{"id":1282,"date":"2011-09-29T06:57:11","date_gmt":"2011-09-29T06:57:11","guid":{"rendered":"http:\/\/gigihfordanama.wordpress.com\/?p=1282"},"modified":"2012-08-08T00:08:06","modified_gmt":"2012-08-08T00:08:06","slug":"cname-and-mx-record-will-effect-email-problem","status":"publish","type":"post","link":"https:\/\/dosen.unila.ac.id\/gigih\/2011\/09\/29\/cname-and-mx-record-will-effect-email-problem\/","title":{"rendered":"CNAME and MX record will effect email Problem"},"content":{"rendered":"

Benar sekali saudara saudara ada pepatah yang menyatakan bahwa Pengalaman adalah Guru yang paling berharga, baru-baru ini ada kejadian aneh terkait dengan transaksi pengiriman email dari domain unila ke ke domain salah satu kampus di eropa tepat nya kampus cvut dengan domain cvut.cz\u00a0 Problem yang terjadi adalah pada saat rekan di rektorat berkirim email ke salah satu dosen yang sedang studi disana, ternyata email dikirimkan tidak sampai ke tujuan alias bounching, entah sejak kapan kejadian tersebut pastinya selaku tim pengelola tidak ingin kejadian terus berulang.<\/p>\n

Proses troubleshoot pun dilakukan dimulai dengan melakukan traceroute dari arah benua eropa menuju ke domain unila dengan hasil baik-baik saja, kemudian lanjut dengan ujicoba pengecekan entry record resolv domain baik dari sisi penamaan maupun record PTR dan lagi lagi tidak ada masalah\u00a0 semua MX record domain unila terbaca dengan baik diberbagai DNS server test lintas benua. Tambah penasaran kan, iseng-iseng saja coba\u00a0 mengirimkan email ke rekan dosen di Bradford Inggris, cc ke Yahoo dan Gmail, pun tidak ada masalah , sukses diterima oleh mail server tujuan.<\/p>\n

Finally saya coba query SMTP manual menuju ke MX domain feld.cvut.cz untuk melihat respons\u00a0 dari mail server mereka, dengan hasil adalah sebagai berikut;<\/p>\n

ns1# telnet max.feld.cvut.cz 25\nTrying 147.32.192.36...\nConnected to max.feld.cvut.cz.\nEscape character is '^]'.\n220 max.feld.cvut.cz ESMTP service ready\nehlo unila.ac.id\n250-max.feld.cvut.cz\n250-PIPELINING\n250-SIZE 30000000\n250-ETRN\n250-ENHANCEDSTATUSCODES\n250-8BITMIME\n250 DSN\nmail from:gigih@unila.ac.id\n250 2.1.0 Ok\nrcpt to:ulvanmel@fel.cvut.cz\n450 4.1.8 <gigih@unila.ac.id>: Sender address rejected: Domain not found\n421 4.4.2 max.feld.cvut.cz Erro<\/pre>\n
Tanpa disangka ternyata domain unila.ac.id tidak dikenali oleh mail server max.feld.cvut.cz\u00a0 ditandai dengan adanya error log 450 4.1.8 ,\u00a0 penelusuran tetap terus dilanjutkan dengan mencoba memanfaatkan online MX tool dari internet salah satu dengan layanan terpopuler adalah http:\/\/www.mxtoolbox.com\/SuperTool.aspx?action=smtp%3amail.unila.ac.id<\/a>, dengan aplikasi ini bisa mendeteksi apakah ada problem dengan MX server di tiap-tiap domain dengan melakukan cross check ke beberapa RBL server dunia, hasilnya pun baik-baik saja blok ip unila terbebas dari database RBL (Salah satunya mungkin juga karena kita sudah menggunakan Barracuda sebagai anti spam Filter), OK THAT’S IT<\/strong> pusing kepala harus bagaimana lagi, sempat kepikiran untuk menanyakan ke administrator Email kampus tersebut apa sih problem-nya sehingga kok cuma mereka saja yang mereject email dari unila padahal dengan server mail lain baik-baik saja, saya coba mengurungkan niat untuk bertanya dan melanjutkan mencari tahu apa yang sebenarnya terjadi.<\/p>\n
Googling pun dilakukan , 5\u00a0 Tab dibuka di Firefox tidak ada informasi berarti, tambah lagi 20 tab, hingga 50 tab kali yah. akhirnya ada secercah harapan dan menemukan link berikut<\/p>\n
http:\/\/email-museum.com\/2008\/09\/08\/why-you-shouldnt-mix-cname-and-mx<\/a><\/p>\n
<\/p>\n
You may recall our recent cautionary tale about DNS configuration. Adding a CNAME record to a domain can cause some mail servers to ignore the MX records. Instead, they simply follow the CNAME pointer and try to deliver the email there. In our example, they tried to deliver email to the Web server! , RFC 2821 defines how email should be delivered. Its specifications for what should happen only hint at this behavior. Sections 2.3.5, 3.6, and 5 really could be more clear on this:\u00a0 A domain (or domain name) consists of one or more dot-separated components. These components (\u201clabels\u201d in\u00a0 DNS terminology [22]) are restricted for SMTP purposes to consist of a sequence of letters, digits, and hyphens drawn from the ASCII character set<\/p>\n
[1]. Domain names are used as names of hosts and of other entities in the domain name hierarchy. For example, a domain may refer to an alias (label of a CNAME RR) or the label of Mail eXchanger records to be used to deliver mail instead of representing a host name.
\n\u2026
\nOnly resolvable, fully qualified domain names (FQDNs) are permitted when domain names are used in SMTP. In other words, names that can be resolved to MX RRs or A RRs (as discussed in section 5) are permitted, as are CNAME RRs whose targets can be resolved, in turn, to MX or A RRs.
\n\u2026
\nOnce an SMTP client lexically identifies a domain to which mail will be delivered for processing (as described in sections 3.6 and 3.7), a DNS lookup MUST be performed to resolve the domain name [22]. The names are expected to be fully qualified domain names (FQDNs): mechanisms for inferring FQDNs from partial names or local aliases are outside of this specification and, due to a history of problems, are generally discouraged. The lookup first attempts to locate an MX record associated with the name. If a CNAME record is found instead, the resulting name is processed as if it were the initial name. The standard assumes you\u2019re already familiar with RFC 1034, which defines how DNS records work. In section 3.6.2, it recommends not mixing\u00a0 CNAME records with any other type of record: If a CNAME RR is present at a node, no other data should be present Even that is a little ambiguous \u2014 in the jargon of the IETF, \u201cshould\u201d usually denotes a recommendation, as opposed to \u201cmust,\u201d which denotes a mandate. Perhaps this would have been better reworded, \u201cIf a CNAME RR is present at a node, other data must not be present.\u201d<\/p>\n
Here\u2019s what he probably should have done:<\/p>\n
example.com.\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a01.2.3.4<\/strong><\/em>
\nwww.example.com.\u00a0\u00a0 \u00a0CNAME\u00a0\u00a0 \u00a0example.com<\/strong><\/em>
\nmail.example.com.\u00a0\u00a0 \u00a0A\u00a0\u00a0 \u00a01.2.3.5<\/strong><\/em>
\nexample.com.\u00a0\u00a0 \u00a0MX\u00a0\u00a0 \u00a0mail.example.com.<\/strong><\/em><\/p>\n
In other words, define an IP address for example.com and create an alias for it, called www. This can be counterintuitive for those of us who like to\u00a0 separate different server roles by machine name. Arguably, this may expose the Web server to additional load generated by spammers, because we\u2019re now effectively advertising that the Web server is also a mail exchanger. However, in practice this isn\u2019t a problem, for two reasons:\u00a0 Spammers often try to connect using A records, even in the presence of MX records \u2014 so that load would already have been there. Our anonymous friend isn\u2019t completely stupid \u2014 he\u2019s already firewalled off the unused ports of all his externally facing servers.\n===============================================\n\nOK setelah dicross check memang pada saat pergantian mail system ke server baru, ada perubahan record domain dengan entry record sebagai berikut;\n\nzimbra\u00a0\u00a0\u00a0 IN\u00a0\u00a0 \u00a0A\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 103.3.46.21<\/strong>\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0 \u00a0MX 10\u00a0 barracuda.unila.ac.id.<\/strong>\n\nmail\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0IN\u00a0\u00a0 \u00a0CNAME zimbra\u00a0\u00a0 \u00a0<\/strong>\n\u00a0\u00a0 \u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 IN\u00a0\u00a0 \u00a0MX 10\u00a0 barracuda.unila.ac.id.<\/strong>\n\nNah tuh ketauan deh problemnya, ternyata dibeberapa mail server menerapkan metode Strong FQDN domain untuk menangkal email SPAM, jadi harus mapping reverse termasuk PTR,\u00a0 harus memiliki address tidak cukup hanya dengan mendefinisikan record CNAME saja, GOT IT ketahuan deh masalah nya, buang record CNAME diganti langsung dengan IN A\u00a0 ,\u00a0 dicoba lagi kirim ke mail server max.feld.cvut.cz , akhirnya berhasil.\n\nSMTP -> FROM SERVER:\n220 max.feld.cvut.cz ESMTP service ready\nSMTP -> FROM SERVER:\n250-max.feld.cvut.cz\n250-PIPELINING\n250-SIZE 30000000\n250-ETR\n250-ENHANCEDSTATUSCODES\n250-8BITMIME\n250 DSN\nMAIL FROM: gigih@unila.ac.id\nSMTP -> FROM SERVER:\n250 2.1.0 Ok\nRCPT TO: ulvanmel@feld.cvut.cz\nSMTP -> FROM SERVER:\n250 2.1.5 Ok\nSending Mail Message Body...\nSMTP -> FROM SERVER:\n354 End data with .\nSMTP -> FROM SERVER:\n250 2.0.0 Ok: queued as E7AB619F32FB\nMessage completed successfully.<\/pre>\n
Jreng Jreng.. beres deh masalahnya, Sekali lagi jangan pernah melakukan entry zone domain dengan kombinasi CNAME dan MX saja,<\/p>\n","protected":false},"excerpt":{"rendered":"
Benar sekali saudara saudara ada pepatah yang menyatakan bahwa Pengalaman adalah Guru yang paling berharga, baru-baru ini ada kejadian aneh terkait dengan transaksi pengiriman email dari domain unila ke ke domain salah satu kampus di eropa tepat nya kampus cvut dengan domain cvut.cz\u00a0 Problem yang terjadi adalah pada saat rekan di rektorat berkirim email ke … Continue reading “CNAME and MX record  will effect email Problem”<\/span><\/a><\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1348,9],"tags":[230],"class_list":["post-1282","post","type-post","status-publish","format-standard","hentry","category-kiat-sukses-menjadi-seorang-network-engineer-2","category-world-of-ict","tag-cname-and-mx-record-will-effect-email-problem"],"_links":{"self":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/1282"}],"collection":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/comments?post=1282"}],"version-history":[{"count":0,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/posts\/1282\/revisions"}],"wp:attachment":[{"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/media?parent=1282"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/categories?post=1282"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dosen.unila.ac.id\/gigih\/wp-json\/wp\/v2\/tags?post=1282"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}