Solved

mail greylisting and SMTP status codes

Posted on 2011-03-16
4
649 Views
Last Modified: 2013-12-18
Hi Experts
I have a forwarding mailserver inside my office (sendmail) which does some virus check on outgoing mail.
All goes fine except with a particular domain, which always rejects my mails. I spoke with the maintainer of that domain and he says his mailserver is rejecting mails because it is doing greylisting.
But mails are rejected with errors like 5xx which I know are permanent failures.
I assert that his mailserver should return an error like 4xx for greylisting.
He replies that my mailserver is misconfigured and should keep retrying after the first 5xx error.
Who's right and who's wrong?
And, if I'm wrong, can someone point me out on how to configure sendmail to retry sending after the first 5xx error?
0
Comment
Question by:lomo74
  • 2
  • 2
4 Comments
 
LVL 39

Accepted Solution

by:
noci earned 500 total points
ID: 35152565
According to this source:
http://www.ietf.org/rfc/rfc0821.txt
Chapter 4.4.2:
2xx is OK
3xx is INFO
4xx is Temporary problems (ie retry later)
5xx is Final status (dont try again).

So a 4xx status (452 is a primary candidate, insufficient disk space...) is a definite status that needs to be used.
If a 5xx message is returned it really means no retry SHOULD EVER be attempted... (It sure is a way to loose mail..., but it's more blacklisting than greylisting though_.

Also this is a reference:
http://en.wikipedia.org/wiki/Callback_verification (search for geylisting somewhere halfway).
0
 
LVL 8

Author Comment

by:lomo74
ID: 35197125
Ok noci thank you.
I had a look at the various RFCs and that shed some light on the problem.
Now, one more little question before closing this Q.
The receiver is, obviously, badly configured. But if I use e.g. gmail SMTP server, emails are delivered.
Does this mean, in your opinion, that gmail itself is violating RFC, in an effort to deliver mail to buggy SMTP servers?
0
 
LVL 39

Assisted Solution

by:noci
noci earned 500 total points
ID: 35197487
If google still retries after a 5xx status then it's their design decision. It does fit in a filisophy that follows: Be strict in what you send/respond but be liberal in what you expect.... I for one do like to be more strict w.r.t. RFC's If I get an advise to stop bothering (like 5xx) i will adhere.

Ofcourse you are free to interpret return codes differently, but the RFC implied action is what you need to expect from other implementations.
So expecting a retry after a 5xx does violate the earlier filosofy but still retrying after proper timeout more or less does.
That certainly doesn't mean that google should be taken as the reference of how it SHOULD be done...

There are more corner cases w.r.t. RFC's and Microsoft, amongst others, is famous for exploiting such interpretation gaps (embrace & extend) effectively blocking proper interoperation.

Also various outfits disregard the timeouts associated with SMTP. The first retry should be after 1 hour, but many sites do retry after a few minutes...
Also a clear violation and greylisting really does expect that timeouts should be observed. (Too early retransmit should be penalised in greylisting with a newly set timeout).
0
 
LVL 8

Author Comment

by:lomo74
ID: 35200480
Oh thank you noci. I much appreciate your opinion. Unfortunately there is plenty of buggy and badly configured software out there.
So now I must convince this person that he is wrong and that he'd better review his config --
No more opinions needed, RFC says it all - closing Q.
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Marketers need statistics and metrics like everybody else needs oxygen. In this article we explain how to enable marketing campaign statistics for Microsoft Exchange mail.
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now