efa-project.org

Hi all,

I have an EFA 3.0.0.8 system that has been behaving strangely lately.
(Been using EFA for years, it always just worked. Now I'm having probs and not sure where to look to troubleshoot)

Mail arrives from the internet.
Appears in the EFA MailScanner Recent list marked as clean.
The mail then fails to appear in the Exchange server.
EFA Outbound queue is 0.
I go into the individual mail on the EFA web page, tick to release it and submit.
The mail appears in the Exchange server.

I've turned up the Exchange logging.
When a mail fails to make it from EFA to Exchange, there is no record in the SmtpReceive log file on the Exchange server.
When the mail does get through, there is a record of the conversation between EFA and Exchange in the log.

Note that the mail flow problem is not consistent, but has been getting much worse over the past few days.

Things that I've done on the Exchange box:
Turned up logging.
System is patched and rebooted once a month.

Things that I've done on the EFA box:
Updated Webmin to latest version
Updated OS and apps to latest version.
Rebooted multiple times.

Where can I see what has happened through the outbound queue on the EFA box?

Any other suggestions?

On E.F.A. you can check the /var/log/maillog file there everything mail related is logged.

Just guessing here, but it sounds like your exchange is blocking connections from the spam filter and because of that E.F.A. will not be able to deliver the mail and thus drop the mail (or send an NDR).

I have seen cases where exchange was also setup for spam filtering and because E.F.A. delivered a bulk of messages to exchange the IP from the E.F.A. box was blocked by exchange, so make sure spam/ratelimiting is disabled in exchange.

Ah, /var/log/maillog seems to be the missing piece.

Found an error matching each failed-to-be-delivered message. So it looks like a DNS lookup problem.
Only, EFA is configured to send my internal mail to smtp.internal.domain, which is a CNAME that resolves to exchangeServer.internal.domain
Note that the error above is for exchangeServer, not smtp, so EFA is successfully resolving smtp to exchangeServer, but failing to resolve the address of exchangeServer.
Weird.
I've got two DNS servers, both windows domain controllers, both happily resolving addresses.
nslookup from the EFA box works fine talking to both DNS servers, resolving both the CNAME and the A record.

So, I put the address of exchangeServer into the hosts file on the EFA box and things seem to have become more reliable.

Still, I don't get that it is having such problems resolving DNS.

in 3.0.0.8 we added recursive DNS (have you enabled it?)

If enabled E.F.A. will do its DNS query's by its own so if you use split DNS it won't know the internal IP.
disable recursive DNS or use the hosts file will be the best solution then.

Where is the recursive DNS setting?
I've looked through Webmin in Networking and the Postfix settings.
(Is it "Reject clients with no reverse hostname" in "SMTP Authentication And Encryption"? It's not set, btw)

I'm still getting occasional host lookup errors in the log and mails not being delivered to the exchange box.

Login with SSH to the E.F.A. box

you will get the EFA-Configure console -> choose 'IP Settings'
Then option 4 DNS recursion, this can be enabled or disabled

Enabled then E.F.A. uses its own internal DNS server for resolving, if disabled it is using the primary and secondary (option 5 and 6) DNS servers to do lookups.

More digging.
So, DNS on EFA box is configured to use 127.0.0.1 followed by the two Windows DNS servers.
EFA runs dnsmasq, which in turn forwards to the two Windows DNS servers.
Just had a situation where dnsmasq got stuck and was not resolving addresses.
(Resulting in the lookup errors and mail failing to be delivered)
Restarted dnsmasq and it began working again.

Does dnsmasq do something special for the various bits of EFA, or can I just disable it and point straight to the Windows DNS servers?

DNSmasq will cache query's to speed things up.

As test you can try to edit /etc/resolv.conf and add the IP's of your own DNS servers to bypass DNSMasq for a while.

It seems to be sorted now.

One of the Windows DNS servers had an issue with the reverse lookup zone for the subnet - it was missing the Exchange server address.
Re-replicated that zone and all has been working for a few days now.

I suspect that the root cause was the dodgy reverse lookup zone.
Since it was only on one DNS, the lookups would work sometimes and fail sometimes.
The message in the EFA maillog said that EFA failed to lookup the A record of the Exchange server, not the PTR record.
My manual testing of looking up the A record from both Windows DNS and 127.0.0.1 on EFA was successful, which confused me.
It was only when I started looking up PTR records that I noticed a problem.

So, darky83, do you know if Postfix requires a DNS reverse lookup of the mail host that it is sending mail to?
(I guess a quick repro is to remove the PTR of the mail host and see what happens...)

Thanks for your help.
I'm glad we got this sorted.