DEBRIS.COMgood for a laugh, or possibly an aneurysm

Friday, February 27th, 2004

it is to laugh

A friend recently reported that he was unable to send me email. He received bounce messages that were not helpful at all — the message was generic, like “your message could not be delivered.” Apparently that’s a technical term from Microsoft; the meaning is “Exchange Server blows big chunks,” or possibly “Due to our contempt for users, who we think are too dumb to be exposed to anything so scary as an SMTP error message, we’ll hide the cause for this failure and instead give you a bland and useless note that discourages you from finding out what’s really happening, much less fixing it.”

After several hours of research, I discovered the problem: my server was configured to refuse inbound mail from remote servers that have broken reverse DNS.

“Broken reverse DNS” means that a computer’s address has no corresponding name in DNS, the Domain Name Service. I know of no reason why any public mail server would be configured this way, except through ignorance.

So, basically, the reason my friend couldn’t send me email is that his employer’s IT department screwed up their DNS configuration.

I called the company’s help desk to report the bug. This caused no small amount of consternation, for I’m not an employee. They have no procedures in place for handling bug reports from non-employees. But to their credit, they took the report… and then sat on it for two weeks. I called back weekly — long distance! — to check status. “We’re still working on it” is all they’d say.

Finally I got a call back. The tech told me they would be unable to fix their broken DNS because their security software prevents it. This sounded to me like a brush-off. Certainly it’s possible that some sort of Windows security software would prevent established Internet standards from functioning… that’s no less plausible than Exchange Server’s crappy bounce handling.

I asked the technician if he realized that that meant nobody at his company would be able to send mail to AOL. He was understandably mystified, until I explained that AOL’s inbound mail servers, like my own, block mail from remote servers that have broken reverse DNS.

We set up a test. Lo and behold, his test message never arrived at my AOL account. This had the desired effect; my original bug report was amended and kicked up to a higher-level tech. It seems that not being able to send mail to me is not a concern. But not being able to send mail to 35 million AOL users is a problem worth fixing.

Three days later, they’d fixed their DNS and asked me to help them verify it. I was so pleased, I laughed out loud. “Our security software prevents it,” indeed.


Tags:
posted to channel: Personal
updated: 2004-02-27 23:16:26

follow recordinghacks
at http://twitter.com


Search this site



Carbon neutral for 2007.