Ok, for the last 4 days I have been struggling with getting the iPhone mail client to work properly when on edge.
The client works perfectly when on WiFii, but failed to connect when on edge. There are lots of postings of other people having the same problem all over the country. Knowing a few things about networking 😉 I started troubleshooting.
I found that with an edge device we could telnet to my hosts on port 80 and port 25 (web and mail), but failed to connect on port 143 (imap). I ran several snoops and noticed that we could see the packets making it to my server, but the imap session never being established.
I was running the snoops so I could see what IP address the devices are coming from. When I saw the bizzare names, I decided to start doing some investigating and noticed that there was a reverse PTR record, but no forward A record.
-
% host mobile-032-162-049-101.mycingular.net.
Host mobile-032-162-049-101.mycingular.net not found: 3(NXDOMAIN)
% host 32.162.49.101
101.49.162.32.in-addr.arpa domain name pointer mobile-032-162-049-101.mycingular.net.
Well, this was the lightbulb I needed. imapd is launched from inetd, unlike mail and web. Mail and web both have a daemon running on their own. All of my inetd services like imapd are wrapped by tcp-wrappers. A quick look at the tcpd logs showed:
Jan 7 11:09:37 c130 imapd[19384]: [ID 140027 local6.error] warning: can’t verify hostname: gethostbyname(mobile-032-162-049-101.mycingular.net) failed
Jan 7 11:09:37 c130 imapd[19384]: [ID 947420 local6.warning] refused connect from 32.162.49.101
So the problem is both AT&T’s and mine. Because I use tcp-wrappers, the connecting hosts MUST have a valid A record for the PTR. The fact that AT&T doesn’t have valid A records is not playing nice on the internet.
Now the world is starting to make sense. Why does this work for some people and not others. The reason is because they are still using old IP’s from Cingular, and not the new ones from AT&T. It appears that all of the mycingular hosts are missing the forward lookups.
So, I have my workaround, but ultimately AT&T needs to fix this problem. I will still suggest you open a ticket with AT&T and ask them to fix their DNS records. Properly registering IP addresses that are used on the Internet is not only a polite thing to do, but also prevents things from breaking that rely on valid DNS records.