> On Jun 28, 2018, at 3:23 PM, li...@mbchandler.net wrote:
>
> I have email relays that relay/filter email between the internet and our
> internal network. I must use the DNS servers we maintain and those servers
> use a DNS blacklisting service. The problem I'm having is that when a
> legitimate domain is blacklisted,
Presumably you're interested in blacklisting sending domains, not
receiving domains.
> I see log messages like the ones below and the email is bounced. In the
> situation that brought this up, both the sender and recipient domain were
> blocked so the bounce went nowhere. Since these blacklistings are temporary,
> maybe several hours, I'd like to defer this mail and have postfix try again
> later. That way mail will eventually go through and nothing is lost. Is there
> a way to do this?
>
> Jun 23 04:53:14 mx postfix/smtp[24776]: warning: no MX host for domain.com
> has a valid address record
>
> Jun 23 04:53:37 mx postfix/smtp[4838]: 9071C1809199:
> to=<recipi...@domain.com>, relay=none, delay=0.05, delays=0.04/0/0/0,
> dsn=5.4.4, status=bounced (Host or domain name not found. Name service error
> for mx.domain.com type=A: Host not found)
Instead of returning a temporary error code, the nameserver is lying
and saying that the host does not exist. The correct solution is to
NOT use this nameserver for DNS lookups for outbound mail.
> (To be clear, an mx record for domain.com was found (mx.domain.com),
> but that name could not be resolved to an IP because of the blacklist.)
You could make all DNS lookup failures soft, but that would be a bad
idea, as users who typo an address won't get prompt bounces.
--
Viktor.
