MiB using wrong IP for self?

I’m running a small MiB install on a DigitalOcean droplet, MiB v0.43 and a fully patched OS. The administrative interface shows not configuration errors, and the server has been operational for about 7 months. For the most part, mail is flowing properly.

One of my users, in an attempt to diagnose another problem (server IP was blacklisted by another host), sent a message from her MiB account to her own MiB account, using a properly configured mail client (not the web interface).

The message failed to deliver (I’ve obscured the sender and domain, but they are correct):

account@mydomain.com: connect to mydomain.com[199.191.50.103]:25: Connection timed out

As I read this, the MiB server itself tried to use 199.191.50.103 (based on the MX record for the domain, I assume), but that is not a correct IP, nor is it known to me. As usual with MiB, it is serving as the domain’s DNS server. Admin interface reports:

Nameserver glue records are correct at registrar. [ns1/ns2.mydomain ↦ myIP]
Domain resolves to box’s IP address. [box.mydomain ↦ myIP]
Reverse DNS is set correctly at ISP. [myIP ↦ box.mydomain]
The DANE TLSA record for incoming mail is correct (_25._tcp.box.mydomain).

If I ssh to my server and ask it to resolve box.mydomain or mydomain, the IP address is correct. If I ask it to tell me the MX for the domain, the response is correct:

Name Server: NS1.BOX.MYDOMAIN
Name Server: NS2.BOX.MYDOMAIN

My question: in a case like this – self-send to one’s own account using one’s own account – where in the process would an incorrect IP resolution occur, and where should I begin troubleshooting?

It looks like everything is set up correctly as far as the MIAB server is concerned.

If you go to a server that is NOT the MIAB box and do a dig or nslookup on mydomain.com, does it match up with what you see on MIAB?

The fact that the email is getting bounced back with a connection timeout makes me wonder, when the user does a lookup for mydomain.com from the sending machine, what do they see? It sounds like the sending device may have something wonky going on.

Thanks for your reply. I haven’t found any device so far that mis-resolves the DNS, but the sending device does have me wondering. I’ll try to reach the user and ask her to run some tests from there, since she’s remote from me.

If you’d be willing to share the MiaB hostname, I can test something. It is really not possible to diagnose without the hostname. You may PM me with it. I see three possibilities here that I’d like to test.

You’ve noted a possibly incorrect IP that the client is connecting to - I see an incorrect port. MiaB does not accept connections on port 25 for outgoing mail. The SMTP port is 587.

I didn’t even notice the 25. The host is: box.zingmail.org (68.183.125.237).

I am a bit lost on this as the MX record for the domain should be the MiaB, no? When you say “based on the MX record for the domain”, it tells me that the MX record is something other than box.yourdomain.tld.

Just me writing more than I had to. Yes, MiB is its own DNS, and authoritative for that domain, and the MX record is stored on and hosted by that server.

And the client having the difficulty is using an email address for the same domain as the MiaB as well?

The client has the wrong settings in her mail client. The IP address in the error message corresponds to domain.com rather than domain.org as this domain is.

Can’t confirm quite yet, but I think alento nailed it. Genius – thank you!

1 Like