Solved

mail greylisting and SMTP status codes

Posted on 2011-03-16
4
652 Views
Last Modified: 2013-12-18
Hi Experts
I have a forwarding mailserver inside my office (sendmail) which does some virus check on outgoing mail.
All goes fine except with a particular domain, which always rejects my mails. I spoke with the maintainer of that domain and he says his mailserver is rejecting mails because it is doing greylisting.
But mails are rejected with errors like 5xx which I know are permanent failures.
I assert that his mailserver should return an error like 4xx for greylisting.
He replies that my mailserver is misconfigured and should keep retrying after the first 5xx error.
Who's right and who's wrong?
And, if I'm wrong, can someone point me out on how to configure sendmail to retry sending after the first 5xx error?
0
Comment
Question by:lomo74
  • 2
  • 2
4 Comments
 
LVL 40

Accepted Solution

by:
noci earned 500 total points
ID: 35152565
According to this source:
http://www.ietf.org/rfc/rfc0821.txt
Chapter 4.4.2:
2xx is OK
3xx is INFO
4xx is Temporary problems (ie retry later)
5xx is Final status (dont try again).

So a 4xx status (452 is a primary candidate, insufficient disk space...) is a definite status that needs to be used.
If a 5xx message is returned it really means no retry SHOULD EVER be attempted... (It sure is a way to loose mail..., but it's more blacklisting than greylisting though_.

Also this is a reference:
http://en.wikipedia.org/wiki/Callback_verification (search for geylisting somewhere halfway).
0
 
LVL 8

Author Comment

by:lomo74
ID: 35197125
Ok noci thank you.
I had a look at the various RFCs and that shed some light on the problem.
Now, one more little question before closing this Q.
The receiver is, obviously, badly configured. But if I use e.g. gmail SMTP server, emails are delivered.
Does this mean, in your opinion, that gmail itself is violating RFC, in an effort to deliver mail to buggy SMTP servers?
0
 
LVL 40

Assisted Solution

by:noci
noci earned 500 total points
ID: 35197487
If google still retries after a 5xx status then it's their design decision. It does fit in a filisophy that follows: Be strict in what you send/respond but be liberal in what you expect.... I for one do like to be more strict w.r.t. RFC's If I get an advise to stop bothering (like 5xx) i will adhere.

Ofcourse you are free to interpret return codes differently, but the RFC implied action is what you need to expect from other implementations.
So expecting a retry after a 5xx does violate the earlier filosofy but still retrying after proper timeout more or less does.
That certainly doesn't mean that google should be taken as the reference of how it SHOULD be done...

There are more corner cases w.r.t. RFC's and Microsoft, amongst others, is famous for exploiting such interpretation gaps (embrace & extend) effectively blocking proper interoperation.

Also various outfits disregard the timeouts associated with SMTP. The first retry should be after 1 hour, but many sites do retry after a few minutes...
Also a clear violation and greylisting really does expect that timeouts should be observed. (Too early retransmit should be penalised in greylisting with a newly set timeout).
0
 
LVL 8

Author Comment

by:lomo74
ID: 35200480
Oh thank you noci. I much appreciate your opinion. Unfortunately there is plenty of buggy and badly configured software out there.
So now I must convince this person that he is wrong and that he'd better review his config --
No more opinions needed, RFC says it all - closing Q.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Granting full access permission allows users to access mailboxes present in their database. By giving full access permission one can open and read the content of any mailbox but cannot send emails from that mailbox.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create an email address policy in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Mail Flow…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

937 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

4 Experts available now in Live!

Get 1:1 Help Now