Keld Jørn Simonsen schrieb: > On Tue, Jul 14, 2009 at 06:37:30AM -0400, Wietse Venema wrote: >> Keld Jørn Simonsen: >>> On Mon, Jul 13, 2009 at 06:58:28PM -0400, Wietse Venema wrote: >>>> Keld J?rn Simonsen: >>>>> Is there a way to disambiguate between DNS timeouts and DNS errors, >>>>> and discard the latter? >>>> Postfix is only the messenger of the bad news. When the server >>>> responds, Postfix acts accordingly. When the server does not >>>> reply, Postfix assumes that this is a temporary error, because >>>> assuming otherwise would cause a lot of mail to fail. >>> Yes, but there are two types of bad news: one is that we do not know if >>> everything is fine, timeout, and the other that we positively know >>> something is wrong. I understand that in both cases postfix gives a 450 >>> code, and that there is no way in postfix to change this code. Is that so? >> Some people are thick enough that they need everything spelled out. > > Oh, you mean me? No, I am bright, so that can't be:-) > But I see that you did say that it reacts differnetly on timeouts and > error codes. Still there is something that I do not understand, and > which gives me problems, see below. > >> OK, here goes: >> >> 1) The server replies with "good news". Postfix replies with good news. >> >> 2) The server replies with "bad news". Postfix replies with 5xx. >> >> 3) No server reply. Postfix replies with 4xx. >> >> Is this finally clear? > > Yes, thanks. But it seems that my postfix reacts differently on > a NXDOMAIN and SVRFAIL, although they both should lead to 5xx error codes. > That is why I am so thick to not understand. > > From my previous post: > > Jul 14 00:11:58 rap postfix/smtpd[1054]: NOQUEUE: reject: RCPT from > rap.rap.dk[127.0.0.1]: 450 4.1.8 <jets...@server30.reverya.com>: Sender > address +rejected: Domain not found; from=<jets...@server30.reverya.com> > to=<k...@localhost> proto=ESMTP helo=<rap.rap.dk> Jul 14 00:11:58 rap > postfix/smtpd[1054]: +> rap.rap.dk[127.0.0.1]: 450 4.1.8 > <jets...@server30.reverya.com>: Sender address rejected: Domain not found > > here there is a 450 response to a name server error. You said above: > >> 2) The server replies with "bad news". Postfix replies with 5xx. > > 5xx is not 450, so what is happening? > > And thanks for you patience with me. > > Best regards > keld
hi, 450 is the default to dns errors, to give the chance to fix the dns problem either caused by bad or non dns entries , or local dns resolve problems, with 450 the sending server tries again to deliver in the mail meanwhile the dns problem is fixed, if you dont want a 450 ( which means temp error come again ) you can change the error code with unknown_address_reject_code = 550 ( final reject ) so the sendermailserver will not come/try again i use 550 on a few hard attacked mailservers (unknown_address_reject_code = 550 in main.cf) cause i have a good working dns servers by my own, and i trust them to give the right answers just in time and i dont want bots come back again and try redeliver in --snip http://www.postfix.org/postconf.5.html reject_unknown_recipient_domain Reject the request when Postfix is not final destination for the recipient domain, and the RCPT TO domain has no DNS A or MX record, or when it has a malformed MX record such as a record with a zero-length MX hostname (Postfix version 2.3 and later). The unknown_address_reject_code parameter specifies the numerical response code for rejected requests (default: 450). The response is always 450 in case of a temporary DNS error. The unknown_address_tempfail_action parameter specifies the action after a temporary DNS error (default: defer_if_permit). --snip you may change reject codes i changed some other reject codes too you may try this also, if you have understand what youre doing unverified_recipient_reject_code = 550 unknown_client_reject_code = 550 invalid_hostname_reject_code = 550 non_fqdn_reject_code = 550 so the thread should be clear now -- Best Regards MfG Robert Schetterer Germany/Munich/Bavaria
