On Sunday 15 August 2004 10:40, Chuck Swiger wrote:[ ... ]
Sendmail pays attention to the return value from doing DNS queries. If sendmail receives an NXDOMAIN response, it treats that as a permanent, 5xx failure code. If sendmail gets a timeout/TRY_AGAIN, it will return a 4xx temp failure.
This sort of takes us back one more level -- how does the DNS service decide between responding with NXDOMAIN and a timeout/TRY_AGAIN?
Dan provided a good answer to this.
And does the difference have any real significance?
The real significance is that a 5xx response means the other side should give up and never attempt to redeliver that message. A 4xx response means the other MTA will keep retrying for several days.
You want to reject spam permanently, and you want to do it as close to the source as possible. Meaning, you don't want to accept the message for relaying to some other machine, then have that other machine reject the message, because then your machine becomes responsible for generating a bounce. Which then clogs up your machine when bounces for spam are not deliverable.
It's not clear to me why this would matter if your ISP is the one running the mailserver: they aren't accepting the message in either case, which ought to mean that fetchmail will never see it.
None of it is particularly clear to me -- but apparently my ISP's server is not rejecting these messages.
You should forward the log messages you showed us to your ISP, and ask them what's going on. Their mailservers should be rejecting the messages for the same reason your mailserver does.
[ Hmm, I suppose it could also indicate that you have problems with your local DNS resolver, if you are getting lots of temp failures your ISP isn't. Unlikely, though, but you could test by switching to using their nameservers if you aren't doing so already. ]
If all mail servers rejected these messages it would seem to me to make the spammers endeavours rather pointless.
Spammers forge mail from legitimate addresses as well, but it certainly helps to reject mail from invalid domains.
-- -Chuck
_______________________________________________ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
