An urgent email was sent to me with “Help!” in the subject.
In this post I show how I was notified about a website issue, what useful information I was able to find and how the information was used to help fix the issue.
Inside the email, the sender wrote about his urgent computer issue and asked for some assistance. The day before the email was sent, the owner’s website could not be accessed and emails sent to him from others were not being received. He also wrote that his website developer tried to redirect his emails to another email service while the website was down. Although, the owner had premium support by his website provider, he hoped that an extra pair of eyes looking at the situation might resolve the problem quicker.
Having dealt with a similar issue recently, the process I used to resolve the problem was still fresh in my mind. So, rather than wait till the morning, I decided to gather information quickly in case it could be helpful.
Finding the fault:
In order to find out information that could be useful, I decided to use a methodical approach.
Firstly, error and warning messages from bounced emails were checked. For example:
- From: Mail Delivery System Mailer-Daemon@webcloud.au.websitehost.com
A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed: email@example.com
The mail server could not deliver mail to firstname.lastname@example.org. The account or domain may not exist, they may be blacklisted, or missing the proper dns entries.
This message was created automatically by mail delivery software.
—— This is a copy of the message, including all the headers. ——
Received: from c-99-101-99-169.syd.connect.net.au ([18.104.22.168]:52756 helo=LT1525)
- by webcloud.au.websitehost.com with esmtpsa (UNKNOWN:AES128-SHA256:128)(Exim 4.82)
- (envelope-from <email@example.com>)
- id 1XHS0t-00346v-7h; Wed, 13 Aug 2014 14:26:29 +0800
As you can see, three reasons were given as possible causes. That the account or domain might not exist anymore, was blacklisted or missing proper dns entries. These messages led to three checks:
- To find out more about the domain:
The domain name was typed into the Domain field of the WHOIS lookup website as well as the verification code that was asked for. The information shown provided a link to the registrar record, giving their name, their website address and subsequently their contact phone number. Also, the information page showed the details of the registrant, who was the website developer, the name servers, the date the domain details were last modified on 13-Aug-2014 04:15:32 UTC, which was the last date the server was working and the status of the domain. The status raised a concern because it showed the messages: serverHold (Expired) and serverUpdateProhibited (Expired), instead of ok.
- To find out if the site was blacklisted
The ping utility was used to try and determine the Internet address of the problem website. However, the address was not returned. It seemed that the problem that caused the above error statuses also caused ping to fail. If the Internet address could have been found, it would have been entered on the blacklist check page at WhatIsMyIPAddress.com to identify blacklist databases that the website may have been reported on.
- To find out if there were any other hosting issues
More information was able to be found on the registrar’s website. Fortunately, the registrar provided a status page of their services, which indicated maintenance was carried out on the same day.
- Location network maintenance – resolved
Start: 13/08/2014 22:00 (23 hours ago) End: 13/08/2014 23:00 (22 hours ago). Last Update: 13/08/2014 22:23 (23 hours ago). Severity: Low Impact.
- Shared Hosting Platform:
servera.cbr.xyzserver.net.au – Scheduled file system check – resolved. Start: 13/08/2014 21:00 (1 day ago). End: 13/08/2014 23:32 (22 hours ago). Last Update: 13/08/2014 23:32 (22 hours ago). Severity: High Impact
serverb.cbr.xyzserver.net.au – Scheduled file system check – resolved. Start: 13/08/2014 21:00 (1 day ago). End: 13/08/2014 23:31 (22 hours ago). Last Update: 13/08/2014 23:31 (22 hours ago). Severity: High Impact
- Location network maintenance – resolved
Now that the information had been gathered, I collated the information in an email and sent it to the website developer in the hope it would provide clues to fix the problems.
In addition, I gave two more suggestions because, one, the original request mentioned that emails were supposed to be redirected and two, the above information indicated that the problem was at the Domain level. The first suggestion was that if the website developer could still access the Domain cPanel or console they could check the settings were correct and to remove the redirection. Secondly, if any Zone records were modified then waiting for the changes to propagate throughout the Internet, might be all that was required as changes like this could take 24 hours.
Installation, testing and closure:
Once the email was sent, the fixes were in the hands of the website developer. It was not intended that I should solve the issues, but I felt that I provided enough information that I would have needed to speak with the website developers or hosting providers if I was to solve the issue.
Soon after, I received a confirmation email from the owner that his website and emails were back to normal. In addition, I went to the website and replied to the email as a final check and closed the job accordingly.