I’m trying to email my pal Laura. I get bounce messages all the time when using MiaB. But not when sending from my gmail account. Starting to troubleshoot, I noticed something weird (to me):
cliff@box:~$ dig laura-baxter.com MX ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> laura-baxter.com MX ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 58335 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ; COOKIE: bb8b7776cc6533fb08c50ff6611743d6916cde80e385dc33 (good) ;; QUESTION SECTION: ;laura-baxter.com. IN MX ;; Query time: 0 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Sat Aug 14 06:17:26 CEST 2021 ;; MSG SIZE rcvd: 73
The status is SERVFAIL with no MX record returned. Or, frequently, something more active, like REJECTED or REFUSED or similar.
But when I use a different DNS server for my
dig, I get what seems like a normal status and the MX record
cliff@box:~$ dig @126.96.36.199 laura-baxter.com MX ; <<>> DiG 9.11.3-1ubuntu1.15-Ubuntu <<>> @188.8.131.52 laura-baxter.com MX ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32333 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 1232 ;; QUESTION SECTION: ;laura-baxter.com. IN MX ;; ANSWER SECTION: laura-baxter.com. 28800 IN MX 50 mail.ispmail.de. ;; Query time: 313 msec ;; SERVER: 184.108.40.206#53(220.127.116.11) ;; WHEN: Sat Aug 14 06:22:19 CEST 2021 ;; MSG SIZE rcvd: 76
(Same as when using
18.104.22.168 for that matter.)
Does this mean that the company behind laura-baxter.com is actively preventing my Mail-in-a-Box instance from resolving her domain name into MX records?
Or is something broken about MiaB’s ability to resolve the domain?
- Mails to her (but not the other usual suspects like outlook.com, etc.) have been bouncing since roughly the end of June.
- All my system status stuff has the nice green checkmark (I even the DNSSEC DS records on the domains my box is serving this week)
- This is on Digital Ocean with domain registration at NearlyFreeSpeech.NET and Gandi (not sure if that matters)
- Laura is perplexed by this and wants to find the root cause (she doesn’t want to miss email from me or her potential customers)
Thanks for any suggestions!