One stop shop for troubleshooting Domino and DNS
Unable to route outbound SMTP mail relating to Domino and DNS.
- Messages back up in the mail.box.
- The router task displays the error message 'Waiting for DNS availability'.
- The server attempts to connect to an internet domain rather than the mail exchanger.
Resolving the problem
It is suggested to work with your network administrator to help resolve these types of issues.
I. Understanding how Domino handles external Internet domains.
II. Troubleshooting using debug parameters.
III. Troubleshooting manually.
IV. Troubleshooting the network.
V. Related technotes.
Understanding how Domino handles external Internet domains.
The Domain Name System (DNS) and SMTP mail routing
The Domain Name System (DNS) is a directory used by SMTP to convert a name, such as acme.com, to a list of servers that can receive connections for that name and to find the IP address of a specific server. By looking up a destination server's address in the DNS, the sending server can properly route a message to a recipient. DNS uses two kinds of records: Mail Exchanger (MX) records and A records. An MX record maps a domain name to the names of one or more mail hosts. An A record maps a host name to the IP address of a server.
You must correctly configure DNS to support your use of SMTP. To determine the IP address of the mail server for the destination domain, Lotus Domino does the following:
1. The server looks up the domain part of each recipient's address in DNS.
2. If DNS finds an MX record, the server tries to connect to the server listed in that MX record. If there is more than one MX record, the server tries to connect to the record that has the lowest cost. If more than one MX record has the lowest cost, the server randomly selects one and tries to connect to the server listed in that MX record.
Note: There may be more than one MX record for a specific domain name. The host name is looked up in DNS to find an A record. An A record contains the IP address for the host.
3. If DNS finds only an A record, Domino routes the message to the IP address in that A record.
4. If DNS does not find a record, Domino cannot deliver the message and sends a nondelivery message to the sender.
An MX record maps a domain name to one or more host names. An A record maps a host name to the IP address of a server. You may want to use a host name in the MX record instead of just an A record for the following reasons:
- Some third-party tools recognize only host names, not IP addresses.
- If you replace or relocate a machine, you can assign the existing host name and IP address to the new or relocated machine. This change is transparent to users, and messages continue to route properly.
You can use DNS to provide failover and load-balancing for your mail servers by creating multiple MX records for a domain name on the DNS server. When you set more than one MX record for a name, you can set preference values to control how DNS selects those records. DNS selects lower value preferences first -- for example, DNS selects 5 before 10. If more than one MX record has the same preference value, DNS randomly selects from among those MX records. If one of those MX records fails -- for example, because a server is unavailable -- DNS caches that failure and tries other MX records of equal weight, followed by less-preferred MX records.
For example, the acme.com domain has four MX records:
- MX record: acme.com IN MX 5 mail1.acme.com
- MX record: acme.com IN MX 5 mail2.acme.com
- MX record: acme.com IN MX 10 mail3.acme.com
- MX record: acme.com IN MX 10 mail4.acme.com
When a server tries to connect to acme.com, the DNS first uses MX records with preferences of 5. If there are two MX records with preferences of 5, DNS randomly selects between the MX record for mail1.acme.com or mail2.acme.com. If the DNS returns the MX record for mail1.acme.com and mail1.acme.com is unavailable, the DNS returns the MX record for mail2.acme.com. If mail2.acme.com is unavailable, both MX records with a cost of 5 have failed. The DNS then selects MX records that have a cost of 10 and uses them the same way it used the MX records that have a cost of 5.
Domino sending SMTP outbound mail to servers performing Reverse DNS
To help filter spam, there are many sites that have enabled Reverse DNS (rDNS). The destination server is performing a look up within DNS for a Pointer Record (PTR record). This process involves matching an IP address to a domain name. When setting up a PTR record for your server, you don't need to make any changes in domino. You will need to contact the people who support your DNS records to have them create a pointer record within DNS.
* When settings up a PTR record make sure you are using the correct Conical Name. This name can be located in your Server document on the Basic tab. The field name is Fully qualified Internet host name: You will see a naming format of 'hostname.domain.com' or 'mail.domain.com'
Troubleshooting using debug parameters
Enable debugging to capture data.
To troubleshoot issues where outbound SMTP messages are failing, and messages appear to be backed up in mail.box, the first thing we will want to do is examine the state of the messages that are in your Mail.box file(s.) If messages are all in a HELD or DEAD state, the router will not process them. You may want to ensure that they are not being held by anti-virus or other 3rd party software.
The next step will be to issue the command "tell router show" at your server console. This will indicate the Router's activity or failure reason(s) for not processing messages.
If individual destinations are generating failures, the next thing we will want to do is enable debug on the server. At your server console, please follow these steps for Debugging the Outbound SMTP Conversation:
> START CONSOLELOG (this should indicate "Console Logging is now enabled.")
> TELL ROUTER SHOW (this will provide feedback in the log as well as on the screen as to the router's current status.)
> SET CONFIG SMTPClientDebug=1
> SET CONFIG DebugRouter=3
> SET CONFIG debug_tcp_resolver=1
> TELL ROUTER QUIT (wait for it to indicate Router has shut down)
> LOAD ROUTER
If any messages were in a retry state, they will be re-attempted when the router restarts, otherwise you can:
Test several messages to problem addresses and let this run for a few minutes to capture the activity.
Then remove the debug parameters (as these can generate extensive output to the log files.)
> SET CONFIG SMTPClientDebug=0
> SET CONFIG DebugRouter=0
> SET CONFIG debug_tcp_resolver=0
> STOP CONSOLELOG
> TELL ROUTER QUIT (wait for it to indicate Router has shut down)
> LOAD ROUTER
At this point, you can examine the contents of Console.log (in the "IBM Technical Support" folder, in the Domino Data directory ) between the SET CONFIG SMTPClientDebug=1 and SET CONFIG SMTPClientDebug=0. There should be indications within the log (by thread id) for the process that was taken by the individual messages.
Search the log for the domain in question or for "Attempting to connect" which will identify the initial attempt.
The thread id is the portion within [square brackets] and has about 9-11 numbers. You can step through the particular thread that is handling the message to see what is going on and the response you are getting back from a particular domain.
Because you are encountering issues routing messages via SMTP from your Domino SMTP server to another SMTP server, it is important to confirm that proper connectivity, essential for e-mail transfer, exists between the servers.
One method of testing connectivity between your Domino server and a destination server is to take Domino out of the picture altogether. This can be accomplished by using Telnet to connect (ideally from the Operating System of your Domino server) to the destination server's Port 25, as follows:
1. Look up the destination domain's Mail Exchanger (MX) record(s) via NSLOOKUP by opening a DOS prompt and typing the following case-sensitive commands:
> set type=mx
Note: For the words domain.com, substitute the name of the destination Internet domain to which your Domino SMTP outbound server is having difficulty connecting and/or transferring messages. If an inner subset caret does not display after typing nslookup, it is possible that the NSLOOKUP application is not installed on your server or that your server does not have access to DNS.
If a valid Internet domain is typed at the NSLOOKUP prompt, then one or more MX records for that domain should display on the screen.
|Example using nslookup:
Default Server: server.example.com
> server 192.0.2.4
Default Server: dns.example.com
> set =mx
example.com MX preference = 10, mail exchanger = mail1.example.com
example.com MX preference = 20, mail exchanger = mail2.example.com
mail1.example.com internet address = 192.0.2.0
mail2.example.com internet address = 192.0.2.1
2. Next, at a DOS prompt use Telnet to connect to Port 25 of one of the MX record's Fully Qualified Hostnames (FQHNs), ideally to the FQHN of an MX record with the lowest Preference value if the values differ. (In this case, all of the Preference values are the same: 5). For example:
C:\> telnet mx1.hotmail.com 25
If the destination server does not display a greeting, then there is an issue with either the implementation of the Telnet command or connectivity between the two servers.
3. If the destination server displays a greeting, a successful connection has taken place. If a successful connection occurs, type SMTP commands to transfer a message to that server, such as:
mail from: firstname.lastname@example.org
rcpt to: email@example.com
This is a test.
Note: Progressing through the above commands is dependent upon an approving response from the destination server to each command.
The following screen shot is of a dialog of commands and responses in a successful SMTP session.
Note: After the "250 Message accepted for delivery" response, type the command quit to terminate the session.
If you are unable to connect to the destination server through Telnet, then Domino will not be able to connect to the destination server to transfer messages. The cause of the problem could be invalid DNS information, an issue at the destination server, or a network connectivity issue between the two servers. Record the failure error and send it to us for our review.
For more details, refer to How to Use NSLOOKUP to Verify DNS (1084986)
Troubleshooting the network
Network problems can be amongst the most difficult to troubleshoot. The network conditions which most often impact performance are an inability to connect, latency, packet loss/reordering, and outright disconnections.
This is a list of technotes with tools you can use with your network teams to troubleshoot your connections.
How to ping by packet size to establish MTU
Domino Server Performance Troubleshooting Cookbook (Refer to the section Titled 'Network')
Setting a network sniffer to monitor the packets on port 53: http://www.wireshark.org/
Review related technotes and information about Domino and DNS:
Error: 'Server is not responding' sending SMTP mail to external domains
DNS: Domino attempts to use an A record sending mail to certain domains
Does the 'DNSServer= ' parameter override the operating system DNS settings?
More support for:
Software version: 6.5, 7.0, 8.0, 8.5, 9.0
Operating system(s): AIX, Linux, Solaris, Windows
Reference #: 1420956
Modified date: 22 February 2010
Translate this page: