Dan Kaminsky wrote a post about an Experimental Mail Server Analyzer Online. This might have helped me with a problem I was dealing with earlier this month. I am not sure whether my problem is related to what he is trying to accomplish but here is my problem description and resolution.
At the place I am working our customer service representatives said they were getting a lot of customer complaints about order confirmation emails never arriving. I did a little pivot table analysis on the event log and found a lot of SMTP 4000 and 4006 warnings. The frequency of the errors started escalating on July 29th. The good news is that I had not applied any patches in that time frame. The 4006 warning message I was familiar with since I had fixed a naked line feed issue in June. The 4006 warning message also appears when a customer enters their email address incorrectly so I expect to see it in the event log but at low levels. The 4000 warning message was new and said “Unable to bind to the destination server in DNS”. The problem appeared to be intermittent since not all emails were failing. However when I ran NSLOOKUP on the web site for the mail server that appeared in the 4000 message, it failed. When I used NSLOOKUP on my workstation to look up that same server, it worked. The DNS used by the web server was failing for a group of mail servers. The solution was very simple. Although both the ISP help desk and I thought the web site had local problems and needed a mid-day reboot, the help desk changed our domain name server. Based on their initial testing they did not think they had fixed the problem. I suspect they used ping to try and verify the mail server. Since a lot of people have turned off ping responses on their mail servers, I looked at the event log. I could see that the problem was probably fixed. The 4000 messages had disappeared completely and the mail queue was emptying. The 4006 messages went down to previous levels, too. In fact they are at a level slightly lower than I had noticed before the problem.