Loading ...
Sorry, an error occurred while loading the content.
 

Better to do 550 instead of 450 for these?

Expand Messages
  • CN
    Dec 31 04:49:58 ltosh postfix/smtpd[9451]: reject: RCPT from unknown[218.64.103.176]: 450 Client host rejected: cannot find your hostname, [218.64.103.176];
    Message 1 of 13 , Dec 31, 2005
      Dec 31 04:49:58 ltosh postfix/smtpd[9451]: reject: RCPT from unknown[218.64.103.176]: 450 Client host rejected: cannot find your hostname, [218.64.103.176]; from=<amity@...> to=<grumpy@...>
      Dec 31 04:57:09 ltosh postfix/smtpd[9454]: reject: RCPT from unknown[61.191.118.112]: 450 Client host rejected: cannot find your hostname, [61.191.118.112]; from=<arnoldvc@...> to=<carol@...>
      Dec 31 05:53:46 ltosh postfix/smtpd[9467]: reject: RCPT from yourfreedominfo.info[72.1.186.104]: 450 <mail.freedomservice.info>: Helo command rejected: Host not found; from=<bounce-58-7699378@...> to=<cj@...>

      a.com is one of my virtual domains. I get a slew of these in the log, with various_names@....

      Is it better to do a 550 reject on these? Would you be kind enough to point out how to do that?

      Also where can read about all the reject codes and their meanings?

      Cordially, CN
    • Roger B.A. Klorese
      ... No, it s not. Someone s DNS servers may be down for a bit -- that s why a 4xx is used.
      Message 2 of 13 , Dec 31, 2005
        CN wrote:
        > a.com is one of my virtual domains. I get a slew of these in the log, with various_names@....
        >
        > Is it better to do a 550 reject on these?


        No, it's not. Someone's DNS servers may be down for a bit -- that's why
        a 4xx is used.
      • Victor Duchovni
        ... Postfix never returns 5XX for temporary lookup problems, even when it returns 5XX for NXDOMAIN and other hard failures. Setting the various reject codes to
        Message 3 of 13 , Jan 1, 2006
          On Sat, Dec 31, 2005 at 08:43:12PM -0800, Roger B.A. Klorese wrote:

          > CN wrote:
          > >a.com is one of my virtual domains. I get a slew of these in the log,
          > >with various_names@....
          > >
          > >Is it better to do a 550 reject on these?
          >
          > No, it's not. Someone's DNS servers may be down for a bit -- that's why
          > a 4xx is used.
          >

          Postfix never returns 5XX for temporary lookup problems, even when it
          returns 5XX for NXDOMAIN and other hard failures. Setting the various
          reject codes to 5XX is safe and recommended once one is confident that
          the configuration is correct. This is better for the (legitimate) sender,
          because a timely bounce is much more useful than a 5 day delayed bounce.

          --
          Viktor.

          Disclaimer: off-list followups get on-list replies or get ignored.
          Please do not ignore the "Reply-To" header.

          To unsubscribe from the postfix-users list, visit
          http://www.postfix.org/lists.html or click the link below:
          <mailto:majordomo@...?body=unsubscribe%20postfix-users>

          If my response solves your problem, the best way to thank me is to not
          send an "it worked, thanks" follow-up. If you must respond, please put
          "It worked, thanks" in the "Subject" so I can delete these quickly.
        • Roger B.A. Klorese
          ... How is NXDOMAIN any more a hard failure? An authoritative server could be temporarily misconfigured...
          Message 4 of 13 , Jan 1, 2006
            Victor Duchovni wrote:
            > Postfix never returns 5XX for temporary lookup problems, even when it
            > returns 5XX for NXDOMAIN and other hard failures.


            How is NXDOMAIN any more a "hard" failure? An authoritative server
            could be temporarily misconfigured...
          • Bastian Blank
            ... Why do you respect 5xx replies from a downstream server and bounce the message? It may be temporarily misconfigured. Bastian -- It is undignified for a
            Message 5 of 13 , Jan 1, 2006
              On Sun, Jan 01, 2006 at 11:10:30AM -0800, Roger B.A. Klorese wrote:
              > How is NXDOMAIN any more a "hard" failure? An authoritative server
              > could be temporarily misconfigured...

              Why do you respect 5xx replies from a downstream server and bounce the
              message? It may be temporarily misconfigured.

              Bastian

              --
              It is undignified for a woman to play servant to a man who is not hers.
              -- Spock, "Amok Time", stardate 3372.7
            • Roger B.A. Klorese
              ... Fair enough. But I m inclined to have an SMTP client believe an SMTP server but question everything else.
              Message 6 of 13 , Jan 1, 2006
                Bastian Blank wrote:
                > Why do you respect 5xx replies from a downstream server and bounce the
                > message? It may be temporarily misconfigured.
                >


                Fair enough. But I'm inclined to have an SMTP client believe an SMTP
                server but question everything else.
              • Len Conrad
                ... hard for me is negative protocol response (instead of no response). DNS NXDOMAIN or NODATA, or SMTP 5xx ain t my responsibility to mind-read, guess,
                Message 7 of 13 , Jan 1, 2006
                  >>Postfix never returns 5XX for temporary lookup problems, even when it
                  >>returns 5XX for NXDOMAIN and other hard failures.
                  >
                  >
                  >How is NXDOMAIN any more a "hard" failure? An authoritative server
                  >could be temporarily misconfigured...

                  "hard" for me is negative protocol response (instead of no
                  response). DNS NXDOMAIN or NODATA, or SMTP "5xx"

                  ain't my responsibility to mind-read, guess, and hedge that their
                  server is misconfigged. The sooner THEY pay for THEIR problems, the
                  better off we all are.

                  Len


                  _____________________________________________________________________
                  http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
                • Roger B.A. Klorese
                  ... To me, the world is not me vs. them -- the goal is getting mail through, not scolding about other people s configurations.
                  Message 8 of 13 , Jan 1, 2006
                    Len Conrad wrote:
                    > ain't my responsibility to mind-read, guess, and hedge that their
                    > server is misconfigged. The sooner THEY pay for THEIR problems, the
                    > better off we all are.


                    To me, the world is not "me vs. them" -- the goal is getting mail
                    through, not scolding about other people's configurations.
                  • Arnt Gulbrandsen
                    ... In that case, the name server tells you I am authoritative and I know there is no such domain . It s not telling you there never was , it s not telling
                    Message 9 of 13 , Jan 1, 2006
                      Roger B.A. Klorese writes:
                      > Victor Duchovni wrote:
                      >> Postfix never returns 5XX for temporary lookup problems, even when it
                      >> returns 5XX for NXDOMAIN and other hard failures.
                      >
                      > How is NXDOMAIN any more a "hard" failure? An authoritative server
                      > could be temporarily misconfigured...

                      In that case, the name server tells you "I am authoritative and I know
                      there is no such domain". It's not telling you "there never was", it's
                      not telling you "there never will be", but what it is saying is
                      qualitatively different from "I can't resolve that domain right now",
                      and so deserves different treatment.

                      Arnt
                    • mouss
                      ... so what? when they fix their system, then they ll post their mail! Systems should be optimized for the common case, not for rare cases. I prefer to get a
                      Message 10 of 13 , Jan 1, 2006
                        Roger B.A. Klorese a écrit :
                        > Victor Duchovni wrote:
                        >
                        >> Postfix never returns 5XX for temporary lookup problems, even when it
                        >> returns 5XX for NXDOMAIN and other hard failures.
                        >
                        >
                        >
                        > How is NXDOMAIN any more a "hard" failure? An authoritative server
                        > could be temporarily misconfigured...
                        >
                        >

                        so what? when they fix their system, then they'll post their mail!
                        Systems should be optimized for the common case, not for rare cases.

                        I prefer to get a bounce telling me that my DNS server is misconfigured
                        than wait 4 days and get bounces for all the messages that my system
                        sent during that period of time.

                        If you don't like DNS failures, then don't base your mail decisions on
                        that. DNS isn't safe. If you base your smtp setup on it, then you have
                        the common denominator.
                      • Len Conrad
                        ... It s not 1995, or 2000. If mail admins won t/can t setup to look like part of the solution by now, then they pay whatever it costs to be part of the
                        Message 11 of 13 , Jan 1, 2006
                          >To me, the world is not "me vs. them" -- the goal is getting mail
                          >through, not scolding about other people's configurations.

                          It's not 1995, or 2000.
                          If mail admins won't/can't setup to look like part of the solution by
                          now, then they pay whatever it costs to be part of the problem.

                          Len



                          _____________________________________________________________________
                          http://IMGate.MEIway.com : free anti-spam gateway, runs on 1000's of sites
                        • Roger B.A. Klorese
                          ... It doesn t matter if it s 1995, 2000, 2005, or 2037 -- when stopping mail becomes more important than delivering mail, there s no point in there being
                          Message 12 of 13 , Jan 1, 2006
                            Len Conrad wrote:
                            > It's not 1995, or 2000.

                            It doesn't matter if it's 1995, 2000, 2005, or 2037 -- when stopping
                            mail becomes more important than delivering mail, there's no point in
                            there being mail.
                          • Victor Duchovni
                            ... This is getting seriously off-topic. Setting the DNS-based reject codes to 5XX is recommended as soon as one is confortable that the settings are correct.
                            Message 13 of 13 , Jan 2, 2006
                              On Sun, Jan 01, 2006 at 11:03:39PM -0800, Roger B.A. Klorese wrote:

                              > Len Conrad wrote:
                              > >It's not 1995, or 2000.
                              >
                              > It doesn't matter if it's 1995, 2000, 2005, or 2037 -- when stopping
                              > mail becomes more important than delivering mail, there's no point in
                              > there being mail.
                              >

                              This is getting seriously off-topic. Setting the DNS-based reject codes
                              to 5XX is recommended as soon as one is confortable that the settings
                              are correct. Persistent 4XX rejects that *don't* represent temporary
                              conditions are worse for the sender.

                              So either use "reject_unknown_sender_domain", ... with 5XX codes after
                              brief testing with 4XX codes (or soft_bounce=yes), or don't use them
                              at all.

                              Let's not drift into rec.talk.* territory. No off-topic followups please.

                              --
                              Viktor.

                              Disclaimer: off-list followups get on-list replies or get ignored.
                              Please do not ignore the "Reply-To" header.

                              To unsubscribe from the postfix-users list, visit
                              http://www.postfix.org/lists.html or click the link below:
                              <mailto:majordomo@...?body=unsubscribe%20postfix-users>

                              If my response solves your problem, the best way to thank me is to not
                              send an "it worked, thanks" follow-up. If you must respond, please put
                              "It worked, thanks" in the "Subject" so I can delete these quickly.
                            Your message has been successfully submitted and would be delivered to recipients shortly.