Dear Tyler,
Thank you for contacting the Maintenance
Fee Branch. You should receive a response within 2-3 business days. The
tracking number for your inquiry is X200611277031.
Maintenance Fee Branch (571)
272-6500
-----Original Message-----
From: Tyler [mailto:dl@blackpacket.net]
Sent: Monday, November 27, 2006 4:20 PM
To: Marc Perkel
Cc: qmail@list.cr.yp.to
Subject: Re: Advanced tricks I use to get rid of spam using MX 4xx
Marc Perkel wrote:
>
> No - on my system a 4xx error only means that that particular server
> isn't ready. It means try the other servers or come back later. It
> certianly dos not mean that all the servers aren't ready. That's what I
> use EXIM and not Qmail. All other MTAs except Qmail behave this way.
> it's what the spec says. Qmail does it wrong.
>
I've been waiting to weigh in on this topic. There are a few issues
here that are completely overblown or misinterpreted. (Sorry about the
long post).
From the other thread, the relevant RFC passage was quoted from RFC2821:
To provide reliable mail transmission, the SMTP client MUST be able
to try (and retry) each of the relevant addresses in this list in
order, until a delivery attempt succeeds. However, there MAY also
be a configurable limit on the number of alternate addresses that
can be tried. In any case, the SMTP client SHOULD try at least two
addresses.
If you look carefully, at the top of the RFC, "SHOULD" is defined:
3. SHOULD This word, or the adjective "RECOMMENDED", mean that
there may exist valid reasons in particular circumstances to
ignore a particular item, but the full implications must be
understood and carefully weighed before choosing a different
course.
So, since QMail is capable of trying and retrying different MXes, it is
RFC compliant. The act of choosing not to try another MX when it can
contact a lower priority MX is not of itself a violation of the RFC,
since that sentence is only a recommendation.
As Harald Hanche-Olsen pointed out, RFC 2821 does not allow 4xx replies
upon connect, so, if anything, it is your configuration which is not RFC
compliant. According to the RFC, the only codes you can give at connect
is 220 or 554:
The SMTP protocol allows a server to formally reject a transaction
while still allowing the initial connection as follows: a 554
response MAY be given in the initial connection opening message
instead of the 220.
Given the actual communication, if you are responding to the initial
connection with a 4xx series error, QMail is actually functioning
properly (this was just touched upon by Charles Cazabon):
4yz Transient Negative Completion reply
The command was not accepted, and the requested action did not
occur. However, the error condition is temporary and the action
may be requested again.
[-snip-]
A rule of thumb to determine whether a reply fits into the 4yz or
the 5yz category (see below) is that replies are 4yz if they can
be successful if repeated without any change in command form or in
properties of the sender or receiver.
A 4xx series response tells the sending MTA that those commands probably
would have worked, but something is temporarily wrong. It tells the
sending MTA to "try again later". It mentions nothing of trying another
MX upon this failure. Additionally, the sending MTA must back off:
The sender MUST delay retrying a particular destination after one
attempt has failed. In general, the retry interval SHOULD be at
least 30 minutes; however, more sophisticated and variable strategies
will be beneficial when the SMTP client can determine the reason for
non-delivery.
This says nothing of trying another MX, and furthermore, depending on
how you define 'destination', could mean that immediately trying another
MX for the same destination domain violates the RFC.
Seeing as your your lowest and highest MXes intend never to actually
accept the mail, they should be returning a 5xx series errors,
specifically 554 "No SMTP service here", however, that a permfail that
would cause the sending MTA to bounce the messages.
Tyler
|