It's been more than a month since I blogged about controlling all the e-mail in the world. Looking after our corporate e-mail solution is just one of the many responsibilities I have, but the one that gives me the most laughs and, sometimes, the most frustration.
We started having some problems receiving e-mail from a large, listed (RSA), retail company. Considering the size of the company and the millions that it makes in profits each year one would assume that they would have some decent system in place. Think again!
It all started off when their employees were generating e-mail on their ERP system destined for my customers mailboxes hosted on my system. The e-mail never arrived at our network. If the e-mail never arrives at our public firewall then there's not much I can do about it, right? Wrong! The people generating these e-mails simply refused to get the company's IT staff involved and insisted that the problem is on our side. Hmmm..... seeing as I control all the e-mail systems in the world surely I can fix this minor problem. Finally I get hold of the telephone number for the company's IT support and start following up with them. Magically the problem disappears and my customers receive their e-mail from said company's ERP system. At this point I sit back and think that all is well. Silly me!
On the 26th of March my customers start complaining to me that any e-mail that is sent to this retail company was being rejected. Taking a closer look at the “reject message” it's obvious that said company was still using RELAYS.ORDB.ORG. Now, if memory serves correctly, this service was discontinued back in December 2006! After some checking I discover that RELAYS.ORDB.ORG had been configured to automatically produce false positives on all e-mail starting on 25th March noon Eastern Standard time. That means from about 7:00pm local time on the previous day this company had rejected all external e-mail. Surely a large organization such as this one would know if they had rejected all external e-mail for more than 17 hours!
No problem, I phone up the IT guys at this company to let them know what the problem is. I was totally floored when they asked me the following:
1. How do I know that they have an e-mail problem? 2. Why/how did I break their mail relay server? 3. Why /how did I break RELAYS.ORDB.ORG?
Evidently I do have control over all e-mail systems!
After explaining where their problem lies and how to fix it for about a hundred times they end the phone call. Their mail relay servers get shut down. I sit back and think to myself that they'll be back up in a few minutes. As far as I'm concerned, making this sort of change is not a huge reconfiguration!
Three hours later the mail relay servers for this retail company come back on line. But you are gonna love this...... they are configured as OPEN RELAYS!!!!!!!!!!!!
Fearlessly I phone the IT guys again and bring this to their attention. Speaking slowly and using words of no more than one syllable I tried in vain to explain their problem to them, and the possible repercussions. They wouldn't hear of it.
At this point I throw my hands in the air and give up. After all this is not my e-mail system. Why, might you ask, am I even concerned about it? Well, my customers send and receive a lot of e-mail from this company and if the e-mail doesn't work then it's [obviously] my fault.
Last week the inevitable happened. I was out of town lecturing Novell course 3063 (GroupWise 7 Administration) when I get a frantic phone call from one of my customers demanding to know why our e-mail system is rejecting mail from said retail company as “Blacklisted”. My customer also insists that said retail company has an e-mail system more secure than ours and therefore can't understand why we would reject the e-mail.
My response..... I laughed uncontrollably for about 10 minutes and then showed my students how NOT to run an e-mail system.
I encourage my clients to reject ANY server without a valid RDNS entry.
So, of course, when mail starts bouncing I do the leg work, figure out why, and then I call the tech's at the company getting bounced, and they are of course, so VERY gracious when you tell them, "Dude your server name does not match your RDNS, or even better, they don't have one.
99.9 times out of 100 it is some dweeb running an exchange server, that is completely clueless and I spend 30 minutes explaining how e-mail works, and even then, they ask, "If I rename my server, my AD will stop working"... At that point I just set the phone down, walk outside, scream to the heavens with multiple colorful metaphors, come back and start all over again.