From owner-freebsd-questions@FreeBSD.ORG Sun Aug 15 02:17:58 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4346416A4CE for ; Sun, 15 Aug 2004 02:17:58 +0000 (GMT) Received: from out008.verizon.net (out008pub.verizon.net [206.46.170.108]) by mx1.FreeBSD.org (Postfix) with ESMTP id CBE5E43D3F for ; Sun, 15 Aug 2004 02:17:57 +0000 (GMT) (envelope-from cswiger@mac.com) Received: from [192.168.1.100] ([68.161.136.200]) by out008.verizon.net (InterMail vM.5.01.06.06 201-253-122-130-106-20030910) with ESMTP id <20040815021757.EANK8960.out008.verizon.net@[192.168.1.100]>; Sat, 14 Aug 2004 21:17:57 -0500 Message-ID: <411EC7D2.7050903@mac.com> Date: Sat, 14 Aug 2004 22:17:54 -0400 From: Chuck Swiger Organization: The Courts of Chaos User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.2) Gecko/20040803 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Malcolm Kay References: <200408141740.58105.malcolm.kay@internode.on.net> <200408150948.12920.malcolm.kay@internode.on.net> <411EB81C.9020800@mac.com> <200408151126.35154.malcolm.kay@internode.on.net> In-Reply-To: <200408151126.35154.malcolm.kay@internode.on.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Authentication-Info: Submitted using SMTP AUTH at out008.verizon.net from [68.161.136.200] at Sat, 14 Aug 2004 21:17:56 -0500 cc: freebsd-questions@freebsd.org Subject: Re: Fetchmail/Sendmail rejects X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Aug 2004 02:17:58 -0000 Malcolm Kay wrote: > On Sunday 15 August 2004 10:40, Chuck Swiger wrote: [ ... ] >> Sendmail pays attention to the return value from doing DNS queries. If >> sendmail receives an NXDOMAIN response, it treats that as a permanent, 5xx >> failure code. If sendmail gets a timeout/TRY_AGAIN, it will return a 4xx >> temp failure. > > This sort of takes us back one more level -- how does the DNS service decide > between responding with NXDOMAIN and a timeout/TRY_AGAIN? Dan provided a good answer to this. > And does the difference have any real significance? The real significance is that a 5xx response means the other side should give up and never attempt to redeliver that message. A 4xx response means the other MTA will keep retrying for several days. You want to reject spam permanently, and you want to do it as close to the source as possible. Meaning, you don't want to accept the message for relaying to some other machine, then have that other machine reject the message, because then your machine becomes responsible for generating a bounce. Which then clogs up your machine when bounces for spam are not deliverable. >> It's not clear to me why this would matter if your ISP is the one running >> the mailserver: they aren't accepting the message in either case, which >> ought to mean that fetchmail will never see it. > > None of it is particularly clear to me -- but apparently my ISP's server is > not rejecting these messages. You should forward the log messages you showed us to your ISP, and ask them what's going on. Their mailservers should be rejecting the messages for the same reason your mailserver does. [ Hmm, I suppose it could also indicate that you have problems with your local DNS resolver, if you are getting lots of temp failures your ISP isn't. Unlikely, though, but you could test by switching to using their nameservers if you aren't doing so already. ] > If all mail servers rejected these messages it would seem to me to make the > spammers endeavours rather pointless. Spammers forge mail from legitimate addresses as well, but it certainly helps to reject mail from invalid domains. -- -Chuck