Mail rejected for policy reasons because domain not found in DNS

At one of our client sites, we experienced a strange behaviour where incoming emails were being rejected for policy reasons and outgoing emails were not being delivered.

04/15/2009 01:34:40 PM  Router: Failed to connect to SMTP host HOST.SOMEDOMAIN.COM because The server is not responding. The server may be down or you may be experiencing network problems. Contact your system administrator if this problem persists.

Or something like this : Mail from user@somedomain.com rejected for policy reasons. Domain not found in DNS.

The quick solution was to have “tell router update config” command run every 30 minutes (less is better) so that domino can flush its DNS record that have been cached. Strange behaviour as we have to do it often.

Here is the screen shot

tellrouterupdateconfig1

tellrouterupdateconfig2

**Update 4/20/2009**

We requested a PMR from IBM and it may turn out that there could be a problem in the Domino code itself. The support engineer has escalated this issue for a possible hotfix. We experienced this issue using Domino 8.0.2 FP1 plus another server that runs on Linux with Domino 8.5 has also had a similar problem, but mails for some reason get delivered after a couple of seconds on the 8.5 server.

IBM has provided us with a hotfix to solve the problem where Domino server caches an A record until 2043 when an MX record is not found during DNS query or when there is an error. In case you are interested, the hotfix number is 287 (02FP1HF287) but I believe you have to get it by calling in to IBM support. Here is a quote from the support engineer :

It sets a default TTL for DNS that router uses in its cache to 30 minutes when an error occurs or when a non-MX record is returned.

This default is adjustable by the INI RouterDNSErrorTTL. The INI expects seconds so a value of 3600 would be 1 hour. I would not recommend adjusting the TTL unless needed so do not use the INI unless there is a reason.

To get more detail on your log and to see whether it caches certain A record until year 2043, increase the debug output level by entering the following into the Domino console:

start consolelog
set config debug_threadid=1 (0 to disable)
set config debugrouter=3 (0 to disable)
set config log_mailrouting=40 (20 to disable)
set config smtpclientdebug=3 (0 to disable)
restart task router

Tagged with: , , , , ,
5 comments on “Mail rejected for policy reasons because domain not found in DNS
  1. ugg outlet says:

    We requested a PMR from IBM and it may turn out that there could be a problem in the Domino code itself. The support engineer has escalated this issue for a possible hotfix. We experienced this issue using Domino 8.0.2 FP1 plus another server that runs on Linux with Domino 8.5 has also had a similar problem, but mails for some reason get delivered after a couple of seconds on the 8.5 server.

  2. Ildephonse I says:

    This case of message rejected for policy reason is happening to one users and I checked the Domain entree is in DNS.
    What should be cause? Any one having idea.

    Ilde

  3. Levin Purba says:

    How about the MX record, does it point to the correct server?

    It would also be useful if you increase the log treshold (set config) as shown in my blog post. The log will tell you more in depth what the specific policy is rejecting it. Until then, it is hard to find out the cause of the email rejection.

  4. ktatsuki says:

    FYI, below is the additional debug parameters for smtp.

    set config SMTPDebug=x (where x is 0, 1, 2, 3 or 4)
    set config SMTPDebugIO=x (where x is 0, 1, 2 or 3)
    set config SMTPSaveImportErrors=x (where x is 0, 1, 2 or 3)

    Below is also helpful for debugging Notes Mail routing.

    Tell router c > In place compaction of the mail.boxes.
    Tell router d > Shows message detail (sizes, times, and hop).
    Tell router e > Exits the router (same as q).
    Tell router l > Lists the messages in queue and the routing state.
    Tell router m > Shows memory usage by the router.
    Tell router o > Lists the out of office details.
    Tell router p > Pauses the router.
    Tell router q > Quits the router (same as e).
    Tell router r > Resumes the router from a pause state.
    Tell router s > Shows the router queue state (delivery , transfer, dispatch and sweep threads).
    Tell router update config > Updates the routing tables.

  5. Levin Purba says:

    Good info ktatsuki.

    Looks like SMTPClientDebug=x is to troubleshoot outgoing SMTP whereas SMTPDebug=x is to troubleshoot incoming SMTP dialogue.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

  +  sixty nine  =  seventy