291217Re: Connection timed out due to dns timeouts
- Feb 8, 2013El 08/02/13 11:27, Robert Schetterer escribió:
> Am 08.02.2013 10:42, schrieb Angel L. Mateo:I know this. It is normally working fine. My problem with this domain
>> El 08/02/13 10:02, Robert Schetterer escribió:
>>> Am 08.02.2013 09:29, schrieb Angel L. Mateo:
>>>> I have list servers that send mails through another relay servers.
>>>> With this configuration all mail sent from our mail servers are
>>>> delivered through our relay servers. All servers use postfix (list
>>>> servers use 2.7.0 and relay 2.5.5)
>>>> We are having problems with dns lookups to one domain. I know is
>>>> a postfix problem, but a dns configuration error in that domain. But it
>>>> is affecting our servers.
>>>> The problem is that whenever the relay server receives a mail
>>>> directed to that domain, I get the error "conversation with <mail
>>>> server> timed out while sending MAIL FROM". And as list server group
>>>> messages, all recipients in that group as rejected.
>>> as workaround you can use a a deditacted transport for that domain
>>>> I've been looking for the problem on that domain and is a timeout
>>>> problem. Due to some problem in its configuration, I've never have an
>>>> answer (the domain exists, but it doesn't answer).
>>> what does not answer ,their mailserver , your dns ?
>> Their DNS doesn't respond. If I query it manually with dig, I get a
>> timeout with no answer.
>> The problem I'm having is that my relay server has
>> smtpd_recipient_restrictions = reject_non_fqdn_recipient,
>> reject_unknown_recipient_domain, check_recipient_access
>> pcre:/etc/postfix/recipient_checks.pcre, check_recipient_access
>> hash:/etc/postfix/verified_recipient_checks, check_policy_service
>> reject_unauth_destination, check_recipient_maps, permit
>> and is timing out in the reject_unknown_recipient_domain. As the
>> server doesn't have any answer, the smtp connection from my list servers
>> are completely timing out.
>> I guess it could be a better behaviour if in this situation my relay
>> server could return a 450 for this domain (at least, with this behaviour
>> my list server could try with other recipients of the message)
> this should be default, unless you didnt changed or override it
> Reject the request when Postfix is not final destination for the
> recipient domain, and the RCPT TO domain has 1) no DNS A or MX record or
> 2) a malformed MX record such as a record with a zero-length MX hostname
> (Postfix version 2.3 and later).
> The unknown_address_reject_code parameter specifies the numerical
> response code for rejected requests (default: 450). The response is
> always 450 in case of a temporary DNS error.
is that it is not being rejected. postfix just times out.
>I want my relay server to reject the mail (at
>>> you should invest more time in analyse the real problem
>>> i.e some routing problems may cause it
>> Solving the problem with this particular domain (which is not mine),
>> solves my problem now, but not future similar problems. So I think it
>> would be better to avoid the situation.
> as far i remember all dns checks have tmp failure code
> at default, sometimes it makes sense to change some of them global, this
> is kind of design question, however you may construct bypasses with
> smtpd_restriction_classes too depending to i.e some ipaddress etc
> i your case , the question seems , at what server and what point you
> want to react with what error by dns rejects
reject_unknown_recipient_domain option with the corresponding reject
code) not to time out.
Angel L. Mateo Martínez
Sección de Telemática
Área de Tecnologías de la Información
y las Comunicaciones Aplicadas (ATICA)
- << Previous post in topic Next post in topic >>