Mailing List Archive

On Mon, Aug 31, 2015 at 04:36:25PM -0400, Michael DiMartino wrote:
> I have searched the forums and the web in general, but the replies deal w/
> older versions of qmail specially pre NetQmail.
>
> My issue have over 100 emails sitting in the queue due to
>
> delivery 289: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
>
> Most of these are known legitimate email addresses, like my @outlook.com
> address.
>
> How can this be resolved, my users are beginning to complain.

Have you tested that DNS does work from your mail server?

Something like:

$ host -t mx outlook.com

It should return the MX records (currently mx[1-4].hotmail.com).

--
Best regards,
Ed http://www.s5h.net/

​Ed,
Yes, I tested the MX lookup. That's why this is so ​puzzleiing to me.

[root@smtp1 qmail]# host -t mx outlook.com
outlook.com mail is handled by 10 mx4.hotmail.com.
outlook.com mail is handled by 10 mx3.hotmail.com.
outlook.com mail is handled by 10 mx2.hotmail.com.
outlook.com mail is handled by 10 mx1.hotmail.com.
[root@smtp1 qmail]#




Mike Di Martino, CEO/Founder
M: +1 631 988 6060
F: +1 206 202 1807
E: michael@hudsonstreet.us
W: www.hudsonstreet.us



On Mon, Aug 31, 2015 at 4:41 PM, ed <ed-qmail@s5h.net> wrote:

> On Mon, Aug 31, 2015 at 04:36:25PM -0400, Michael DiMartino wrote:
> > I have searched the forums and the web in general, but the replies deal
> w/
> > older versions of qmail specially pre NetQmail.
> >
> > My issue have over 100 emails sitting in the queue due to
> >
> > delivery 289: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
> >
> > Most of these are known legitimate email addresses, like my @outlook.com
> > address.
> >
> > How can this be resolved, my users are beginning to complain.
>
> Have you tested that DNS does work from your mail server?
>
> Something like:
>
> $ host -t mx outlook.com
>
> It should return the MX records (currently mx[1-4].hotmail.com).
>
> --
> Best regards,
> Ed http://www.s5h.net/
>
>

Hi Michael,


you need to patch you version of qmail to avoid ‚all' lookups. There are several solutions available.

Once you patched (net)qmail and reinstalled the modules, qmail-remote will resubmit your mails.

In addition, if you use dnscache you need to raise your udp buffer size.

Look into the archives. Those issues have already a long history.

regards.
—eh.


Am 31.08.2015 um 22:36 schrieb Michael DiMartino <michael@hudsonstreet.us>:

> MY Setup
> Life With Qmail
> Centos: 5.6 64 bit
> Netqmail: 1.06
>
>
> ​I have searched the forums and the web in general, but the replies deal w/ older versions of qmail specially pre NetQmail.
>
> My issue have over 100 emails sitting in the queue due to
>
> ​delivery 289: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
>
> Most of these are known legitimate email addresses, like my @outlook.com address.
>
> How can this be resolved, my users are beginning to complain.
>
>
> Thanks
> Mike D

---
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE

Ervin
What do you mean by reinstall the modules, do you mean reinstall the patched net qmail.

Also I am not very familiar with patching can you provide the command.

Thank you
Mike D

Sent from my Windows Phone

-----Original Message-----
From: "Erwin Hoffmann" <feh@fehcom.de>
Sent: ‎8/‎31/‎2015 4:52 PM
To: "Michael DiMartino" <michael@hudsonstreet.us>
Cc: "qmail List" <qmail@list.cr.yp.to>
Subject: Re: CNAME LOOKUP

Hi Michael,




you need to patch you version of qmail to avoid ‚all' lookups. There are several solutions available.


Once you patched (net)qmail and reinstalled the modules, qmail-remote will resubmit your mails.


In addition, if you use dnscache you need to raise your udp buffer size.


Look into the archives. Those issues have already a long history.


regards.
—eh.




Am 31.08.2015 um 22:36 schrieb Michael DiMartino <michael@hudsonstreet.us>:


MY Setup
Life With Qmail
Centos: 5.6 64 bit
Netqmail: 1.06




​I have searched the forums and the web in general, but the replies deal w/ older versions of qmail specially pre NetQmail.


My issue have over 100 emails sitting in the queue due to


​delivery 289: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/


Most of these are known legitimate email addresses, like my @outlook.com address.


How can this be resolved, my users are beginning to complain.




Thanks
Mike D


---
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE

This is production server with a backloged queue. I can't start from scratch at this point

Sent from my Windows Phone

-----Original Message-----
From: "msayah@controlcc.com" <msayah@controlcc.com>
Sent: ‎8/‎31/‎2015 5:23 PM
To: "michael@hudsonstreet.us" <michael@hudsonstreet.us>
Cc: "qmail@list.cr.yp.to" <qmail@list.cr.yp.to>
Subject: Re: CNAME LOOKUP


Hi Mike,

I run a fairly plain qmail setup (not NetQmail) and have a script which
patches qmail starting from the DJB baseline qmail-1.03.tar.gz. After
tar extracting the contents of the original DJB qmail-1.03.tar.gz, the
errno patch is applied, then the any-to-cname patch, and then the DNS
oversize-dns-packets patch.

I believe the http URLs below still host these patches. if not I have
the patches (small text files).

#
# http://cr.yp.to/software/qmail-1.03.tar.gz
#
tar -xpf qmail-1.03.tar.gz || exit $status
sync
#
cd qmail-1.03 || exit $status
#
# http://www.thedjbway.org/patches/djb_errno_patches.tgz
#
patch < ../djb_errno_patches/qmail-1.03.errno.patch
if ( $status ) exit $status
sync
#
# Jonathan de Boyne Pollard
# http://www.memoryhole.net/qmail
patch < ../qmail-patches/qmail-1.03-any-to-cname.patch
if ( $status ) exit $status
#
# Christopher K. Davis patch
# http://qmail.org/top.html
patch < ../qmail-patches/qmail-1.03-oversize-dns-packets.patch
if ( $status ) exit $status
#
.
.
.
a few more patches
-----------------------------------------------------------------------

Some old original doc:

My mail is not being delivered. The log says "deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/"

The "qmail.org" web site suggests that you may be able to get around
this problem somewhat by installing the "djbdns" package, and in
particular, "dnscache" from that package.

Installing "djbdns" is generally a good idea, but it does not
genuinely fix this problem.

The cause of this problem is as follows:

"qmail-remote" wants to perform "CNAME" lookups of the domain
names that mail is to be sent to. However, instead of doing a
"CNAME" DNS lookup directly, it performs an "ANY" DNS lookup
and scans the result for "CNAME" resource records. It does
this because of a bug in BIND version 4 that would be triggered
if it did "CNAME" lookups directly.

But "qmail" only employs a 512-byte buffer to receive the DNS
response. Unfortunately, an "ANY" lookup for several popular
domains (such as "aol.com.") now yields a response bigger than
512 bytes, and the DNS lookup fails because the response size
exceeds the size of the buffer that "qmail" has to hold it.
(An "ANY" response for "aol.com." was 543 bytes - and even that
was with the "glue" stripped - at the time of writing this
answer.)

Installing "dnscache" partially alleviates this problem because
"dnscache" provides smaller answers to "ANY" queries than other
proxy DNS server softwares, such as BIND, do. This happens to
defer the onset of this problem in most cases.

However, this is not a true solution. The problem can still occur
even if one employs "dnscache". The the maximum size that a DNS
response can be is 65536 bytes, and "qmail"'s DNS response buffer
should therefore be capable of holding responses up to this size.
The correct fix is to apply Christopher K. Davis' patch (hyperlink
given above) that increases "qmail"'s buffer to 65536 bytes.

Whilst you are about it, you also might consider applying the
patch (hyperlink given above) that makes "qmail" actually use
"CNAME" queries when it wants to look up "CNAME" resource
records.
-----------------------------------------------------------------------

-rw-r--r-- 1303 Jan 13 2003 qmail-1.03.errno.patch

-rw-r--r-- 403 Oct 30 2010 qmail-1.03-any-to-cname.patch
-rw-r--r-- 2104 Oct 26 2010 qmail-1.03-oversize-dns-packets.patch
-----------------------------------------------------------------------

This qmail running on all versions of Slackware Linux versions
from 10.1 to 14.1

Mike Sayah
msayah@controlcc.com


>Date: Mon, 31 Aug 2015 16:48:05 -0400
>Subject: Re: CNAME LOOKUP
>From: Michael DiMartino <michael@hudsonstreet.us>
>To: ed <ed-qmail@s5h.net>
>Cc: qmail List <qmail@list.cr.yp.to>
>
>???Ed,
>Yes, I tested the MX lookup. That's why this is so ???puzzleiing to me.
>
>[root@smtp1 qmail]# host -t mx outlook.com
>outlook.com mail is handled by 10 mx4.hotmail.com.
>outlook.com mail is handled by 10 mx3.hotmail.com.
>outlook.com mail is handled by 10 mx2.hotmail.com.
>outlook.com mail is handled by 10 mx1.hotmail.com.
>[root@smtp1 qmail]#
>
>
>
>
>Mike Di Martino, CEO/Founder
>M: +1 631 988 6060
>F: +1 206 202 1807
>E: michael@hudsonstreet.us
>W: www.hudsonstreet.us
>
>
>
>On Mon, Aug 31, 2015 at 4:41 PM, ed <ed-qmail@s5h.net> wrote:
>
>> On Mon, Aug 31, 2015 at 04:36:25PM -0400, Michael DiMartino wrote:
>> > I have searched the forums and the web in general, but the replies deal
>> w/
>> > older versions of qmail specially pre NetQmail.
>> >
>> > My issue have over 100 emails sitting in the queue due to
>> >
>> > delivery 289: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
>> >
>> > Most of these are known legitimate email addresses, like my @outlook.com
>> > address.
>> >
>> > How can this be resolved, my users are beginning to complain.
>>
>> Have you tested that DNS does work from your mail server?
>>
>> Something like:
>>
>> $ host -t mx outlook.com
>>
>> It should return the MX records (currently mx[1-4].hotmail.com).
>>
>> --
>> Best regards,
>> Ed http://www.s5h.net/
>>
>>

For a quick and dirty work around. If you have a non-qmail SMTP server that can send outbound email and will allow relaying from the server with the backlog, you can try adding an entry in smtproutes for the remote domain that is causing the CNAME error that will forward all mail for that domain to the other non-qmail SMTP server, then restart(?) qmail-send to "requeue" messages for the domain.

I have used something like this workflow in the past but I have relay access to both postfix and sendmail servers that make this an easy fix.

—Ian

From: "michael@hudsonstreet.us<mailto:michael@hudsonstreet.us>" <michael@hudsonstreet.us<mailto:michael@hudsonstreet.us>>
Date: Monday, August 31, 2015 at 4:26 PM
To: "msayah@controlcc.com<mailto:msayah@controlcc.com>" <msayah@controlcc.com<mailto:msayah@controlcc.com>>, qmail List <qmail@list.cr.yp.to<mailto:qmail@list.cr.yp.to>>
Subject: RE: CNAME LOOKUP

This is production server with a backloged queue. I can't start from scratch at this point

Sent from my Windows Phone
________________________________
From: msayah@controlcc.com<mailto:msayah@controlcc.com>
Sent: 8/31/2015 5:23 PM
To: michael@hudsonstreet.us<mailto:michael@hudsonstreet.us>
Cc: qmail@list.cr.yp.to<mailto:qmail@list.cr.yp.to>
Subject: Re: CNAME LOOKUP


Hi Mike,

I run a fairly plain qmail setup (not NetQmail) and have a script which
patches qmail starting from the DJB baseline qmail-1.03.tar.gz. After
tar extracting the contents of the original DJB qmail-1.03.tar.gz, the
errno patch is applied, then the any-to-cname patch, and then the DNS
oversize-dns-packets patch.

I believe the http URLs below still host these patches. if not I have
the patches (small text files).

#
# http://cr.yp.to/software/qmail-1.03.tar.gz
#
tar -xpf qmail-1.03.tar.gz || exit $status
sync
#
cd qmail-1.03 || exit $status
#
# http://www.thedjbway.org/patches/djb_errno_patches.tgz
#
patch < ../djb_errno_patches/qmail-1.03.errno.patch
if ( $status ) exit $status
sync
#
# Jonathan de Boyne Pollard
# http://www.memoryhole.net/qmail
patch < ../qmail-patches/qmail-1.03-any-to-cname.patch
if ( $status ) exit $status
#
# Christopher K. Davis patch
# http://qmail.org/top.html
patch < ../qmail-patches/qmail-1.03-oversize-dns-packets.patch
if ( $status ) exit $status
#
.
.
.
a few more patches
-----------------------------------------------------------------------

Some old original doc:

My mail is not being delivered. The log says "deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/"

The "qmail.org" web site suggests that you may be able to get around
this problem somewhat by installing the "djbdns" package, and in
particular, "dnscache" from that package.

Installing "djbdns" is generally a good idea, but it does not
genuinely fix this problem.

The cause of this problem is as follows:

"qmail-remote" wants to perform "CNAME" lookups of the domain
names that mail is to be sent to. However, instead of doing a
"CNAME" DNS lookup directly, it performs an "ANY" DNS lookup
and scans the result for "CNAME" resource records. It does
this because of a bug in BIND version 4 that would be triggered
if it did "CNAME" lookups directly.

But "qmail" only employs a 512-byte buffer to receive the DNS
response. Unfortunately, an "ANY" lookup for several popular
domains (such as "aol.com.") now yields a response bigger than
512 bytes, and the DNS lookup fails because the response size
exceeds the size of the buffer that "qmail" has to hold it.
(An "ANY" response for "aol.com." was 543 bytes - and even that
was with the "glue" stripped - at the time of writing this
answer.)

Installing "dnscache" partially alleviates this problem because
"dnscache" provides smaller answers to "ANY" queries than other
proxy DNS server softwares, such as BIND, do. This happens to
defer the onset of this problem in most cases.

However, this is not a true solution. The problem can still occur
even if one employs "dnscache". The the maximum size that a DNS
response can be is 65536 bytes, and "qmail"'s DNS response buffer
should therefore be capable of holding responses up to this size.
The correct fix is to apply Christopher K. Davis' patch (hyperlink
given above) that increases "qmail"'s buffer to 65536 bytes.

Whilst you are about it, you also might consider applying the
patch (hyperlink given above) that makes "qmail" actually use
"CNAME" queries when it wants to look up "CNAME" resource
records.
-----------------------------------------------------------------------

-rw-r--r-- 1303 Jan 13 2003 qmail-1.03.errno.patch

-rw-r--r-- 403 Oct 30 2010 qmail-1.03-any-to-cname.patch
-rw-r--r-- 2104 Oct 26 2010 qmail-1.03-oversize-dns-packets.patch
-----------------------------------------------------------------------

This qmail running on all versions of Slackware Linux versions
from 10.1 to 14.1

Mike Sayah
msayah@controlcc.com<mailto:msayah@controlcc.com>


>Date: Mon, 31 Aug 2015 16:48:05 -0400
>Subject: Re: CNAME LOOKUP
>From: Michael DiMartino <michael@hudsonstreet.us<mailto:michael@hudsonstreet.us>>
>To: ed <ed-qmail@s5h.net<mailto:ed-qmail@s5h.net>>
>Cc: qmail List <qmail@list.cr.yp.to<mailto:qmail@list.cr.yp.to>>
>
>???Ed,
>Yes, I tested the MX lookup. That's why this is so ???puzzleiing to me.
>
>[root@smtp1 qmail]# host -t mx outlook.com
>outlook.com mail is handled by 10 mx4.hotmail.com.
>outlook.com mail is handled by 10 mx3.hotmail.com.
>outlook.com mail is handled by 10 mx2.hotmail.com.
>outlook.com mail is handled by 10 mx1.hotmail.com.
>[root@smtp1 qmail]#
>
>
>
>
>Mike Di Martino, CEO/Founder
>M: +1 631 988 6060
>F: +1 206 202 1807
>E: michael@hudsonstreet.us<mailto:michael@hudsonstreet.us>
>W: www.hudsonstreet.us
>
>
>
>On Mon, Aug 31, 2015 at 4:41 PM, ed <ed-qmail@s5h.net<mailto:ed-qmail@s5h.net>> wrote:
>
>> On Mon, Aug 31, 2015 at 04:36:25PM -0400, Michael DiMartino wrote:
>> > I have searched the forums and the web in general, but the replies deal
>> w/
>> > older versions of qmail specially pre NetQmail.
>> >
>> > My issue have over 100 emails sitting in the queue due to
>> >
>> > delivery 289: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
>> >
>> > Most of these are known legitimate email addresses, like my @outlook.com
>> > address.
>> >
>> > How can this be resolved, my users are beginning to complain.
>>
>> Have you tested that DNS does work from your mail server?
>>
>> Something like:
>>
>> $ host -t mx outlook.com
>>
>> It should return the MX records (currently mx[1-4].hotmail.com).
>>
>> --
>> Best regards,
>> Ed http://www.s5h.net/
>>
>>

Hi Michael,

here is a patch for dns.c:

—— shnip / shnap ---


--- dns.c.orig 15-06-1998
+++ dns.c 2014-24-10/26/14
--- ../qmail-1.03/dns.c 1998-06-15 12:53:16.000000000 +0200
+++ ../qmail-1.03.2732/dns.c 2011-04-17 12:30:25.000000000 +0200
@@ -1,3 +1,5 @@
+/* Includes Christopher K. Davis oversize DNS packet patch */
+/* Includes Jonathan de Boyne Pollard CNAME query patch */
#include <stdio.h>
#include <netdb.h>
#include <sys/types.h>
@@ -21,10 +23,12 @@
static unsigned short getshort(c) unsigned char *c;
{ unsigned short u; u = c[0]; return (u << 8) + c[1]; }

-static union { HEADER hdr; unsigned char buf[PACKETSZ]; } response;
+static struct { unsigned char *buf; } response;
+static int responsebuflen = 0;
static int responselen;
static unsigned char *responseend;
static unsigned char *responsepos;
+static u_long saveresoptions;

static int numanswers;
static char name[MAXDNAME];
@@ -45,18 +49,33 @@
errno = 0;
if (!stralloc_copy(&glue,domain)) return DNS_MEM;
if (!stralloc_0(&glue)) return DNS_MEM;
- responselen = lookup(glue.s,C_IN,type,response.buf,sizeof(response));
+ if (!responsebuflen)
+ if (response.buf = (unsigned char *)alloc(PACKETSZ+1))
+ responsebuflen = PACKETSZ+1;
+ else return DNS_MEM;
+
+ responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen);
+ if ((responselen >= responsebuflen) ||
+ (responselen > 0 && (((HEADER *)response.buf)->tc)))
+ {
+ if (responsebuflen < 65536)
+ if (alloc_re(&response.buf, responsebuflen, 65536))
+ responsebuflen = 65536;
+ else return DNS_MEM;
+ saveresoptions = _res.options;
+ _res.options |= RES_USEVC;
+ responselen = lookup(glue.s,C_IN,type,response.buf,responsebuflen);
+ _res.options = saveresoptions;
+ }
if (responselen <= 0)
{
if (errno == ECONNREFUSED) return DNS_SOFT;
if (h_errno == TRY_AGAIN) return DNS_SOFT;
return DNS_HARD;
}
- if (responselen >= sizeof(response))
- responselen = sizeof(response);
responseend = response.buf + responselen;
responsepos = response.buf + sizeof(HEADER);
- n = ntohs(response.hdr.qdcount);
+ n = ntohs(((HEADER *)response.buf)->qdcount);
while (n-- > 0)
{
i = dn_expand(response.buf,responseend,responsepos,name,MAXDNAME);
@@ -66,7 +85,7 @@
if (i < QFIXEDSZ) return DNS_SOFT;
responsepos += QFIXEDSZ;
}
- numanswers = ntohs(response.hdr.ancount);
+ numanswers = ntohs(((HEADER *)response.buf)->ancount);
return 0;
}

@@ -196,7 +215,7 @@
if (!sa->len) return loop;
if (sa->s[sa->len - 1] == ']') return loop;
if (sa->s[sa->len - 1] == '.') { --sa->len; continue; }
- switch(resolve(sa,T_ANY))
+ switch(resolve(sa,T_CNAME))
{
case DNS_MEM: return DNS_MEM;
case DNS_SOFT: return DNS_SOFT;

—— shnip / shnap ---

How to apply:

1. Save the above content in a file named dns.c.patch in your Netqmail install directory (where the *.c files are situated).

2. Apply the patch: patch < dns.c.patch

3. Rebuild the modules: make

4. Stop qmail.

5. Install the new modules: make setup check

6. Restart qmail.

qmail-remote will deliver your outstanding mails.

That should be it.



Note: qmail and even Netqmail are no longer supported at that time.

regards.
—eh.



Am 31.08.2015 um 23:11 schrieb michael@hudsonstreet.us:

> Ervin
> What do you mean by reinstall the modules, do you mean reinstall the patched net qmail.
>
> Also I am not very familiar with patching can you provide the command.
>
> Thank you
> Mike D
>
> Sent from my Windows Phone
> From: Erwin Hoffmann
> Sent: ‎8/‎31/‎2015 4:52 PM
> To: Michael DiMartino
> Cc: qmail List
> Subject: Re: CNAME LOOKUP
>
> Hi Michael,
>
>
> you need to patch you version of qmail to avoid ‚all' lookups. There are several solutions available.
>
> Once you patched (net)qmail and reinstalled the modules, qmail-remote will resubmit your mails.
>
> In addition, if you use dnscache you need to raise your udp buffer size.
>
> Look into the archives. Those issues have already a long history.
>
> regards.
> —eh.
>
>
> Am 31.08.2015 um 22:36 schrieb Michael DiMartino <michael@hudsonstreet.us>:
>
>> MY Setup
>> Life With Qmail
>> Centos: 5.6 64 bit
>> Netqmail: 1.06
>>
>>
>> ​I have searched the forums and the web in general, but the replies deal w/ older versions of qmail specially pre NetQmail.
>>
>> My issue have over 100 emails sitting in the queue due to
>>
>> ​delivery 289: deferral: CNAME_lookup_failed_temporarily._(#4.4.3)/
>>
>> Most of these are known legitimate email addresses, like my @outlook.com address.
>>
>> How can this be resolved, my users are beginning to complain.
>>
>>
>> Thanks
>> Mike D
>
> ---
> Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE
>
>

---
Dr. Erwin Hoffmann | FEHCom | http://www.fehcom.de | PGP Key-Id: 7E4034BE