing Koozali 11 but don't think I would be much use.

[ReetP]

I really wish I could be helping with testing Koozali 11 but don't think I would be much use.

I'm not sure why people say this. It needs ordinary users to test. Install, play, break, report. Fixing is not required.

That means everyone.

Plenty of posts here on what you can do to help & how.