[Mailman-Users] Unknown user- what am I missing?

Brad Knowles brad at stop.mail-abuse.org
Wed Dec 1 10:58:20 CET 2004 

At 6:48 PM -0800 2004-11-30, Zain Memon wrote:

>  The log entry for the speakeasy one looks like this:
>  to=<....speakeasy.net>, relay=virtual, delay=0, status=bounced
>  (unknown user: "....speakeasy.net")

	This means that the e-mail address is not valid.  Either that, or 
the speakeasy.net mail servers are screwed up and rejecting messages 
that they should be accepting.  Either way, this isn't your problem.

>  Now I think I'm missing some critical concept here. How did my mail
>  server know what the gmail relay was? And why doesn't it know the
>  relay for speakeasy?

	Mail servers for a given domain are advertised in the DNS using a 
mechanism called "MX Resource Records", sometimes known as "MX RRs" 
or just plain "MXes".  In theory, every server or domain that is 
supposed to accept mail should have advertised MXes in their DNS.  If 
you want to go to their web pages, you look up www.gmail.com in the 
DNS (or whatever their webserver name is), if you want to send them 
mail, you look up their MXes.


	Here's what the mail servers look like for gmail.com:

% dig gmail.com. mx

; <<>> DiG 9.2.2 <<>> gmail.com. mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 30055
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 7

;; QUESTION SECTION:
;gmail.com.                     IN      MX

;; ANSWER SECTION:
gmail.com.              2633    IN      MX      20 gsmtp57.google.com.
gmail.com.              2633    IN      MX      10 gsmtp171.google.com.
gmail.com.              2633    IN      MX      10 gsmtp185.google.com.

;; AUTHORITY SECTION:
gmail.com.              10750   IN      NS      ns1.google.com.
gmail.com.              10750   IN      NS      ns2.google.com.
gmail.com.              10750   IN      NS      ns3.google.com.
gmail.com.              10750   IN      NS      ns4.google.com.

;; ADDITIONAL SECTION:
gsmtp57.google.com.     1848    IN      A       216.239.57.27
gsmtp171.google.com.    1663    IN      A       64.233.171.27
gsmtp185.google.com.    6233    IN      A       64.233.185.27
ns1.google.com.         181084  IN      A       216.239.32.10
ns2.google.com.         8284    IN      A       216.239.34.10
ns3.google.com.         181084  IN      A       216.239.36.10
ns4.google.com.         181084  IN      A       216.239.38.10

;; Query time: 228 msec
;; WHEN: Wed Dec  1 10:45:35 2004
;; MSG SIZE  rcvd: 292

	This says that gmail.com has two advertised primary MXes 
(gsmtp171.google.com and gsmtp185.google.com, each with a "cost" of 
10), one secondary MX (gsmtp57.google.com with a cost of 20), four 
advertised nameservers, and then for convenience they also go ahead 
and give you the IP addresses for each of the machines.

	If you were to try to send e-mail to gmail.com, your server 
should do the same type of DNS query, and assuming it got back the 
same answer, then it should try to contact either gsmtp171 or 
gsmtp185, and it should randomly choose which one to try first.  If 
it failed to contact either of the primary MXes, then it should fall 
back to the secondary.

	The integer numbers between the host/domain name and "IN" is the 
"Time To Live", a.k.a., the TTL.  This basically says how long the 
nameserver should cache this information before it re-queries from 
the appropriate nameservers for gmail.com/google.com.  Note that the 
MX records shown have a low TTL of 2633 seconds (43 minutes and 53 
seconds), while the NS records have a higher TTL of 10750 seconds (2 
hours, 59 minutes, 10 seconds), and there are a wide range of TTLs 
for the various IP addresses.  Some domains choose to have low TTLs 
for their advertised MXes as a crude way of "load balancing" across a 
large number of machines.


	Now, here's the MX records for speakeasy.net:

% dig speakeasy.net. mx

; <<>> DiG 9.2.2 <<>> speakeasy.net. mx
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10978
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 3

;; QUESTION SECTION:
;speakeasy.net.                 IN      MX

;; ANSWER SECTION:
speakeasy.net.          3600    IN      MX      5 mx01.speakeasy.net.
speakeasy.net.          3600    IN      MX      5 mx02.speakeasy.net.

;; AUTHORITY SECTION:
speakeasy.net.          1344    IN      NS      ns-noc.speakeasy.net.
speakeasy.net.          1344    IN      NS      ns-sea.speakeasy.net.

;; ADDITIONAL SECTION:
mx01.speakeasy.net.     1344    IN      A       216.254.0.195
ns-noc.speakeasy.net.   7922    IN      A       216.254.0.173
ns-sea.speakeasy.net.   7922    IN      A       66.93.87.8

;; Query time: 212 msec
;; WHEN: Wed Dec  1 10:56:38 2004
;; MSG SIZE  rcvd: 176


	Summary: two mail servers of equal cost (mx01 and mx02), two 
nameservers (ns-noc and ns-sea), but the system currently only knows 
the IP addresses of three of these machines.  If it wanted to talk to 
the fourth one, it would have to do another DNS query to get that 
information.

-- 
Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list