Keith,<div><br></div><div>In my email below, II failed to notice the Subject: </div><div><br></div><div><b>CNAME lookup failed temporarily. (#4.4.3) bounced emails</b></div><div><b><br></b></div><div><b>You can (on your server from the command line) try:</b></div>
<div><b><br></b></div><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">nslookup -type=mx <a href="http://comcast.com">comcast.com</a></span></div><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)"><br>
</span></div><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">Which will validate that you CAN do a cname lookup.</span></div><div><br></div><div>This error you are seeing, BTW means:</div>
<div><br></div><div><i>The CNAME lookup failed temporarily. (#4.4.3) bounced emails</i></div><div><br></div><div>Other things to check:</div><div><br></div><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">Make sure that /etc/resolv.conf is readable to 'others':</span><br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">
<span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)"># ls -l /etc/resolv.conf</span><br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">
<span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">-rw-r--r-- 1 root root 0 2009-09-19 05:56 /etc/resolv.</span><br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">
<br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)"><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">Also check that nameservers set in /etc/resolv.conf can get MXes of <a href="http://comcast.com">comcast.com</a> and can resolve A records for those MXes.</span></div>
<div><br></div><div># nslookup </div><div>>server=$sameserverasyour resolv.conf</div><div>>set type MX</div><div>><a href="http://comcast.com">comcast.com</a></div><div>> quit or Control C</div><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)"><br>
</span></div><div><span style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)">The error can also be caused by the fact that <a href="http://comcast.com">comcast.com</a> has too many MX records defined and response from DNS server exceeds limit of 512 bytes. If this is the case then you can use one of qmail patches: </span><a href="http://lifewithqmail.org/lwq.html#dns-patches" target="_blank" style="margin:0px;padding:0px;border:0px;outline:0px;font-size:11px;color:rgb(0,33,231);font-family:Verdana,Arial,Helvetica,sans-serif;background-color:rgb(255,255,255)">http://lifewithqmail.org/lwq.html#dns-patches</a><br>
<br style="font-family:Verdana,Arial,Helvetica,sans-serif;font-size:11px;background-color:rgb(255,255,255)"><div>This error can also be indicative of an error with qmail when:</div><div><br></div><div>You are not using dnscache </div>
<div>You are using qmail without the BIG-DNS patch.</div></div><div><br></div><div><b>TRY using smtproutes</b>:</div><div><br></div><div>An immediate workaround for qmail (if you cannot recompile it):</div><div><br></div>
<div><pre style="color:rgb(34,34,34);line-height:19px;text-align:justify">Use /var/qmail/control/smtproutes
Define one per line, a domain, and a server IP for deliveries to the failing domain:
sympatico.ca:209.226.175.87
This link has some more detailed information:
<a rel="nofollow" href="http://wiki.qmailtoaster.com/index.php/Smtproutes" target="_top" style="color:rgb(0,51,102);font-weight:bold;text-decoration:initial;font-size:x-small">http://wiki.qmailtoaster.com/index.php/Smtproutes</a></pre>
</div><div><br></div><div>NOTE: That if your problem domain changes their MX, your entry will also need to be updated.</div><div><br><br><div class="gmail_quote">On Wed, Nov 21, 2012 at 5:56 PM, Lisa Kachold <span dir="ltr"><<a href="mailto:lisakachold@obnosis.com" target="_blank">lisakachold@obnosis.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Keith,<br><br><div class="gmail_quote"><div class="im">On Wed, Nov 21, 2012 at 4:50 PM, keith smith <span dir="ltr"><<a href="mailto:klsmith2020@yahoo.com" target="_blank">klsmith2020@yahoo.com</a>></span> wrote:<br>
</div><div class="im"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td valign="top" style="font:inherit"><br>
<p style="margin-bottom:0in">Hi,</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">One of the Vhost on a server I run is a
shopping cart. We have been experiencing bounced emails when sending to Comcast. We do not have this problem with any other ISP</p></td></tr></tbody></table></blockquote><div><br></div></div><div>Does the IP address of this server match the sending domain?</div>
<div>Do you have both a forward and reverse DNS record for that IP?</div><div>Does the domain have a MX record?</div><div><br></div><div>Since you are sending from a php scripted header, many of these automatic checks of mail to identify SPAM might not be automatically passed.</div>
<div><br></div><div>One of the big ones that gets a server flagged is the dynamic nature of the mail server. I.E. it's reverse IP resolves as swipped to the hoster or the bandwidth provider as "dynamic". </div>
<div><br></div><div>You are correct that a TXT DNS SPF (sender policy frameword) record might help here (as discussed in other email).</div><div><br></div><div>Asking whoever provided your IP to also enter a reverse DNS entry alias that matches your server domain might assist. </div>
<div><br></div><div>You can check your IPaddress "send score" here: <a href="https://www.senderscore.org/" target="_blank">https://www.senderscore.org/</a></div><div><br></div><div>Of course as was already mentioned, be certain that you have not already been flagged for spam and your server is secure.</div>
<div><br></div><div>Most of the big mail systems (including commercial types) use the same rules as spamassassin!</div><div><br></div><div>The content of your email could contain some of the watchwords that push it over the edge to "reject":</div>
<div><br></div><div><a href="http://www.contactology.com/check_mqs.php" target="_blank">http://www.contactology.com/check_mqs.php</a></div><div><br></div><div>The full email header and content from their server will assist you to see why it's being refused; send a command line sendmail debug to see why the server is denying it:</div>
<div><br></div><div>/sbin/sendmail -d <a href="mailto:testemail@comcast.com" target="_blank">testemail@comcast.com</a></div><div>sometext </div><div>.</div><div>.</div><div><wait for output></div><div><br></div><div>
or pipe it to output:</div>
<div><br></div><div><div>/sbin/sendmail -d <a href="mailto:testemail@comcast.com" target="_blank">testemail@comcast.com</a> >/tmp/testemail</div><div>sometext </div><div>.</div><div>.</div><div>more /tmp/testemail</div>
</div><div><br>
</div><div>You can test your mail's deliverability in various test tools:</div><div><a href="http://www.emailreach.com/" target="_blank">http://www.emailreach.com/</a></div><div><br></div><div><br></div><div><br></div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im">
<table cellspacing="0" cellpadding="0" border="0"><tbody><tr><td valign="top" style="font:inherit">
<p style="margin-bottom:0in">These emails are sent directly from the
box, such as the order confirmation email.</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">The problem started when we upgraded
from CentOS 5.x to CentOS 6.x. I wonder if anyone else has
experience this problem.</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">The failure message: <br><br>> Hi.
This is the qmail-send program at [boxes fully qualified domain
name]. <br>> I'm afraid I wasn't able to deliver your message to
the following <br>addresses. <br>> This is a permanent error; I've
given up. Sorry it didn't work out. <br>> <br>> <a href="mailto:MEUSTACE2@COMCAST.NET" target="_blank">[</a>customers
email address]: <br>> CNAME lookup failed temporarily. (#4.4.3)
I'm not going to try again; <br>> this message has been in the
queue too long. <br><br>Only happens when emails are sent to Comcast
directly from the server - order confirmation and shipping
confirmation. <br><br>I've search for a solution and read this can be
corrected by setting the DISABLE_CNAME_LOOKUP in qmail-remote. Something about a buffer being too small??<br></p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">Is this true or could it be another
issue?
</p>
<p style="margin-bottom:0in"><br>
</p>
<p style="margin-bottom:0in">Thank you for your feedback!</p>
<p style="margin-bottom:0in"><br>Keith
</p>
<br><br><br>------------------------<br>
Keith Smith</td></tr></tbody></table><br></div><div class="im"><br></div></blockquote></div><span class="HOEnZb"><font color="#888888">-- <br></font></span></blockquote></div><div><br></div>-- <br><div><img src="http://www.it-clowns.com/motivatebytruth/chat.gif"><br>
</div><div><br></div>(503) 754-4452 Android<br>(623) 239-3392 Skype<br>(623) 688-3392 Google Voice<br>**<br><a href="http://it-clowns.com" target="_blank">it-clowns.com</a> <br>Chief Clown<br><br><br><br><br><br><br><br><br>
<br><br><br><br><br><br>
</div>