- Mads E Eilertsen <[EMAIL PROTECTED]>:
| I can't get mail delivered to a specific domain. The messages just
| stay in the queue.
|
| DNS says
| domain MX 0 host1
| domain MX 10 host2
|
| host1 says
| 520 Connection not authorised from this address.
|
| qmail connects to host1 and says
| deferral: Connected_to_N.N.N.N_but_greeting_failed./...
|
| qmail seemingly never tries host2.
|
| The administrators of domain says
| - this setup is intentional (sort of firewall/spam control)
| - why isn't your mailer using the second-best MX?
| - others have reported this too. They use qmail too.
|
| What's wrong here? The error code? qmail?
I would say that error code is an abuse of the domain naming system.
According to RFC 974, senders are only required to try the
lowest-preference MX(s) before giving up. Thus, a domain that expects
to be able to reliably receive mail, *must* have its lowest priority
MX set up to accept mail most of the time.
Instead of abusing the DNS MX records as they do, this domain should
set up explicit routes from their MX hosts to the final destination
without involving the DNS in this.
The qmail strategy is to only go on beyond the primary MX(s) if
connection to its (or their) SMTP port fails. This is not a violation
of any RFC as far as I know, though the wisdom of this approach is a
bit controversial.
- Harald
