This topic has been addressed in the I-mail forum but is still unresolved for me. (http://www.mail-archive.com/imail_forum%40list.ipswitch.com/msg88056.html). I also should tell you that this is a bit out of my league as far as determinig UDP packet sizes, etc. but I think I'm on the track.

My understanding from what I've read is that this problem is with EDNS and running a Windows 2003 server (http://www.microsoft.com/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/Default.asp?url=/resources/documentation/WindowsServ/2003/datacenter/proddocs/en-us/sag_DNS_imp_EDNSsupport.asp). I've curently turned off EDNS (dnscmd Server Name/Config /EnableEDnsProbes 0)and still am having the same issues. 

If EDNS (UDP packets larger than 512 bytes) were the issue then I assumed I would see packets larger than 512bytes so I captured some data and this is what I got.

....................

IP: Protocol = UDP - User Datagram; Packet ID = 50691; Total IP Length = 130; Options = No Options
IP: Version = IPv4; Header Length = 20
IP: Type of Service = Normal Service
IP: Total Length = 130 (0x82)
IP: Identification = 50691 (0xC603)
IP: Fragmentation Summary = 16384 (0x4000)
IP: Time to Live = 253 (0xFD)
IP: Protocol = UDP - User Datagram
IP: Checksum = 2766 (0xACE)
IP: Source Address = 192.107.41.34
IP: Destination Address = 192.168.2.99

UDP: Src Port: Domain Name Server (53); Dst Port: Unknown (1028); Length = 110 (0x6E)
UDP: Source Port = Domain Name Server
UDP: Destination Port = 0x0404
UDP: Total length = 110 (0x6E)
UDP: Total length = 110 (0x6E)

DNS: 0x3474:Std Qry Resp. Auth. NS is blackholes.five-ten-sg.com. of type SOA on class INET addr. : Name does not exist
DNS: Query Identifier = 13428 (0x3474)
DNS: DNS Flags = Response, OpCode - Std Qry, RD RA Bits Set, RCode - Name does not exist
DNS: Question Entry Count = 1 (0x1)
DNS: Answer Entry Count = 0 (0x0)
DNS: Name Server Count = 1 (0x1)
DNS: Additional Records Count = 0 (0x0)
DNS: Question Section: 74.110.253.64.blackholes.five-ten-sg.com. of type Req for all on class INET addr.
DNS: Authority Section: blackholes.five-ten-sg.com. of type SOA on class INET addr.

.....................

From what I can see this data is nowhere near 512 so what's going on? I'm running a software firewall and the maximum size packet allowed is 64KB so I'm pretty sure that's not the issue? my router is a Linksys but I've not been able to find out what it's capabilities are yet?

T.I.A

ampapa,

I'm saying that "no spam database DNS lookups are working (but MX record lookups are OK)". This server also runs DNS and all other query's/lookups are working fine.

"anti-spam software not using the correct DNS server"

I'm using Imails antispam, now I will say that when I looked in the log after "stopping" and "starting" the SMTP server and  the que manager that there is an entry that identify's an email that was being delivered as spam. It did this only once but with 3 different spam databases.

What happens if you turn off all DNS based Imail Anti-Spam features?

You said you have your firewall set to 64K size on UDP packets. That is allfull small.

"Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882)

"What happens if you turn off all DNS based Imail Anti-Spam features?"

Well I don't see any DNS failures trying to connect to the Spam databases but I'm also guessing that I don't get the benefit of using the Spam databases. By just removing all the databases I'm able to use some of the Anti-spam features but the Databases in my opinion are huge.

"You said you have your firewall set to 64K size on UDP packets. That is allfull small."

That was 64KB.

Well, the fact that turning off the Imail Anit-Spam DNS tests proves it is the problem being discussed. Did you restart the server after making the registry change?

My bad on the UDP packet size.

"Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882)

"Did you restart the server after making the registry change?"

Yes, both SMTP and the Quemanager

"Life is a succession of lessons which must be lived to be understood." Ralph Waldo Emerson (1802-1882)

I believe the server has been rebooted since the registry change but none the less I will restart the DNS service.

I'm a bit confused as to why this change will make a difference considering the packet sizes that we are looking at is considerable less than 512 and the EDNS issue only