Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 23 Apr 2015 23:55:30 +0200
From: Harald Becker <>
Subject: Re: Still not possible to send mail to domain

Hi Rich,

extending my search on qhe net I found the following:

All of the senders experiencing the bounced messages mentioning cname 
lookup failure appear to be running the qmail mail server software.

Qmail, if not using a third party patch that was written in the late 
90’s, has an issue sending to domains whose name servers respond to DNS 
queries of type “ANY” with more than 512 bytes of data; that is a bug in 
qmail and the author has never fixed it because he wants you to use his 
DNS server software which also eliminates the issue in a different way.

Google’s name servers do respond to queries of type “ANY” with more than 
512 bytes of data, so when an unpatched qmail server tries to send an 
email to a domain whose lowest cost MX record ends in, qmail 
is going to do a DNS query of type ANY against one of’s 
authoritative name servers, get back more than it can correctly handle 
and defer repeatedly until ultimately bouncing the message with that 
cname lookup failure…


Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.