me.com: Host not found
So, once again my mailserver rejected a couple of mails that I would have liked to receive.
Aug 5 08:28:40 yurgon postfix/smtpd[10434]: NOQUEUE: reject: RCPT from st11p00im-amstp002.me.com[17.172.80.96]: 550 5.7.1 <st11p00im-asmtp002.me.com>: Helo command rejected: Host not found; from=<someone@icloud.com> to=<someone@example.com> proto=ESMTP helo=<st11p00im-asmtp002.me.com>
Aug 6 08:28:37 yurgon postfix/smtpd[21322]: NOQUEUE: reject: RCPT from st11p00im-amstp002.me.com[17.172.80.96]: 550 5.7.1 <st11p00im-asmtp002.me.com>: Helo command rejected: Host not found; from=<someone@icloud.com> to=<someone@example.com> proto=ESMTP helo=<st11p00im-asmtp002.me.com>
(I realize both deliveries were attempted at almost the exact same time two days in a row. I guess the sender follows a certain schedule; in any case I'm sure these were mails I wanted to receive).
So, my server thinks that the mailserver st11p00im-asmtp002.me.com delivering a mail to me doesn't exist. What gives?
Actually, the first couple of times I saw this message and looked up the aforementioned server, its IP address was returned just fine. Huh. Why the failure then? But right now the problem is easily reproducible on my end:
(yurgon) ~ $ dig st11p00im-asmtp002.me.com
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> st11p00im-asmtp002.me.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3100
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; QUESTION SECTION:
;st11p00im-asmtp002.me.com. IN A
;; AUTHORITY SECTION:
me.com. 857 IN SOA gridmaster-ib.apple.com. hostmaster.apple.com. 2010111799 1800 900 2592000 1800
;; Query time: 0 msec
;; SERVER: 213.133.99.99#53(213.133.99.99)
;; WHEN: Fri Aug 7 02:34:32 2015
;; MSG SIZE rcvd: 110
Okay, in spoken language: the nameserver 213.133.99.99 (provided by my server hoster) says that st11p00im-asmtp002.me.com doesn't currently exist in the Domain Name System. But... my hoster's nameserver isn't authoritative. So let's ask the one that is: me.com, and let's ask it for its nameservers.
(yurgon) ~ $ dig me.com NS
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> me.com NS
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22460
;; flags: qr rd ra; QUERY: 1, ANSWER: 6, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;me.com. IN NS
;; ANSWER SECTION:
me.com. 36437 IN NS nserver3.apple.com.
me.com. 36437 IN NS nserver.apple.com.
me.com. 36437 IN NS nserver4.apple.com.
me.com. 36437 IN NS nserver.asia.apple.com.
me.com. 36437 IN NS nserver2.apple.com.
me.com. 36437 IN NS nserver.euro.apple.com.
;; Query time: 3 msec
;; SERVER: 213.133.99.99#53(213.133.99.99)
;; WHEN: Fri Aug 7 02:37:44 2015
;; MSG SIZE rcvd: 175
Okay, so me.com provides no less than 6 nameservers that should be able to answer my request. Let's ask them:
(yurgon) ~ $ dig st11p00im-asmtp002.me.com @nserver3.apple.com.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> st11p00im-asmtp002.me.com @nserver3.apple.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 65130
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;st11p00im-asmtp002.me.com. IN A
;; AUTHORITY SECTION:
me.com. 1800 IN SOA gridmaster-ib.apple.com. hostmaster.apple.com. 2010111799 1800 900 2592000 1800
;; Query time: 165 msec
;; SERVER: 17.112.144.50#53(17.112.144.50)
;; WHEN: Fri Aug 7 02:42:38 2015
;; MSG SIZE rcvd: 110
(yurgon) ~ $ dig st11p00im-asmtp002.me.com @nserver.apple.com.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> st11p00im-asmtp002.me.com @nserver.apple.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 3719
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;st11p00im-asmtp002.me.com. IN A
;; AUTHORITY SECTION:
me.com. 1800 IN SOA gridmaster-ib.apple.com. hostmaster.apple.com. 2010111799 1800 900 2592000 1800
;; Query time: 157 msec
;; SERVER: 17.254.0.50#53(17.254.0.50)
;; WHEN: Fri Aug 7 02:43:03 2015
;; MSG SIZE rcvd: 110
(yurgon) ~ $ dig st11p00im-asmtp002.me.com @nserver4.apple.com.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> st11p00im-asmtp002.me.com @nserver4.apple.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 26876
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;st11p00im-asmtp002.me.com. IN A
;; AUTHORITY SECTION:
me.com. 1800 IN SOA gridmaster-ib.apple.com. hostmaster.apple.com. 2010111799 1800 900 2592000 1800
;; Query time: 160 msec
;; SERVER: 17.112.144.59#53(17.112.144.59)
;; WHEN: Fri Aug 7 02:43:23 2015
;; MSG SIZE rcvd: 110
(yurgon) ~ $ dig st11p00im-asmtp002.me.com @nserver.asia.apple.com.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> st11p00im-asmtp002.me.com @nserver.asia.apple.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 28155
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;st11p00im-asmtp002.me.com. IN A
;; AUTHORITY SECTION:
me.com. 1800 IN SOA gridmaster-ib.apple.com. hostmaster.apple.com. 2010111799 1800 900 2592000 1800
;; Query time: 184 msec
;; SERVER: 17.82.254.3#53(17.82.254.3)
;; WHEN: Fri Aug 7 02:44:24 2015
;; MSG SIZE rcvd: 110
(yurgon) ~ $ dig st11p00im-asmtp002.me.com @nserver2.apple.com.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> st11p00im-asmtp002.me.com @nserver2.apple.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 35957
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;st11p00im-asmtp002.me.com. IN A
;; AUTHORITY SECTION:
me.com. 1800 IN SOA gridmaster-ib.apple.com. hostmaster.apple.com. 2010111799 1800 900 2592000 1800
;; Query time: 156 msec
;; SERVER: 17.254.0.59#53(17.254.0.59)
;; WHEN: Fri Aug 7 02:44:49 2015
;; MSG SIZE rcvd: 110
(yurgon) ~ $ dig st11p00im-asmtp002.me.com @nserver.euro.apple.com.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> st11p00im-asmtp002.me.com @nserver.euro.apple.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 25321
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;st11p00im-asmtp002.me.com. IN A
;; AUTHORITY SECTION:
me.com. 1800 IN SOA gridmaster-ib.apple.com. hostmaster.apple.com. 2010111799 1800 900 2592000 1800
;; Query time: 36 msec
;; SERVER: 17.72.133.64#53(17.72.133.64)
;; WHEN: Fri Aug 7 02:45:08 2015
;; MSG SIZE rcvd: 110
Sorry for the excruciating verbosity. Did I do anything wrong? Any methodical errors in my lookups? Because to me it looks like 6 out of 6 of Apple's authoritative nameservers told me that their mail server's DNS-name is not known.
If you received a letter from an address you knew for sure doesn't exist, I wouldn't blame you if you didn't accept it -- especially if you received thousands of unsolicited letters per week. And that's exactly what my mail server does.
So, Apple, how about you fix your outgoing mail server's helo name or its DNS?
(Note: As I said above, the DNS lookups have worked okay several times when I tried them; it wasn't until the writing of this article that the lookups actually failed, so the problem appears to be intermittent.)
Update, 2015-08-08 02:23:
After another failed delivery from the same server for the same reason, I did another lookup and this time it worked, just 15 minutes after the failed delivery:
(yurgon) ~ $ dig st11p00im-amstp002.me.com @nserver2.apple.com.
; <<>> DiG 9.8.4-rpz2+rl005.12-P1 <<>> st11p00im-amstp002.me.com @nserver2.apple.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 52824
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;st11p00im-amstp002.me.com. IN A
;; ANSWER SECTION:
st11p00im-amstp002.me.com. 86400 IN A 17.172.80.96
;; Query time: 161 msec
;; SERVER: 17.254.0.59#53(17.254.0.59)
;; WHEN: Sat Aug 8 02:20:55 2015
;; MSG SIZE rcvd: 59
That looks like a rather weird DNS problem.