On 2015-03-26 @lbutlr wrote: > > On 26 Mar 2015, at 16:59 , Wolfgang Zeikat <wolfgang.zei...@desy.de> wrote: >> ----- On 26 Mar, 2015, at 23:44, @lbutlr krem...@kreme.com wrote: >>> Mar 26 02:55:38 mail postfix/smtp[7534]: 3lCKqM0QcJzJMnf: >>> to=<*gmailuser*@gmail.com>, orig_to=<*localuser*.com>, >>> relay=gmail-smtp-in.l.google.com[74.125.193.26]:25, delay=115, >>> delays=46/0.02/38/31, dsn=5.7.0, status=bounced (host >>> gmail-smtp-in.l.google.com[74.125.193.26] said: 552-5.7.0 This message was >>> blocked because its content presents a potential 552-5.7.0 security issue. >>> Please visit 552-5.7.0 >>> http://support.google.com/mail/bin/answer.py?answer=6590 to review our 552 >>> 5.7.0 message content and attachment content guidelines. b10si4404184igx.11 >>> - gsmtp (in reply to end of DATA command)) >> >> So gmail has rejected to accept that message and has put out a >> *final* message: 552-5.7.0 This message was blocked. Thus the mail >> was bounced: status=bounced. That is not a "temp failure". So postfix >> tries to send a NDN to the sender of the blocked mail. > > Ah, sorry. Most of those from gmail are 421’s and I didn’t notice this > one wasn’t. > >>> Mar 26 02:56:08 mail postfix/smtp[7534]: 3lCKsQ6KCHzJMnj: >>> to=<overspill...@akirchheimer.com>, relay=none, delay=30, delays=0/0/30/0, >>> dsn=4.4.3, status=deferred (Host or domain name not found. Name service >>> error for name=akirchheimer.com.inbound10.mxlogicmx.net type=A: Host not >>> found, try again) >> >> The MX record of the sender address of the mail that gmail has >> blocked cannot be resolved in DNS: Host not found, try again. >> Therefore, the NDN cannot be delivered. That is a "temp failure" and >> delivery will be retried until the host can be found in DNS or the >> queue lifetime of that NDN expires. > > Hmm. That’s interesting. Checking dig on the mailserver: > > ;; ANSWER SECTION: > akirchheimer.com. 11781 IN MX 10 > akirchheimer.com.inbound10.mxlogicmx.net. > akirchheimer.com. 11781 IN MX 10 > akirchheimer.com.inbound10.mxlogic.net. > > ;; ADDITIONAL SECTION: > akirchheimer.com.inbound10.mxlogicmx.net. 39975 IN A 208.65.144.2 > akirchheimer.com.inbound10.mxlogicmx.net. 39975 IN A 208.65.145.2 > >>> Is the NDN being generated because of the gmail temp failure? >> >> There is no "gmail temp failure", see above. > > OK, how about gmail permanent failures?
Wolfgang already answered that: | So gmail has rejected to accept that message and has put out a | *final* message: 552-5.7.0 This message was blocked. Thus the mail | was bounced: status=bounced. That is not a "temp failure". So postfix | tries to send a NDN to the sender of the blocked mail. Because of a permanent failure Postfix attempted to send an NDN back to the envelope sender address, but couldn't, since name resolution failed (temporarily?). Was the message successfully delivered at a later point in time, or did it remain in the queue until its lifetime expired (generating a double bounce)? Does name resolution work correctly for the user "postfix"? > Does the spamass-milter run before postscreen? > > If not, can it? Postscreen was created as a lightweight protection against spam bots. It would be utterly pointless to run it after heavyweight spam protection measures like Spamassassin. Regards Ansgar Wiechers -- "Abstractions save us time working, but they don't save us time learning." --Joel Spolsky
