Sender verify failed with incorrect reverse DNS record

Posted on By Mark Wilson

What a week! Switching hosting providers, setting up a new content management system for this blog (more on that as soon as it’s ready) and all at the same time as suffering e-mail problems as, since the middle of the week, every e-mail that I’ve sent to a particular contact has bounced back with the following message:

This is an automatically generated Delivery Status Notification.

Delivery to the following recipients failed.

someone@somewhere.net

Reporting-MTA: dns;mymailserver.markwilson.co.uk

Final-Recipient: rfc822;someone@somewhere.net
Action: failed
Status: 5.5.0
Diagnostic-Code: smtp;550-Verification failed for <myalias@markwilson.co.uk>
550-No Such User Here
550 Sender verify failed

I have various anti-spam measures on my mail server, but this appeared to be a problem when sending mail to a particular external host – e-mail sent to the same contact via a different mail server was received with no problems.

I set about researching the 550 Sender verify failed message and found various suggestions as to what might cause such an error – the most useful of which was a message on a newsgroup post which suggested it may be caused by an incorrect reverse DNS (PTR) record (thanks to Ben Winzenz for replying to that group a couple of years ago).

Even though much of my mail was being delivered successfully, that seemed like a perfectly reasonable explanation – the reverse lookup for my IP address would have returned a hostname in the format username.myisp.co.uk, rather than mymailserver.markwilson.co.uk (as confirmed by a DNS report on my domain, which also commented that “RFC1912 2.1 says you should have a reverse DNS for all your mail servers. It is strongly urged that you have them, as many mailservers will not accept mail from mailservers with no reverse DNS entry”), so I set about getting the record updated by my ISP (it has to be done by the owner of the IP address block).

Initially I asked my ISP to add my mail server’s DNS name as a second PTR record for my IP address but in practice I found that DNS responded in a round robin pattern (rather than returning all the matching records) so I couldn’t rely on a consistent response and was still experiencing mail delivery failures. Finally, after reverting to a single PTR record for my IP address and waiting for DNS propagation (again), I was able to successfully send e-mail to the contact with whom I’d previously experienced issues (phew!).

As more and more hosts take action to prevent unsolicited commercial e-mail (UCE – also known as spam), this is likely to be a more common occurrence and it just underlines how important a correct DNS configuration is.

Simple UK domain name transfers

Posted on By Mark Wilson

I’ve been the legal registrant of the markwilson.co.uk domain for almost 8 years now and it’s the domain name that drives most of the traffic to this website. Consequently, I would be very upset if I was to lose it and I’ve never been confident enough to move it away from the ISP whom I first registered the domain through (PlusNet/Force 9). Even though I have an ADSL line on a separate account, I have kept a dial-up account open with them for many years, just to maintain the webspace and domain name. In recent months, however, I’ve been getting close to the bandwidth limit on that service and they have been pretty poor at responding to my queries about what will happen once my traffic gets too much (I even offered to pay more money). Support from PlusNet/Force 9 has always been variable (excellent or poor – nothing in between) so I decided that it’s time to move on and my friends at ascomi are able to provide me with a very reasonably-priced hosting service with plenty of headroom.

So, it was with some trepidation that, this afternoon, I finally changed the IPS tag from FORCE9 to FASTHOSTS and transferred the domain name to my account at UKReg. That was it. Easy. Once the transfer had taken place, I could update the DNS server details to point anywhere I like (although at the moment they are still pointing exactly where they always have been, just until I get the new website up and running on my server at ascomi).

I was amazed at how efficient the process was – so much so that I raised a paranoid support call with UKreg, just to make sure that they will re-register my domain when it comes up for renewal.

I appreciate that for many people this is a very simple process and why does it justify a blog post? Well, it was a very big deal for me and I’ve been putting it off for years (literally). I just wanted to be sure that anyone who has similar issues and who stumbles across my ramblings can have their concerns laid to rest.

Further information on UK domain name transfers can be found at Nominet.

Do we really need trusted computing and digital rights management?

Posted on By Mark Wilson

I’ve never thought much about the trusted platform module (TPM) inside my PC but recently I’ve heard a lot about the rights and wrongs of digital rights management (DRM) – a technology which looks certain to make ever greater use of the TPM.

I also came across a (well-produced) short video about trusted computing. It makes a very interesting point based on a definition of trust (confidence) being a “personal believe [sic] in the correctness of something… a deep conviction of truth… which cannot be enforced… [and which] always depends on mutuality”.

In the last few weeks, I’ve heard a lot about Microsoft getting bad press for implementing DRM technologies in Windows Vista (it seems to me that Hollywood gave them very little choice in order to allow Vista to play back high definition content); Apple’s Steve Jobs has spoken out in favour of dropping DRM in iTunes (and Daring Fireball published an alternative view on what Jobs might actually be saying – my view is that it’s an elaborate ploy by Apple not to appear as “the bad guys” as unrest with the questionable legality of the iTunes Store grows in mainland Europe); and EMI are reported as considering the release of their catalogue in a DRM-free format (make the most of it before they are bought by Warner).

Of course, supporters of DRM (which may be enforced via TPM) insist that without it, piracy and theft of copyrighted content will spiral out of control. Perhaps they should look at why this might be – only last week I wrote about how I had considered downloading music from underground sources because I couldn’t get hold of it legally. Over-zealous use of DRM will drive law-abiding citizens like myself to break copyright because the latest wave of DRM measures goes too far. With previous content (including digitally-produced CDs), I could make a copy for personal use under fair use legislation. So why should I have to buy high definition content over and over, just so that I can watch it on my TV, my computer and my iPod?

As the transition of audio/video content to an online delivery mechanism continues to gather pace, the vast majority of consumers will still buy their music/video legally – at least in the first world – and let’s face it, do we really need to clamp down on this phenomenon in the developing world? Isn’t that just greed?

Sony BMG’s rootkit fiasco showed how copy protection could be taken too far – a complete breakdown in the public’s ability to trust of one of the world’s largest content providers. If I’m to trust the content providers not to put bad things on my computer and if trust really is, by definition, mutual then why do we need DRM?

(A few moments ago, a poll of almost 6000 readers of the UK Financial Times – not exactly known for dumbing down to the masses – showed that 98% of those polled were in favour of music companies dropping DRM).

Virtual PC is alive and well

Posted on By Mark Wilson

I’ve commented before that I wasn’t sure what the future held for Microsoft Virtual PC as much of the marketing and visible product development for the last couple of years has related to Virtual Server. Well, despite killing off Virtual PC for Mac, the Windows version appears to be alive and well as Virtual PC 2007 has been released.

I haven’t had time to check it out yet (I’m using Virtual Server 2005 R2 at home and until recently was using various VMware products at work) but I’m sure more details will become available in time at John Howard‘s blog.

Bye bye Blogger?

Posted on By Mark Wilson

Recently, I’ve written a couple of posts which hinted at the problems I’ve been having since I was involuntarily upgraded to Blogger‘s new platform and tonight was the final straw. For a while now, I’ve wanted to implement a category system for posts and a couple of months back I did actually start to tag my posts at del.icio.us in preparation for following Peter Chen’s advice for creating Blogger categories.

Unfortunately, the delicious2Blogger (D2B) method does not work with the new Blogger and to implement Blogger’s label system (in order to put a tag cloud on the site using phydeaux3’s label cloud code) I’ll need to upgrade my “classic template” to a “layout”. The problem is, that layouts are not supported for externally hosted sites that are published using FTP (like mine), so I’ll be stuck with my existing template, which has been broken since the upgrade.

Seeing as Blogger seems to be so full of limitations and I’m in the middle of a site redesign anyway, I’m seriously considering a move to a WordPress-based site – as long as I can preserve all the links and comments. I’ve also been having some issues with my hosting provider (and the fact that they have recently been bought by BT doesn’t fill me with joy either) so I’m probably going to move away from them too.

I’ll be trying to minimise the impact on blog readers and hope to maintain the domain name and all the links, but please bear with me if there are a couple of hiccups along the way.

Text me outta here

Posted on By Mark Wilson

When I was about 15, I remember using a telephone engineering number to get the phone to ring, then pretending that it was my friend’s Dad on the phone, that we were in trouble, and that we had to go to his house right away – just to get my girlfriend to leave so I could hang out with my mates!

Fast forward 20 or so years and teenage girlfriends are definitely a thing of the past (I’m happily married, with two lovely kids). The engineering code that I used to know is also long since confined to a distant memory (but you can do something similar in the UK with 17070); however there is a new service for those who need to escape from dodgy dates, or other potentially sticky situations. For £1, text me outta here will send an SMS message at a pre-defined time and you can either ignore it (if things are going well) or use the excuse you dreamed up previously to get you out of a situation. It’s only been running for a few weeks but sounds like an interesting service to me!

Portable applications – an alternative approach to mobile computing

Posted on By Mark Wilson

I’ve been playing around with the idea of running operating systems from USB flash drives for a while now but the main problem is USB boot support in the hardware I use (most notably the Fujitsu Siemens Lifebook S7010D that I use for work doesn’t support it).

A while back I wrote about my experiences of booting Windows PE from a USB flash drive (and I believe that new versions of PE make this easier) but the reality is that I haven’t needed this – it not really anything more than a challenge that I set myself to see if it could be done and for those (up to now, theoretical) “system down” occasions there are CD-based solutions that I can use (e.g. Knoppix STD, Trinity Rescue Kit or Winternals Administrators Pak).

For other occasions (like working on someone else’s PC), there is the option of a portable application. I tried out two such packages tonight (my favourite Windows FTP program – FileZilla – and Mozilla Firefox) and was very impressed. Neither of these applications is installed on my wife’s Windows XP PC and yet I was able to run the portable versions of the them both from my USB flash drive without leaving any files behind. It’s the ultimate in mobile computing – literally anytime, anyplace, anywhere – as long as you can borrow a (Windows) PC!

There are alternative solutions such as U3 and MojoPac but, as far as I can tell, these rely on kernel hacks to implement technology such as roaming desktops and the beauty of the Portable Applications solution is that, even though there is an application “suite” available, I can just run the individual applications that I need, on any Windows PC, without any specialist hardware – and it’s free.

Don’t be misled by the Windows Vista myths

Posted on By Mark Wilson

In recent months, there has been a lot of criticism of Microsoft Windows Vista in the press and elsewhere – I know because I wrote some of it; however it’s good to see Deb Shinder’s TechRepublic article entitled don’t be misled by these 10 Windows Vista myths, which seems to be a thoughtful and well-reasoned view of why a lot of the hype (both from Microsoft and from the anti-Microsoft camp) needs to be taken with a pinch of salt.

Unfortunately, many of the comments posted about the article are ill-informed, or even just plain old trolling. Somewhat ironically, I came across the article via MacBreak Weekly (episode 28) – a podcast which often displays Apple fanboy tendencies.

Migrating WSUS to a new server without downloading all the updates

Posted on By Mark Wilson

I’ve spent the last day or so decommissioning my old domain controller, which also doubled up as a DNS, WINS, DHCP, print, RIS, anti-virus and WSUS server (okay… so a bit more than doubled up then!). Migrating Active Directory/DNS/WINS services was straightforward – it just involved setting up the new server, replicating the data, updating client settings (via DHCP) then removing the old services. DHCP was similarly straightforward (I’ve blogged before about migrating DHCP databases between servers) and RIS just needed to be installed on the new server, the images copied across, and the remote installation services setup wizard run. I recreated my single print queue manually but I could just as well have used the Microsoft Windows Server 2003 Print Migrator. That left just left my anti-virus management console (reinstall the console and reconfigure the clients) and WSUS.

I could just have installed WSUS, resynchronised with Microsoft Update and approved the necessary updates; however that would have involved downloading more than 10GB of updates (which could have taken my bandwidth usage for the month to a level that would result in my Internet connection being throttled under my ISP’s sustainable usage policy).

One potential WSUS migration option would have been to backup and restore the WSUS configuration but I wasn’t convinced about how that would work in a migration scenario involving a change of servername. Then I found a blog post from Nathan Winters about migrating WSUS between servers which helped me to import the content without going out to the Internet and downloading it again. Nathan suggests that the approvals database gets imported too, but that’s not the case – the wsusutil import command only imports the update metadata (not the file, approvals, or server settings). Similarly wsusutil migratesus migrates approvals from a SUS server (not WSUS) and wsusutil movecontent is for moving the content within the local file system. More details on managing WSUS from the command line can be found in the Microsoft Windows Server TechCenter.

By chance, I’d installed my new WSUS server as a replica of the original one so I could synchronise with the old server as my upstream source, leaving the new server with the content (from a a manual file copy followed by a metadata import) and the approvals information (from the synchronisation with the old server). All that remained was to finalise the server settings (synchronisation options etc.) and update group policy so that my clients went to the new server.

I hit a problem when I found that WSUS 2.0 doesn’t allow replica servers to be converted to standalone mode (that’s expected when WSUS 3.0 is released later this year), effectively preventing me from repointing WSUS to download updates from Microsoft Update. Luckily, Mohammed Athif Khaleel’s PatchAholic blog features a post on changing the mode of a WSUS server and a follow-up comment from SpJam includes a script to switch a server from replica to standalone mode (modified here to reflect subsequent comments):

rem Restore values after exec spEnableReplica stored procedure
“%ProgramFiles%\Update Services\tools\osql\osql.exe” -S %COMPUTERNAME%\WSUS -E -b -n -Q “USE SUSDB UPDATE dbo.tbConfigurationA SET SyncToMU = ‘1′ UPDATE dbo.tbConfigurationB SET AutoRefreshDeployments = ‘1′ UPDATE dbo.tbConfigurationC SET ReplicaMode = ‘0′ UPDATE dbo.tbConfigurationC SET AutoDeployMandatory = ‘1′ UPDATE dbo.tbAutoDeploymentRule SET Enabled = ‘0′”

rem Add removed values in tables
“%ProgramFiles%\Update Services\tools\osql\osql.exe” -S %COMPUTERNAME%\WSUS -E -b -n -Q “USE SUSDB Insert into dbo.tbTargetGroupInAutoDeploymentRule(AutoDeploymentRuleID, TargetGroupID) values (1, ‘A0A08746-4DBE-4a37-9ADF-9E7652C0B421′)”
“%ProgramFiles%\Update Services\tools\osql\osql.exe” -S %COMPUTERNAME%\WSUS -E -b -n -Q “USE SUSDB Insert into dbo.tbTargetGroupInAutoDeploymentRule(AutoDeploymentRuleID, TargetGroupID) values (2, ‘A0A08746-4DBE-4a37-9ADF-9E7652C0B421′)”
“%ProgramFiles%\Update Services\tools\osql\osql.exe” -S %COMPUTERNAME%\WSUS -E -b -n -Q “USE SUSDB Insert into dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID, UpdateClassificationID) values (1, 1)”
“%ProgramFiles%\Update Services\tools\osql\osql.exe” -S %COMPUTERNAME%\WSUS -E -b -n -Q “USE SUSDB Insert into dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID, UpdateClassificationID) values (1, 5)”
“%ProgramFiles%\Update Services\tools\osql\osql.exe” -S %COMPUTERNAME%\WSUS -E -b -n -Q “USE SUSDB Insert into dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID, UpdateClassificationID) values (2, 1)”
“%ProgramFiles%\Update Services\tools\osql\osql.exe” -S %COMPUTERNAME%\WSUS -E -b -n -Q “USE SUSDB Insert into dbo.tbUpdateClassificationInAutoDeploymentRule(AutoDeploymentRuleID, UpdateClassificationID) values (2, 5)”

It looked as if the script worked as advertised (except that automatic approval options were still not available) until I started to encounter the following error message when running reports or attempting to view update information:

Windows Server Update Services error

Error connecting to the Windows Server Update Services database
There was an error connecting to the Windows Server Update Services database. Either the database is not available or you do not have the correct privileges to access the database.

If you believe you have received this message in error, please check with your system administrator.

Click here to reload the site: Windows Server Update Services

Thinking that I had corrupted the database and that I might need to go back and start the WSUS migration from scratch, I decided to restart the server “just in case”. After the restart, everything seemed to be working (including the previously-missing automatic approval options). I’ve since approved some more updates and run various reports and (so far) there have been no problems administering WSUS.

The final step was to edit the group policy that I use to control automatic update options on my clients – a minor edit to change the server which clients should contact for updates.

So, to summarise, my WSUS migration process was:

  1. Install BITS 2.0 (a fully-patched Windows Server 2003 server should already have this).
  2. Install WSUS (in replica mode) and WMSDE.
  3. Export the update metadata on the old server using %programfiles%\Update Services\Tools\wsusutil export filename.cab logfilename.txt.
  4. Copy filename.cab (created above) and the contents of the WsusContent folder to the new server (e.g. using an external disk to network connectivity issues).
  5. Import the update metadata using %programfiles%\Update Services\Tools\wsusutil import filename.cab logfilename.txt (note that this takes a long time – it was just over three hours in my case).
  6. Synchronise WSUS with an upstream server.
  7. Save the script above as filename.cmd and execute it from the command line. The output will detail each command followed by the number of affected rows in the database.
  8. Reboot the server.
  9. Configure server settings (e.g. set Microsoft Update as the update source) and administer WSUS as normal.

I’d be interested to hear if anyone has any variations on this approach – for example, I don’t really recommend installing WSUS in replica mode and then hacking the database (and this wouldn’t be an option if there was any network segregation in place). Indeed, since I completed the exercise I found reference to a tool called WSUSMigrate which is part of the WSUS API samples and tools and can be used to migrate the approvals data – that looks like a much better approach.

Testing torrents

Posted on By Mark Wilson

BitTorrent gets a lot of bad press. I’m a self-confessed geek and I’d been led to believe (largely by mainstream media it has to be said) that it was all about illegal downloads of copyrighted music and video and, to a large extent, that is the main use of the technology today; however it’s also potentially an immensely powerful medium for content distribution.

I’ve heard some great remixes recently of Snow Patrol’s Open Your Eyes. I waited for the single release (last Tuesday), went to iTunes and there was just a basic single with two tracks, just like the old days of buying 7″ vinyl (showing my age now). In the 90s I bought a lot of CD singles – with 3-6 tracks (mostly remixes) until the chart rules limited the number of tracks on a CD single (an anti-consumer practice if ever I saw one, as most record companies started releasing two versions of a CD single instead with different content, bringing in twice the revenue). Anyway, I digress – there was no sign of the Redanka remix that I wanted. A bit of googling turned up the track I wanted at AllOfMP3 for just $0.39 (but did I really want to hand over my credit card details to a website of dubious legality for such a small sum?) – googling also turned up versions on YouTube and various torrent sites but I was prepared to part with cash to buy this legally!

I went to the official website for the band and asked where I could get the tracks legally… no response. In fact my comment wasn’t even approved by the moderators!

It seems to me that record companies are not helping themselves here – but making different content available in different markets (as well as online/offline), they fragment the market and frustrate the consumer. Little wonder really that people turn to underground download sites…

Now, I’m not encouraging anything that might be illegal here but this blog has an international audience and not everywhere respects the UK’s copyright legislation. If one was to be driven down the torrent route then this is what they might find…

There are many torrent sites that offer content, both legal and illegal for download. I’m not going to link any here but they can be found by using your favourite search engine. If you want to know how to get started, then check out the TorrentSpy Forumsguide to BitTorrent for total newbies as well as how to use Torrents (a basic introduction to BitTorrent vocabulary may also be useful). There are also articles at TorrentFreak which look interesting including summaries of the popular BitTorrent clients for Mac OS X and Windows – many of these are also available for Linux.

There is one very important rule, if you download, then remember to leave your BitTorrent client running once the download is complete to seed the content for others (don’t be a leech). It’s this distributed distribution that’s the big advantage of the BitTorrent technology – leaving aside any illegal content, let’s imagine that I am a media producer trying to distribute content without any big business capital or sponsorship. Instead of running a website with potentially huge bandwidth costs, that cost is shared by those who download the content and make it available for others. Other examples of legal torrent use include distribution of certain software (e.g. Linux distributions) and podcasts and as people realise the potential of peer-to-peer technologies (of which BitTorrent is only one form), they will gain increased acceptance.

When Polydor/Universal Music release the track that I’m after as a download on iTunes, I’ll buy it and pay my dues.