Date: Sat, 14 Aug 2004 22:17:54 -0400 From: Chuck Swiger <cswiger@mac.com> To: Malcolm Kay <malcolm.kay@internode.on.net> Cc: freebsd-questions@freebsd.org Subject: Re: Fetchmail/Sendmail rejects Message-ID: <411EC7D2.7050903@mac.com> In-Reply-To: <200408151126.35154.malcolm.kay@internode.on.net> References: <200408141740.58105.malcolm.kay@internode.on.net> <200408150948.12920.malcolm.kay@internode.on.net> <411EB81C.9020800@mac.com> <200408151126.35154.malcolm.kay@internode.on.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Malcolm Kay wrote: > On Sunday 15 August 2004 10:40, Chuck Swiger wrote: [ ... ] >> Sendmail pays attention to the return value from doing DNS queries. If >> sendmail receives an NXDOMAIN response, it treats that as a permanent, 5xx >> failure code. If sendmail gets a timeout/TRY_AGAIN, it will return a 4xx >> temp failure. > > This sort of takes us back one more level -- how does the DNS service decide > between responding with NXDOMAIN and a timeout/TRY_AGAIN? Dan provided a good answer to this. > And does the difference have any real significance? The real significance is that a 5xx response means the other side should give up and never attempt to redeliver that message. A 4xx response means the other MTA will keep retrying for several days. You want to reject spam permanently, and you want to do it as close to the source as possible. Meaning, you don't want to accept the message for relaying to some other machine, then have that other machine reject the message, because then your machine becomes responsible for generating a bounce. Which then clogs up your machine when bounces for spam are not deliverable. >> It's not clear to me why this would matter if your ISP is the one running >> the mailserver: they aren't accepting the message in either case, which >> ought to mean that fetchmail will never see it. > > None of it is particularly clear to me -- but apparently my ISP's server is > not rejecting these messages. You should forward the log messages you showed us to your ISP, and ask them what's going on. Their mailservers should be rejecting the messages for the same reason your mailserver does. [ Hmm, I suppose it could also indicate that you have problems with your local DNS resolver, if you are getting lots of temp failures your ISP isn't. Unlikely, though, but you could test by switching to using their nameservers if you aren't doing so already. ] > If all mail servers rejected these messages it would seem to me to make the > spammers endeavours rather pointless. Spammers forge mail from legitimate addresses as well, but it certainly helps to reject mail from invalid domains. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?411EC7D2.7050903>