Monday, September 17, 2007

Domino SMTP and DNS connectivity

This past weekend was our maintenance window weekend and we ran into an issue with one of our inbound SMTP servers. We didn't have anything specifically planned for this server so it was a surprise when it stopped accepting inbound mail on Sunday morning. We use Postini on the front end of this server and we were seeing connections accepted from Postini but no messages being delivered. We were also seeing the following...

SMTP Server Error: Access to the server is restricted due to maximum number of users.

It was discovered that a firewall change had prevented this server from connecting to the DNS servers so all the SMTP connections were waiting on DNS lookups. Since we use Postini we only allow their servers to relay through by IP address so I wouldn't expect an incoming connection to require a DNS lookup. Evidently Domino SMTP still tries to query DNS during an SMTP connection even if there aren't any hostname/domain name restirctions.

What made this even worse was our redundant SMTP server was also down due to a scheduled building power outage so all inbound Internet traffic was down. Once we resolved the DNS issue the server started delivering mail again.

It also took a while for this issue to appear. The firewall change was made many hours earlier but the server didn't stop accepting messages until the DNS cache timeout expired.

So, if your Domino SMTP server is accepting connections but not messages, check the DNS connectivity.

