Loading ...
Sorry, an error occurred while loading the content.

Dealing with outages

Expand Messages
  • Roman Gelfand
    It appears that by default if target domain can t be dns resolved, there is a local hard bounce. What setting controls the bounce behavior? At the same time,
    Message 1 of 9 , Sep 9, 2013
    • 0 Attachment
      It appears that by default if target domain can't be dns resolved,
      there is a local hard bounce.

      What setting controls the bounce behavior?

      At the same time, if the target mail server is not available, the
      delivery is going to be deferred by default.

      Does postfix recognize the difference between local firewall blocking
      access to target server as opposed to target mail server not
      available? dns server not resolving and dns server not available?

      Thanks in advance
    • /dev/rob0
      ... Depends. Was it a temporary DNS failure: SERVFAIL or timeout? Or, rather, was it a permanent error like NXDOMAIN? Also, this does not have to happen if you
      Message 2 of 9 , Sep 9, 2013
      • 0 Attachment
        On Mon, Sep 09, 2013 at 12:30:43PM -0400, Roman Gelfand wrote:
        > It appears that by default if target domain can't be dns
        > resolved, there is a local hard bounce.

        Depends. Was it a temporary DNS failure: SERVFAIL or timeout? Or,
        rather, was it a permanent error like NXDOMAIN?

        Also, this does not have to happen if you check the recipient
        address/domain before accepting the mail. See access(5) and
        postconf.5.html#reject_unknown_recipient_domain . I usually use
        reject_unknown_recipient_domain on submission. Some sites might not
        want this.

        > What setting controls the bounce behavior?

        See postconf.5.html#unknown_address_reject_code

        > At the same time, if the target mail server is not available, the
        > delivery is going to be deferred by default.
        >
        > Does postfix recognize the difference between local firewall
        > blocking access to target server as opposed to target mail
        > server not available?

        No; I cannot imagine how Postfix might be able to determine the
        causes of network failures. All it can know and report is that the
        network connection failed.

        > dns server not resolving and dns server not available?

        See above regarding various DNS responses, and if interested, read
        more on the DNS protocol. Wikipedia might be a good start.
        --
        http://rob0.nodns4.us/ -- system administration and consulting
        Offlist GMX mail is seen only if "/dev/rob0" is in the Subject:
      • Wietse Venema
        ... Rubbish. Postfix does a hard bounce when the DNS server replies that the domain does not exist. If no reply arrives (as in case of an outage) then there is
        Message 3 of 9 , Sep 9, 2013
        • 0 Attachment
          Roman Gelfand:
          > It appears that by default if target domain can't be dns resolved,
          > there is a local hard bounce.

          Rubbish. Postfix does a hard bounce when the DNS server replies
          that the domain does not exist. If no reply arrives (as in case
          of an outage) then there is no hard bounce.

          Wietse
        • Roman Gelfand
          In case, of hard bounce, does this include mx record not being found but domain name exist?
          Message 4 of 9 , Sep 9, 2013
          • 0 Attachment
            In case, of hard bounce, does this include mx record not being found
            but domain name exist?

            On Mon, Sep 9, 2013 at 1:44 PM, Wietse Venema <wietse@...> wrote:
            > Roman Gelfand:
            >> It appears that by default if target domain can't be dns resolved,
            >> there is a local hard bounce.
            >
            > Rubbish. Postfix does a hard bounce when the DNS server replies
            > that the domain does not exist. If no reply arrives (as in case
            > of an outage) then there is no hard bounce.
            >
            > Wietse
          • Wietse Venema
            ... Postfix does a hard bounce when the DNS server replies that the name has no MX record AND the DNS server replies that the name has no A record, AND (if
            Message 5 of 9 , Sep 9, 2013
            • 0 Attachment
              Roman Gelfand:
              > It appears that by default if target domain can't be dns resolved,
              > there is a local hard bounce.

              Wietse:
              > Rubbish. Postfix does a hard bounce when the DNS server replies
              > that the domain does not exist. If no reply arrives (as in case
              > of an outage) then there is no hard bounce.

              Roman Gelfand:
              > In case, of hard bounce, does this include mx record not being found
              > but domain name exist?

              Postfix does a hard bounce when the DNS server replies that the
              name has no MX record AND the DNS server replies that the name has
              no A record, AND (if Postfix IPv6 support is on) the DNS server
              replies that the name has no AAAA record.

              Postfix does a soft bounce when any of those lookups does not produce
              a reply.

              Wietse
            • Viktor Dukhovni
              ... If MX lookups and A/AAAA lookups all return NXDOMAIN or NODATA, the message will bounce. The domain only exists for mail purposes if it has MX, A or AAAA
              Message 6 of 9 , Sep 9, 2013
              • 0 Attachment
                On Mon, Sep 09, 2013 at 03:16:07PM -0400, Roman Gelfand wrote:

                > In case, of hard bounce, does this include mx record not being found
                > but domain name exist?

                If MX lookups and A/AAAA lookups all return NXDOMAIN or NODATA,
                the message will bounce. The domain only exists for mail purposes
                if it has MX, A or AAAA records.

                If MX lookup returns a non-empty set of hosts, but none of the
                hosts have A or AAAA records, the message will bounce.

                http://www.postfix.org/postconf.5.html#smtp_defer_if_no_mx_address_found

                Lookup failure (SRVFAIL, timeout, ...) do not lead to bounces until the
                message queue lifetime expires. Only successful negative replies lead
                to the destination being reported as unreachable.

                --
                Viktor.
              • Jeroen Geilman
                ... Does that mean that postfix will do a hard bounce if there is no reply to an MX query after a timeout ? I thought it would at least try the other queries
                Message 7 of 9 , Sep 11, 2013
                • 0 Attachment
                  On 09/09/2013 09:27 PM, Wietse Venema wrote:
                  > Postfix does a hard bounce when the DNS server replies that the
                  > name has no MX record AND the DNS server replies that the name has
                  > no A record, AND (if Postfix IPv6 support is on) the DNS server
                  > replies that the name has no AAAA record.

                  Does that mean that postfix will do a hard bounce if there is no reply
                  to an MX query after a timeout ?
                  I thought it would at least try the other queries (A and/or AAAA) before
                  giving up, since this costs no more than when there /is/ a (negative) reply.

                  Since postfix may be talking to a cache or a resolver with numerous hops
                  in between postfix and the authoritative source, any of the queries may
                  fail individually, and yet not be conclusive.


                  > Postfix does a soft bounce when any of those lookups does not produce
                  > a reply.

                  This seems to suggest the former, but I am double-checking.


                  --
                  J.
                • lists@rhsoft.net
                  ... * no reply - defer - soft bounce * NEGATIVE reply - no defer - hard bounce this answsers all possible cases because timeout is also no reply if a
                  Message 8 of 9 , Sep 11, 2013
                  • 0 Attachment
                    Am 11.09.2013 20:19, schrieb Jeroen Geilman:
                    > On 09/09/2013 09:27 PM, Wietse Venema wrote:
                    >> Postfix does a hard bounce when the DNS server replies that the
                    >> name has no MX record AND the DNS server replies that the name has
                    >> no A record, AND (if Postfix IPv6 support is on) the DNS server
                    >> replies that the name has no AAAA record.
                    >
                    > Does that mean that postfix will do a hard bounce if there is no reply to an MX query after a timeout ?
                    > I thought it would at least try the other queries (A and/or AAAA) before giving up, since this costs no more than
                    > when there /is/ a (negative) reply.
                    >
                    > Since postfix may be talking to a cache or a resolver with numerous hops in between postfix and the authoritative
                    > source, any of the queries may fail individually, and yet not be conclusive.
                    >
                    >> Postfix does a soft bounce when any of those lookups does not produce
                    >> a reply.
                    >
                    > This seems to suggest the former, but I am double-checking

                    * no reply -> defer -> soft bounce
                    * NEGATIVE reply -> no defer -> hard bounce

                    this answsers all possible cases because timeout is also "no reply"

                    if a domain does not exist because the worldwide DNS recursion says
                    "there is no such domain, there is no nameserver to ask" it would
                    be pointless to soft bounce / defer and hope someone registers
                    the domain

                    a outage is by definition "no reply"
                  • Wietse Venema
                    ... Postfix does a hard bounce when the DNS server replies that the name has no MX record AND ... Can you see the difference with the DNS server replies that
                    Message 9 of 9 , Sep 11, 2013
                    • 0 Attachment
                      Jeroen Geilman:
                      > On 09/09/2013 09:27 PM, Wietse Venema wrote:
                      > > Postfix does a hard bounce when the DNS server replies that the
                      > > name has no MX record AND the DNS server replies that the name has
                      > > no A record, AND (if Postfix IPv6 support is on) the DNS server
                      > > replies that the name has no AAAA record.
                      >
                      > Does that mean that postfix will do a hard bounce if there is no reply
                      > to an MX query after a timeout ?

                      Postfix does a hard bounce when the DNS server replies that the
                      name has no MX record AND ...

                      Can you see the difference with "the DNS server replies that"
                      and "there is no reply"?

                      Wietse
                    Your message has been successfully submitted and would be delivered to recipients shortly.