Fetchmail/Sendmail rejects

Chuck Swiger cswiger at mac.com
Sat Aug 14 19:17:58 PDT 2004 

Malcolm Kay wrote:
> On Sunday 15 August 2004 10:40, Chuck Swiger wrote:
[ ... ]
>> Sendmail pays attention to the return value from doing DNS queries.  If
>> sendmail receives an NXDOMAIN response, it treats that as a permanent, 5xx
>> failure code.  If sendmail gets a timeout/TRY_AGAIN, it will return a 4xx
>> temp failure.
> 
> This sort of takes us back one more level -- how does the DNS service decide 
> between responding with NXDOMAIN and a timeout/TRY_AGAIN?

Dan provided a good answer to this.

> And does the difference have any real significance?

The real significance is that a 5xx response means the other side should give 
up and never attempt to redeliver that message.  A 4xx response means the 
other MTA will keep retrying for several days.

You want to reject spam permanently, and you want to do it as close to the 
source as possible.  Meaning, you don't want to accept the message for 
relaying to some other machine, then have that other machine reject the 
message, because then your machine becomes responsible for generating a 
bounce.  Which then clogs up your machine when bounces for spam are not 
deliverable.

>> It's not clear to me why this would matter if your ISP is the one running
>> the mailserver: they aren't accepting the message in either case, which
>> ought to mean that fetchmail will never see it.
> 
> None of it is particularly clear to me -- but apparently my ISP's server is
> not rejecting these messages.

You should forward the log messages you showed us to your ISP, and ask them 
what's going on.  Their mailservers should be rejecting the messages for the 
same reason your mailserver does.

[ Hmm, I suppose it could also indicate that you have problems with your local 
DNS resolver, if you are getting lots of temp failures your ISP isn't. 
Unlikely, though, but you could test by switching to using their nameservers 
if you aren't doing so already. ]

> If all mail servers rejected these messages it would seem to me to make the 
> spammers endeavours rather pointless.

Spammers forge mail from legitimate addresses as well, but it certainly helps 
to reject mail from invalid domains.

-- 
-Chuck

More information about the freebsd-questions mailing list