I recently started using CloudFlare and am having a few teething problems.
Our domain is netlanguages.com and while we have a lot of sub-domains listen, we are currently only trialling a few of the servers through the CloudFlare CDN (for example, www.netlanguages.com is enabled for CDN, netlanguages.com is not). The actual CDN service seems to be reliable, but the problem that we are having is with DNS, and specifically with mail delivery.
The background is that we have contact forms on our web site which use PHP mail() to send the details to end-users' email addresses, with the "from" address of the messages being website@netlanguages.com which is a valid address on our mail server. Most of the mails are arriving correctly, but a few specific people are not receiving them. The webserver uses qmail to deliver the messages, and the qmail log files show us some of the errors that the receiving mail servers return when they reject the mail delivery attempt. Two examples:
Connected to 94.100.176.20 but sender was rejected./Remote host said: 421 DNS problem (interdominios.netlanguages.com). Try again later
Connected to 213.186.33.29 but sender was rejected./Remote host said: 451 DNS temporary failure (#4.3.0)
From what I can tell, the receiving SMTP server is doing a DNS lookup of some description on either the host of the "from" email address (netlanguages.com) or the server name given in the EHLO command of the SMTP conversation (in the first example above, interdominios.netlanguages.com), both of which should resolve to non-CloudFlare IP addresses.
I've read that the CloudFlare DNS service is very reliable and fast but both of the problems above seem to point to a problem with remote servers unable to do DNS lookups.
I should also point out that we changed our DNS to CloudFlare on 6th Feb, and since then started experiencing these mail delivery problems. On 22nd Feb we moved our DNS away from CloudFlare to see if the issues were related to CloudFlare and after a few hours delivery began to work. Then on 26th Feb I moved the DNS back to CloudFlare again and delivery problems started again. The issues definitely seems to be related to DNS, but I don't know if it's a configuration issue, or something else.
Finally, I should say that our two DNS MX records point to non-CDN A record IP addresses, interdominios.netlanguages.com (the web and qmail server) also points to a non-CDN A record IP address.
Does anyone know what the problem could be here? Any light you can shed on this will be most appreciated.
Many thanks,
Andy
Best Answer
First, thanks a lot for using your actual hostname and information in the question, it helps a lot!
The 451 DNS temporary failure means that the recipient mail server is unable to resolve the hostname at that point in time. I've looked at your DNS records and I can't see anything strange about them that would cause this, so I'd say that the problem is with the CloudFlare DNS servers. It may be that there is some firewall or rate limiting or some other issue that means they either don't respond or don't respond quickly enough for the mail servers to get the information they want in order to accept the emails.
You can contact the postmaster at the recipient site (in theory, the address "postmaster@theirdomain.com" should both work and be read by a human being, but we all know the difference between theory and practice!) and ask them if they can see why the checks failed. I'd also check with the CloudFlare support staff if they've seen the same problems for other customers.