Koozali.org: home of the SME Server
Contribs.org Forums => Koozali SME Server 10.x => Topic started by: Mace on August 12, 2025, 10:18:21 PM
-
Seems I'm experiencing an old bug (8362) (https://bugs.koozali.org/show_bug.cgi?id=8362) or a similar one. For two months I've been having mail delivery get deferred due to (CNAME_lookup_failed_temporarily._(#4.4.3)/) if sent to @wyo.gov. I finally reconfigured my server to use 1.1.1.1 for DNS instead of its internal DNS and now mail to @wyo.gov delivers successfully.
-
this domain does resolve directly to a A field and do not show a cname which is the issue presented in the bug 8362 when multiple cname are inside another and the loop limit is reached.
MX does resolve to google.
if qmail starts having dns issue, it is sometime just because it fails to conmect to the dns server once. simply restarting the service solve the issue. chanhing the dns providers implies restarting the qmails service.
in some specific configuration: dns provided through a vpn, temporary answer missing from the dns server can create similar errors.
This os however not a standard operating condition for SME.
using 1.1.1.1 dns might seems a fox for this, but it could fail your spam filter with a limit reached error.
-
My SME server is rebooted nightly with all my Proxmox VM backups so that should restart the qmail service nightly. It is behind an HAProxy server though (which is also rebooted nightly), could that cause this issue somehow? It has been flawless for years though and only had issue with that one domain for the last two months or so.
Edit:
Set it back to internal DNS, did a reconfigure/reboot and now it's failing to wyo.gov again with the same error. It's not even getting to the point of communicating with the wyo.gov mail server as i'm now testing with a nonexistant-user@wyo.gov and it still gets deferred in the queue with CNAME_lookup_failed_temporarily instead of rejecting as no such user.
-
Works for me
<nonexistant-user@wyo.gov>:
142.251.168.27 does not like recipient.
Remote host said: 550-5.1.1 The email account that you tried to reach does not exist. Please try
Maybe try something from here:
https://forums.koozali.org/index.php?topic=40458.0
-
https://forums.koozali.org/index.php/topic,34321.msg163897.html#msg163897
"The failing site was OK until the ISP changed the IP to a new range of addresses, so it looks like the ISP has an issue."
"in my case, it was firewall's IDS rules which resets DNS queries that is greater than 512 bytes. I shutdown ip audit functions and it is working perfectly now."
https://serverfault.com/questions/189366/cname-lookup-failed-temporarily-4-4-3
"In short: qmail is b0rked. It chokes on DNS packets over 512 bytes and sends queries of type ANY which produces the largest replies to find MX records."
Start testing Sme11 beta, it switched to Postfix for mail delivery.